MyCity » Ambulanta » Usporen rad laptopa nakon instalacije sumnjivog programa

Usporen rad laptopa nakon instalacije sumnjivog programa

Napisano na dan: 28.9.2023

Strana:
1
2

Usporen rad laptopa nakon instalacije sumnjivog programa

Sledeća strana

Pagination

Odgovori

Strana:
1
2

bojovnik Poslao: 28 Sep 2023 10:23 Idi na vrh
offline bojovnik Građanin Pridružio: 28 Maj 2010 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pozdrav, Molim vas za pomoć. Skinuo sam program sa interneta sa neprovjerenog mjesta i instalirao ga. Nakon toga laptop mi je toliko usporen da skoro nije upotrebljiv. U pitanju je Windows 10, 64 bita. Koristim Microsoft antivirus, ali on mi nije ništa pronašao. Pretpostavljam da sam tijekom instalacije tog programa instalirao nešto zločudno jer mi je do tada računalo sasvim normalno radilo. FRST.txt izvještaj: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2021 (ATTENTION: ====> FRST version is 862 days old and could be outdated) Ran by Korisnik (administrator) on DESKTOP-8DD2CC3 (Acer Aspire A315-31) (28-09-2023 10:52:14) Running from D:\ Loaded Profiles: Korisnik Platform: Windows 10 Pro Version 21H2 19044.2846 (X64) Language: engleski (Sjedinjene Države) -> hrvatski (Hrvatska) Default browser: Chrome Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3351248 2015-09-10] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [613048 2023-04-11] (geek software GmbH -> geek software GmbH) HKLM-x32\...\Run: [Check Point VPN] => C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe [18100984 2019-12-04] (Check Point Software Technologies Ltd. -> Check Point Software Technologies) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-2111124594-4219399748-1798925686-1001\...\Run: [MicrosoftEdgeAutoLaunch_9877631B1591D5388C8E0686FDECECBD] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 HKU\S-1-5-21-2111124594-4219399748-1798925686-1001\...\Policies\Explorer: [NoSecurityTab] 1 HKLM\...\Print\Monitors\CPCA Language Monitor3b: C:\WINDOWS\system32\CNAS0MOK.DLL [1006080 2012-08-09] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\116.0.5845.96\Installer\chrmstp.exe [2023-08-21] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{f64945df-4fa9-4068-a2fb-61af319edd33}] -> C:\WINDOWS\system32\rdpcredentialprovider.dll [2022-11-13] (Microsoft Windows -> Microsoft Corporation) IFEO\OSppSvc.exe: [Debugger] KMS-R@1nhook.exe IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nhook.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Signer.lnk [2023-02-24] ShortcutTarget: Signer.lnk -> C:\Program Files\AKD\eID Middleware\Signer.exe (AKD d.o.o. -> AKD d.o.o.) GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07D82FA8-71E0-4792-B89B-1D7DED4FCC25} - System32\Tasks\R@1n-KMS\Office14ProPlus => wmic path OfficeSoftwareProtectionProduct where (ID="6f327760-8c5c-417c-9b61-836a98287e0c") call Activate Task: {09987657-AA56-4470-AF1B-213A57504D89} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation) Task: {0C72DA26-67B5-4CC3-8775-FA64DA9AC9B5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.) Task: {1955EF42-44C3-4CBA-8DF1-D5657C076932} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation) Task: {198DA275-3A3B-47BD-B9B2-6143F81CE02A} - System32\Tasks\Microsoft\Windows\Management\Autopilot\DetectHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [197120 2023-04-21] (Microsoft Windows -> Microsoft Corporation) Task: {1D9A82FD-EBAF-4438-A272-E24A50560F25} - \GoogleUpdateTaskMachineQC -> No File <==== ATTENTION Task: {2A96B06D-C0C2-4B48-9F7B-36F4B4E81014} - System32\Tasks\Microsoft\Windows\Shell\ThemesSyncedImageDownload => {79F8E185-4E45-4B74-8182-02AA430661E4} C:\WINDOWS\System32\Themes.SsfDownload.ScheduledTask.dll [141824 2022-09-21] (Microsoft Windows -> Microsoft Corporation) Task: {35935EAF-3BA4-49C9-9CE9-5B74D8137DC3} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate Task: {3FC21DF3-7E00-4052-912D-5E74A9F3F063} - System32\Tasks\Microsoft\Windows\Printing\PrinterCleanupTask => {C56F065E-DE49-4E42-BE7C-305C45609D25} C:\WINDOWS\System32\PrinterCleanupTask.dll [86528 2023-04-21] (Microsoft Windows -> Microsoft Corporation) Task: {8237F1BD-903B-4370-BB3E-4D8DF2882C11} - System32\Tasks\Microsoft\Windows\Management\Autopilot\RemediateHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [197120 2023-04-21] (Microsoft Windows -> Microsoft Corporation) Task: {9697CE19-A51D-40B5-9EC2-301E2BF37705} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-23] (Google Inc -> Google Inc.) Task: {9B043D52-C211-41E9-AC3E-CD83A2949439} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {9CE67657-5CD7-4AFD-8282-C01B6CDC6196} - System32\Tasks\eID Updater => C:\Program Files\AKD\eID Middleware\Updater.exe [1180352 2022-09-09] (AKD d.o.o. -> Agencija za komercijalnu djelatnost) Task: {A44E7228-5303-4436-8056-559DF6E3E502} - System32\Tasks\Microsoft\Windows\Clip\LicenseImdsIntegration => C:\WINDOWS\system32\fclip.exe [444688 2023-04-21] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {A6E32A06-E08D-4FE2-AA72-3101CC80B98A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-23] (Google Inc -> Google Inc.) Task: {CD69B679-2538-44E6-A25B-585FECE46ADF} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [73184 2022-11-28] (Microsoft Corporation -> Microsoft) Task: {D8522F23-8E77-4920-89D7-373DE71EF48D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617784 2020-03-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor) "C:\Windows\System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineVW" was unlocked. <==== ATTENTION Task: {E5F545D2-C8CC-4559-BDBE-9B2CDEE95DCE} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineVW => C:\Windows\SysWOW64\Speech\Engines\Q-1-43-29\FD_1.3.51.77.exe <==== ATTENTION Task: {FF13D481-35CD-4A3F-BE0F-6799C28E466B} - System32\Tasks\Microsoft\Windows\AppListBackup\Backup => {E0DCC2CC-3354-45F2-8914-519E07809082} C:\WINDOWS\system32\AppListBackupLauncher.dll [92672 2023-04-21] (Microsoft Windows -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0ccba13c-c87c-4440-a242-ce7b0178b209}: [DhcpNameServer] 10.160.1.40 10.4.65.30 10.4.65.220 Tcpip\..\Interfaces\{335d2337-9f7c-4d2a-a103-eb3630008052}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{844049b6-396f-404c-9377-d4cdb3f0b3f6}: [NameServer] 172.16.0.105,172.16.0.106 Tcpip\..\Interfaces\{97bfe2a4-5c80-42e3-9c7a-b49ed2e84cd5}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\Korisnik\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-28] Edge Extension: (Google dokumenti izvanmrežno) - C:\Users\Korisnik\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-28] Edge Extension: (Edge relevant text changes) - C:\Users\Korisnik\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-28] FireFox: ======== FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2023-04-04] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default [2023-09-28] CHR Notifications: Default -> hxxps://brodska.stvarnost.hr; hxxps://www.aliexpress.com; hxxps://www.motor-doctor.co.uk CHR HomePage: Default -> hxxp://www.google.hr/ CHR StartupUrls: Default -> "hxxp://www.google.hr/" CHR Extension: (e-Dnevnik Plus) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcnccmamhmcabokipgjechdeealcmdbe [2023-03-28] CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-09-28] CHR Extension: (Google Docs Offline) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.) S2 AkdEidDcs; C:\Program Files\AKD\eID Middleware\Dcs.exe [2882752 2022-09-09] (AKD d.o.o. -> AKD d.o.o) S2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0.2\ABService.exe [29912 2014-08-21] (ChengDu AoMei Tech Co., Ltd -> AOMEI Tech Co., Ltd.) [File not signed] S2 BITS_bkp; C:\WINDOWS\System32\qmgr.dll [1481216 2022-12-15] (Microsoft Windows -> Microsoft Corporation) S2 certificateImporterService; C:\Program Files (x86)\AKDSHCard\CertificateImporterService\certificateImporterService_x64.dll [1307648 2013-10-01] () [File not signed] S3 cloudidsvc; C:\WINDOWS\system32\cloudidsvc.dll [107520 2022-09-21] (Microsoft Windows -> Microsoft Corporation) S3 dcsvc; C:\WINDOWS\system32\dcsvc.dll [787968 2023-04-21] (Microsoft Windows -> Microsoft Corporation) S3 dosvc_bkp; C:\WINDOWS\system32\dosvc.dll [1526784 2023-02-17] (Microsoft Windows -> Microsoft Corporation) S2 EPWD; C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe [477432 2019-12-04] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2018-01-23] () [File not signed] S3 McpManagementService; C:\WINDOWS\System32\McpManagementService.dll [258048 2022-09-21] (Microsoft Windows -> Microsoft Corporation) S2 PDF24; C:\Program Files\PDF24\pdf24.exe [613048 2023-04-11] (geek software GmbH -> geek software GmbH) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [285088 2023-04-21] (Microsoft Windows Publisher -> Microsoft Corporation) S3 SU10Guard; C:\Program Files (x86)\StopUpdates10\SU10Guard.exe [67480 2018-11-06] (Greatis Software LLC -> Greatis Software, LLC) S2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16197432 2022-10-12] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) S2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [7544056 2019-12-04] (Check Point Software Technologies Ltd. -> Check Point Software Technologies) S2 UsoSvc_bkp; C:\WINDOWS\system32\usosvc.dll [570368 2023-04-21] (Microsoft Windows -> Microsoft Corporation) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [142304 2022-06-01] (Microsoft Corporation -> Microsoft Corporation) S3 WaaSMedicSvc_bkp; C:\WINDOWS\System32\WaaSMedicSvc.dll [427520 2022-12-15] (Microsoft Windows -> Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 wuauserv_bkp; C:\WINDOWS\system32\wuaueng.dll [3404288 2023-04-21] (Microsoft Windows -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated) S3 activevdsk; C:\Program Files\LSoft Technologies\Active@ Disk Image Freeware\activevdsk.sys [54992 2013-09-18] (LSoft Technologies Inc -> LSoft Technologies Inc.) R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [30648 2014-08-19] (Aomei Technology Co., Limited -> ) [File not signed] S2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [151480 2014-08-19] (Aomei Technology Co., Limited -> ) [File not signed] S2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [17848 2014-08-19] (Aomei Technology Co., Limited -> ) [File not signed] S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed] S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S0 MsSecCore; C:\WINDOWS\System32\drivers\msseccore.sys [26480 2023-04-21] (Microsoft Windows -> Microsoft Corporation) S3 MsSecWfp; C:\WINDOWS\System32\drivers\mssecwfp.sys [29568 2023-04-21] (Microsoft Windows -> Microsoft Corporation) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> ) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 vna_ap; C:\WINDOWS\system32\DRIVERS\vnaap.sys [165392 2017-08-01] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) R1 vsdatant; C:\WINDOWS\system32\DRIVERS\vsdatant.sys [561736 2019-11-27] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: DcSvc -> C:\Windows\system32\dcsvc.dll (Microsoft Corporation) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-09-28 10:51 - 2023-09-28 10:52 - 000000000 ____D C:\FRST ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-09-28 10:51 - 2023-08-21 17:17 - 000598512 _____ C:\WINDOWS\ntbtlog.txt 2023-09-28 10:49 - 2023-08-21 17:17 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2023-09-28 10:49 - 2021-03-03 13:28 - 000008192 ___SH C:\DumpStack.log.tmp 2023-09-28 10:49 - 2020-03-18 11:43 - 000016384 _____ C:\WINDOWS\system32\Drivers\vsparam.reg 2023-09-28 10:49 - 2020-03-18 11:43 - 000008192 _____ C:\WINDOWS\system32\Drivers\vsflt.reg 2023-09-28 10:48 - 2019-12-07 11:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI 2023-09-28 10:44 - 2022-11-06 19:47 - 000000000 ____D C:\Program Files\TeamViewer 2023-09-28 10:44 - 2021-03-03 13:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2023-09-28 10:44 - 2021-03-03 13:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2023-09-28 10:06 - 2021-03-03 13:48 - 000841134 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2023-09-28 10:06 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2023-09-28 10:03 - 2022-01-13 12:22 - 000000000 ____D C:\WINDOWS\SystemTemp 2023-09-28 10:03 - 2018-01-23 00:00 - 000000000 ____D C:\Program Files (x86)\Google 2023-09-28 10:01 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-09-28 10:01 - 2018-01-23 01:01 - 000000000 __SHD C:\Users\Korisnik\IntelGraphicsProfiles 2023-09-28 09:39 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2023-09-28 09:20 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-09-28 09:03 - 2020-08-09 09:55 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-09-28 09:03 - 2020-08-09 09:55 - 000002282 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2023-09-28 09:03 - 2020-08-09 09:55 - 000002282 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk 2023-09-28 08:45 - 2021-03-03 13:59 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2023-09-28 08:45 - 2021-03-03 13:59 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2023-09-28 08:43 - 2021-03-03 13:36 - 000000000 ____D C:\Users\Korisnik ==================== Files in the root of some directories ======== 2021-05-22 08:16 - 2021-05-22 08:16 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.2rfufr 2021-05-22 08:05 - 2021-05-22 08:05 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.3s3r8d 2021-05-22 08:09 - 2021-05-22 08:09 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.499agv 2021-05-22 08:01 - 2021-05-22 08:01 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.49b68q 2021-05-22 07:59 - 2021-05-22 07:59 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.4ff288 2021-05-22 08:01 - 2021-05-22 08:01 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.58eezs 2021-05-22 07:56 - 2021-05-22 07:56 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.7f5gpo 2021-05-22 08:11 - 2021-05-22 08:11 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.8wtxp4 2022-01-31 07:59 - 2022-01-31 07:59 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.99iogw 2021-05-22 07:59 - 2021-05-22 07:59 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.crv3x3 2021-05-22 08:03 - 2021-05-22 08:03 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.ec7jnq 2022-12-07 10:03 - 2022-12-07 10:03 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.h6my4t 2021-05-22 08:07 - 2021-05-22 08:07 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.iggn29 2021-05-22 08:03 - 2021-05-22 08:03 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.j3rfsp 2021-05-22 08:17 - 2021-05-22 08:17 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.jhwjfi 2021-05-22 08:05 - 2021-05-22 08:05 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.jo3j5d 2021-05-22 08:07 - 2021-05-22 08:07 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.nwzqvx 2022-12-07 10:03 - 2022-12-07 10:03 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.psds6z 2021-05-22 08:09 - 2021-05-22 08:09 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.qb26d5 2021-05-22 08:11 - 2021-05-22 08:11 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.v5kssf 2021-05-22 08:13 - 2021-05-22 08:13 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.vay9rm 2022-12-01 15:32 - 2022-12-01 15:32 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.w776q2 2022-01-31 07:59 - 2022-01-31 07:59 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.xjef6q ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== mycity.rs/must-login.png

Profil

helen1 Poslao: 28 Sep 2023 23:24 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, Skini novu verziju FRST programa, ova je stara tri godine.

Profil

bojovnik Poslao: 29 Sep 2023 12:53 Idi na vrh
offline bojovnik Građanin Pridružio: 28 Maj 2010 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Evo sa novom verzijom: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2023 Ran by Korisnik (administrator) on DESKTOP-8DD2CC3 (Acer Aspire A315-31) (29-09-2023 13:40:15) Running from E:\\FRST64.exe Loaded Profiles: Korisnik Platform: Microsoft Windows 10 Pro Version 21H2 19044.2846 (X64) Language: engleski (Sjedinjene Države) -> hrvatski (Hrvatska) Default browser: Chrome Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3351248 2015-09-10] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [613048 2023-04-11] (geek software GmbH -> geek software GmbH) HKLM-x32\...\Run: [Check Point VPN] => C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe [18100984 2019-12-04] (Check Point Software Technologies Ltd. -> Check Point Software Technologies) HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-2111124594-4219399748-1798925686-1001\...\Run: [MicrosoftEdgeAutoLaunch_9877631B1591D5388C8E0686FDECECBD] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210112 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-2111124594-4219399748-1798925686-1001\...\Policies\Explorer: [NoSecurityTab] 1 HKLM\...\Print\Monitors\CPCA Language Monitor3b: C:\WINDOWS\system32\CNAS0MOK.DLL [1006080 2012-08-09] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\117.0.5938.92\Installer\chrmstp.exe [2023-09-29] (Google LLC -> Google LLC) IFEO\OSppSvc.exe: [Debugger] KMS-R@1nhook.exe IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nhook.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Signer.lnk [2023-02-24] ShortcutTarget: Signer.lnk -> C:\Program Files\AKD\eID Middleware\Signer.exe (AKD d.o.o. -> AKD d.o.o.) GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1D9A82FD-EBAF-4438-A272-E24A50560F25} - \GoogleUpdateTaskMachineQC -> No File <==== ATTENTION Task: {0C72DA26-67B5-4CC3-8775-FA64DA9AC9B5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.) Task: {9CE67657-5CD7-4AFD-8282-C01B6CDC6196} - System32\Tasks\eID Updater => C:\Program Files\AKD\eID Middleware\Updater.exe [1180352 2022-09-09] (AKD d.o.o. -> Agencija za komercijalnu djelatnost) Task: {A6E32A06-E08D-4FE2-AA72-3101CC80B98A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-23] (Google Inc -> Google Inc.) Task: {9697CE19-A51D-40B5-9EC2-301E2BF37705} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-23] (Google Inc -> Google Inc.) Task: {9B043D52-C211-41E9-AC3E-CD83A2949439} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (No File) Task: {09987657-AA56-4470-AF1B-213A57504D89} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation) Task: {1955EF42-44C3-4CBA-8DF1-D5657C076932} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation) Task: {CD69B679-2538-44E6-A25B-585FECE46ADF} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [73184 2022-11-28] (Microsoft Corporation -> Microsoft) Task: {E5F545D2-C8CC-4559-BDBE-9B2CDEE95DCE} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineVW => C:\Windows\SysWOW64\Speech\Engines\Q-1-43-29\FD_1.3.51.77.exe (No File) <==== ATTENTION Task: {07D82FA8-71E0-4792-B89B-1D7DED4FCC25} - System32\Tasks\R@1n-KMS\Office14ProPlus => C:\WINDOWS\System32\Wbem\wmic.exe [576000 2022-08-13] (Microsoft Windows -> Microsoft Corporation) -> path OfficeSoftwareProtectionProduct where (ID="6f327760-8c5c-417c-9b61-836a98287e0c") call Activate Task: {35935EAF-3BA4-49C9-9CE9-5B74D8137DC3} - System32\Tasks\R@1n-KMS\Windows64Professional => C:\WINDOWS\System32\Wbem\wmic.exe [576000 2022-08-13] (Microsoft Windows -> Microsoft Corporation) -> path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate Task: {D8522F23-8E77-4920-89D7-373DE71EF48D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617784 2020-03-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0ccba13c-c87c-4440-a242-ce7b0178b209}: [DhcpNameServer] 10.160.1.40 10.4.65.30 10.4.65.220 Tcpip\..\Interfaces\{335d2337-9f7c-4d2a-a103-eb3630008052}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{844049b6-396f-404c-9377-d4cdb3f0b3f6}: [NameServer] 172.16.0.105,172.16.0.106 Tcpip\..\Interfaces\{97bfe2a4-5c80-42e3-9c7a-b49ed2e84cd5}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\Korisnik\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-29] Edge Extension: (Google dokumenti izvanmrežno) - C:\Users\Korisnik\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-28] Edge Extension: (Edge relevant text changes) - C:\Users\Korisnik\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-28] FireFox: ======== FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2023-04-04] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default [2023-09-28] CHR Notifications: Default -> hxxps://brodska.stvarnost.hr; hxxps://www.aliexpress.com; hxxps://www.motor-doctor.co.uk CHR HomePage: Default -> hxxp://www.google.hr/ CHR StartupUrls: Default -> "hxxp://www.google.hr/" CHR Extension: (e-Dnevnik Plus) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcnccmamhmcabokipgjechdeealcmdbe [2023-03-28] CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-09-28] CHR Extension: (Google Docs Offline) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.) S2 AkdEidDcs; C:\Program Files\AKD\eID Middleware\Dcs.exe [2882752 2022-09-09] (AKD d.o.o. -> AKD d.o.o) S2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0.2\ABService.exe [29912 2014-08-21] (ChengDu AoMei Tech Co., Ltd -> AOMEI Tech Co., Ltd.) [File not signed] S2 BITS_bkp; C:\WINDOWS\System32\qmgr.dll [1481216 2022-12-15] (Microsoft Windows -> Microsoft Corporation) S2 certificateImporterService; C:\Program Files (x86)\AKDSHCard\CertificateImporterService\certificateImporterService_x64.dll [1307648 2013-10-01] () [File not signed] S3 dosvc_bkp; C:\WINDOWS\system32\dosvc.dll [1526784 2023-02-17] (Microsoft Windows -> Microsoft Corporation) S2 EPWD; C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe [477432 2019-12-04] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2018-01-23] () [File not signed] S2 PDF24; C:\Program Files\PDF24\pdf24.exe [613048 2023-04-11] (geek software GmbH -> geek software GmbH) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [285088 2023-04-21] (Microsoft Windows Publisher -> Microsoft Corporation) S3 SU10Guard; C:\Program Files (x86)\StopUpdates10\SU10Guard.exe [67480 2018-11-06] (Greatis Software LLC -> Greatis Software, LLC) S2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16197432 2022-10-12] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) S2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [7544056 2019-12-04] (Check Point Software Technologies Ltd. -> Check Point Software Technologies) S2 UsoSvc_bkp; C:\WINDOWS\system32\usosvc.dll [570368 2023-04-21] (Microsoft Windows -> Microsoft Corporation) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [142304 2022-06-01] (Microsoft Corporation -> Microsoft Corporation) S3 WaaSMedicSvc_bkp; C:\WINDOWS\System32\WaaSMedicSvc.dll [427520 2022-12-15] (Microsoft Windows -> Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 wuauserv_bkp; C:\WINDOWS\system32\wuaueng.dll [3404288 2023-04-21] (Microsoft Windows -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated) S3 activevdsk; C:\Program Files\LSoft Technologies\Active@ Disk Image Freeware\activevdsk.sys [54992 2013-09-18] (LSoft Technologies Inc -> LSoft Technologies Inc.) R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [30648 2014-08-19] (Aomei Technology Co., Limited -> ) [File not signed] S2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [151480 2014-08-19] (Aomei Technology Co., Limited -> ) [File not signed] S2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [17848 2014-08-19] (Aomei Technology Co., Limited -> ) [File not signed] S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed] S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> ) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 vna_ap; C:\WINDOWS\system32\DRIVERS\vnaap.sys [165392 2017-08-01] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) S1 vsdatant; C:\WINDOWS\system32\DRIVERS\vsdatant.sys [561736 2019-11-27] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-09-29 12:56 - 2023-09-29 12:57 - 002382848 _____ (Farbar) C:\Users\Korisnik\Downloads\FRST64.exe 2023-09-29 12:56 - 2023-09-29 12:56 - 002097152 _____ C:\Users\Korisnik\Downloads\Nepotvrđeno 791377.crdownload 2023-09-28 10:51 - 2023-09-29 13:40 - 000000000 ____D C:\FRST ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-09-29 13:40 - 2023-08-21 17:17 - 000830008 _____ C:\WINDOWS\ntbtlog.txt 2023-09-29 13:39 - 2023-08-21 17:17 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2023-09-29 13:39 - 2021-03-03 13:28 - 000008192 ___SH C:\DumpStack.log.tmp 2023-09-29 13:38 - 2022-11-06 19:47 - 000000000 ____D C:\Program Files\TeamViewer 2023-09-29 13:38 - 2021-03-03 13:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2023-09-29 13:38 - 2019-12-07 11:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI 2023-09-29 13:37 - 2021-03-03 13:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2023-09-29 13:37 - 2020-03-18 11:43 - 000016384 _____ C:\WINDOWS\system32\Drivers\vsparam.reg 2023-09-29 13:37 - 2020-03-18 11:43 - 000008192 _____ C:\WINDOWS\system32\Drivers\vsflt.reg 2023-09-29 13:30 - 2021-03-03 13:48 - 000841134 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2023-09-29 13:30 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2023-09-29 13:28 - 2022-01-13 12:22 - 000000000 ____D C:\WINDOWS\SystemTemp 2023-09-29 13:28 - 2018-01-23 00:00 - 000000000 ____D C:\Program Files (x86)\Google 2023-09-29 13:26 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-09-29 13:26 - 2018-01-23 01:01 - 000000000 __SHD C:\Users\Korisnik\IntelGraphicsProfiles 2023-09-29 12:24 - 2018-01-23 00:01 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-09-29 12:24 - 2018-01-23 00:01 - 000002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2023-09-29 12:19 - 2021-03-03 13:36 - 000000000 ____D C:\Users\Korisnik 2023-09-28 10:11 - 2020-05-02 11:15 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\Microsoft\Excel 2023-09-28 10:11 - 2018-02-11 17:07 - 000000000 ____D C:\Users\Korisnik\AppData\Roaming\Microsoft\Word 2023-09-28 09:39 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2023-09-28 09:20 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-09-28 09:03 - 2020-08-09 09:55 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-09-28 09:03 - 2020-08-09 09:55 - 000002282 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2023-09-28 08:45 - 2021-03-03 13:59 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2023-09-28 08:45 - 2021-03-03 13:59 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======== 2021-05-22 08:16 - 2021-05-22 08:16 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.2rfufr 2021-05-22 08:05 - 2021-05-22 08:05 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.3s3r8d 2021-05-22 08:09 - 2021-05-22 08:09 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.499agv 2021-05-22 08:01 - 2021-05-22 08:01 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.49b68q 2021-05-22 07:59 - 2021-05-22 07:59 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.4ff288 2021-05-22 08:01 - 2021-05-22 08:01 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.58eezs 2021-05-22 07:56 - 2021-05-22 07:56 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.7f5gpo 2021-05-22 08:11 - 2021-05-22 08:11 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.8wtxp4 2022-01-31 07:59 - 2022-01-31 07:59 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.99iogw 2021-05-22 07:59 - 2021-05-22 07:59 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.crv3x3 2021-05-22 08:03 - 2021-05-22 08:03 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.ec7jnq 2022-12-07 10:03 - 2022-12-07 10:03 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.h6my4t 2021-05-22 08:07 - 2021-05-22 08:07 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.iggn29 2021-05-22 08:03 - 2021-05-22 08:03 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.j3rfsp 2021-05-22 08:17 - 2021-05-22 08:17 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.jhwjfi 2021-05-22 08:05 - 2021-05-22 08:05 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.jo3j5d 2021-05-22 08:07 - 2021-05-22 08:07 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.nwzqvx 2022-12-07 10:03 - 2022-12-07 10:03 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.psds6z 2021-05-22 08:09 - 2021-05-22 08:09 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.qb26d5 2021-05-22 08:11 - 2021-05-22 08:11 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.v5kssf 2021-05-22 08:13 - 2021-05-22 08:13 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.vay9rm 2022-12-01 15:32 - 2022-12-01 15:32 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.w776q2 2022-01-31 07:59 - 2022-01-31 07:59 - 000008895 _____ () C:\Users\Korisnik\AppData\Local\CPAUTO.tmp.xjef6q ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== mycity.rs/must-login.png

Profil

helen1 Poslao: 30 Sep 2023 07:43 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Koji si program instalirao? Da nije aktivator za Windows? Da li uopste mozes da udjes u Normal mode ili samo u Safe mode?

Profil

bojovnik Poslao: 01 Okt 2023 06:51 Idi na vrh
offline bojovnik Građanin Pridružio: 28 Maj 2010 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Downloadao sam program AutoData. To je program koji koriste automehaničari sa podacima o dijelovima automobila. Mislio sam da je to taj program, ali sad sam siguran da nije. Računalo sam pokrenuo u Safe modu jer se u normalnom modu ne može skoro ništa. Izrazito je usporeno.

Profil

helen1 Poslao: 01 Okt 2023 21:48 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sem nekih sitnica, ne vidim nista sporno. Da li bi mogao da preuzmes drugi antivirus, tipa Malwarebytes, da proskeniras da budemo sigurni?

Profil

bojovnik Poslao: 03 Okt 2023 07:35 Idi na vrh
offline bojovnik Građanin Pridružio: 28 Maj 2010 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzeo sam premium trial Malwarebytes i skenirao računalo u safe modu jer je nemoguće u normalnom modu. Našao je 22 prijetnje i smjestio u karantenu. Neki od njih su trojanci, barem tako piše. Računalo je i dalje sporo, praktički neupotrebljivo.

Profil

helen1 Poslao: 03 Okt 2023 22:56 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da li mozes nekako da postavis logove, da vidim sta je pronadjeno? Verovatno taj aktivator za Windows.

Profil

bojovnik Poslao: 09 Okt 2023 08:08 Idi na vrh
offline bojovnik Građanin Pridružio: 28 Maj 2010 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ispričavam se što se nisam odmah javio, bio sam odsutan. Evo logovi od zadnja 3 skena 1.SKEN Malwarebytes malwarebytes.com -Log Details- Scan Date: 10/2/23 Scan Time: 1:13 PM Log File: b627ef18-6114-11ee-be51-d8c4972fcc5c.json -Software Information- Version: 4.6.3.282 Components Version: 1.0.2158 Update Package Version: 1.0.75883 License: Trial -System Information- OS: Windows 10 (Build 19044.2846) CPU: x64 File System: NTFS User: DESKTOP-8DD2CC3\Korisnik -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 275775 Threats Detected: 22 Threats Quarantined: 22 Time Elapsed: 1 hr, 1 min, 54 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 HackTool.KMS, C:\WINDOWS\KMS-R@1n.exe, Quarantined, 7066, 798524, , , , , 0F9FD9565E6EB157FA9BE11ED9C1DC9F, 7565255F0A28D065F8F30F876E7DF3E46EF2E6FEDF420ECA7D454CF49887B2DE Module: 1 HackTool.KMS, C:\WINDOWS\KMS-R@1n.exe, Quarantined, 7066, 798524, , , , , 0F9FD9565E6EB157FA9BE11ED9C1DC9F, 7565255F0A28D065F8F30F876E7DF3E46EF2E6FEDF420ECA7D454CF49887B2DE Registry Key: 13 HackTool.KMS, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\KMS-R@1n, Quarantined, 7066, 798524, , , , , , Trojan.BitCoinMiner.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E5F545D2-C8CC-4559-BDBE-9B2CDEE95DCE}, Quarantined, 6082, 698505, , , , , , Trojan.BitCoinMiner.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{E5F545D2-C8CC-4559-BDBE-9B2CDEE95DCE}, Quarantined, 6082, 698505, , , , , , Trojan.BitCoinMiner.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MICROSOFT\WINDOWS\GOOGLE\GoogleUpdateTaskMachineVW, Quarantined, 6082, 698505, 1.0.75883, , ame, , , RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\R@1n-KMS\Office14ProPlus, Quarantined, 7508, 820459, , , , , , RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{07D82FA8-71E0-4792-B89B-1D7DED4FCC25}, Quarantined, 7508, 820459, , , , , , RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{07D82FA8-71E0-4792-B89B-1D7DED4FCC25}, Quarantined, 7508, 820459, , , , , , RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\R@1n-KMS\Windows64Professional, Quarantined, 7508, 820459, , , , , , RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{35935EAF-3BA4-49C9-9CE9-5B74D8137DC3}, Quarantined, 7508, 820459, , , , , , RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{35935EAF-3BA4-49C9-9CE9-5B74D8137DC3}, Quarantined, 7508, 820459, , , , , , Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1D9A82FD-EBAF-4438-A272-E24A50560F25}, Quarantined, 622, 1047226, , , , , , Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\BOOT\{1D9A82FD-EBAF-4438-A272-E24A50560F25}, Quarantined, 622, 1047226, , , , , , Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateTaskMachineQC, Quarantined, 622, 1047226, 1.0.75883, , ame, , , Registry Value: 1 Trojan.BitCoinMiner.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E5F545D2-C8CC-4559-BDBE-9B2CDEE95DCE}\|PATH, Quarantined, 6082, 698506, 1.0.75883, , ame, , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 RiskWare.KMS, C:\WINDOWS\SYSTEM32\TASKS\R@1N-KMS, Quarantined, 7508, 820459, 1.0.75883, , ame, , , File: 5 HackTool.KMS, C:\WINDOWS\KMS-R@1n.exe, Quarantined, 7066, 798524, 1.0.75883, , ame, , 0F9FD9565E6EB157FA9BE11ED9C1DC9F, 7565255F0A28D065F8F30F876E7DF3E46EF2E6FEDF420ECA7D454CF49887B2DE Trojan.BitCoinMiner.Generic, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\GOOGLE\GOOGLEUPDATETASKMACHINEVW, Quarantined, 6082, 698505, , , , , A45F5F115D447D2E2CE6E1C59410A40A, 84C84E606B7DBE9E49018EAD031C5B993E25EA2AAAD434E388C2638B1D2BE906 RiskWare.KMS, C:\Windows\System32\Tasks\R@1n-KMS\Office14ProPlus, Quarantined, 7508, 820459, , , , , F171F7898B58F7C890696793A01C8A5E, 961AAB6D7E8373F94C694D98CF9D81FFC1F8DE28C914B0E76D68A150E662F323 RiskWare.KMS, C:\Windows\System32\Tasks\R@1n-KMS\Windows64Professional, Quarantined, 7508, 820459, , , , , 64CFC68FD371AC445D3F22DDBDB87166, 076977EFA8D4D6C572439CD05F5A57E2FE0160EFCFCCA1A8FBE451AEE2A66704 Trojan.Downloader, C:\PROGRAM FILES\GOOGLE\CHROME\UPDATER.EXE, Quarantined, 23, 1159635, 1.0.75883, , ame, , 42A835829238166FF0D40353511B4F7D, 4F6A3F9B14584CB23BAB32B109CE9494E971CBA3F4F715A78A2E9CC0E8E33616 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) 2.SKEN Malwarebytes malwarebytes.com -Log Details- Scan Date: 10/2/23 Scan Time: 1:02 PM Log File: 3c9b61b2-6113-11ee-9f1e-d8c4972fcc5c.json -Software Information- Version: 4.6.3.282 Components Version: 1.0.2158 Update Package Version: 1.0.75883 License: Trial -System Information- OS: Windows 10 (Build 19044.2846) CPU: x64 File System: NTFS User: DESKTOP-8DD2CC3\ -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Cancelled Objects Scanned: 205334 Threats Detected: 16 Threats Quarantined: 0 Time Elapsed: 7 min, 3 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 10 HackTool.KMS, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\KMS-R@1n, No Action By User, 7066, 798524, , , , , , Trojan.BitCoinMiner.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E5F545D2-C8CC-4559-BDBE-9B2CDEE95DCE}, No Action By User, 6082, 698505, , , , , , Trojan.BitCoinMiner.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{E5F545D2-C8CC-4559-BDBE-9B2CDEE95DCE}, No Action By User, 6082, 698505, , , , , , Trojan.BitCoinMiner.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MICROSOFT\WINDOWS\GOOGLE\GoogleUpdateTaskMachineVW, No Action By User, 6082, 698505, 1.0.75883, , ame, , , RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\R@1n-KMS\Office14ProPlus, No Action By User, 7508, 820459, , , , , , RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{07D82FA8-71E0-4792-B89B-1D7DED4FCC25}, No Action By User, 7508, 820459, , , , , , RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{07D82FA8-71E0-4792-B89B-1D7DED4FCC25}, No Action By User, 7508, 820459, , , , , , RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\R@1n-KMS\Windows64Professional, No Action By User, 7508, 820459, , , , , , RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{35935EAF-3BA4-49C9-9CE9-5B74D8137DC3}, No Action By User, 7508, 820459, , , , , , RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{35935EAF-3BA4-49C9-9CE9-5B74D8137DC3}, No Action By User, 7508, 820459, , , , , , Registry Value: 1 Trojan.BitCoinMiner.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E5F545D2-C8CC-4559-BDBE-9B2CDEE95DCE}\|PATH, No Action By User, 6082, 698506, 1.0.75883, , ame, , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 RiskWare.KMS, C:\WINDOWS\SYSTEM32\TASKS\R@1N-KMS, No Action By User, 7508, 820459, 1.0.75883, , ame, , , File: 4 HackTool.KMS, C:\WINDOWS\KMS-R@1n.exe, No Action By User, 7066, 798524, 1.0.75883, , ame, , 0F9FD9565E6EB157FA9BE11ED9C1DC9F, 7565255F0A28D065F8F30F876E7DF3E46EF2E6FEDF420ECA7D454CF49887B2DE Trojan.BitCoinMiner.Generic, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\GOOGLE\GOOGLEUPDATETASKMACHINEVW, No Action By User, 6082, 698505, , , , , A45F5F115D447D2E2CE6E1C59410A40A, 84C84E606B7DBE9E49018EAD031C5B993E25EA2AAAD434E388C2638B1D2BE906 RiskWare.KMS, C:\Windows\System32\Tasks\R@1n-KMS\Office14ProPlus, No Action By User, 7508, 820459, , , , , F171F7898B58F7C890696793A01C8A5E, 961AAB6D7E8373F94C694D98CF9D81FFC1F8DE28C914B0E76D68A150E662F323 RiskWare.KMS, C:\Windows\System32\Tasks\R@1n-KMS\Windows64Professional, No Action By User, 7508, 820459, , , , , 64CFC68FD371AC445D3F22DDBDB87166, 076977EFA8D4D6C572439CD05F5A57E2FE0160EFCFCCA1A8FBE451AEE2A66704 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) 3.SKEN Malwarebytes malwarebytes.com -Log Details- Scan Date: 10/9/23 Scan Time: 7:53 AM Log File: 24c40f45-6668-11ee-a37e-d8c4972fcc5c.json -Software Information- Version: 4.6.3.282 Components Version: 1.0.2158 Update Package Version: 1.0.75919 License: Trial -System Information- OS: Windows 10 (Build 19044.2846) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 275004 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 22 min, 42 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Trojan.Downloader, C:\PROGRAM FILES\GOOGLE\CHROME\UPDATER.EXE, Quarantined, 23, 1159635, 1.0.75919, , ame, , 42A835829238166FF0D40353511B4F7D, 4F6A3F9B14584CB23BAB32B109CE9494E971CBA3F4F715A78A2E9CC0E8E33616 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)

Profil

helen1 Poslao: 10 Okt 2023 17:21 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, sve sto je pronadjeno je zbog pokusaja aktivacije windowsa sa KMSom i Offica. Tako da, proskeniraj sve ponovo, sve sto pronadje obrisi ili stavi u karantin, pa vidi kako se ponasa komp.

Profil

MyCity » Ambulanta » Usporen rad laptopa nakon instalacije sumnjivog programa

Ko je trenutno na forumu

Ukupno su 1010 korisnika na forumu :: 30 registrovanih, 5 sakrivenih i 975 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, aleksmajstor, Ben Roj, bojan_t, darkojbn, dule10savic, goxin, HrcAk47, ivica976, JiriTintera, Kruger, kybonacci, lord sir giga, MB120mm, Mi lao shu, milenko crazy north, MilosKop, Motocar, nebojsag, nenad81, opt1, Oscar, pein, royst33, vaskrs, Vlad000, voja64, YugoSlav, Žoržo, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by