Trebam pomoc, pokupio sam neki malver!

1

Trebam pomoc, pokupio sam neki malver!

offline
  • Pridružio: 28 Okt 2014
  • Poruke: 162

Napisano: 06 Avg 2020 12:09

Pozz.
Ovako pokupio sam neki malver koji sam instalirao na PC, onda me ESET obavijestio o malveru pa su mi poceli iskakati gomilu prozorcica, te su se nekolicina nekih novih programa instalirali na disk koje sam izbrisao pomocu Revo uninstalera. Zatim sam posle brisanja pokrenua adwcleaner 8.0.7 koji je vecinu malvera uklonio njih oko 40, medjutim posle se ESET ukljucio i poceo javljati kako se na PC-u nalazi jos njih, ponovo sam pokrenuo postupak sa adwcleanerom i pronasao je 2 nova nesto zakaceno na Internet Explorer u Roaming folderu. Par puta izbrisem to smece i ponovo skeniram sa adwcleanerom medjutim isti mi javlja kako se ponovo nalazi na svom mjestu. Zbog ovog problema sam morao i ESET da deinstaliram jer mi pocne slati upozorenja sa iskakajucim porukama kako imam malwer.

Molim za pomoc. Crying or Very sad

mycity.rs/must-login.png
mycity.rs/must-login.png


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-08-2020
Ran by Win7 (administrator) on WIN7-PC (Gigabyte Technology Co., Ltd. P85-D3) (06-08-2020 12:59:06)
Running from C:\Users\Win7\Downloads
Loaded Profiles: Win7
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Users\Win7\AppData\Local\Temp\.opera\017E1C88DE75\installer.exe
() C:\Users\Win7\AppData\Local\Temp\.opera\BCC04E36DBCB\installer.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Bq_Soft) [File not signed] C:\ProgramData\FlexGridService\FlexGridService.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <9>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Opera Software AS -> Opera Software) C:\Users\Win7\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Opera Software AS -> Opera Software) C:\Users\Win7\AppData\Local\Programs\Opera\launcher.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Solid State System Co., Ltd. -> SSS) C:\Windows\System32\AudioDeviceService.exe
(Solid State System) [File not signed] C:\Program Files (x86)\MARVO HG9055 Driver\MARVO HG9055 Driver.exe
(Windscribe Limited -> Windscribe Limited) C:\Programi\Windscribe\WindscribeService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [176472 2019-07-04] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [D3DOverrider] => "C:\Users\Win7\Downloads\PES2017 NO LAG\D3DOverrider\D3DOverriderWrapper.exe" /s
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [MARVO HG9055 Driver] => C:\Program Files (x86)\MARVO HG9055 Driver\MARVO HG9055 Driver.exe [11099032 2020-01-02] (Solid State System) [File not signed]
HKLM-x32\...\Run: [kissq] => C:\Users\Win7\AppData\Local\Temp\kissq.exe************* <==== ATTENTION
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\...\Run: [Opera Browser Assistant] => C:\Users\Win7\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3126296 2020-08-05] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\...\Run: [139058] => "C:\Users\Win7\AppData\Roaming\knr1gi53of2\ebkf1x55thk.exe" /VERYSILENT
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\...\Run: [8938928] => "C:\Users\Win7\AppData\Roaming\5tr54vcb15i\zkobakipqdh.exe" /VERYSILENT
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\...\MountPoints2: {0ecad849-e776-11e5-a4fd-806e6f6e6963} - E:\DVDSetup.exe
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{65122CB0-EA0F-47DF-A953-017170ED12F9}] -> "C:\Programi\UCBrowser\Application\5.6.11651.1013\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-05-04] (Adobe Inc. -> Adobe Systems, Inc.)
AppInit_DLLs: C:\ProgramData\Voyasollam\Biging.dll => No File
AppInit_DLLs-x32: C:\ProgramData\Voyasollam\Hotphase.dll => No File
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {107C016D-629A-4302-B979-F2AD1C16EED9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {1B10449C-6B0D-47B9-965D-29DAD87BBD03} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_403_pepper.exe [1471032 2020-07-15] (Adobe Inc. -> Adobe)
Task: {1C7E9971-3E6F-4632-87B9-57665A69716E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.)
Task: {254D8B93-B304-4680-BC33-38DD8E44CE1F} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2571704 2020-02-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {283A4B11-055A-459B-A283-D244DD3C0A1E} - System32\Tasks\{A576295E-AA17-4FA1-B2DE-DE0BE6156968} => C:\Windows\system32\pcalua.exe -a C:\Users\Win7\AppData\Local\Temp\jre-8u181-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {38B281F7-A2CA-40AD-8868-B23FAA098FA4} - System32\Tasks\{493C36DF-A38A-4CC1-B703-0A83249A546B} => C:\Windows\system32\pcalua.exe -a "D:\Igre\Battlefield 3™\__Installer\vc\vc2008sp1\redist\vcredist_x64.exe" -d "D:\Igre\Battlefield 3™\__Installer\vc\vc2008sp1\redist"
Task: {54E9D788-24A7-4876-A8F9-A7892A84B213} - System32\Tasks\SystemMaintanceService => C:\Users\Win7\AppData\Roaming\Tropico.5.v1.10.Inc.All.DLC.Eng.Repack\dsdgcj.exe
Task: {6F12F8DC-C22C-4E58-80A3-7CD11DEAD830} - System32\Tasks\update-S-1-5-21-4024489933-1853363021-3339780435-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {7BCE4BC4-A1FA-4D25-9496-1F7BD2F2B896} - System32\Tasks\Opera scheduled Autoupdate 1576022251 => C:\Users\Win7\AppData\Local\Programs\Opera\launcher.exe [1509400 2020-07-27] (Opera Software AS -> Opera Software)
Task: {81D520A2-BD1B-4CD3-A07C-42982FACC924} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {892E3B5F-7758-453A-BD73-7228BB9509E5} - System32\Tasks\sne => C:\ProgramData\Voyasollam\Voyasollam.exe <==== ATTENTION
Task: {98E25565-E035-46FF-9E5F-8DB8FDF71E79} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-15] (Adobe Inc. -> Adobe)
Task: {A6EB4D90-7F21-40A4-B45F-6B66121CD80E} - System32\Tasks\{B39A65C2-648C-43E0-AD55-18EF429E9036} => C:\Windows\system32\pcalua.exe -a "C:\Users\Win7\Downloads\Crysis repack Mr DJ\Redist\dxwesetup.exe" -d "C:\Users\Win7\Downloads\Crysis repack Mr DJ\Redist"
Task: {B8B6F546-0AA8-453C-BCF9-1961AE3C78B3} - System32\Tasks\{39EDDACF-08FF-4AA5-B603-3D0FEEA97C0D} => C:\Windows\system32\pcalua.exe -a C:\Users\Win7\Downloads\HeSuVi_2.0.0.1.exe -d C:\Users\Win7\Downloads
Task: {C5E0486E-16D3-4A04-B158-8B6062BC7E80} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_403_Plugin.exe [1475640 2020-07-15] (Adobe Inc. -> Adobe)
Task: {E06E2EFC-291D-43E0-8430-04FEFB0230ED} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1724928 2019-12-17] () [File not signed]
Task: {E213F134-C054-4D0A-BAC6-EF2EA72221EA} - System32\Tasks\Opera scheduled assistant Autoupdate 1581091594 => C:\Users\Win7\AppData\Local\Programs\Opera\launcher.exe [1509400 2020-07-27] (Opera Software AS -> Opera Software)
Task: {E3DEB627-844D-480F-A75B-F77F32D3622D} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-4024489933-1853363021-3339780435-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4024489933-1853363021-3339780435-1000] => http=127.0.0.1:8888
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0B7D66C4-A5D8-454B-B905-9E7D3A6BFC8A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DE7B5564-543C-4F20-9C5D-11A993C24EE2}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyue-huNy3D_z_hyQ5_ws3on33M-1y1sSa8n5tza4A0ZV5aBoh5wNk5UqEepsy02JcM8zWmAQQ0JmTgKpNGbnqfIRbvUWv5ScqItV8vREgPyhXKaKdQjbDm39D86a_iqNC2no9hAn075GUzFt9C6hAcR8Ams&q={searchTerms}
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyue-huNy3D_z_hyQ5_ws3on33M-1y1sSa8n5tza4A0ZV5aBoh5wNk5UqEepsy02JcM8zWmAQQ0JmTgKqCXp1f2rUhKWnErI6Ff9RyGBtTv5tFOKv5Et21NEWNVTahmGHdD7lrmLyoWQ43zspUzzPFLwg-X_
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope value is missing
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 523o2192.default
FF ProfilePath: C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default [2020-08-06]
FF DownloadDir: C:\Users\Win7\Downloads
FF Homepage: Mozilla\Firefox\Profiles\523o2192.default -> file:///C:/ProgramData/Voyasollam/ff.HP
FF NewTab: Mozilla\Firefox\Profiles\523o2192.default -> file:///C:/ProgramData/Voyasollam/ff.NT
FF NetworkProxy: Mozilla\Firefox\Profiles\523o2192.default -> type", 0
FF Extension: (YouTube without DASH Playback) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\@iywdplayback.xpi [2017-07-03] [Legacy]
FF Extension: (AdBlocker Ultimate) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\adblockultimate@adblockultimate.net.xpi [2020-07-18]
FF Extension: (TubeBuddy) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\e389d8c2-5554-4ba2-a36e-ac7a57093130@gmail.com.xpi [2020-08-04]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\elemhidehelper@adblockplus.org.xpi [2017-11-23] [Legacy]
FF Extension: (Enhancer for YouTube™) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2020-06-18]
FF Extension: (Tags for YouTube™) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\jid0-cBh0nRMLV5BY1dlp33s3g7dFXLY@jetpack.xpi [2020-06-30]
FF Extension: (YouTube Plus) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\particle@particlecore.github.io.xpi [2017-12-08]
FF Extension: (Restore Old Theme of YouTube) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\restore.old@youtube.now.xpi [2020-06-15]
FF Extension: (uBlock Origin) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\uBlock0@raymondhill.net.xpi [2020-07-24]
FF Extension: (YouTube Tags) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\{9d063afe-a167-4cf3-ad71-ed1204a2339f}.xpi [2020-07-19]
FF Extension: (Greasemonkey) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2019-06-13]
FF Extension: (YouTube Flash Video Player) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2018-01-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_403.dll [2020-07-15] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_403.dll [2020-07-15] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1235205.dll [2019-03-15] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Programi\VLC\npvlc.dll [2016-04-26] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2020-08-06]

Opera:
=======
OPR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Win7\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2020-05-10]
OPR Extension: (book_helper) - C:\Users\Win7\AppData\Roaming\Opera Software\Opera Stable\Extensions\ijcagmnfnfcbhbhnkabnakeikjcnflee [2020-08-06]
OPR Extension: (Install Chrome Extensions) - C:\Users\Win7\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-12-31]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"sqyjlgrh" => service was unlocked. <==== ATTENTION

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-15] (Adobe Inc. -> Adobe)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] (Giga-Byte Technology -> )
R2 AudioDeviceService; C:\Windows\system32\AudioDeviceService.exe [2746776 2020-01-02] (Solid State System Co., Ltd. -> SSS)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7002120 2020-03-23] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-02-07] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 FlexGridService; C:\ProgramData\FlexGridService\FlexGridService.exe [2230784 2020-08-06] (Bq_Soft) [File not signed] <==== ATTENTION
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 mracsvc; C:\Windows\System32\mracsvc.exe [18953880 2019-09-21] (Mail.Ru LLC -> LLC Mail.Ru)
S3 PAExec; C:\Windows\PAExec.exe [189112 2017-08-17] (Power Admin LLC -> Power Admin LLC)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-03-19] (Even Balance, Inc. -> )
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [30224 2019-07-04] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S2 sqyjlgrh; C:\Windows\SysWOW64\sqyjlgrh\enhmedyu.exe [11887616 2020-08-06] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-12-10] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 WindscribeService; C:\Programi\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 5F2F1FDC86F2; C:\Windows\5F2F1FDC86F2.sys [25368 2020-08-06] (大连纵梦网络科技有限公司 -> FsFilter Network) [File not signed]
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] (Giga-Byte Technology -> )
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [18189864 2019-09-21] (Mail.Ru LLC -> LLC Mail.Ru)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [309760 2019-06-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [120288 2019-06-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2017-03-01] (AnchorFree Inc -> Anchorfree Inc.)
S3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [35768 2019-12-13] (ProtonVPN AG -> The OpenVPN Project)
R3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
R3 UAExt; C:\Windows\System32\DRIVERS\UAExt.sys [162832 2020-01-02] (Solid State System Co., Ltd. -> Solid State System.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21584 2013-05-06] (Giga-Byte Technology -> )
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2018-11-18] (Vincent Burel -> Windows (R) Win 7 DDK provider)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2015-05-25] (Splitmedialabs Limited -> SplitmediaLabs Limited)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Housvnlru; \??\C:\Windows\system32\Housvnlru.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-06 12:59 - 2020-08-06 12:59 - 000025505 _____ C:\Users\Win7\Downloads\FRST.txt
2020-08-06 12:58 - 2020-08-06 12:59 - 000000000 ____D C:\FRST
2020-08-06 12:58 - 2020-08-06 12:58 - 002296320 _____ (Farbar) C:\Users\Win7\Downloads\FRST64.exe
2020-08-06 12:50 - 2020-08-06 12:59 - 000000004 _____ C:\ProgramData\rc.dat
2020-08-06 12:41 - 2020-08-06 12:41 - 008414384 _____ (Malwarebytes) C:\Users\Win7\Downloads\adwcleaner_8.0.7.exe
2020-08-06 12:24 - 2020-08-06 12:25 - 000003722 _____ C:\Windows\system32\Tasks\sne
2020-08-06 12:24 - 2020-08-06 12:24 - 000000000 ____D C:\Users\Win7\AppData\Local\app
2020-08-06 12:23 - 2020-08-06 12:28 - 000000000 ____D C:\Users\Win7\AppData\Roaming\5tr54vcb15i
2020-08-06 12:23 - 2020-08-06 12:23 - 000000000 ____D C:\Program Files\EWLR3JPR5K
2020-08-06 12:22 - 2020-08-06 12:58 - 000000004 _____ C:\ProgramData\lock.dat
2020-08-06 12:22 - 2020-08-06 12:55 - 000000032 _____ C:\ProgramData\irw.atsd
2020-08-06 12:22 - 2020-08-06 12:22 - 000000008 _____ C:\ProgramData\ts.dat
2020-08-06 12:21 - 2020-08-06 12:21 - 000000000 ____D C:\Users\Win7\AppData\Roaming\rzlcc5xlcwg
2020-08-06 12:21 - 2020-08-06 12:21 - 000000000 ____D C:\Program Files\OTQQFRLI3L
2020-08-06 12:19 - 2020-08-06 12:19 - 000001111 _____ C:\Users\Win7\_readme.txt
2020-08-06 12:19 - 2020-08-06 12:19 - 000001111 _____ C:\_readme.txt
2020-08-06 12:18 - 2020-08-06 12:18 - 001895384 _____ C:\Users\Win7\AppData\Local\AlphaString.bin
2020-08-06 12:17 - 2020-08-06 12:35 - 000000000 ____D C:\Users\Win7\AppData\Local\Lavasoft
2020-08-06 12:17 - 2020-08-06 12:35 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2020-08-06 12:17 - 2020-08-06 12:29 - 000000000 ____D C:\Users\Win7\AppData\Local\310886b8-eeb6-4149-a348-e95e18d6e0c2
2020-08-06 12:17 - 2020-08-06 12:27 - 000000000 ____D C:\Users\Win7\AppData\Roaming\knr1gi53of2
2020-08-06 12:17 - 2020-08-06 12:27 - 000000000 ____D C:\Program Files (x86)\CKls
2020-08-06 12:17 - 2020-08-06 12:23 - 000000000 ____D C:\Users\Win7\AppData\Local\ScrSnap
2020-08-06 12:17 - 2020-08-06 12:17 - 008614400 _____ C:\Users\Win7\AppData\Local\agent.dat
2020-08-06 12:17 - 2020-08-06 12:17 - 002174682 _____ C:\Users\Win7\AppData\Local\Ranjoytouch.tst
2020-08-06 12:17 - 2020-08-06 12:17 - 001134592 _____ C:\Users\Win7\AppData\Local\U-tamtough.exe
2020-08-06 12:17 - 2020-08-06 12:17 - 001134592 _____ C:\Users\Win7\AppData\Local\Ranjoytouch.exe
2020-08-06 12:17 - 2020-08-06 12:17 - 000141312 _____ C:\Users\Win7\AppData\Local\installer.dat
2020-08-06 12:17 - 2020-08-06 12:17 - 000126464 _____ C:\Users\Win7\AppData\Local\noah.dat
2020-08-06 12:17 - 2020-08-06 12:17 - 000126464 _____ C:\Users\Win7\AppData\Local\lobby.dat
2020-08-06 12:17 - 2020-08-06 12:17 - 000071712 _____ C:\Users\Win7\AppData\Local\Config.xml
2020-08-06 12:17 - 2020-08-06 12:17 - 000067945 _____ C:\Users\Win7\AppData\Local\U-tamtough.tst
2020-08-06 12:17 - 2020-08-06 12:17 - 000043520 _____ C:\Users\Win7\AppData\Local\ApplicationHosting.dat
2020-08-06 12:17 - 2020-08-06 12:17 - 000025368 _____ (FsFilter Network) C:\Windows\5F2F1FDC86F2.sys
2020-08-06 12:17 - 2020-08-06 12:17 - 000005568 _____ C:\Users\Win7\AppData\Local\md.xml
2020-08-06 12:17 - 2020-08-06 12:17 - 000000558 _____ C:\Users\Win7\AppData\Local\bowsakkdestx.txt
2020-08-06 12:17 - 2020-08-06 12:17 - 000000000 ____D C:\Windows\SysWOW64\sqyjlgrh
2020-08-06 12:17 - 2020-08-06 12:17 - 000000000 ____D C:\Users\Win7\AppData\Local\4040d079-f2eb-4944-8e54-1c7e0ee6c604
2020-08-06 12:17 - 2020-08-06 12:17 - 000000000 ____D C:\SystemID
2020-08-06 12:17 - 2020-08-06 12:17 - 000000000 ____D C:\ProgramData\MR02TGA9HNP8YZE3RLY6DN2HT
2020-08-06 12:17 - 2020-08-06 12:17 - 000000000 ____D C:\ProgramData\FlexGridService
2020-08-06 12:17 - 2020-08-06 12:17 - 000000000 ____D C:\Program Files\I8JQ12YVMS
2020-08-06 12:09 - 2020-08-06 12:09 - 000000000 ____D C:\Users\Win7\AppData\Roaming\FMRTE20
2020-08-06 12:08 - 2020-08-06 12:08 - 009462641 _____ (FMRTE ) C:\Users\Win7\Downloads\FMRTE.20.4.1.38-Setup.exe
2020-07-31 16:08 - 2020-07-31 16:08 - 000000000 ____D C:\Users\Win7\AppData\Roaming\NVIDIA
2020-07-30 19:16 - 2020-08-06 12:54 - 000000000 ____D C:\ProgramData\NVIDIA
2020-07-30 19:16 - 2020-07-30 19:16 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-07-30 19:16 - 2020-06-21 23:59 - 005490488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 002634728 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 001759032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 000991032 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 000195048 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 000122344 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 000083256 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2020-07-30 19:16 - 2020-06-20 08:22 - 009198787 _____ C:\Windows\system32\nvcoproc.bin
2020-07-30 19:15 - 2020-06-23 01:10 - 034750856 _____ (NVIDIA Corporation) C:\Windows\system32\nvrtum64.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 007976160 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler64.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 007090400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler32.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 001780952 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-07-30 19:15 - 2020-06-23 01:10 - 001780952 _____ C:\Windows\system32\vulkaninfo.exe
2020-07-30 19:15 - 2020-06-23 01:10 - 001371352 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-07-30 19:15 - 2020-06-23 01:10 - 001371352 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-07-30 19:15 - 2020-06-23 01:10 - 001086680 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 001086680 _____ C:\Windows\system32\vulkan-1.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000946392 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000946392 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000503176 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000449264 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000419040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000346336 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 124472032 _____ (NVIDIA Corporation) C:\Windows\system32\nvoptix.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 041621744 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 035518344 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl64.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 031007640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 030256008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl32.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 024180464 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2020-07-30 19:15 - 2020-06-23 01:09 - 001485040 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 001146264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000670616 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000555928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000427416 _____ C:\Windows\system32\nvofapi64.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000378264 _____ C:\Windows\SysWOW64\nvofapi.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000180976 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000166808 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000157936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000144792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 040572304 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler64.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 035440008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler32.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 020025744 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 017355496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 006241680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 005584784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 002075888 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 001722088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6445148.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 001568664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 001482984 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6445148.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 000672136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcbl64.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 000545688 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 000471792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 043292312 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 038306136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 024844744 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 020694448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 005295448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 004617448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2020-07-30 19:15 - 2020-06-22 02:44 - 001682368 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2020-07-30 19:15 - 2020-06-22 02:44 - 000222112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2020-07-30 19:15 - 2020-06-22 02:44 - 000054543 _____ C:\Windows\system32\nvinfo.pb
2020-07-30 19:15 - 2020-06-22 02:44 - 000039824 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2020-07-30 19:15 - 2020-06-22 02:44 - 000000671 _____ C:\Windows\SysWOW64\nv-vk32.json
2020-07-30 19:15 - 2020-06-22 02:44 - 000000671 _____ C:\Windows\system32\nv-vk64.json
2020-07-30 19:11 - 2020-08-06 12:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-07-25 20:57 - 2020-07-25 20:57 - 000000733 _____ C:\Users\Public\Desktop\FM Genie Scout 20.lnk
2020-07-25 20:57 - 2020-07-25 20:57 - 000000733 _____ C:\ProgramData\Desktop\FM Genie Scout 20.lnk
2020-07-25 20:57 - 2020-07-25 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Genie Scout 20
2020-07-25 20:56 - 2020-03-27 12:02 - 010297262 _____ ( ) C:\Users\Win7\Downloads\genie20_setup_20.4.1_b1025.exe
2020-07-24 02:19 - 2020-08-03 15:23 - 000000081 _____ C:\Users\Win7\AppData\Local\.bidstack.fault
2020-07-21 22:09 - 2019-11-05 07:48 - 000000000 ____D C:\Users\Win7\Desktop\FM2020 Licensing and Real Name Fix File v2.3
2020-07-17 15:22 - 2020-07-17 15:22 - 000001124 _____ C:\Users\Win7\Desktop\Play Football Manager 2020.lnk
2020-07-15 05:17 - 2020-07-15 18:17 - 008774200 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-06 12:55 - 2016-11-18 17:52 - 000000000 ____D C:\Users\Win7\AppData\LocalLow\Mozilla
2020-08-06 12:54 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-08-06 12:53 - 2016-03-11 12:50 - 000001459 _____ C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2020-08-06 12:48 - 2016-05-04 22:53 - 000000386 _____ C:\Windows\Tasks\update-sys.job
2020-08-06 12:47 - 2016-03-11 13:45 - 000000000 ____D C:\Program Files\ESET
2020-08-06 12:47 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-08-06 12:45 - 2009-07-14 06:45 - 000020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-08-06 12:45 - 2009-07-14 06:45 - 000020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-08-06 12:44 - 2009-07-14 07:13 - 000789866 _____ C:\Windows\system32\PerfStringBackup.INI
2020-08-06 12:19 - 2019-01-23 00:04 - 000000000 ____D C:\CPY_SAVES
2020-08-06 12:19 - 2018-12-09 04:34 - 000000000 ____D C:\tmp
2020-08-06 12:19 - 2017-04-07 16:14 - 000000000 ____D C:\temp
2020-08-06 12:19 - 2016-06-04 17:04 - 000000000 ____D C:\IExp1.tmp
2020-08-06 12:19 - 2016-06-04 17:04 - 000000000 ____D C:\IExp0.tmp
2020-08-06 12:19 - 2016-03-13 22:28 - 000000000 ____D C:\Programi)
2020-08-06 12:19 - 2016-03-11 16:19 - 000000000 ____D C:\Programi
2020-08-06 12:19 - 2016-03-11 12:49 - 000000000 ____D C:\Users\Win7
2020-08-06 10:43 - 2016-05-04 22:53 - 000000386 _____ C:\Windows\Tasks\update-S-1-5-21-4024489933-1853363021-3339780435-1000.job
2020-08-05 15:50 - 2019-10-03 16:12 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-08-05 15:50 - 2019-10-03 16:12 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-08-05 15:08 - 2020-02-07 18:06 - 000004276 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1581091594
2020-08-04 16:34 - 2019-05-23 00:44 - 000000799 _____ C:\Users\Public\Desktop\PotPlayer 64 bit.lnk
2020-08-04 16:34 - 2019-05-23 00:44 - 000000799 _____ C:\ProgramData\Desktop\PotPlayer 64 bit.lnk
2020-08-04 15:20 - 2016-03-14 02:09 - 000000000 ____D C:\Users\Win7\AppData\Local\CrashDumps
2020-08-02 02:34 - 2016-03-11 13:37 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-08-02 01:34 - 2020-02-28 19:33 - 000000000 ____D C:\Users\Win7\AppData\LocalLow\BitTorrent
2020-08-02 01:34 - 2016-03-11 17:32 - 000000000 ____D C:\Users\Win7\AppData\Roaming\BitTorrent
2020-07-31 15:06 - 2016-04-24 16:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-07-30 19:16 - 2018-12-01 13:47 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-07-30 19:16 - 2018-02-18 18:25 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2020-07-30 19:16 - 2017-10-14 22:37 - 000000000 ____D C:\Users\Win7\AppData\Local\NVIDIA
2020-07-30 19:16 - 2017-10-14 22:36 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-07-30 19:14 - 2009-07-14 07:08 - 000032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-07-29 10:35 - 2019-12-11 01:57 - 000004044 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1576022251
2020-07-26 11:39 - 2016-03-11 13:12 - 000794080 _____ C:\Users\Win7\AppData\Local\GDIPFONTCACHEV1.DAT
2020-07-26 11:38 - 2009-07-14 06:45 - 006853760 _____ C:\Windows\system32\FNTCACHE.DAT
2020-07-17 09:44 - 2020-02-08 14:24 - 000000000 ____D C:\Users\Win7\Downloads\opera autoupdate
2020-07-15 18:17 - 2020-03-22 16:17 - 000004428 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-07-15 18:17 - 2020-03-22 15:36 - 000004282 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-07-15 18:17 - 2020-03-22 15:36 - 000000000 ____D C:\Windows\system32\Macromed
2020-07-15 18:17 - 2019-10-17 17:08 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-07-15 18:17 - 2019-10-17 17:08 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-07-15 05:17 - 2020-03-22 15:36 - 000004416 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-07-09 21:54 - 2016-06-27 14:00 - 000000000 ____D C:\Users\Win7\AppData\Local\ElevatedDiagnostics
2020-07-09 21:54 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
2020-07-07 15:25 - 2016-04-06 08:16 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-07-07 15:25 - 2016-03-11 14:21 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories ========

2019-12-16 11:58 - 2019-12-18 17:40 - 000056320 _____ (SSS) C:\ProgramData\FinalDeleteFile.exe
2020-08-06 12:22 - 2020-08-06 12:58 - 000000004 _____ () C:\ProgramData\lock.dat
2020-08-06 12:50 - 2020-08-06 12:59 - 000000004 _____ () C:\ProgramData\rc.dat
2020-08-06 12:22 - 2020-08-06 12:22 - 000000008 _____ () C:\ProgramData\ts.dat
2017-04-28 01:56 - 2020-01-14 03:29 - 000000034 _____ () C:\Users\Win7\AppData\Roaming\AdobeWLCMCache.dat
2018-09-14 12:16 - 2018-09-14 12:17 - 000000025 ____H () C:\Users\Win7\AppData\Roaming\uninst48.log
2018-11-18 01:27 - 2018-12-27 22:44 - 000004592 _____ () C:\Users\Win7\AppData\Roaming\VoiceMeeterDefault.xml
2020-07-24 02:19 - 2020-08-03 15:23 - 000000081 _____ () C:\Users\Win7\AppData\Local\.bidstack.fault
2016-10-05 00:03 - 2017-10-14 00:24 - 000001456 _____ () C:\Users\Win7\AppData\Local\Adobe Save for Web 13.0 Prefs
2020-08-06 12:17 - 2020-08-06 12:17 - 008614400 _____ () C:\Users\Win7\AppData\Local\agent.dat
2020-08-06 12:18 - 2020-08-06 12:18 - 001895384 _____ () C:\Users\Win7\AppData\Local\AlphaString.bin
2020-08-06 12:17 - 2020-08-06 12:17 - 000043520 _____ () C:\Users\Win7\AppData\Local\ApplicationHosting.dat
2020-08-06 12:17 - 2020-08-06 12:17 - 000000558 _____ () C:\Users\Win7\AppData\Local\bowsakkdestx.txt
2020-08-06 12:17 - 2020-08-06 12:17 - 000071712 _____ () C:\Users\Win7\AppData\Local\Config.xml
2020-08-06 12:17 - 2020-08-06 12:17 - 000141312 _____ () C:\Users\Win7\AppData\Local\installer.dat
2020-08-06 12:17 - 2020-08-06 12:17 - 000126464 _____ () C:\Users\Win7\AppData\Local\lobby.dat
2019-10-12 01:09 - 2019-10-12 01:09 - 000000000 ___SH () C:\Users\Win7\AppData\Local\LumaEmu
2020-08-06 12:17 - 2020-08-06 12:17 - 000005568 _____ () C:\Users\Win7\AppData\Local\md.xml
2020-08-06 12:17 - 2020-08-06 12:17 - 000126464 _____ () C:\Users\Win7\AppData\Local\noah.dat
2018-09-27 18:00 - 2018-09-27 18:00 - 000000000 _____ () C:\Users\Win7\AppData\Local\oobelibMkey.log
2020-08-06 12:17 - 2020-08-06 12:17 - 001134592 _____ () C:\Users\Win7\AppData\Local\Ranjoytouch.exe
2020-08-06 12:17 - 2020-08-06 12:17 - 002174682 _____ () C:\Users\Win7\AppData\Local\Ranjoytouch.tst
2020-04-29 15:57 - 2020-04-29 15:57 - 000000871 _____ () C:\Users\Win7\AppData\Local\recently-used.xbel
2016-06-14 18:07 - 2019-11-08 02:35 - 000007619 _____ () C:\Users\Win7\AppData\Local\Resmon.ResmonCfg
2020-08-06 12:17 - 2020-08-06 12:17 - 001134592 _____ () C:\Users\Win7\AppData\Local\U-tamtough.exe
2020-08-06 12:17 - 2020-08-06 12:17 - 000067945 _____ () C:\Users\Win7\AppData\Local\U-tamtough.tst
2018-09-14 12:16 - 2018-09-14 12:17 - 000000025 ____H () C:\Users\Win7\AppData\Local\uninst37.log
2016-05-04 22:53 - 2016-05-04 22:53 - 000000003 _____ () C:\Users\Win7\AppData\Local\updater.log
2016-05-04 22:53 - 2016-05-04 23:08 - 000000059 _____ () C:\Users\Win7\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2016-03-11 12:49] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 05:24] - [2016-03-11 12:49] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE


LastRegBack: 2020-08-06 10:01
==================== End of FRST.txt ========================
Dopuna: 06 Avg 2020 16:22

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8616
  • Gde živiš: Novi Beograd

Zdravo,

samo skidaj krekove, ransomware ces fasovati brzo.

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
HKLM-x32\...\Run: [kissq] => C:\Users\Win7\AppData\Local\Temp\kissq.exe************* <==== ATTENTION
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\...\Run: [139058] => "C:\Users\Win7\AppData\Roaming\knr1gi53of2\ebkf1x55thk.exe" /VERYSILENT
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\...\Run: [8938928] => "C:\Users\Win7\AppData\Roaming\5tr54vcb15i\zkobakipqdh.exe" /VERYSILENT
AppInit_DLLs: C:\ProgramData\Voyasollam\Biging.dll => No File
AppInit_DLLs-x32: C:\ProgramData\Voyasollam\Hotphase.dll => No File
GroupPolicy: Restriction ? <==== ATTENTION
Task: {283A4B11-055A-459B-A283-D244DD3C0A1E} - System32\Tasks\{A576295E-AA17-4FA1-B2DE-DE0BE6156968} => C:\Windows\system32\pcalua.exe -a C:\Users\Win7\AppData\Local\Temp\jre-8u181-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {892E3B5F-7758-453A-BD73-7228BB9509E5} - System32\Tasks\sne => C:\ProgramData\Voyasollam\Voyasollam.exe <==== ATTENTION
R2 FlexGridService; C:\ProgramData\FlexGridService\FlexGridService.exe [2230784 2020-08-06] (Bq_Soft) [File not signed] <==== ATTENTION
S2 sqyjlgrh; C:\Windows\SysWOW64\sqyjlgrh\enhmedyu.exe [11887616 2020-08-06] () [File not signed]
R1 5F2F1FDC86F2; C:\Windows\5F2F1FDC86F2.sys [25368 2020-08-06] (大连纵梦网络科技有限公司 -> FsFilter Network) [File not signed]
C:\Users\Win7\AppData\Roaming\rzlcc5xlcwg
C:\Program Files\OTQQFRLI3L
C:\Program Files (x86)\CKls
C:\Users\Win7\AppData\Local\ScrSnap
C:\Users\Win7\AppData\Local\agent.dat
C:\Users\Win7\AppData\Local\Ranjoytouch.tst
C:\Users\Win7\AppData\Local\U-tamtough.exe
C:\Users\Win7\AppData\Local\Ranjoytouch.exe
C:\Users\Win7\AppData\Local\installer.dat
C:\Users\Win7\AppData\Local\noah.dat
C:\Users\Win7\AppData\Local\lobby.dat
C:\Users\Win7\AppData\Local\Config.xml
C:\Users\Win7\AppData\Local\U-tamtough.tst
C:\Users\Win7\AppData\Local\ApplicationHosting.dat
C:\Windows\5F2F1FDC86F2.sys
C:\Users\Win7\AppData\Local\md.xml
C:\Users\Win7\AppData\Local\bowsakkdestx.txt
C:\Windows\SysWOW64\sqyjlgrh
C:\Users\Win7\AppData\Local\4040d079-f2eb-4944-8e54-1c7e0ee6c604
C:\SystemID
C:\ProgramData\MR02TGA9HNP8YZE3RLY6DN2HT
C:\ProgramData\FlexGridService
C:\Program Files\I8JQ12YVMS
C:\ProgramData\FlexGridService
C:\Users\Win7\AppData\Roaming\5tr54vcb15i
C:\Users\Win7\AppData\Roaming\knr1gi53of2
C:\ProgramData\Voyasollam
C:\Windows\SysWOW64\sqyjlgrh
FF Homepage: Mozilla\Firefox\Profiles\523o2192.default -> file:///C:/ProgramData/Voyasollam/ff.HP
FF NewTab: Mozilla\Firefox\Profiles\523o2192.default -> file:///C:/ProgramData/Voyasollam/ff.NT
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 28 Okt 2014
  • Poruke: 162

Pozz Helen1

I jeste bio ransomware, koji tip to ne znam. Posle same instalacije ovog smeca na moj PC, bilo je par nekih programa koje sam odmah dok je ESET informisao da mi je PC pun trojanaca, izbrisao uz pomoc Revo uninstalera us pomoc advance opcije. Posle toga sam uklonio ESET sa PC-a, zatim koristio adwcleaner da pronadje nametnike i uspio je naci nekih 40 koje je kao navodno uklonio, ali na zalost to je bilo samo kao maska za moje oci, posle toga ponovo sam pokrenuo isti i pronadje 2 PUP programa koja sam prikazao na slici, nakon toga CPU mi je poceo u idle modu da gubi 50% resursa odnosno nije prikazivao da ga nesto koristi ni jedan proces, te se dizala temperatura na skoro 60 stepeni u idle modu, tako sam znao da se vjerovatno u pozadini jos nesto krije. Onda sam instalirao full malwerbite verziju te pokrenuo skeniranje, i na moje iznenadjenje pronadje vise od 70 nametnika koje je najzad uspjesno uklonio. Posle sam primijetio na pojedinim dijelovima diska da su mi neki fajlovi kriptovani, i iste sam uklonio, ne bas sve ali vecinu. Ne vjerujem da se oni mogu vratiti nazad.

Sada sam uradio novi izvjestaj pa ako mozes pogledaj prije nego sto uradim bilo sta. Da te obavijestim jos uvijek nisam koristio ovaj text koji si mi rekao da kopiram, uradit cu ako ipak treba, ali najprije da vidimo posle ovog izvjestaja dali ima potrebe za time ili ne. Ili sada treba nesto drugo odraditi posle ovog izvjestaja.

Unaprijed hvala.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-08-2020
Ran by Win7 (administrator) on WIN7-PC (Gigabyte Technology Co., Ltd. P85-D3) (09-08-2020 01:53:44)
Running from C:\Users\Win7\Downloads
Loaded Profiles: Win7
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <7>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Solid State System Co., Ltd. -> SSS) C:\Windows\System32\AudioDeviceService.exe
(Windscribe Limited -> Windscribe Limited) C:\Programi\Windscribe\WindscribeService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [176472 2019-07-04] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [D3DOverrider] => "C:\Users\Win7\Downloads\PES2017 NO LAG\D3DOverrider\D3DOverriderWrapper.exe" /s
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [MARVO HG9055 Driver] => C:\Program Files (x86)\MARVO HG9055 Driver\MARVO HG9055 Driver.exe [11099032 2020-01-02] (Solid State System) [File not signed]
HKLM-x32\...\Run: [kissq] => C:\Users\Win7\AppData\Local\Temp\kissq.exe************* <==== ATTENTION
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\...\Run: [Opera Browser Assistant] => C:\Users\Win7\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3126296 2020-08-05] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\...\MountPoints2: {0ecad849-e776-11e5-a4fd-806e6f6e6963} - E:\DVDSetup.exe
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{65122CB0-EA0F-47DF-A953-017170ED12F9}] -> "C:\Programi\UCBrowser\Application\5.6.11651.1013\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-05-04] (Adobe Inc. -> Adobe Systems, Inc.)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {107C016D-629A-4302-B979-F2AD1C16EED9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {1B10449C-6B0D-47B9-965D-29DAD87BBD03} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_403_pepper.exe [1471032 2020-07-15] (Adobe Inc. -> Adobe)
Task: {1C7E9971-3E6F-4632-87B9-57665A69716E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.)
Task: {254D8B93-B304-4680-BC33-38DD8E44CE1F} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2571704 2020-02-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {283A4B11-055A-459B-A283-D244DD3C0A1E} - System32\Tasks\{A576295E-AA17-4FA1-B2DE-DE0BE6156968} => C:\Windows\system32\pcalua.exe -a C:\Users\Win7\AppData\Local\Temp\jre-8u181-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {38B281F7-A2CA-40AD-8868-B23FAA098FA4} - System32\Tasks\{493C36DF-A38A-4CC1-B703-0A83249A546B} => C:\Windows\system32\pcalua.exe -a "D:\Igre\Battlefield 3™\__Installer\vc\vc2008sp1\redist\vcredist_x64.exe" -d "D:\Igre\Battlefield 3™\__Installer\vc\vc2008sp1\redist"
Task: {6F12F8DC-C22C-4E58-80A3-7CD11DEAD830} - System32\Tasks\update-S-1-5-21-4024489933-1853363021-3339780435-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {7BCE4BC4-A1FA-4D25-9496-1F7BD2F2B896} - System32\Tasks\Opera scheduled Autoupdate 1576022251 => C:\Users\Win7\AppData\Local\Programs\Opera\launcher.exe [1509400 2020-07-27] (Opera Software AS -> Opera Software)
Task: {81D520A2-BD1B-4CD3-A07C-42982FACC924} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {892E3B5F-7758-453A-BD73-7228BB9509E5} - System32\Tasks\sne => C:\ProgramData\Voyasollam\Voyasollam.exe <==== ATTENTION
Task: {98E25565-E035-46FF-9E5F-8DB8FDF71E79} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-15] (Adobe Inc. -> Adobe)
Task: {A6EB4D90-7F21-40A4-B45F-6B66121CD80E} - System32\Tasks\{B39A65C2-648C-43E0-AD55-18EF429E9036} => C:\Windows\system32\pcalua.exe -a "C:\Users\Win7\Downloads\Crysis repack Mr DJ\Redist\dxwesetup.exe" -d "C:\Users\Win7\Downloads\Crysis repack Mr DJ\Redist"
Task: {B8B6F546-0AA8-453C-BCF9-1961AE3C78B3} - System32\Tasks\{39EDDACF-08FF-4AA5-B603-3D0FEEA97C0D} => C:\Windows\system32\pcalua.exe -a C:\Users\Win7\Downloads\HeSuVi_2.0.0.1.exe -d C:\Users\Win7\Downloads
Task: {C5E0486E-16D3-4A04-B158-8B6062BC7E80} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_403_Plugin.exe [1475640 2020-07-15] (Adobe Inc. -> Adobe)
Task: {E06E2EFC-291D-43E0-8430-04FEFB0230ED} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1724928 2019-12-17] () [File not signed]
Task: {E213F134-C054-4D0A-BAC6-EF2EA72221EA} - System32\Tasks\Opera scheduled assistant Autoupdate 1581091594 => C:\Users\Win7\AppData\Local\Programs\Opera\launcher.exe [1509400 2020-07-27] (Opera Software AS -> Opera Software)
Task: {E3DEB627-844D-480F-A75B-F77F32D3622D} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-4024489933-1853363021-3339780435-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4024489933-1853363021-3339780435-1000] => http=127.0.0.1:8888
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0B7D66C4-A5D8-454B-B905-9E7D3A6BFC8A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DE7B5564-543C-4F20-9C5D-11A993C24EE2}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope value is missing
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 523o2192.default
FF ProfilePath: C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default [2020-08-09]
FF Homepage: Mozilla\Firefox\Profiles\523o2192.default -> hxxps://www.google.ba/
FF Extension: (AdBlocker Ultimate) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\adblockultimate@adblockultimate.net.xpi [2020-07-18]
FF Extension: (Firefox Homepage) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\cehomepage@mozillaonline.com.xpi [2020-08-06] [UpdateUrl:hxxps://addons.firefox.com.cn/chinaedition/addons/updates.json?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%&currentAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%]
FF Extension: (Addons Manager) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\cpmanager@mozillaonline.com.xpi [2020-08-06] [UpdateUrl:hxxps://addons.firefox.com.cn/chinaedition/addons/updates.json?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%&currentAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%]
FF Extension: (TubeBuddy) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\e389d8c2-5554-4ba2-a36e-ac7a57093130@gmail.com.xpi [2020-08-09]
FF Extension: (Enhancer for YouTube™) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2020-06-18]
FF Extension: (Tags for YouTube™) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\jid0-cBh0nRMLV5BY1dlp33s3g7dFXLY@jetpack.xpi [2020-06-30]
FF Extension: (YouTube Plus) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\particle@particlecore.github.io.xpi [2017-12-08]
FF Extension: (Restore Old Theme of YouTube) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\restore.old@youtube.now.xpi [2020-06-15]
FF Extension: (uBlock Origin) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\uBlock0@raymondhill.net.xpi [2020-07-24]
FF Extension: (YouTube™ Stop Buffer) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\{545bf194-8006-4166-9732-375f517e35fb}.xpi [2020-08-06]
FF Extension: (YouTube Tags) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\{9d063afe-a167-4cf3-ad71-ed1204a2339f}.xpi [2020-08-09]
FF Extension: (Greasemonkey) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2019-06-13]
FF Extension: (YouTube Flash Video Player) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2018-01-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_403.dll [2020-07-15] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_403.dll [2020-07-15] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1235205.dll [2019-03-15] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Programi\VLC\npvlc.dll [2016-04-26] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2020-08-06]

Opera:
=======
OPR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Win7\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2020-05-10]
OPR Extension: (Install Chrome Extensions) - C:\Users\Win7\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-12-31]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-15] (Adobe Inc. -> Adobe)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] (Giga-Byte Technology -> )
R2 AudioDeviceService; C:\Windows\system32\AudioDeviceService.exe [2746776 2020-01-02] (Solid State System Co., Ltd. -> SSS)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7002120 2020-03-23] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-02-07] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6970968 2020-08-06] (Malwarebytes Inc -> Malwarebytes)
S3 mracsvc; C:\Windows\System32\mracsvc.exe [18953880 2019-09-21] (Mail.Ru LLC -> LLC Mail.Ru)
S3 PAExec; C:\Windows\PAExec.exe [189112 2017-08-17] (Power Admin LLC -> Power Admin LLC)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-03-19] (Even Balance, Inc. -> )
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [30224 2019-07-04] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-12-10] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 WindscribeService; C:\Programi\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 5F2F1FDC86F2; C:\Windows\5F2F1FDC86F2.sys [25368 2020-08-06] (大连纵梦网络科技有限公司 -> FsFilter Network) [File not signed]
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] (Giga-Byte Technology -> )
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-08-06] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [216056 2020-08-08] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [196456 2020-08-08] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73368 2020-08-08] (Malwarebytes Inc -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-08-06] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [120432 2020-08-08] (Malwarebytes Inc -> Malwarebytes)
S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [18189864 2019-09-21] (Mail.Ru LLC -> LLC Mail.Ru)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [309760 2019-06-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [120288 2019-06-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2017-03-01] (AnchorFree Inc -> Anchorfree Inc.)
S3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [35768 2019-12-13] (ProtonVPN AG -> The OpenVPN Project)
R3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
R3 UAExt; C:\Windows\System32\DRIVERS\UAExt.sys [162832 2020-01-02] (Solid State System Co., Ltd. -> Solid State System.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21584 2013-05-06] (Giga-Byte Technology -> )
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2018-11-18] (Vincent Burel -> Windows (R) Win 7 DDK provider)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2015-05-25] (Splitmedialabs Limited -> SplitmediaLabs Limited)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Housvnlru; \??\C:\Windows\system32\Housvnlru.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-09 01:53 - 2020-08-09 01:54 - 000024312 _____ C:\Users\Win7\Downloads\FRST.txt
2020-08-09 01:53 - 2020-08-09 01:53 - 000000000 ____D C:\Users\Win7\Downloads\FRST-OlderVersion
2020-08-08 18:31 - 2020-08-08 19:09 - 000000000 ____D C:\Users\Win7\AppData\LocalLow\IGDump
2020-08-08 18:31 - 2020-08-08 18:31 - 000073368 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-08-08 18:30 - 2020-08-08 18:30 - 000216056 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-08-08 18:30 - 2020-08-08 18:30 - 000196456 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-08-08 18:30 - 2020-08-08 18:30 - 000120432 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-08-06 18:48 - 2020-08-06 18:48 - 000000000 ____D C:\Users\Win7\AppData\Local\Targem
2020-08-06 17:39 - 2020-08-06 17:39 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-08-06 17:39 - 2020-08-06 17:39 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-08-06 17:39 - 2020-08-06 17:39 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-08-06 17:39 - 2020-08-06 17:39 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-08-06 17:39 - 2020-08-06 17:39 - 000000000 ____D C:\Users\Win7\AppData\Local\mbam
2020-08-06 17:39 - 2020-08-06 17:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-08-06 17:38 - 2020-08-06 17:38 - 000000000 ____D C:\Program Files\Malwarebytes
2020-08-06 13:45 - 2020-08-06 13:45 - 000000209 _____ C:\Users\Win7\Desktop\Star Conflict.url
2020-08-06 13:44 - 2020-08-06 13:44 - 000000209 _____ C:\Users\Win7\Desktop\Hired Ops.url
2020-08-06 13:32 - 2020-08-06 13:32 - 000000000 ____D C:\Users\Win7\AppData\Local\Steam
2020-08-06 13:31 - 2020-08-06 13:31 - 000000625 _____ C:\Users\Public\Desktop\Steam.lnk
2020-08-06 13:31 - 2020-08-06 13:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2020-08-06 13:26 - 2020-08-06 13:26 - 001573568 _____ C:\Users\Win7\Downloads\SteamSetup.exe
2020-08-06 12:58 - 2020-08-09 01:53 - 002296320 _____ (Farbar) C:\Users\Win7\Downloads\FRST64.exe
2020-08-06 12:58 - 2020-08-09 01:53 - 000000000 ____D C:\FRST
2020-08-06 12:50 - 2020-08-06 17:57 - 000000004 _____ C:\ProgramData\rc.dat
2020-08-06 12:41 - 2020-08-06 12:41 - 008414384 _____ (Malwarebytes) C:\Users\Win7\Downloads\adwcleaner_8.0.7.exe
2020-08-06 12:24 - 2020-08-06 12:25 - 000003722 _____ C:\Windows\system32\Tasks\sne
2020-08-06 12:24 - 2020-08-06 12:24 - 000000000 ____D C:\Users\Win7\AppData\Local\app
2020-08-06 12:23 - 2020-08-06 12:28 - 000000000 ____D C:\Users\Win7\AppData\Roaming\5tr54vcb15i
2020-08-06 12:23 - 2020-08-06 12:23 - 000000000 ____D C:\Program Files\EWLR3JPR5K
2020-08-06 12:22 - 2020-08-06 17:51 - 000000004 _____ C:\ProgramData\lock.dat
2020-08-06 12:22 - 2020-08-06 17:39 - 000000048 _____ C:\ProgramData\irw.atsd
2020-08-06 12:22 - 2020-08-06 12:22 - 000000008 _____ C:\ProgramData\ts.dat
2020-08-06 12:21 - 2020-08-06 17:57 - 000000000 ____D C:\Users\Win7\AppData\Roaming\rzlcc5xlcwg
2020-08-06 12:21 - 2020-08-06 12:21 - 000000000 ____D C:\Program Files\OTQQFRLI3L
2020-08-06 12:17 - 2020-08-06 17:57 - 000000000 ____D C:\Windows\SysWOW64\sqyjlgrh
2020-08-06 12:17 - 2020-08-06 12:35 - 000000000 ____D C:\Users\Win7\AppData\Local\Lavasoft
2020-08-06 12:17 - 2020-08-06 12:35 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2020-08-06 12:17 - 2020-08-06 12:29 - 000000000 ____D C:\Users\Win7\AppData\Local\310886b8-eeb6-4149-a348-e95e18d6e0c2
2020-08-06 12:17 - 2020-08-06 12:27 - 000000000 ____D C:\Users\Win7\AppData\Roaming\knr1gi53of2
2020-08-06 12:17 - 2020-08-06 12:27 - 000000000 ____D C:\Program Files (x86)\CKls
2020-08-06 12:17 - 2020-08-06 12:23 - 000000000 ____D C:\Users\Win7\AppData\Local\ScrSnap
2020-08-06 12:17 - 2020-08-06 12:17 - 000025368 _____ (FsFilter Network) C:\Windows\5F2F1FDC86F2.sys
2020-08-06 12:17 - 2020-08-06 12:17 - 000000558 _____ C:\Users\Win7\AppData\Local\bowsakkdestx.txt
2020-08-06 12:17 - 2020-08-06 12:17 - 000000000 ____D C:\Users\Win7\AppData\Local\4040d079-f2eb-4944-8e54-1c7e0ee6c604
2020-08-06 12:17 - 2020-08-06 12:17 - 000000000 ____D C:\SystemID
2020-08-06 12:17 - 2020-08-06 12:17 - 000000000 ____D C:\ProgramData\MR02TGA9HNP8YZE3RLY6DN2HT
2020-08-06 12:17 - 2020-08-06 12:17 - 000000000 ____D C:\Program Files\I8JQ12YVMS
2020-08-06 12:09 - 2020-08-06 12:09 - 000000000 ____D C:\Users\Win7\AppData\Roaming\FMRTE20
2020-08-06 12:08 - 2020-08-06 12:08 - 009462641 _____ (FMRTE ) C:\Users\Win7\Downloads\FMRTE.20.4.1.38-Setup.exe
2020-07-31 16:08 - 2020-07-31 16:08 - 000000000 ____D C:\Users\Win7\AppData\Roaming\NVIDIA
2020-07-30 19:16 - 2020-08-08 18:31 - 000000000 ____D C:\ProgramData\NVIDIA
2020-07-30 19:16 - 2020-07-30 19:16 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-07-30 19:16 - 2020-06-21 23:59 - 005490488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 002634728 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 001759032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 000991032 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 000195048 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 000122344 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 000083256 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2020-07-30 19:16 - 2020-06-20 08:22 - 009198787 _____ C:\Windows\system32\nvcoproc.bin
2020-07-30 19:15 - 2020-06-23 01:10 - 034750856 _____ (NVIDIA Corporation) C:\Windows\system32\nvrtum64.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 007976160 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler64.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 007090400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler32.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 001780952 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-07-30 19:15 - 2020-06-23 01:10 - 001780952 _____ C:\Windows\system32\vulkaninfo.exe
2020-07-30 19:15 - 2020-06-23 01:10 - 001371352 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-07-30 19:15 - 2020-06-23 01:10 - 001371352 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-07-30 19:15 - 2020-06-23 01:10 - 001086680 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 001086680 _____ C:\Windows\system32\vulkan-1.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000946392 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000946392 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000503176 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000449264 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000419040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000346336 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 124472032 _____ (NVIDIA Corporation) C:\Windows\system32\nvoptix.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 041621744 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 035518344 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl64.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 031007640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 030256008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl32.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 024180464 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2020-07-30 19:15 - 2020-06-23 01:09 - 001485040 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 001146264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000670616 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000555928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000427416 _____ C:\Windows\system32\nvofapi64.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000378264 _____ C:\Windows\SysWOW64\nvofapi.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000180976 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000166808 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000157936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000144792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 040572304 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler64.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 035440008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler32.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 020025744 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 017355496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 006241680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 005584784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 002075888 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 001722088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6445148.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 001568664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 001482984 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6445148.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 000672136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcbl64.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 000545688 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 000471792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 043292312 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 038306136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 024844744 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 020694448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 005295448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 004617448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2020-07-30 19:15 - 2020-06-22 02:44 - 001682368 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2020-07-30 19:15 - 2020-06-22 02:44 - 000222112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2020-07-30 19:15 - 2020-06-22 02:44 - 000054543 _____ C:\Windows\system32\nvinfo.pb
2020-07-30 19:15 - 2020-06-22 02:44 - 000039824 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2020-07-30 19:15 - 2020-06-22 02:44 - 000000671 _____ C:\Windows\SysWOW64\nv-vk32.json
2020-07-30 19:15 - 2020-06-22 02:44 - 000000671 _____ C:\Windows\system32\nv-vk64.json
2020-07-30 19:11 - 2020-08-06 13:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-07-25 20:57 - 2020-07-25 20:57 - 000000733 _____ C:\Users\Public\Desktop\FM Genie Scout 20.lnk
2020-07-25 20:57 - 2020-07-25 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Genie Scout 20
2020-07-25 20:56 - 2020-03-27 12:02 - 010297262 _____ ( ) C:\Users\Win7\Downloads\genie20_setup_20.4.1_b1025.exe
2020-07-24 02:19 - 2020-08-03 15:23 - 000000081 _____ C:\Users\Win7\AppData\Local\.bidstack.fault
2020-07-17 15:22 - 2020-07-17 15:22 - 000001124 _____ C:\Users\Win7\Desktop\Play Football Manager 2020.lnk
2020-07-15 05:17 - 2020-07-15 18:17 - 008774200 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-09 01:34 - 2016-03-11 13:37 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-08-09 01:33 - 2016-11-18 17:52 - 000000000 ____D C:\Users\Win7\AppData\LocalLow\Mozilla
2020-08-09 00:48 - 2016-05-04 22:53 - 000000386 _____ C:\Windows\Tasks\update-sys.job
2020-08-08 22:43 - 2016-05-04 22:53 - 000000386 _____ C:\Windows\Tasks\update-S-1-5-21-4024489933-1853363021-3339780435-1000.job
2020-08-08 18:36 - 2009-07-14 07:13 - 000789866 _____ C:\Windows\system32\PerfStringBackup.INI
2020-08-08 18:36 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-08-08 18:30 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-08-07 17:00 - 2019-10-03 16:12 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-08-07 03:16 - 2016-03-11 12:49 - 000000000 ____D C:\Users\Win7
2020-08-07 03:15 - 2019-01-23 00:04 - 000000000 ____D C:\CPY_SAVES
2020-08-07 03:14 - 2016-03-13 22:28 - 000000000 ____D C:\Programi)
2020-08-06 17:57 - 2016-03-11 12:50 - 000001447 _____ C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2020-08-06 17:31 - 2016-03-18 17:14 - 000000400 __RSH C:\ProgramData\ntuser.pol
2020-08-06 17:26 - 2020-02-28 19:33 - 000000000 ____D C:\Users\Win7\AppData\LocalLow\BitTorrent
2020-08-06 17:26 - 2016-03-11 17:32 - 000000000 ____D C:\Users\Win7\AppData\Roaming\BitTorrent
2020-08-06 14:12 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2020-08-06 14:10 - 2016-06-14 22:33 - 000000000 ____D C:\Users\Win7\AppData\Local\Sports Interactive
2020-08-06 14:05 - 2016-09-16 02:04 - 000000000 ____D C:\Users\Win7\Documents\My Games
2020-08-06 13:41 - 2017-04-23 16:33 - 000000000 ____D C:\ProgramData\Bohemia Interactive
2020-08-06 12:47 - 2016-03-11 13:45 - 000000000 ____D C:\Program Files\ESET
2020-08-06 12:45 - 2009-07-14 06:45 - 000020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-08-06 12:45 - 2009-07-14 06:45 - 000020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-08-06 12:19 - 2018-12-09 04:34 - 000000000 ____D C:\tmp
2020-08-06 12:19 - 2017-04-07 16:14 - 000000000 ____D C:\temp
2020-08-06 12:19 - 2016-06-04 17:04 - 000000000 ____D C:\IExp1.tmp
2020-08-06 12:19 - 2016-06-04 17:04 - 000000000 ____D C:\IExp0.tmp
2020-08-06 12:19 - 2016-03-11 16:19 - 000000000 ____D C:\Programi
2020-08-05 15:08 - 2020-02-07 18:06 - 000004276 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1581091594
2020-08-04 16:34 - 2019-05-23 00:44 - 000000799 _____ C:\Users\Public\Desktop\PotPlayer 64 bit.lnk
2020-08-04 15:20 - 2016-03-14 02:09 - 000000000 ____D C:\Users\Win7\AppData\Local\CrashDumps
2020-07-31 15:06 - 2016-04-24 16:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-07-30 19:16 - 2018-12-01 13:47 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-07-30 19:16 - 2018-02-18 18:25 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2020-07-30 19:16 - 2017-10-14 22:37 - 000000000 ____D C:\Users\Win7\AppData\Local\NVIDIA
2020-07-30 19:16 - 2017-10-14 22:36 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-07-30 19:14 - 2009-07-14 07:08 - 000032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-07-29 10:35 - 2019-12-11 01:57 - 000004044 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1576022251
2020-07-26 11:39 - 2016-03-11 13:12 - 000794080 _____ C:\Users\Win7\AppData\Local\GDIPFONTCACHEV1.DAT
2020-07-26 11:38 - 2009-07-14 06:45 - 006853760 _____ C:\Windows\system32\FNTCACHE.DAT
2020-07-17 09:44 - 2020-02-08 14:24 - 000000000 ____D C:\Users\Win7\Downloads\opera autoupdate
2020-07-15 18:17 - 2020-03-22 16:17 - 000004428 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-07-15 18:17 - 2020-03-22 15:36 - 000004282 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-07-15 18:17 - 2020-03-22 15:36 - 000000000 ____D C:\Windows\system32\Macromed
2020-07-15 18:17 - 2019-10-17 17:08 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-07-15 18:17 - 2019-10-17 17:08 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-07-15 05:17 - 2020-03-22 15:36 - 000004416 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier

==================== Files in the root of some directories ========

2019-12-16 11:58 - 2019-12-18 17:40 - 000056320 _____ (SSS) C:\ProgramData\FinalDeleteFile.exe
2020-08-06 12:22 - 2020-08-06 17:51 - 000000004 _____ () C:\ProgramData\lock.dat
2020-08-06 12:50 - 2020-08-06 17:57 - 000000004 _____ () C:\ProgramData\rc.dat
2020-08-06 12:22 - 2020-08-06 12:22 - 000000008 _____ () C:\ProgramData\ts.dat
2017-04-28 01:56 - 2020-01-14 03:29 - 000000034 _____ () C:\Users\Win7\AppData\Roaming\AdobeWLCMCache.dat
2018-09-14 12:16 - 2018-09-14 12:17 - 000000025 ____H () C:\Users\Win7\AppData\Roaming\uninst48.log
2018-11-18 01:27 - 2018-12-27 22:44 - 000004592 _____ () C:\Users\Win7\AppData\Roaming\VoiceMeeterDefault.xml
2020-07-24 02:19 - 2020-08-03 15:23 - 000000081 _____ () C:\Users\Win7\AppData\Local\.bidstack.fault
2016-10-05 00:03 - 2017-10-14 00:24 - 000001456 _____ () C:\Users\Win7\AppData\Local\Adobe Save for Web 13.0 Prefs
2020-08-06 12:17 - 2020-08-06 12:17 - 000000558 _____ () C:\Users\Win7\AppData\Local\bowsakkdestx.txt
2019-10-12 01:09 - 2019-10-12 01:09 - 000000000 ___SH () C:\Users\Win7\AppData\Local\LumaEmu
2018-09-27 18:00 - 2018-09-27 18:00 - 000000000 _____ () C:\Users\Win7\AppData\Local\oobelibMkey.log
2020-04-29 15:57 - 2020-04-29 15:57 - 000000871 _____ () C:\Users\Win7\AppData\Local\recently-used.xbel
2016-06-14 18:07 - 2019-11-08 02:35 - 000007619 _____ () C:\Users\Win7\AppData\Local\Resmon.ResmonCfg
2018-09-14 12:16 - 2018-09-14 12:17 - 000000025 ____H () C:\Users\Win7\AppData\Local\uninst37.log
2016-05-04 22:53 - 2016-05-04 22:53 - 000000003 _____ () C:\Users\Win7\AppData\Local\updater.log
2016-05-04 22:53 - 2016-05-04 23:08 - 000000059 _____ () C:\Users\Win7\AppData\Local\UserProducts.xml

==================== FLock ==============================

2020-08-06 17:57 C:\Windows\SysWOW64\sqyjlgrh

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2016-03-11 12:49] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 05:24] - [2016-03-11 12:49] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE


LastRegBack: 2020-08-06 10:01
==================== End of FRST.txt ========================

mycity.rs/must-login.png
mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8616
  • Gde živiš: Novi Beograd

Na tvom mestu bih reinstalirao sistem, jer ransomware uvek ostavi neke tragove na sistemu, ali mozemo da pokusamo.

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
HKLM-x32\...\Run: [kissq] => C:\Users\Win7\AppData\Local\Temp\kissq.exe************* <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{65122CB0-EA0F-47DF-A953-017170ED12F9}] -> "C:\Programi\UCBrowser\Application\5.6.11651.1013\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
GroupPolicy: Restriction ? <==== ATTENTION
Task: {283A4B11-055A-459B-A283-D244DD3C0A1E} - System32\Tasks\{A576295E-AA17-4FA1-B2DE-DE0BE6156968} => C:\Windows\system32\pcalua.exe -a C:\Users\Win7\AppData\Local\Temp\jre-8u181-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {892E3B5F-7758-453A-BD73-7228BB9509E5} - System32\Tasks\sne => C:\ProgramData\Voyasollam\Voyasollam.exe <==== ATTENTION
R1 5F2F1FDC86F2; C:\Windows\5F2F1FDC86F2.sys [25368 2020-08-06] (大连纵梦网络科技有限公司 -> FsFilter Network) [File not signed]
C:\ProgramData\Voyasollam
C:\Users\Win7\AppData\Local\Temp\kissq.exe*************
C:\Windows\5F2F1FDC86F2.sys
C:\Users\Win7\AppData\Roaming\knr1gi53of2
C:\Program Files (x86)\CKls
C:\Users\Win7\AppData\Local\ScrSnap
C:\Windows\5F2F1FDC86F2.sys
C:\Users\Win7\AppData\Local\bowsakkdestx.txt
C:\Users\Win7\AppData\Local\4040d079-f2eb-4944-8e54-1c7e0ee6c604
C:\SystemID
C:\ProgramData\MR02TGA9HNP8YZE3RLY6DN2HT
C:\Program Files\I8JQ12YVMS
C:\Windows\system32\Tasks\sne
C:\Users\Win7\AppData\Local\app
C:\Users\Win7\AppData\Roaming\5tr54vcb15i
C:\Program Files\EWLR3JPR5K
C:\ProgramData\lock.dat
C:\ProgramData\irw.atsd
C:\ProgramData\ts.dat
C:\Users\Win7\AppData\Roaming\rzlcc5xlcwg
C:\Program Files\OTQQFRLI3L
C:\Windows\SysWOW64\sqyjlgrh
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 28 Okt 2014
  • Poruke: 162

Evo izvjestaja:

mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8616
  • Gde živiš: Novi Beograd

Poslao si mi FixList, ne FixLog.

offline
  • Pridružio: 28 Okt 2014
  • Poruke: 162

helen1 ::Poslao si mi FixList, ne FixLog.

izvini moja greska u pravu si
evo ga sada

mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8616
  • Gde živiš: Novi Beograd

Postavi mi novi FRST log.

offline
  • Pridružio: 28 Okt 2014
  • Poruke: 162

helen1 ::Postavi mi novi FRST log.

Evo oba

mycity.rs/must-login.png
mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2020
Ran by Win7 (administrator) on WIN7-PC (Gigabyte Technology Co., Ltd. P85-D3) (09-08-2020 23:28:00)
Running from C:\Users\Win7\Downloads
Loaded Profiles: Win7
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <10>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Solid State System Co., Ltd. -> SSS) C:\Windows\System32\AudioDeviceService.exe
(Valve -> Valve Corporation) D:\Igre\Steam 2\bin\cef\cef.win7\steamwebhelper.exe <7>
(Valve -> Valve Corporation) D:\Igre\Steam 2\steam.exe
(Windscribe Limited -> Windscribe Limited) C:\Programi\Windscribe\WindscribeService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [176472 2019-07-04] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [D3DOverrider] => "C:\Users\Win7\Downloads\PES2017 NO LAG\D3DOverrider\D3DOverriderWrapper.exe" /s
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [MARVO HG9055 Driver] => C:\Program Files (x86)\MARVO HG9055 Driver\MARVO HG9055 Driver.exe [11099032 2020-01-02] (Solid State System) [File not signed]
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\...\Run: [Opera Browser Assistant] => C:\Users\Win7\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3126296 2020-08-05] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\...\MountPoints2: {0ecad849-e776-11e5-a4fd-806e6f6e6963} - E:\DVDSetup.exe
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-05-04] (Adobe Inc. -> Adobe Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {107C016D-629A-4302-B979-F2AD1C16EED9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {1B10449C-6B0D-47B9-965D-29DAD87BBD03} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_403_pepper.exe [1471032 2020-07-15] (Adobe Inc. -> Adobe)
Task: {1C7E9971-3E6F-4632-87B9-57665A69716E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.)
Task: {254D8B93-B304-4680-BC33-38DD8E44CE1F} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2571704 2020-02-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {38B281F7-A2CA-40AD-8868-B23FAA098FA4} - System32\Tasks\{493C36DF-A38A-4CC1-B703-0A83249A546B} => C:\Windows\system32\pcalua.exe -a "D:\Igre\Battlefield 3™\__Installer\vc\vc2008sp1\redist\vcredist_x64.exe" -d "D:\Igre\Battlefield 3™\__Installer\vc\vc2008sp1\redist"
Task: {6F12F8DC-C22C-4E58-80A3-7CD11DEAD830} - System32\Tasks\update-S-1-5-21-4024489933-1853363021-3339780435-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {7BCE4BC4-A1FA-4D25-9496-1F7BD2F2B896} - System32\Tasks\Opera scheduled Autoupdate 1576022251 => C:\Users\Win7\AppData\Local\Programs\Opera\launcher.exe [1509400 2020-07-27] (Opera Software AS -> Opera Software)
Task: {81D520A2-BD1B-4CD3-A07C-42982FACC924} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {98E25565-E035-46FF-9E5F-8DB8FDF71E79} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-15] (Adobe Inc. -> Adobe)
Task: {A6EB4D90-7F21-40A4-B45F-6B66121CD80E} - System32\Tasks\{B39A65C2-648C-43E0-AD55-18EF429E9036} => C:\Windows\system32\pcalua.exe -a "C:\Users\Win7\Downloads\Crysis repack Mr DJ\Redist\dxwesetup.exe" -d "C:\Users\Win7\Downloads\Crysis repack Mr DJ\Redist"
Task: {B8B6F546-0AA8-453C-BCF9-1961AE3C78B3} - System32\Tasks\{39EDDACF-08FF-4AA5-B603-3D0FEEA97C0D} => C:\Windows\system32\pcalua.exe -a C:\Users\Win7\Downloads\HeSuVi_2.0.0.1.exe -d C:\Users\Win7\Downloads
Task: {C5E0486E-16D3-4A04-B158-8B6062BC7E80} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_403_Plugin.exe [1475640 2020-07-15] (Adobe Inc. -> Adobe)
Task: {E06E2EFC-291D-43E0-8430-04FEFB0230ED} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1724928 2019-12-17] () [File not signed]
Task: {E213F134-C054-4D0A-BAC6-EF2EA72221EA} - System32\Tasks\Opera scheduled assistant Autoupdate 1581091594 => C:\Users\Win7\AppData\Local\Programs\Opera\launcher.exe [1509400 2020-07-27] (Opera Software AS -> Opera Software)
Task: {E3DEB627-844D-480F-A75B-F77F32D3622D} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-4024489933-1853363021-3339780435-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4024489933-1853363021-3339780435-1000] => http=127.0.0.1:8888
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0B7D66C4-A5D8-454B-B905-9E7D3A6BFC8A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DE7B5564-543C-4F20-9C5D-11A993C24EE2}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope value is missing
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 523o2192.default
FF ProfilePath: C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default [2020-08-09]
FF Homepage: Mozilla\Firefox\Profiles\523o2192.default -> hxxps://www.google.ba/
FF Extension: (AdBlocker Ultimate) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\adblockultimate@adblockultimate.net.xpi [2020-07-18]
FF Extension: (Firefox Homepage) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\cehomepage@mozillaonline.com.xpi [2020-08-06] [UpdateUrl:hxxps://addons.firefox.com.cn/chinaedition/addons/updates.json?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%&currentAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%]
FF Extension: (Addons Manager) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\cpmanager@mozillaonline.com.xpi [2020-08-06] [UpdateUrl:hxxps://addons.firefox.com.cn/chinaedition/addons/updates.json?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%&currentAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%]
FF Extension: (TubeBuddy) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\e389d8c2-5554-4ba2-a36e-ac7a57093130@gmail.com.xpi [2020-08-09]
FF Extension: (Enhancer for YouTube™) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2020-06-18]
FF Extension: (Tags for YouTube™) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\jid0-cBh0nRMLV5BY1dlp33s3g7dFXLY@jetpack.xpi [2020-06-30]
FF Extension: (YouTube Plus) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\particle@particlecore.github.io.xpi [2017-12-08]
FF Extension: (Restore Old Theme of YouTube) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\restore.old@youtube.now.xpi [2020-06-15]
FF Extension: (uBlock Origin) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\uBlock0@raymondhill.net.xpi [2020-07-24]
FF Extension: (YouTube™ Stop Buffer) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\{545bf194-8006-4166-9732-375f517e35fb}.xpi [2020-08-06]
FF Extension: (YouTube Tags) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\{9d063afe-a167-4cf3-ad71-ed1204a2339f}.xpi [2020-08-09]
FF Extension: (Greasemonkey) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2019-06-13]
FF Extension: (YouTube Flash Video Player) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2018-01-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_403.dll [2020-07-15] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_403.dll [2020-07-15] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1235205.dll [2019-03-15] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Programi\VLC\npvlc.dll [2016-04-26] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2020-08-06]

Opera:
=======
OPR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Win7\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2020-05-10]
OPR Extension: (Install Chrome Extensions) - C:\Users\Win7\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-12-31]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-15] (Adobe Inc. -> Adobe)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] (Giga-Byte Technology -> )
R2 AudioDeviceService; C:\Windows\system32\AudioDeviceService.exe [2746776 2020-01-02] (Solid State System Co., Ltd. -> SSS)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7002120 2020-03-23] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-02-07] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6970968 2020-08-06] (Malwarebytes Inc -> Malwarebytes)
S3 mracsvc; C:\Windows\System32\mracsvc.exe [18953880 2019-09-21] (Mail.Ru LLC -> LLC Mail.Ru)
S3 PAExec; C:\Windows\PAExec.exe [189112 2017-08-17] (Power Admin LLC -> Power Admin LLC)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-03-19] (Even Balance, Inc. -> )
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [30224 2019-07-04] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-12-10] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 WindscribeService; C:\Programi\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 5F2F1FDC86F2; C:\Windows\5F2F1FDC86F2.sys [25368 2020-08-06] (大连纵梦网络科技有限公司 -> FsFilter Network) [File not signed]
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] (Giga-Byte Technology -> )
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-08-06] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [216056 2020-08-09] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [196456 2020-08-09] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73368 2020-08-09] (Malwarebytes Inc -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-08-06] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [120432 2020-08-09] (Malwarebytes Inc -> Malwarebytes)
S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [18189864 2019-09-21] (Mail.Ru LLC -> LLC Mail.Ru)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [309760 2019-06-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [120288 2019-06-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2017-03-01] (AnchorFree Inc -> Anchorfree Inc.)
S3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [35768 2019-12-13] (ProtonVPN AG -> The OpenVPN Project)
R3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
R3 UAExt; C:\Windows\System32\DRIVERS\UAExt.sys [162832 2020-01-02] (Solid State System Co., Ltd. -> Solid State System.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21584 2013-05-06] (Giga-Byte Technology -> )
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2018-11-18] (Vincent Burel -> Windows (R) Win 7 DDK provider)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2015-05-25] (Splitmedialabs Limited -> SplitmediaLabs Limited)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Housvnlru; \??\C:\Windows\system32\Housvnlru.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-09 23:28 - 2020-08-09 23:28 - 000023945 _____ C:\Users\Win7\Downloads\FRST.txt
2020-08-09 23:27 - 2020-08-09 23:27 - 002296320 _____ (Farbar) C:\Users\Win7\Downloads\FRST64.exe
2020-08-09 17:24 - 2020-08-09 18:25 - 000000000 ____D C:\Users\Win7\AppData\LocalLow\IGDump
2020-08-09 17:24 - 2020-08-09 17:47 - 000073368 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-08-09 17:23 - 2020-08-09 17:23 - 000216056 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-08-09 17:23 - 2020-08-09 17:23 - 000196456 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-08-09 17:23 - 2020-08-09 17:23 - 000120432 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-08-09 02:40 - 2020-08-09 02:40 - 000037406 _____ C:\Users\Win7\Downloads\187727-pirates.of.the.caribbean.dead.man_s.chest.2006.720p.brrip.x264.yify.zip
2020-08-09 01:53 - 2020-08-09 17:29 - 000000000 ____D C:\Users\Win7\Downloads\FRST-OlderVersion
2020-08-06 18:48 - 2020-08-06 18:48 - 000000000 ____D C:\Users\Win7\AppData\Local\Targem
2020-08-06 17:39 - 2020-08-06 17:39 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-08-06 17:39 - 2020-08-06 17:39 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-08-06 17:39 - 2020-08-06 17:39 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-08-06 17:39 - 2020-08-06 17:39 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-08-06 17:39 - 2020-08-06 17:39 - 000000000 ____D C:\Users\Win7\AppData\Local\mbam
2020-08-06 17:39 - 2020-08-06 17:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-08-06 17:38 - 2020-08-06 17:38 - 000000000 ____D C:\Program Files\Malwarebytes
2020-08-06 13:45 - 2020-08-06 13:45 - 000000209 _____ C:\Users\Win7\Desktop\Star Conflict.url
2020-08-06 13:44 - 2020-08-06 13:44 - 000000209 _____ C:\Users\Win7\Desktop\Hired Ops.url
2020-08-06 13:32 - 2020-08-06 13:32 - 000000000 ____D C:\Users\Win7\AppData\Local\Steam
2020-08-06 13:31 - 2020-08-06 13:31 - 000000625 _____ C:\Users\Public\Desktop\Steam.lnk
2020-08-06 13:31 - 2020-08-06 13:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2020-08-06 13:26 - 2020-08-06 13:26 - 001573568 _____ C:\Users\Win7\Downloads\SteamSetup.exe
2020-08-06 12:58 - 2020-08-09 23:28 - 000000000 ____D C:\FRST
2020-08-06 12:50 - 2020-08-06 17:57 - 000000004 _____ C:\ProgramData\rc.dat
2020-08-06 12:41 - 2020-08-06 12:41 - 008414384 _____ (Malwarebytes) C:\Users\Win7\Downloads\adwcleaner_8.0.7.exe
2020-08-06 12:24 - 2020-08-06 12:24 - 000000000 ____D C:\Users\Win7\AppData\Local\app
2020-08-06 12:23 - 2020-08-06 12:28 - 000000000 ____D C:\Users\Win7\AppData\Roaming\5tr54vcb15i
2020-08-06 12:23 - 2020-08-06 12:23 - 000000000 ____D C:\Program Files\EWLR3JPR5K
2020-08-06 12:22 - 2020-08-06 17:51 - 000000004 _____ C:\ProgramData\lock.dat
2020-08-06 12:22 - 2020-08-06 17:39 - 000000048 _____ C:\ProgramData\irw.atsd
2020-08-06 12:22 - 2020-08-06 12:22 - 000000008 _____ C:\ProgramData\ts.dat
2020-08-06 12:21 - 2020-08-06 17:57 - 000000000 ____D C:\Users\Win7\AppData\Roaming\rzlcc5xlcwg
2020-08-06 12:21 - 2020-08-06 12:21 - 000000000 ____D C:\Program Files\OTQQFRLI3L
2020-08-06 12:17 - 2020-08-06 17:57 - 000000000 ____D C:\Windows\SysWOW64\sqyjlgrh
2020-08-06 12:17 - 2020-08-06 12:35 - 000000000 ____D C:\Users\Win7\AppData\Local\Lavasoft
2020-08-06 12:17 - 2020-08-06 12:35 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2020-08-06 12:17 - 2020-08-06 12:29 - 000000000 ____D C:\Users\Win7\AppData\Local\310886b8-eeb6-4149-a348-e95e18d6e0c2
2020-08-06 12:17 - 2020-08-06 12:27 - 000000000 ____D C:\Users\Win7\AppData\Roaming\knr1gi53of2
2020-08-06 12:17 - 2020-08-06 12:27 - 000000000 ____D C:\Program Files (x86)\CKls
2020-08-06 12:17 - 2020-08-06 12:23 - 000000000 ____D C:\Users\Win7\AppData\Local\ScrSnap
2020-08-06 12:17 - 2020-08-06 12:17 - 000025368 _____ (FsFilter Network) C:\Windows\5F2F1FDC86F2.sys
2020-08-06 12:17 - 2020-08-06 12:17 - 000000558 _____ C:\Users\Win7\AppData\Local\bowsakkdestx.txt
2020-08-06 12:17 - 2020-08-06 12:17 - 000000000 ____D C:\Users\Win7\AppData\Local\4040d079-f2eb-4944-8e54-1c7e0ee6c604
2020-08-06 12:17 - 2020-08-06 12:17 - 000000000 ____D C:\SystemID
2020-08-06 12:17 - 2020-08-06 12:17 - 000000000 ____D C:\ProgramData\MR02TGA9HNP8YZE3RLY6DN2HT
2020-08-06 12:17 - 2020-08-06 12:17 - 000000000 ____D C:\Program Files\I8JQ12YVMS
2020-08-06 12:09 - 2020-08-06 12:09 - 000000000 ____D C:\Users\Win7\AppData\Roaming\FMRTE20
2020-08-06 12:08 - 2020-08-06 12:08 - 009462641 _____ (FMRTE ) C:\Users\Win7\Downloads\FMRTE.20.4.1.38-Setup.exe
2020-07-31 16:08 - 2020-07-31 16:08 - 000000000 ____D C:\Users\Win7\AppData\Roaming\NVIDIA
2020-07-30 19:16 - 2020-08-09 17:47 - 000000000 ____D C:\ProgramData\NVIDIA
2020-07-30 19:16 - 2020-07-30 19:16 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-07-30 19:16 - 2020-06-21 23:59 - 005490488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 002634728 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 001759032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 000991032 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 000195048 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 000122344 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 000083256 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2020-07-30 19:16 - 2020-06-20 08:22 - 009198787 _____ C:\Windows\system32\nvcoproc.bin
2020-07-30 19:15 - 2020-06-23 01:10 - 034750856 _____ (NVIDIA Corporation) C:\Windows\system32\nvrtum64.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 007976160 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler64.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 007090400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler32.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 001780952 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-07-30 19:15 - 2020-06-23 01:10 - 001780952 _____ C:\Windows\system32\vulkaninfo.exe
2020-07-30 19:15 - 2020-06-23 01:10 - 001371352 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-07-30 19:15 - 2020-06-23 01:10 - 001371352 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-07-30 19:15 - 2020-06-23 01:10 - 001086680 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 001086680 _____ C:\Windows\system32\vulkan-1.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000946392 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000946392 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000503176 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000449264 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000419040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000346336 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 124472032 _____ (NVIDIA Corporation) C:\Windows\system32\nvoptix.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 041621744 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 035518344 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl64.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 031007640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 030256008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl32.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 024180464 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2020-07-30 19:15 - 2020-06-23 01:09 - 001485040 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 001146264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000670616 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000555928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000427416 _____ C:\Windows\system32\nvofapi64.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000378264 _____ C:\Windows\SysWOW64\nvofapi.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000180976 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000166808 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000157936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000144792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 040572304 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler64.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 035440008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler32.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 020025744 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 017355496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 006241680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 005584784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 002075888 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 001722088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6445148.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 001568664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 001482984 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6445148.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 000672136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcbl64.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 000545688 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 000471792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 043292312 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 038306136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 024844744 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 020694448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 005295448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 004617448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2020-07-30 19:15 - 2020-06-22 02:44 - 001682368 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2020-07-30 19:15 - 2020-06-22 02:44 - 000222112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2020-07-30 19:15 - 2020-06-22 02:44 - 000054543 _____ C:\Windows\system32\nvinfo.pb
2020-07-30 19:15 - 2020-06-22 02:44 - 000039824 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2020-07-30 19:15 - 2020-06-22 02:44 - 000000671 _____ C:\Windows\SysWOW64\nv-vk32.json
2020-07-30 19:15 - 2020-06-22 02:44 - 000000671 _____ C:\Windows\system32\nv-vk64.json
2020-07-30 19:11 - 2020-08-06 13:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-07-25 20:57 - 2020-07-25 20:57 - 000000733 _____ C:\Users\Public\Desktop\FM Genie Scout 20.lnk
2020-07-25 20:57 - 2020-07-25 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Genie Scout 20
2020-07-25 20:56 - 2020-03-27 12:02 - 010297262 _____ ( ) C:\Users\Win7\Downloads\genie20_setup_20.4.1_b1025.exe
2020-07-24 02:19 - 2020-08-03 15:23 - 000000081 _____ C:\Users\Win7\AppData\Local\.bidstack.fault
2020-07-17 15:22 - 2020-07-17 15:22 - 000001124 _____ C:\Users\Win7\Desktop\Play Football Manager 2020.lnk
2020-07-15 05:17 - 2020-07-15 18:17 - 008774200 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-09 22:43 - 2016-05-04 22:53 - 000000386 _____ C:\Windows\Tasks\update-S-1-5-21-4024489933-1853363021-3339780435-1000.job
2020-08-09 22:03 - 2016-11-18 17:52 - 000000000 ____D C:\Users\Win7\AppData\LocalLow\Mozilla
2020-08-09 20:48 - 2016-05-04 22:53 - 000000386 _____ C:\Windows\Tasks\update-sys.job
2020-08-09 17:53 - 2009-07-14 07:13 - 000789866 _____ C:\Windows\system32\PerfStringBackup.INI
2020-08-09 17:53 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-08-09 17:47 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-08-09 17:37 - 2016-03-18 17:14 - 000000008 __RSH C:\ProgramData\ntuser.pol
2020-08-09 17:30 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2020-08-09 17:30 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2020-08-09 02:34 - 2016-03-11 13:37 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-08-07 17:00 - 2019-10-03 16:12 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-08-07 03:16 - 2016-03-11 12:49 - 000000000 ____D C:\Users\Win7
2020-08-07 03:15 - 2019-01-23 00:04 - 000000000 ____D C:\CPY_SAVES
2020-08-07 03:14 - 2016-03-13 22:28 - 000000000 ____D C:\Programi)
2020-08-06 17:57 - 2016-03-11 12:50 - 000001447 _____ C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2020-08-06 17:26 - 2020-02-28 19:33 - 000000000 ____D C:\Users\Win7\AppData\LocalLow\BitTorrent
2020-08-06 17:26 - 2016-03-11 17:32 - 000000000 ____D C:\Users\Win7\AppData\Roaming\BitTorrent
2020-08-06 14:12 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2020-08-06 14:10 - 2016-06-14 22:33 - 000000000 ____D C:\Users\Win7\AppData\Local\Sports Interactive
2020-08-06 14:05 - 2016-09-16 02:04 - 000000000 ____D C:\Users\Win7\Documents\My Games
2020-08-06 13:41 - 2017-04-23 16:33 - 000000000 ____D C:\ProgramData\Bohemia Interactive
2020-08-06 12:47 - 2016-03-11 13:45 - 000000000 ____D C:\Program Files\ESET
2020-08-06 12:45 - 2009-07-14 06:45 - 000020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-08-06 12:45 - 2009-07-14 06:45 - 000020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-08-06 12:19 - 2018-12-09 04:34 - 000000000 ____D C:\tmp
2020-08-06 12:19 - 2017-04-07 16:14 - 000000000 ____D C:\temp
2020-08-06 12:19 - 2016-06-04 17:04 - 000000000 ____D C:\IExp1.tmp
2020-08-06 12:19 - 2016-06-04 17:04 - 000000000 ____D C:\IExp0.tmp
2020-08-06 12:19 - 2016-03-11 16:19 - 000000000 ____D C:\Programi
2020-08-05 15:08 - 2020-02-07 18:06 - 000004276 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1581091594
2020-08-04 16:34 - 2019-05-23 00:44 - 000000799 _____ C:\Users\Public\Desktop\PotPlayer 64 bit.lnk
2020-08-04 15:20 - 2016-03-14 02:09 - 000000000 ____D C:\Users\Win7\AppData\Local\CrashDumps
2020-07-31 15:06 - 2016-04-24 16:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-07-30 19:16 - 2018-12-01 13:47 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-07-30 19:16 - 2018-02-18 18:25 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2020-07-30 19:16 - 2017-10-14 22:37 - 000000000 ____D C:\Users\Win7\AppData\Local\NVIDIA
2020-07-30 19:16 - 2017-10-14 22:36 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-07-30 19:14 - 2009-07-14 07:08 - 000032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-07-29 10:35 - 2019-12-11 01:57 - 000004044 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1576022251
2020-07-26 11:39 - 2016-03-11 13:12 - 000794080 _____ C:\Users\Win7\AppData\Local\GDIPFONTCACHEV1.DAT
2020-07-26 11:38 - 2009-07-14 06:45 - 006853760 _____ C:\Windows\system32\FNTCACHE.DAT
2020-07-17 09:44 - 2020-02-08 14:24 - 000000000 ____D C:\Users\Win7\Downloads\opera autoupdate
2020-07-15 18:17 - 2020-03-22 16:17 - 000004428 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-07-15 18:17 - 2020-03-22 15:36 - 000004282 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-07-15 18:17 - 2020-03-22 15:36 - 000000000 ____D C:\Windows\system32\Macromed
2020-07-15 18:17 - 2019-10-17 17:08 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-07-15 18:17 - 2019-10-17 17:08 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-07-15 05:17 - 2020-03-22 15:36 - 000004416 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier

==================== Files in the root of some directories ========

2019-12-16 11:58 - 2019-12-18 17:40 - 000056320 _____ (SSS) C:\ProgramData\FinalDeleteFile.exe
2020-08-06 12:22 - 2020-08-06 17:51 - 000000004 _____ () C:\ProgramData\lock.dat
2020-08-06 12:50 - 2020-08-06 17:57 - 000000004 _____ () C:\ProgramData\rc.dat
2020-08-06 12:22 - 2020-08-06 12:22 - 000000008 _____ () C:\ProgramData\ts.dat
2017-04-28 01:56 - 2020-01-14 03:29 - 000000034 _____ () C:\Users\Win7\AppData\Roaming\AdobeWLCMCache.dat
2018-09-14 12:16 - 2018-09-14 12:17 - 000000025 ____H () C:\Users\Win7\AppData\Roaming\uninst48.log
2018-11-18 01:27 - 2018-12-27 22:44 - 000004592 _____ () C:\Users\Win7\AppData\Roaming\VoiceMeeterDefault.xml
2020-07-24 02:19 - 2020-08-03 15:23 - 000000081 _____ () C:\Users\Win7\AppData\Local\.bidstack.fault
2016-10-05 00:03 - 2017-10-14 00:24 - 000001456 _____ () C:\Users\Win7\AppData\Local\Adobe Save for Web 13.0 Prefs
2020-08-06 12:17 - 2020-08-06 12:17 - 000000558 _____ () C:\Users\Win7\AppData\Local\bowsakkdestx.txt
2019-10-12 01:09 - 2019-10-12 01:09 - 000000000 ___SH () C:\Users\Win7\AppData\Local\LumaEmu
2018-09-27 18:00 - 2018-09-27 18:00 - 000000000 _____ () C:\Users\Win7\AppData\Local\oobelibMkey.log
2020-04-29 15:57 - 2020-04-29 15:57 - 000000871 _____ () C:\Users\Win7\AppData\Local\recently-used.xbel
2016-06-14 18:07 - 2019-11-08 02:35 - 000007619 _____ () C:\Users\Win7\AppData\Local\Resmon.ResmonCfg
2018-09-14 12:16 - 2018-09-14 12:17 - 000000025 ____H () C:\Users\Win7\AppData\Local\uninst37.log
2016-05-04 22:53 - 2016-05-04 22:53 - 000000003 _____ () C:\Users\Win7\AppData\Local\updater.log
2016-05-04 22:53 - 2016-05-04 23:08 - 000000059 _____ () C:\Users\Win7\AppData\Local\UserProducts.xml

==================== FLock ==============================

2020-08-06 17:57 C:\Windows\SysWOW64\sqyjlgrh

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2016-03-11 12:49] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 05:24] - [2016-03-11 12:49] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE


LastRegBack: 2020-08-06 10:01
==================== End of FRST.txt ========================

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8616
  • Gde živiš: Novi Beograd

Da li je program radio normalno prilikom prethodnog brisanja, posto mi je izasao nepotpun rezultat?

Deinstaliraj preko Control Panela: ScrSnap

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
CloseProcesses:
R1 5F2F1FDC86F2; C:\Windows\5F2F1FDC86F2.sys [25368 2020-08-06] (大连纵梦网络科技有限公司 -> FsFilter Network) [File not signed]
C:\Users\Win7\AppData\Local\310886b8-eeb6-4149-a348-e95e18d6e0c2
C:\Users\Win7\AppData\Roaming\knr1gi53of2
C:\Program Files (x86)\CKls
C:\Users\Win7\AppData\Local\ScrSnap
C:\Windows\5F2F1FDC86F2.sys
C:\Users\Win7\AppData\Local\bowsakkdestx.txt
C:\Users\Win7\AppData\Local\4040d079-f2eb-4944-8e54-1c7e0ee6c604
C:\SystemID
C:\ProgramData\MR02TGA9HNP8YZE3RLY6DN2HT
C:\Program Files\I8JQ12YVMS
C:\Users\Win7\AppData\Roaming\5tr54vcb15i
C:\Program Files\EWLR3JPR5K
C:\ProgramData\lock.dat
C:\ProgramData\irw.atsd
C:\ProgramData\ts.dat
C:\Users\Win7\AppData\Roaming\rzlcc5xlcwg
C:\Program Files\OTQQFRLI3L
C:\Windows\SysWOW64\sqyjlgrh
C:\Users\Win7\AppData\Local\app
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Ko je trenutno na forumu
 

Ukupno su 821 korisnika na forumu :: 27 registrovanih, 7 sakrivenih i 787 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Alibaba1981, Atomski čoban, Bane san, bojcistv, bokisha253, dane007, Duh sa sekirom, esx66, FileFinder, Fog of War, FOX, GandorCC, goxin, hyla, Ivan001, Leonov, Lieutenant, Marko Marković, Mi lao shu, Milometer, Milos ZA, nemkea71, raketaš, raptorsi, RJ, suton, vasa.93