jelio_jelev

Сега не се е появил проблема, но къде трябва да е този команден ред?

Launch folder windows in a separate process не е включена. За момента процесите са нормални. Не го прави постоянно и не знам под сейф мод дали ще се разбере нещо, защото може с дни да не го направи. Когато зацикли ще пробвам да кача дневник от ауторънс.

Ето дневника от ауторънс. JAX-LAPTOP.rar

Спрях защитата на CryptoPrevent, не под safe mode, и инсталирах Malwarebytes наново. Качвам доклада от нея, защото карантинира нещо. Проблема с интернета по кабел се оказа от конфликт на IP адрес с един TV BOX. Забелязах, че като отворя Google Chrome в диспечера на задачите стартират около 10-15 процеса Google Chrome, макар и да няма заредена страница. Че дори и при затварянето на браузера понякога процесите остават. Това се случва и с explorer.exe. Знам, че той трябва да е стартиран, ама понякога при нищо отворено също вървят 10-12 процеса. и лаптопа увисва. Malwarebytes www.malwarebytes.com -Детайли за регистъра- Дата на сканиране: 24.04.21 г. Час на сканиране: 18:30 Файл на регистъра: ff18ea86-a511-11eb-986a-047d7b60ad51.json -Информация за софтуера- Версия: 4.3.0.98 Версия на компонентите: 1.0.1273 Актуализирай версията на пакета: 1.0.39773 Лиценз: Free -Системна информация- OS: Windows 7 Service Pack 1 CPU: x64 Файлова система: NTFS Потребител: JAX-LAPTOP\Жельо -Резюме на сканирането- Тип сканиране: Сканиране за заплахи Сканирането е стартирано от: Ръчно Резултат: Завършено Сканирани обекти: 289566 Открити заплахи: 9 Заплахи под карантина: 9 Изтекло време: 25 мин, 26 сек -Опции за сканиране- Памет: Разрешено Стартиране: Разрешено Файлова система: Разрешено Архиви: Разрешено руткитове: Разрешено Евристика: Разрешено PUP: Открий PUM: Открий -Детайли за сканирането- Процес: 0 (Не бяха открити зловредни елементи) Модул: 0 (Не бяха открити зловредни елементи) Ключ на регистъра: 6 Malware.Heuristic.1001, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}, Под карантина, 1000001, 0, , , , , , Malware.Heuristic.1001, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}, Под карантина, 1000001, 0, , , , , , Malware.Heuristic.1001, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}, Под карантина, 1000001, 0, , , , , , Malware.Heuristic.1001, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}, Под карантина, 1000001, 0, , , , , , Malware.Heuristic.1001, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}\InprocServer32, Под карантина, 1000001, 0, , , , , , Malware.Heuristic.1001, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}\InprocServer32, Под карантина, 1000001, 0, , , , , , Стойност на регистъра: 0 (Не бяха открити зловредни елементи) Данни на регистъра: 0 (Не бяха открити зловредни елементи) Поток данни: 0 (Не бяха открити зловредни елементи) Папка: 0 (Не бяха открити зловредни елементи) Файл: 3 Malware.AI.1693988425, C:\USERS\Жельо\DESKTOP\OPTIONS\КОНВЕРТОРИ\Easy CD-DA Extractor.lnk, Под карантина, 1000000, 0, , , , , 5411FC014588CCD7D2DC6CFF93D3E492, AB68759449CB15916695E0FD5B3BD0D1850930BDF1049E96BBFC017306969B9A Malware.AI.1693988425, C:\PROGRAM FILES\EASY CD-DA EXTRACTOR 12\EZCDDAX.EXE, Под карантина, 1000000, 0, 1.0.39773, 31B755C9AF43C65F64F83649, dds, 01216166, BB8BB479A61209201D01E79B3FAABB4E, FDEA387FAB54C7EE0D451D5C05461E8E7591E511B4A3CA1313BE8984462C21BE Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINAMP\ELEVATORPS.DLL, Под карантина, 1000001, 0, 1.0.39773, 0000000000000000000003E9, dds, 01216166, 6B4B815310306458554233AF4855EDF6, A714CC78C135F423ABE10C9FFDA62973DA96CE972F80CC3ADF2281C20FAE6ADB Физически сектор: 0 (Не бяха открити зловредни елементи) WMI: 0 (Не бяха открити зловредни елементи) (end)

Здравейте. От доста време лаптопа доста се замисляше преди да изпълни каквото и да е, ама сега вече въобще не отваря нищо. Интернета не ще да тръгне с кабел. Безжично се свързва, поне засега. Малварбайтс не стартира по никакъв начин. Логовете от FRST са празни, затова сканирах под сейф мод. Лаптопа е с Уиндоус 7 64 битов. Ето и логовете. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021 Ran by Жельо (administrator) on JAX-LAPTOP (TOSHIBA SATELLITE L755) (21-04-2021 13:52:43) Running from C:\Users\Жельо\Desktop Loaded Profiles: Жельо Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България) Default browser: IE Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe Failed to access process -> csrss.exe Failed to access process -> csrss.exe Failed to access process -> WmiPrvSE.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TPwrMain] => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE HKLM\...\Run: [TosWaitSrv] => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe HKLM\...\Run: [Teco] => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r HKLM\...\Run: [TCrdMain] => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe HKLM\...\Run: [HSON] => %ProgramFiles%\TOSHIBA\TBS\HSON.exe HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-11] (Conexant Systems, Inc. -> Conexant Systems, Inc.) HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) [File not signed] HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [109160 2020-08-19] (Avast Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [unlockerAssistant] => "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" HKLM-x32\...\Run: [TSleepSrv] => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe HKLM-x32\...\Run: [iTSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION) HKLM-x32\...\Run: [AveoSTI.exe] => C:\Program Files (x86)\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe [32768 2010-12-02] (AVEO) [File not signed] HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation) HKLM Group Policy restriction on software: *.gif*.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.avi*.com <==== ATTENTION HKLM Group Policy restriction on software: *.bmp*.pif <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION HKLM Group Policy restriction on software: *.pdf*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.jse <==== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.pdf*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.rtf*.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <==== ATTENTION HKLM Group Policy restriction on software: cipher.exe <==== ATTENTION HKLM Group Policy restriction on software: *.avi*.scr <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.docx*.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.js <==== ATTENTION HKLM Group Policy restriction on software: *.pub*.js <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.7z*.com <==== ATTENTION HKLM Group Policy restriction on software: *.png*.com <==== ATTENTION HKLM Group Policy restriction on software: *.7z*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.jpg*.exe <==== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.ppt*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.mp4*.pif <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.wav*.scr <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.pptx*.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.xls*.bat <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.doc*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.pptx*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.mp4*.bat <==== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.ppt*.jse <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.com <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <==== ATTENTION HKLM Group Policy restriction on software: *.mp3*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.pif <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.docx*.bat <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.jpg*.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.pub*.pif <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.js <==== ATTENTION HKLM Group Policy restriction on software: *.txt*.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.gif*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.docx*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.xls*.com <==== ATTENTION HKLM Group Policy restriction on software: *.pptx*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.wmv*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.mp4*.com <==== ATTENTION HKLM Group Policy restriction on software: *.gif*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.7z*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.pdf*.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.wav*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.wma*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.bmp*.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.jpg*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.wma*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.zip*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.rar*.js <==== ATTENTION HKLM Group Policy restriction on software: *.avi*.pif <==== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.scr <==== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.bmp*.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.bmp*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.pub*.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <==== ATTENTION HKLM Group Policy restriction on software: *.gif*.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <==== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.png*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.docx*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.txt*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.avi*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.gif*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.jpg*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.com <==== ATTENTION HKLM Group Policy restriction on software: *.xls*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.txt*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.xls*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.docx*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.mp3*.js <==== ATTENTION HKLM Group Policy restriction on software: *.zip*.js <==== ATTENTION HKLM Group Policy restriction on software: *.rtf*.js <==== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.com <==== ATTENTION HKLM Group Policy restriction on software: *.wmv*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.bat <==== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.mp4*.jse <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.jpg*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.docx*.com <==== ATTENTION HKLM Group Policy restriction on software: *.rtf*.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.7z*.pif <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.zip*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.doc*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.wma*.com <==== ATTENTION HKLM Group Policy restriction on software: *.wma*.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.pub*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.wav*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.png*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.gif*.bat <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.avi*.exe <==== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.mp3*.bat <==== ATTENTION HKLM Group Policy restriction on software: ** <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.bat <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.pdf*.exe <==== ATTENTION HKLM Group Policy restriction on software: scsvserv.exe <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.divx*.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.doc*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.bmp*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.pdf*.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <==== ATTENTION HKLM Group Policy restriction on software: *.rar*.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <==== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.ppt*.js <==== ATTENTION HKLM Group Policy restriction on software: *.doc*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.jpg*.bat <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.pub*.exe <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.jpg*.js <==== ATTENTION HKLM Group Policy restriction on software: *.divx*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.pdf*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.mp4*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.txt*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.divx*.js <==== ATTENTION HKLM Group Policy restriction on software: *.rar*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.avi*.js <==== ATTENTION HKLM Group Policy restriction on software: *.ppt*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.rar*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.7z*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.rtf*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.pdf*.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.com <==== ATTENTION HKLM Group Policy restriction on software: *.rtf*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.ppt*.com <==== ATTENTION HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <==== ATTENTION HKLM Group Policy restriction on software: *.txt*.cmd <==== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.mp3*.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.pif <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.pif <==== ATTENTION HKLM Group Policy restriction on software: lsassvrtdbks.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.doc*.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.gif*.js <==== ATTENTION HKLM Group Policy restriction on software: *.txt*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.bmp*.js <==== ATTENTION HKLM Group Policy restriction on software: *.ppt*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.docx*.scr <==== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.zip*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.jpg*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.mp4*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.bmp*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.wav*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.wav*.bat <==== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.pif <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.png*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.xls*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.wav*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.avi*.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.exe <==== ATTENTION HKLM Group Policy restriction on software: bcdedit.exe <==== ATTENTION HKLM Group Policy restriction on software: *.rar*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.scr <==== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.txt*.js <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.rtf*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.wmv*.bat <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.rtf*.pif <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.divx*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.rar*.bat <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.divx*.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.pub*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.mp3*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.txt*.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.pub*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <==== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.com <==== ATTENTION HKLM Group Policy restriction on software: *.zip*.com <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.com <==== ATTENTION HKLM Group Policy restriction on software: *.7z*.js <==== ATTENTION HKLM Group Policy restriction on software: *.pptx*.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.pub*.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.js <==== ATTENTION HKLM Group Policy restriction on software: *.zip*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.wma*.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.mp3*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.png*.js <==== ATTENTION HKLM Group Policy restriction on software: *.divx*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.divx*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.wma*.js <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.com <==== ATTENTION HKLM Group Policy restriction on software: *.mp3*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.wma*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.pdf*.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <==== ATTENTION HKLM Group Policy restriction on software: vssadmin.exe <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.png*.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.doc*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.gif*.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.xls*.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.pif <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.com <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.js <==== ATTENTION HKLM Group Policy restriction on software: *.xls*.scr <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.pptx*.js <==== ATTENTION HKLM Group Policy restriction on software: *.wma*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.wmv*.jse <==== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.js <==== ATTENTION HKLM Group Policy restriction on software: *.doc*.com <==== ATTENTION HKLM Group Policy restriction on software: *.rar*.pif <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.ppt*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.avi*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.zip*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.wmv*.js <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.bat <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.png*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.mp4*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.bat <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.wav*.js <==== ATTENTION HKLM Group Policy restriction on software: *.wmv*.com <==== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.js <==== ATTENTION HKLM Group Policy restriction on software: *.png*.bat <==== ATTENTION HKLM Group Policy restriction on software: syskey.exe <==== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.rtf*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.doc*.exe <==== ATTENTION HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.pptx*.cmd <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <==== ATTENTION HKLM Group Policy restriction on software: *.7z*.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.wmv*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.mp4*.js <==== ATTENTION HKLM Group Policy restriction on software: *.pptx*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.mp3*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.xls*.js <==== ATTENTION HKLM Group Policy restriction on software: lsassw86s.exe <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.wav*.com <==== ATTENTION HKLM Group Policy restriction on software: *.pptx*.bat <==== ATTENTION HKLM Group Policy restriction on software: *.zip*.bat <==== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.scr <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.com <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.jse <==== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION HKLM Group Policy restriction on software: *.bmp*.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.ppt*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.divx*.scr <==== ATTENTION HKLM Group Policy restriction on software: *.7z*.bat <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin <==== ATTENTION HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <==== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.jse <==== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <==== ATTENTION HKLM Group Policy restriction on software: *.docx*.exe <==== ATTENTION HKLM Group Policy restriction on software: *.rar*.jse <==== ATTENTION HKLM Group Policy restriction on software: *.wmv*.pif <==== ATTENTION HKLM\...\Policies\Explorer: [NoAutorun] 2 HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: I - I:\Start.exe HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {b378f1c1-e6af-11e9-8c74-047d7b60ad51} - I:\AutoRun.exe HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {b378f1ce-e6af-11e9-8c74-e066f7d8f259} - H:\AutoRun.exe HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {cdb173f4-4794-11e4-9418-047d7b60ad51} - I:\AutoRun.exe HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {cdb17402-4794-11e4-9418-047d7b60ad51} - H:\AutoRun.exe HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-16] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\LIDIL hpzllw71: C:\Windows\system32\hpzllw71.dll [53248 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\Nitro PDF Port Monitor: C:\Windows\system32\nitrolocalmon2.dll [29704 2013-07-24] (Nitro PDF Software -> Nitro PDF Software) HKLM\...\Print\Monitors\Toshiba Bluetooth Monitor: C:\Windows\system32\tbtmon.dll [208208 2009-06-18] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.128\Installer\chrmstp.exe [2021-04-15] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-12-06] ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2016-05-04] ShortcutTarget: Bluetooth Manager.lnk -> (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TeamViewer 8.lnk [2017-04-18] ShortcutTarget: TeamViewer 8.lnk -> C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (No File) BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B2AF4BA-41FD-4C44-8F30-95010B7AC628} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-678885870-2144746608-4001290835-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {1140D418-8B03-4A41-8CD1-CA22F1B82C9D} - System32\Tasks\{8A85DBD2-0D91-4408-A38D-1B8F17EA8D1E} => C:\Windows\system32\pcalua.exe -a D:\HDD\Setup.exe -d D:\HDD Task: {11C0E3B4-6FDC-438B-B921-137CB9E9595B} - System32\Tasks\{182100DA-BE87-4F02-9360-BCD1C173F813} => C:\Users\Жельо\Desktop\ClientOCX_Setup.exe Task: {1412A2A8-8491-4815-BA62-4B69EBADD5C9} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe Task: {14537A78-2B10-4501-9EA2-4F8E4A7FA518} - System32\Tasks\{866AFAD4-ECBD-4111-9342-41BBFA98D026} => E:\GAME\Kran Simulator\RE3DPlayer.exe Task: {16556FE5-2CA1-4F74-9791-2368D7AD5A13} - System32\Tasks\{F78FF1FF-7F8C-40BF-956E-099D61E0547F} => G:\Install Train Simulator 2013.exe -> /i "G:\FileID.msi" AI_RESUME=1 ADDLOCAL=MainFeature,Steam ALLUSERS="1" PRIMARYFOLDER="APPDIR" ROOTDRIVE="D:\" PIDKEY="75841-54734-75036" TARGETDIR="D:\" APPDIR="E:\GAME\Train Simulator 2013\" USERNAME="Жельо" AGREE_CHECKBOX="Yes" Task: {1A6D1557-A626-4DD5-8E49-3867B358CFC6} - System32\Tasks\{9E9A51CC-F8A0-49AB-AB98-6DD6F72C165F} => E:\GAME\Ship Simulator Extremes\Steam.exe Task: {1B3F7C82-A53B-4C18-956B-A03982BAA93D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-678885870-2144746608-4001290835-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {1D387C07-7F33-4B41-8722-CE457524CE62} - System32\Tasks\{5B40C6F8-88F6-46FA-8105-93BBDAA7E45D} => E:\GAME\RECYCLE v1.0.0.2\recycle.exe Task: {205F7C02-D290-4FDD-ACC6-82E3B18811F8} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3810408 2020-08-19] (Avast Software s.r.o. -> AVAST Software) Task: {4381DCF5-41DD-4AD3-AAD9-E06DD6556851} - System32\Tasks\{87965B1F-4F0F-4431-AB98-39230743E032} => C:\Users\Жельо\Desktop\DVD 2 AVI\divx03\BeSweetGUIv0.6b71\BeSweetGUIv0.6b71.exe Task: {4768A8D9-4137-4280-902F-D652CF8B6329} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe Task: {49E0A9A1-3C9C-4CAC-ACE2-593E19A91674} - System32\Tasks\{BDEF390D-E6C1-405C-A41F-FBAAF17B72D0} => C:\Windows\system32\pcalua.exe -a G:\Setup_AR.exe -d G:\ Task: {4C5B5BEB-F304-47FB-A1E3-C2D37800AB20} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-678885870-2144746608-4001290835-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe Task: {4D7CDDE6-9F9C-43E7-9137-CAF7975D7E3B} - System32\Tasks\{A801FFDC-4694-49F4-99C9-543BB27B785F} => G:\Autorun.exe Task: {54710BB0-ACE2-4EDC-AA46-1C9550C85C50} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1791712 2021-02-23] (Avast Software s.r.o. -> Avast Software) Task: {57BB5DD2-9072-48B5-A951-BBBA74357AF8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-678885870-2144746608-4001290835-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {5A24A855-0309-4753-879D-E8D30C89685D} - System32\Tasks\{F3FFF0B5-8D8E-4E32-984C-C44E7C0A7853} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\MP3Gain\uninst-mp3gain.exe" -d "C:\Program Files (x86)\MP3Gain" Task: {5C38B2C5-9D1C-421C-88BB-651CE44E5B57} - System32\Tasks\{E2AA76DB-4BD2-42D6-A378-2DD32F4ABE14} => E:\GAME\RECYCLE v1.0.0.2\recycle.exe Task: {5D9E8D7F-B99A-4E1F-9FB9-5E31041A3905} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe Task: {5F1351C9-23E8-4294-9DCC-5A402D837B82} - System32\Tasks\{FE589B07-B5C5-4434-AADD-522BB7F6FC1A} => E:\GAME\RECYCLE v1.0.0.2\recycle.exe Task: {61A25CF6-55A7-4EB9-B122-977626A5D2F1} - System32\Tasks\{C1ADE806-304C-4EBA-A734-D2C874B1EC00} => C:\Windows\system32\pcalua.exe -a "E:\GAME\Ship Simulator Extremes\Steam.exe" -d "E:\GAME\Ship Simulator Extremes" Task: {66D7FC83-BEFB-49F3-8438-0E3F80DC4832} - System32\Tasks\{B01B5A14-35E5-4B7F-A7BF-B28B6404E63F} => E:\GAME\Kran Simulator\RE3DPlayer.exe Task: {7272B04D-C3CA-4453-A29E-C1DF51625310} - System32\Tasks\{C86732D3-F816-4EEB-B029-EC1495EF32E0} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\PowerISO\uninstall.exe" Task: {7673F375-167E-4FA5-9EF9-54F282FAC57E} - System32\Tasks\{A34D5BA6-1D52-403E-BADD-ECB4E0779B62} => E:\GAME\Ship Simulator Extremes\Steam.exe Task: {77612E78-C51D-43CF-BB18-678F216C5C84} - System32\Tasks\{CFB5F731-038D-4336-9B75-FE298C0CBA37} => C:\Windows\system32\pcalua.exe -a "C:\Users\Жельо\Desktop\OPTIONS\Shinyekap Nezha-1.exe" -d C:\Users\Жельо\Desktop\OPTIONS Task: {7E9BBDE7-0EE7-47F1-B082-609231DBFBC6} - System32\Tasks\{3FD6C113-D6B5-4CB7-BC40-438AE6F38C07} => C:\Users\Жельо\Desktop\ClientOCX_Setup.exe Task: {7F260276-D7F7-4FC0-B84C-A5F05BCCF0E6} - System32\Tasks\{CDEB13FE-4FD7-4CD0-8145-FCA599B0AB8E} => G:\Autorun.exe Task: {86743A88-4EA7-4983-A7A4-4894B45B63E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-06] (Google LLC -> Google LLC) Task: {8E24899E-13D8-443F-A13C-77442B77507D} - System32\Tasks\{61A0EF18-3E08-43CB-ABFA-926AF19AAD94} => C:\Users\Жельо\Desktop\DVD 2 AVI\divx03\BeSweetGUIv0.6b71\BeSweetGUIv0.6b71.exe Task: {91ACB7E0-F70E-494C-8365-575A843ACCD0} - System32\Tasks\{F6631136-A40B-4193-9954-4E5DD9A10186} => C:\Users\Жельо\Desktop\pscan13.exe Task: {9E6502D2-6B3D-4CEC-85FF-D0510A8D4155} - System32\Tasks\{031792C4-DBF0-413D-B0BA-78618583440E} => C:\Users\Жельо\Desktop\DVD 2 AVI\divx03\BeSweetGUIv0.6b71\BeSweetGUIv0.6b71.exe Task: {B100195E-89C3-43E6-B5F6-D1EBC91D4705} - System32\Tasks\{F4874670-DBC8-4C97-B15B-B59D153C4B3A} => C:\Program Files (x86)\Advanced Port Scanner\Advanced Port Scanner.exe Task: {B44909F0-D6D5-45BF-A67C-307EDEBF8513} - System32\Tasks\{FE11CFCA-1A2E-4401-A5FC-1D944CA1F25D} => C:\Users\Жельо\Desktop\DVD 2 AVI\divx03\BeSweetGUIv0.6b71\BeSweetGUIv0.6b71.exe Task: {BB098717-C280-4EFC-8105-2C56578F6AFE} - System32\Tasks\{381E5223-4811-4126-B261-7C48A51F1FA7} => E:\GAME\Ship Simulator Extremes\Steam.exe Task: {BE84C073-87C9-489C-A148-5F890375D1C2} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [693456 2021-01-06] (Mozilla Corporation -> Mozilla Foundation) Task: {BEBC36E6-CA83-4CE2-AE99-1F12FD357A5A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe Task: {BF29AF14-D5C8-4BAD-89A8-451DCC13C00B} - System32\Tasks\{0340AF45-9663-498C-9CF9-0D65935DDCA5} => E:\GAME\Kran Simulator\RE3DPlayer.exe Task: {C295EDB3-E3AD-470E-AF7A-1377FC70CBFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-06] (Google LLC -> Google LLC) Task: {C2DA9EBB-2D82-4B80-AC59-6AD3DAFAE0DF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {C68F4671-9FFE-4D6B-B4CF-98F5366CF49C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-678885870-2144746608-4001290835-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {CB5EEB6B-045C-4426-A4D1-1BCDBE63410D} - System32\Tasks\{E4E1FD23-4F20-41AC-A60A-00572A06799D} => C:\Windows\system32\pcalua.exe -a C:\Users\Жельо\Desktop\NetFx64.exe -d C:\Users\Жельо\Desktop Task: {D20ECE81-F47C-4564-851D-D85BE879AA82} - System32\Tasks\{53B932BC-E3AF-45E9-9B5A-0E91CEF69E27} => C:\Users\Жельо\Desktop\DVD 2 AVI\divx03\BeSweetGUIv0.6b71\BeSweetGUIv0.6b71.exe Task: {D3E809E4-0102-41C0-A206-C5E704FBF7D6} - System32\Tasks\{FBBA76C0-4A9B-4AFD-B5B0-399C48E58931} => E:\GAME\Kran Simulator\RE3DPlayer.exe Task: {DA8BDD69-C800-4CC7-895C-042F45E1E552} - System32\Tasks\{A64CD2AE-D75B-4451-A844-AFB546E1B211} => E:\GAME\Kran\RE3DPlayer.exe Task: {E17D72FE-D226-48B0-A06D-67B3881D9509} - System32\Tasks\{9A6C4155-C55E-4E53-BD48-D0975DE1B5F5} => E:\GAME\Kran\RE3DPlayer.exe Task: {E8FDED4B-1DD7-402E-9FA3-F69DCA35B2C1} - System32\Tasks\{31E8DC32-D40A-464F-9A1F-26DC63AB8D6A} => E:\GAME\Ship Simulator Extremes\Steam.exe Task: {EAB5762D-B1AD-434B-963A-2D14700B7410} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe Task: {F19508CD-F2FD-4E1F-B1E6-E77D4C4E1DA0} - System32\Tasks\{CC31CF1A-D2D0-4263-97D5-F93BDE476762} => G:\Autorun.exe Task: {F793FED3-F6F0-4949-8773-00099B24E523} - System32\Tasks\{3ED79E8A-6383-4FD7-800A-2D417AED6D61} => C:\Windows\system32\pcalua.exe -a C:\Users\Жельо\Desktop\ACS_Unified_Driver_MSI_Win_4280_P\redist\InstMsiW.exe -d C:\Users\Жельо\Desktop\ACS_Unified_Driver_MSI_Win_4280_P\redist (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe Task: C:\Windows\Tasks\{F78FF1FF-7F8C-40BF-956E-099D61E0547F}.job => G:\Install Train Simulator 2013.exeæ/i G:\FileID.msi ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{27B45E86-2256-4219-8342-E50970CBA1BC}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{2894CFE3-2384-4537-933E-ED6B8A4F469A}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{36CC85D9-D772-49DE-9279-337C18A326B0}: [NameServer] 212.39.90.42 212.39.90.43 Tcpip\..\Interfaces\{521254B9-7035-4424-A79B-C73FEF009E56}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{6408F382-43EF-45F8-A183-6E98326494E7}: [NameServer] 212.39.90.42 212.39.90.43 Tcpip\..\Interfaces\{A41B8DB8-C9BE-4B37-B8E9-4F4D5D0EDF75}: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{BBA08E84-E9B5-4B8C-8E2B-BE9854F9D071}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{C1BEB88E-16D3-4CA3-B902-802B99874DED}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{F2AD340F-E8ED-4214-9BE5-F6DE710C1244}: [NameServer] 212.39.90.42 212.39.90.43 HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1] Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-16] Edge Notifications: Default -> hxxps://www.youtube.com Edge HomePage: Default -> about:blank Edge Extension: (Video Downloader Premium) - C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\apjbepmacnpdneiebljlfoejfcadpkff [2020-12-17] Edge Extension: (Avast Passwords) - C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2020-03-03] Edge Extension: (Video Downloader с едно кликване) - C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fghpggflpedbjjmjghkgdjbhbfclgobk [2020-12-17] Edge Extension: (Блокиране на реклами в Youtube) - C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mbdlpgncclnhomdpmicmgdihapedhhak [2020-12-17] Edge Extension: (AdBlock - Най-добрия в блокирането на реклами) - C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2021-04-16] Edge Profile: C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2020-03-03] Edge Profile: C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2020-03-03] FireFox: ======== FF DefaultProfile: 8ee7rh3h.default-1566656681801 FF ProfilePath: C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801 [2021-01-10] FF Notifications: Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801 -> hxxps://www.vbox7.com FF Extension: (AdBlock - Най-добрия в блокирането на реклами) - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2021-01-06] FF Extension: (Avast SafePrice | Сравнение, сделки, купони) - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801\Extensions\sp@avast.com.xpi [2021-01-06] FF Extension: (Avast Online Security) - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801\Extensions\wrc@avast.com.xpi [2021-01-06] FF Extension: (Video DownloadHelper) - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-01-06] FF Extension: (YouTube Video and Audio Downloader (Dev Edt.)) - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801\Extensions\{f73df109-8fb4-453e-8373-f59e61ca4da3}.xpi [2021-01-06] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-19] (Adobe Systems Incorporated -> ) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-19] (Adobe Systems Incorporated -> ) FF Plugin-x32: @DVR/npmedia,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin\npmedia.dll [2014-11-17] (Zhejiang Dahua Technology CO.,LTD. -> ) FF Plugin-x32: @DVR/npmedia,version=33.2.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\33.2.0.4\npmedia.dll [2016-09-27] (Zhejiang Dahua Technology CO.,LTD. -> ) [File not signed] FF Plugin-x32: @DVR/npTimeGrid,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin\npTimeGrid.dll [2014-11-17] (Zhejiang Dahua Technology CO.,LTD. -> Unauthorized copy) FF Plugin-x32: @DVR/npTimeGrid,version=33.2.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\33.2.0.4\npTimeGrid.dll [2016-09-27] (Zhejiang Dahua Technology CO.,LTD. -> Unauthorized copy) [File not signed] FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File] FF Plugin-x32: @google.com/sewebplugin -> C:\Windows\system32\npsewebplugin.dll [No File] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2013-01-11] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2013-01-11] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-07-24] (Nitro PDF Software -> Nitro PDF) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-04-27] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-04-27] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\My Program\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.) FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2019-09-19] () [File not signed] FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2019-09-19] () [File not signed] FF Plugin HKU\S-1-5-21-678885870-2144746608-4001290835-1000: www.mydlink.com/Uplayer -> C:\Users\Жельо\AppData\Roaming\D-Link\mydlink services plugin\1.0.2.7\npUplayer.dll [2015-12-11] (D-LINK CORPORATION -> D-Link Corporation) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default [2021-04-21] CHR Notifications: Default -> hxxps://www.emart.bg CHR HomePage: Default -> hxxp://www.homepage.bg/ CHR Extension: (W2MO: Logistics Design, Optimization, 3D) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\acbokjkdobbboamnnfehlboekicdhcog [2016-08-28] CHR Extension: (Angry Birds) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-16] CHR Extension: (YouTube) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27] CHR Extension: (Adblock Plus — безплатен блокер на реклами) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29] CHR Extension: (FARMERAMA) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkfdgnfefjmciocbhnffnbpkjpdleca [2017-03-08] CHR Extension: (Google Търсене) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06] CHR Extension: (Avast Online Security) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-02-17] CHR Extension: (Weather Underground) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhloacinaafedjelpfeffmmlckblidke [2021-04-19] CHR Extension: (Pixorial Photo & Video Sharing) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilbibicalpgnmbjnganinjppjephokai [2014-02-25] CHR Extension: (Happy Farmer by Fupa) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjdmmbgcdeojkmeablmdjkhplahnmii [2012-08-17] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29] CHR Extension: (Gmail) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22] CHR Extension: (Chrome Media Router) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-15] CHR Extension: (радио) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\plaapjbgohfgkalmmjpakodbpomahebn [2017-01-23] CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url> CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> StartMenuInternet: Google Chrome.MBWLTUWGU5OHAGWKF2LZRQIORY - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.) S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) S2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3743464 2021-03-09] (philandro Software GmbH -> philandro Software GmbH) S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7776160 2020-08-19] (Avast Software s.r.o. -> AVAST Software) S2 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2012-07-17] (Autodata Limited) [File not signed] S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [353696 2020-08-19] (Avast Software s.r.o. -> AVAST Software) S3 BITCOMET_HELPER_SERVICE; C:\My Program\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (Shanghai Comet Network Technology -> www.BitComet.com) S2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [115536 2018-08-02] (Brother Industries, Ltd. -> ) S2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd) [File not signed] S2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [200704 2006-08-11] (InterVideo Inc.) [File not signed] S2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [793560 2015-05-06] (Open Source Developer, Tim Kosse -> FileZilla Project) S2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [1995184 2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Software Inc.) S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] (Huawei Technologies Co., Ltd. -> ) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] (Huawei Technologies Co., Ltd. -> ) S2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software -> Nitro PDF Software) S2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation -> NTI Corporation) S2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation -> Microsoft Corporation) S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia -> Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia -> Secunia) S2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12097024 2019-11-06] (TeamViewer GmbH -> TeamViewer Germany GmbH) S2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-08] (Reason Software Company Inc. -> Reason Software Company Inc.) S2 VIVACOM 3G USB Modem. RunOuc; C:\Program Files (x86)\VIVACOM 3G USB Modem\UpdateDog\ouc.exe [651856 2013-10-26] (Huawei Technologies Co., Ltd. -> ) S2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ACR122U; C:\Windows\System32\DRIVERS\acr122.sys [79840 2018-03-20] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Card Systems Ltd.) S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Co., Ltd. -> AnvSoft Inc.) S1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [312184 2010-09-21] (ArcSoft, Inc. -> ) R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37152 2020-08-19] (Avast Software s.r.o. -> AVAST Software) S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205888 2020-08-19] (Avast Software s.r.o. -> AVAST Software) S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [235592 2020-08-19] (Avast Software s.r.o. -> AVAST Software) S0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [195656 2020-08-19] (Avast Software s.r.o. -> AVAST Software) S0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [60488 2020-08-19] (Avast Software s.r.o. -> AVAST Software) R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42776 2020-08-19] (Avast Software s.r.o. -> AVAST Software) S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175200 2020-08-19] (Avast Software s.r.o. -> AVAST Software) R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [515544 2020-08-19] (Avast Software s.r.o. -> AVAST Software) R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-04-18] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [109280 2020-08-19] (Avast Software s.r.o. -> AVAST Software) S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84856 2020-08-19] (Avast Software s.r.o. -> AVAST Software) S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851608 2020-08-19] (Avast Software s.r.o. -> AVAST Software) S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [466752 2020-08-19] (Avast Software s.r.o. -> AVAST Software) S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [217336 2020-08-19] (Avast Software s.r.o. -> AVAST Software) S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [323784 2020-08-19] (Avast Software s.r.o. -> AVAST Software) R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2750464 2011-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.) S3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1847296 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.) S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [348672 2010-12-31] (Aveo Technology Corp. -> AVEO Corp) S3 cpuz132; C:\Windows\system32\drivers\cpuz132_x64.sys [19432 2009-03-27] (CPUID -> Windows ® Codename Longhorn DDK provider) S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [109568 2013-01-25] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [14976 2012-12-22] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2014-04-30] () [File not signed] S3 GRemoteBus; C:\Windows\System32\DRIVERS\GRemoteBus64.sys [27336 2009-08-05] (GBM Software -> GBM Software) S3 GRemoteJoy; C:\Windows\System32\DRIVERS\GRemoteJoy64.sys [46792 2009-08-05] (GBM Software -> GBM Software) S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed] R3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [91648 2013-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [121728 2013-10-23] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [376448 2013-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros -> Qualcomm Atheros Co., Ltd.) S3 MSBDA; C:\Windows\System32\DRIVERS\UTVAD.sys [1410952 2011-07-15] (Qing YuanGadmei Electronics Technology Co., Ltd -> Gadmei Electronic Technology Corporation) S2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia -> Secunia) R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [12800 2009-06-15] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA) S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [225256 2011-05-17] (Realtek Semiconductor Corp -> REALTEK SEMICONDUCTOR Corp.) S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-05-17] (Realtek Semiconductor Corp -> REALTEK SEMICONDUCTOR Corp.) S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek Semiconductor Corp -> Realtek) S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc. -> SafeNet, Inc.) S3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl64.sys [100864 2011-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Prolific Technology Inc.) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-07-10] (Duplex Secure Ltd -> Duplex Secure Ltd.) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [63488 2010-04-26] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> ) S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Hard Disk Manager 16 Basic\program\BioNTDrv.SYS [X] S3 CM2593; system32\DRIVERS\CM2593.sys [X] S3 GWHid; system32\DRIVERS\GWHid.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S1 UimBus; system32\DRIVERS\uimbus.sys [X] S1 Uim_DEVIM; system32\DRIVERS\uimdevim.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 WINIO; \??\C:\Users\Жельо\Desktop\Test na sistemata\Test na sistemata\psc_2.071\winio.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-04-21 13:31 - 2021-04-21 13:53 - 000068589 _____ C:\Users\Жельо\Desktop\FRST.txt 2021-04-21 13:17 - 2021-04-21 13:17 - 002298368 _____ (Farbar) C:\Users\Жельо\Desktop\FRST64 (1).exe 2021-04-21 10:26 - 2021-04-21 10:26 - 000000000 ____D C:\Program Files (x86)\ESET 2021-04-19 18:07 - 2021-04-19 18:07 - 000000000 ____D C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения в Chrome 2021-04-19 11:33 - 2021-04-19 11:33 - 000000078 _____ C:\Нов текстов документ.txt 2021-04-15 17:43 - 2020-08-19 15:28 - 000335968 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2021-04-12 20:12 - 2021-04-12 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2021-04-12 20:11 - 2021-04-12 20:11 - 000000000 ____D C:\Program Files\VideoLAN 2021-04-07 20:37 - 2021-04-07 20:37 - 000067457 _____ C:\Users\Жельо\Desktop\Перевал.Дятлова.2020.(8.серии.от.8).WEB-DL.1080p.H264.AC3-BULGAR.torrent 2021-04-07 19:54 - 2021-04-07 19:54 - 000077000 _____ C:\Users\Жельо\Desktop\line6.protv.cc MACs-Hits.txt 2021-03-27 10:07 - 2021-03-27 10:21 - 000000000 ____D C:\Users\Жельо\Desktop\Нова папка (2) 2021-03-24 19:58 - 2021-03-24 19:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2021-03-24 19:58 - 2017-11-01 09:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys 2021-03-24 19:56 - 2021-03-24 19:56 - 000220616 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2021-03-24 17:06 - 2021-03-24 19:54 - 000000000 ____D C:\Users\Жельо\AppData\LocalLow\IGDump 2021-03-24 16:57 - 2021-03-24 16:57 - 000000000 ____D C:\Users\Жельо\AppData\Local\mbam 2021-03-24 16:54 - 2021-03-24 16:54 - 011636936 _____ C:\Users\Жельо\Downloads\MB-SupportTool.exe 2021-03-24 16:39 - 2021-04-21 13:52 - 000000000 ____D C:\FRST 2021-03-24 16:38 - 2021-03-24 16:38 - 002300928 _____ (Farbar) C:\Users\Жельо\Desktop\FRST64.exe ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-04-21 13:41 - 2009-07-14 08:13 - 000796930 _____ C:\Windows\system32\PerfStringBackup.INI 2021-04-21 13:41 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf 2021-04-21 13:36 - 2013-08-31 11:42 - 002700838 _____ C:\Windows\ntbtlog.txt 2021-04-21 13:35 - 2013-08-09 19:15 - 000065536 _____ C:\Windows\system32\Ikeext.etl 2021-04-21 13:13 - 2015-11-24 15:32 - 000000000 ____D C:\Users\Жельо\AppData\LocalLow\Adblock Plus for IE 2021-04-21 13:07 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\tracing 2021-04-21 13:05 - 2017-03-08 08:59 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update 2021-04-21 11:14 - 2015-06-16 08:52 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2021-04-21 10:50 - 2009-07-14 07:45 - 000020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2021-04-21 10:50 - 2009-07-14 07:45 - 000020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2021-04-21 10:47 - 2018-07-26 18:28 - 000000000 ____D C:\Users\Жельо\AppData\Local\AVAST Software 2021-04-21 10:41 - 2012-07-10 13:59 - 000000000 ____D C:\ProgramData\NVIDIA 2021-04-21 10:41 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-04-21 10:38 - 2015-03-13 15:38 - 000000000 ___HD C:\Users\Жельо\Documents\ViberDownloads 2021-04-21 10:37 - 2017-01-13 21:18 - 000000000 ____D C:\Users\Жельо\AppData\Roaming\ViberPC 2021-04-21 10:22 - 2012-07-10 15:32 - 000000000 ____D C:\Users\Жельо\AppData\Local\ElevatedDiagnostics 2021-04-21 10:18 - 2017-10-24 15:44 - 020749312 ___SH C:\Users\Жельо\Desktop\Thumbs.db 2021-04-21 01:40 - 2012-08-23 17:41 - 000000000 ____D C:\ProgramData\AVAST Software 2021-04-20 09:15 - 2020-12-15 22:59 - 000000000 ____D C:\Users\Жельо\Desktop\Промоции 2021-04-19 21:25 - 2020-04-06 20:06 - 000003432 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2021-04-19 21:25 - 2020-04-06 20:06 - 000003304 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2021-04-19 21:25 - 2020-03-03 19:20 - 000003490 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-04-19 21:25 - 2020-03-03 19:20 - 000003362 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-04-19 21:25 - 2020-02-10 19:21 - 000003284 _____ C:\Windows\system32\Tasks\{3ED79E8A-6383-4FD7-800A-2D417AED6D61} 2021-04-19 21:25 - 2019-11-01 17:19 - 000003172 _____ C:\Windows\system32\Tasks\{F3FFF0B5-8D8E-4E32-984C-C44E7C0A7853} 2021-04-19 21:25 - 2018-09-19 14:36 - 000003092 _____ C:\Windows\system32\Tasks\{C86732D3-F816-4EEB-B029-EC1495EF32E0} 2021-04-19 21:25 - 2018-04-17 14:41 - 000003050 _____ C:\Windows\system32\Tasks\{8A85DBD2-0D91-4408-A38D-1B8F17EA8D1E} 2021-04-19 21:25 - 2015-12-04 12:01 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software 2021-04-19 18:10 - 2012-07-10 17:50 - 000000000 ___RD C:\Users\Жельо\Desktop\OPTIONS 2021-04-18 13:02 - 2013-08-25 16:02 - 000000000 ____D C:\Users\Жельо\AppData\Roaming\FileZilla 2021-04-16 20:04 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF 2021-04-16 18:55 - 2020-03-03 19:22 - 000002221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-04-15 20:34 - 2020-04-06 20:07 - 000002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-04-15 20:34 - 2020-04-06 20:07 - 000002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-04-13 19:27 - 2015-04-30 17:26 - 000000000 ____D C:\RecordDownload 2021-04-12 20:16 - 2012-07-17 11:26 - 000000000 ____D C:\Users\Жельо\AppData\Roaming\vlc 2021-04-12 20:10 - 2016-05-16 15:43 - 000000000 ____D C:\Users\Жельо\AppData\Local\CrashDumps 2021-04-07 19:55 - 2018-02-25 21:53 - 000448512 ___SH C:\Users\Жельо\Downloads\Thumbs.db 2021-03-24 16:49 - 2012-08-22 20:07 - 000000000 ____D C:\ProgramData\Malwarebytes ==================== Files in the root of some directories ======== 2013-08-06 19:00 - 2013-08-06 20:00 - 000000067 _____ () C:\Users\Жельо\Network_Meter_Data.js 2015-12-01 10:06 - 2015-12-01 10:06 - 000000060 ____R () C:\Program Files (x86)\BRINST.INI 2013-09-01 10:52 - 2013-09-01 10:52 - 000039523 _____ () C:\Program Files (x86)\CMS Setup Log.txt 2012-05-04 10:04 - 2012-05-04 10:04 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll 2013-09-30 14:38 - 2013-09-30 14:38 - 000000053 _____ () C:\Users\Жельо\AppData\Roaming\Battery Meter_Data.ini 2015-10-26 23:05 - 2015-10-26 23:05 - 000016384 _____ () C:\Users\Жельо\AppData\Roaming\CryptoPrevent_Test_Module.exe 2012-07-17 11:20 - 2018-09-20 12:17 - 000000160 _____ () C:\Users\Жельо\AppData\Roaming\default.rss 2013-01-11 15:13 - 2013-01-11 15:13 - 000022464 _____ (Intel Corporation) C:\Users\Жельо\AppData\Roaming\JomCap.dll 2013-08-06 18:10 - 2013-08-06 20:48 - 000000018 _____ () C:\Users\Жельо\AppData\Roaming\Network Meter_Usage.ini 2015-10-26 22:47 - 2015-10-26 22:47 - 000401934 _____ () C:\Users\Жельо\AppData\Roaming\recovery.bmp 2015-10-27 19:11 - 2019-04-12 21:44 - 000014848 ___SH () C:\Users\Жельо\AppData\Roaming\Thumbs.db 2012-08-22 12:27 - 2021-01-10 18:33 - 000005632 _____ () C:\Users\Жельо\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-02-10 22:27 - 2014-02-10 22:27 - 000000093 _____ () C:\Users\Жельо\AppData\Local\fusioncache.dat 2015-03-26 14:56 - 2015-03-26 14:56 - 000000054 _____ () C:\Users\Жельо\AppData\Local\oPlayer.ini 2012-07-17 17:18 - 2021-01-11 14:21 - 000007644 _____ () C:\Users\Жельо\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2021-04-12 00:13 ==================== End of FRST.txt ======================== Addition.txt

Аз преди време ползвах IrfanView. Мисля, че я има и на блгарски.

Защото не видях, че с кутията пак излиза толкова като цена. Мислех, че само платката ще е по евтина, но ще си поръчам кутия.

Днес отворих кутията и извадих диска. Сата диск е. И тъй като нямах възможност да го пробвам на друг компютър го свързах пак на моя чрез въпросното устройство, към което бях дал линк малко по-нагоре, и о чудо. Диска тръгна. Сега мисля да поръчам ей туй: https://www.ebay.com/itm/USB-3-0-To-SATA-22-Pin-2-5-Hard-Disk-Driver-SSD-Adapter-Card-Super-Speed-5Gb/152305185548?ssPageName=STRK%3AMEBIDX%3AIT&_trksid=p2055119.m1438.l2649 Старото, което махнах изглежда горе-долу по същия начин. Предполагам ще работи. От тук следва и другия въпрос. Колко мога да разчитам на диска. С какво да го тествам? Инструмента, който намерих, ToshibaStorageDiagnosticTool не го засича. Той и диска на лаптопа не засича, който предполагам също е тошиба. А иначе модела е Toshiba MQ01ABD100 1TB.

С друг кабел е същата работа. В Disk Management не се появява. Засега нямам възможност да пробвам на друг компютър. Но според мен не е от драйвера, защото имам още един диск който си работи. Утре ще се позанимавам да видя какъв е диска. С това дали ще може да се свърже? https://www.ebay.com/itm/SATA-PATA-IDE-to-USB-2-0-Adapter-Converter-Cable-for-2-5-3-5-Inch-Hard-Drive/292323437336?hash=item440fd5ab18:g:dp8AAOSwySVaA8ni И каква е разликата ако се отвори да се свърже с нещо подобно и заводското свързване. Предполагам в кутията има подобен конвертор.

Здравейте колеги съфорумци. Имам външен хард диск Toshiba v6360-c 1tb USB 3.0, който постоянно е включен в лаптопа (Win 7 x64) и до днес си работеше без проблем, но сутринта забелязах, че го няма в "Моят компютър". Изключих го и го включих отново и ми излезе това: Пробвах и на другия лаптоп, но пак не тръгва. Деинсталирах драйвера за USB 3.0 и пак го инсталирах, няма промяна. Има ли някакъв шанс да го подкарам, че има доста снимки на него, които не искам да загубя. Да допълня само, че на другия лаптоп също е закачен външен диск (друг модел) на USB 3.0 и си работи, Което ме навежда на мисълта, че този първия си е заминал. Благодаря предварително за вниманието.

Виж какво приятелю в България не само бившия президент се казва Жельо Желев. Дядо ми например също така се казваше и аз с гордост нося името му. Така, че ако обичаш спри да ми спамиш темата.

С multiAVCHD стана. Тия дни ще пробвам DVDFab ей тъй за спорта. Благодаря ти Night_Raven за насоките.

То като гледам на теб трябва с двете ръце да дават, че хич си нямаш. Сега по темата. Пробвах с първите две, но и двете малко след като заредя изходния файл спират да работят. Пробвано на два различни лаптопа. Днес ще пробвам и другата.

Разбира се.

Здравейте колеги съфорумци и Честита нова година. С търсачката попаднах на всякакви конвертори от Блу Рей и ДВД към avi и mp4, но моята цел е точно обратното. Имам един клип, с висока резолюция и разширение mp4 (15Gb) който искам да запиша на Блурей диск, така, че да може да се гледа на блурей плеер. Какъв софтуер ми е необходим, за да се справя с тази задача (конвертирането и записването после на диска)?