Jump to content

Май пак хванах вирус


Препоръчан пост

Здравейте. От доста време лаптопа доста се замисляше преди да изпълни каквото и да е, ама сега вече въобще не отваря нищо. Интернета не ще да тръгне с кабел. Безжично се свързва, поне засега. Малварбайтс не стартира по никакъв начин. Логовете от FRST са празни, затова сканирах под сейф мод. Лаптопа е с Уиндоус 7 64 битов. Ето и логовете.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
Ran by Жельо (administrator) on JAX-LAPTOP (TOSHIBA SATELLITE L755) (21-04-2021 13:52:43)
Running from C:\Users\Жельо\Desktop
Loaded Profiles: Жельо
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
Default browser: IE
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> WmiPrvSE.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM\...\Run: [TosWaitSrv] => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
HKLM\...\Run: [Teco] => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
HKLM\...\Run: [TCrdMain] => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM\...\Run: [HSON] => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-11] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) [File not signed]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [109160 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [unlockerAssistant] => "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
HKLM-x32\...\Run: [TSleepSrv] => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
HKLM-x32\...\Run: [iTSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
HKLM-x32\...\Run: [AveoSTI.exe] => C:\Program Files (x86)\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe [32768 2010-12-02] (AVEO) [File not signed]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: *.gif*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <==== ATTENTION
HKLM Group Policy restriction on software: ** <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <==== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: bcdedit.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <==== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <==== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <==== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <==== ATTENTION
HKLM\...\Policies\Explorer: [NoAutorun] 2
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: I - I:\Start.exe
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {b378f1c1-e6af-11e9-8c74-047d7b60ad51} - I:\AutoRun.exe
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {b378f1ce-e6af-11e9-8c74-e066f7d8f259} - H:\AutoRun.exe
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {cdb173f4-4794-11e4-9418-047d7b60ad51} - I:\AutoRun.exe
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {cdb17402-4794-11e4-9418-047d7b60ad51} - H:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-16] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\LIDIL hpzllw71: C:\Windows\system32\hpzllw71.dll [53248 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Nitro PDF Port Monitor: C:\Windows\system32\nitrolocalmon2.dll [29704 2013-07-24] (Nitro PDF Software -> Nitro PDF Software)
HKLM\...\Print\Monitors\Toshiba Bluetooth Monitor: C:\Windows\system32\tbtmon.dll [208208 2009-06-18] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.128\Installer\chrmstp.exe [2021-04-15] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-12-06]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2016-05-04]
ShortcutTarget: Bluetooth Manager.lnk ->  (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TeamViewer 8.lnk [2017-04-18]
ShortcutTarget: TeamViewer 8.lnk -> C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B2AF4BA-41FD-4C44-8F30-95010B7AC628} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-678885870-2144746608-4001290835-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {1140D418-8B03-4A41-8CD1-CA22F1B82C9D} - System32\Tasks\{8A85DBD2-0D91-4408-A38D-1B8F17EA8D1E} => C:\Windows\system32\pcalua.exe -a D:\HDD\Setup.exe -d D:\HDD
Task: {11C0E3B4-6FDC-438B-B921-137CB9E9595B} - System32\Tasks\{182100DA-BE87-4F02-9360-BCD1C173F813} => C:\Users\Жельо\Desktop\ClientOCX_Setup.exe
Task: {1412A2A8-8491-4815-BA62-4B69EBADD5C9} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {14537A78-2B10-4501-9EA2-4F8E4A7FA518} - System32\Tasks\{866AFAD4-ECBD-4111-9342-41BBFA98D026} => E:\GAME\Kran Simulator\RE3DPlayer.exe
Task: {16556FE5-2CA1-4F74-9791-2368D7AD5A13} - System32\Tasks\{F78FF1FF-7F8C-40BF-956E-099D61E0547F} => G:\Install Train Simulator 2013.exe -> /i "G:\FileID.msi" AI_RESUME=1 ADDLOCAL=MainFeature,Steam ALLUSERS="1" PRIMARYFOLDER="APPDIR" ROOTDRIVE="D:\" PIDKEY="75841-54734-75036" TARGETDIR="D:\" APPDIR="E:\GAME\Train Simulator 2013\" USERNAME="Жельо" AGREE_CHECKBOX="Yes"
Task: {1A6D1557-A626-4DD5-8E49-3867B358CFC6} - System32\Tasks\{9E9A51CC-F8A0-49AB-AB98-6DD6F72C165F} => E:\GAME\Ship Simulator Extremes\Steam.exe
Task: {1B3F7C82-A53B-4C18-956B-A03982BAA93D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-678885870-2144746608-4001290835-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {1D387C07-7F33-4B41-8722-CE457524CE62} - System32\Tasks\{5B40C6F8-88F6-46FA-8105-93BBDAA7E45D} => E:\GAME\RECYCLE v1.0.0.2\recycle.exe
Task: {205F7C02-D290-4FDD-ACC6-82E3B18811F8} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3810408 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
Task: {4381DCF5-41DD-4AD3-AAD9-E06DD6556851} - System32\Tasks\{87965B1F-4F0F-4431-AB98-39230743E032} => C:\Users\Жельо\Desktop\DVD 2 AVI\divx03\BeSweetGUIv0.6b71\BeSweetGUIv0.6b71.exe
Task: {4768A8D9-4137-4280-902F-D652CF8B6329} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {49E0A9A1-3C9C-4CAC-ACE2-593E19A91674} - System32\Tasks\{BDEF390D-E6C1-405C-A41F-FBAAF17B72D0} => C:\Windows\system32\pcalua.exe -a G:\Setup_AR.exe -d G:\
Task: {4C5B5BEB-F304-47FB-A1E3-C2D37800AB20} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-678885870-2144746608-4001290835-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {4D7CDDE6-9F9C-43E7-9137-CAF7975D7E3B} - System32\Tasks\{A801FFDC-4694-49F4-99C9-543BB27B785F} => G:\Autorun.exe
Task: {54710BB0-ACE2-4EDC-AA46-1C9550C85C50} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1791712 2021-02-23] (Avast Software s.r.o. -> Avast Software)
Task: {57BB5DD2-9072-48B5-A951-BBBA74357AF8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-678885870-2144746608-4001290835-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5A24A855-0309-4753-879D-E8D30C89685D} - System32\Tasks\{F3FFF0B5-8D8E-4E32-984C-C44E7C0A7853} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\MP3Gain\uninst-mp3gain.exe" -d "C:\Program Files (x86)\MP3Gain"
Task: {5C38B2C5-9D1C-421C-88BB-651CE44E5B57} - System32\Tasks\{E2AA76DB-4BD2-42D6-A378-2DD32F4ABE14} => E:\GAME\RECYCLE v1.0.0.2\recycle.exe
Task: {5D9E8D7F-B99A-4E1F-9FB9-5E31041A3905} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
Task: {5F1351C9-23E8-4294-9DCC-5A402D837B82} - System32\Tasks\{FE589B07-B5C5-4434-AADD-522BB7F6FC1A} => E:\GAME\RECYCLE v1.0.0.2\recycle.exe
Task: {61A25CF6-55A7-4EB9-B122-977626A5D2F1} - System32\Tasks\{C1ADE806-304C-4EBA-A734-D2C874B1EC00} => C:\Windows\system32\pcalua.exe -a "E:\GAME\Ship Simulator Extremes\Steam.exe" -d "E:\GAME\Ship Simulator Extremes"
Task: {66D7FC83-BEFB-49F3-8438-0E3F80DC4832} - System32\Tasks\{B01B5A14-35E5-4B7F-A7BF-B28B6404E63F} => E:\GAME\Kran Simulator\RE3DPlayer.exe
Task: {7272B04D-C3CA-4453-A29E-C1DF51625310} - System32\Tasks\{C86732D3-F816-4EEB-B029-EC1495EF32E0} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\PowerISO\uninstall.exe"
Task: {7673F375-167E-4FA5-9EF9-54F282FAC57E} - System32\Tasks\{A34D5BA6-1D52-403E-BADD-ECB4E0779B62} => E:\GAME\Ship Simulator Extremes\Steam.exe
Task: {77612E78-C51D-43CF-BB18-678F216C5C84} - System32\Tasks\{CFB5F731-038D-4336-9B75-FE298C0CBA37} => C:\Windows\system32\pcalua.exe -a "C:\Users\Жельо\Desktop\OPTIONS\Shinyekap Nezha-1.exe" -d C:\Users\Жельо\Desktop\OPTIONS
Task: {7E9BBDE7-0EE7-47F1-B082-609231DBFBC6} - System32\Tasks\{3FD6C113-D6B5-4CB7-BC40-438AE6F38C07} => C:\Users\Жельо\Desktop\ClientOCX_Setup.exe
Task: {7F260276-D7F7-4FC0-B84C-A5F05BCCF0E6} - System32\Tasks\{CDEB13FE-4FD7-4CD0-8145-FCA599B0AB8E} => G:\Autorun.exe
Task: {86743A88-4EA7-4983-A7A4-4894B45B63E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-06] (Google LLC -> Google LLC)
Task: {8E24899E-13D8-443F-A13C-77442B77507D} - System32\Tasks\{61A0EF18-3E08-43CB-ABFA-926AF19AAD94} => C:\Users\Жельо\Desktop\DVD 2 AVI\divx03\BeSweetGUIv0.6b71\BeSweetGUIv0.6b71.exe
Task: {91ACB7E0-F70E-494C-8365-575A843ACCD0} - System32\Tasks\{F6631136-A40B-4193-9954-4E5DD9A10186} => C:\Users\Жельо\Desktop\pscan13.exe
Task: {9E6502D2-6B3D-4CEC-85FF-D0510A8D4155} - System32\Tasks\{031792C4-DBF0-413D-B0BA-78618583440E} => C:\Users\Жельо\Desktop\DVD 2 AVI\divx03\BeSweetGUIv0.6b71\BeSweetGUIv0.6b71.exe
Task: {B100195E-89C3-43E6-B5F6-D1EBC91D4705} - System32\Tasks\{F4874670-DBC8-4C97-B15B-B59D153C4B3A} => C:\Program Files (x86)\Advanced Port Scanner\Advanced Port Scanner.exe
Task: {B44909F0-D6D5-45BF-A67C-307EDEBF8513} - System32\Tasks\{FE11CFCA-1A2E-4401-A5FC-1D944CA1F25D} => C:\Users\Жельо\Desktop\DVD 2 AVI\divx03\BeSweetGUIv0.6b71\BeSweetGUIv0.6b71.exe
Task: {BB098717-C280-4EFC-8105-2C56578F6AFE} - System32\Tasks\{381E5223-4811-4126-B261-7C48A51F1FA7} => E:\GAME\Ship Simulator Extremes\Steam.exe
Task: {BE84C073-87C9-489C-A148-5F890375D1C2} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [693456 2021-01-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {BEBC36E6-CA83-4CE2-AE99-1F12FD357A5A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {BF29AF14-D5C8-4BAD-89A8-451DCC13C00B} - System32\Tasks\{0340AF45-9663-498C-9CF9-0D65935DDCA5} => E:\GAME\Kran Simulator\RE3DPlayer.exe
Task: {C295EDB3-E3AD-470E-AF7A-1377FC70CBFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-06] (Google LLC -> Google LLC)
Task: {C2DA9EBB-2D82-4B80-AC59-6AD3DAFAE0DF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {C68F4671-9FFE-4D6B-B4CF-98F5366CF49C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-678885870-2144746608-4001290835-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {CB5EEB6B-045C-4426-A4D1-1BCDBE63410D} - System32\Tasks\{E4E1FD23-4F20-41AC-A60A-00572A06799D} => C:\Windows\system32\pcalua.exe -a C:\Users\Жельо\Desktop\NetFx64.exe -d C:\Users\Жельо\Desktop
Task: {D20ECE81-F47C-4564-851D-D85BE879AA82} - System32\Tasks\{53B932BC-E3AF-45E9-9B5A-0E91CEF69E27} => C:\Users\Жельо\Desktop\DVD 2 AVI\divx03\BeSweetGUIv0.6b71\BeSweetGUIv0.6b71.exe
Task: {D3E809E4-0102-41C0-A206-C5E704FBF7D6} - System32\Tasks\{FBBA76C0-4A9B-4AFD-B5B0-399C48E58931} => E:\GAME\Kran Simulator\RE3DPlayer.exe
Task: {DA8BDD69-C800-4CC7-895C-042F45E1E552} - System32\Tasks\{A64CD2AE-D75B-4451-A844-AFB546E1B211} => E:\GAME\Kran\RE3DPlayer.exe
Task: {E17D72FE-D226-48B0-A06D-67B3881D9509} - System32\Tasks\{9A6C4155-C55E-4E53-BD48-D0975DE1B5F5} => E:\GAME\Kran\RE3DPlayer.exe
Task: {E8FDED4B-1DD7-402E-9FA3-F69DCA35B2C1} - System32\Tasks\{31E8DC32-D40A-464F-9A1F-26DC63AB8D6A} => E:\GAME\Ship Simulator Extremes\Steam.exe
Task: {EAB5762D-B1AD-434B-963A-2D14700B7410} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe
Task: {F19508CD-F2FD-4E1F-B1E6-E77D4C4E1DA0} - System32\Tasks\{CC31CF1A-D2D0-4263-97D5-F93BDE476762} => G:\Autorun.exe
Task: {F793FED3-F6F0-4949-8773-00099B24E523} - System32\Tasks\{3ED79E8A-6383-4FD7-800A-2D417AED6D61} => C:\Windows\system32\pcalua.exe -a C:\Users\Жельо\Desktop\ACS_Unified_Driver_MSI_Win_4280_P\redist\InstMsiW.exe -d C:\Users\Жельо\Desktop\ACS_Unified_Driver_MSI_Win_4280_P\redist

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\{F78FF1FF-7F8C-40BF-956E-099D61E0547F}.job => G:\Install Train Simulator 2013.exeæ/i G:\FileID.msi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{27B45E86-2256-4219-8342-E50970CBA1BC}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2894CFE3-2384-4537-933E-ED6B8A4F469A}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{36CC85D9-D772-49DE-9279-337C18A326B0}: [NameServer] 212.39.90.42 212.39.90.43
Tcpip\..\Interfaces\{521254B9-7035-4424-A79B-C73FEF009E56}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{6408F382-43EF-45F8-A183-6E98326494E7}: [NameServer] 212.39.90.42 212.39.90.43
Tcpip\..\Interfaces\{A41B8DB8-C9BE-4B37-B8E9-4F4D5D0EDF75}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{BBA08E84-E9B5-4B8C-8E2B-BE9854F9D071}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{C1BEB88E-16D3-4CA3-B902-802B99874DED}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{F2AD340F-E8ED-4214-9BE5-F6DE710C1244}: [NameServer] 212.39.90.42 212.39.90.43
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1]

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-16]
Edge Notifications: Default -> hxxps://www.youtube.com
Edge HomePage: Default -> about:blank
Edge Extension: (Video Downloader Premium) - C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\apjbepmacnpdneiebljlfoejfcadpkff [2020-12-17]
Edge Extension: (Avast Passwords) - C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2020-03-03]
Edge Extension: (Video Downloader с едно кликване) - C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fghpggflpedbjjmjghkgdjbhbfclgobk [2020-12-17]
Edge Extension: (Блокиране на реклами в Youtube) - C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mbdlpgncclnhomdpmicmgdihapedhhak [2020-12-17]
Edge Extension: (AdBlock - Най-добрия в блокирането на реклами) - C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2021-04-16]
Edge Profile: C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2020-03-03]
Edge Profile: C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2020-03-03]

FireFox:
========
FF DefaultProfile: 8ee7rh3h.default-1566656681801
FF ProfilePath: C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801 [2021-01-10]
FF Notifications: Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801 -> hxxps://www.vbox7.com
FF Extension: (AdBlock - Най-добрия в блокирането на реклами) - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2021-01-06]
FF Extension: (Avast SafePrice | Сравнение, сделки, купони) - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801\Extensions\sp@avast.com.xpi [2021-01-06]
FF Extension: (Avast Online Security) - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801\Extensions\wrc@avast.com.xpi [2021-01-06]
FF Extension: (Video DownloadHelper) - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-01-06]
FF Extension: (YouTube Video and Audio Downloader (Dev Edt.)) - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801\Extensions\{f73df109-8fb4-453e-8373-f59e61ca4da3}.xpi [2021-01-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-19] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-19] (Adobe Systems Incorporated -> )
FF Plugin-x32: @DVR/npmedia,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin\npmedia.dll [2014-11-17] (Zhejiang Dahua Technology  CO.,LTD. -> )
FF Plugin-x32: @DVR/npmedia,version=33.2.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\33.2.0.4\npmedia.dll [2016-09-27] (Zhejiang Dahua Technology  CO.,LTD. -> ) [File not signed]
FF Plugin-x32: @DVR/npTimeGrid,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin\npTimeGrid.dll [2014-11-17] (Zhejiang Dahua Technology  CO.,LTD. -> Unauthorized copy)
FF Plugin-x32: @DVR/npTimeGrid,version=33.2.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\33.2.0.4\npTimeGrid.dll [2016-09-27] (Zhejiang Dahua Technology  CO.,LTD. -> Unauthorized copy) [File not signed]
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]
FF Plugin-x32: @google.com/sewebplugin -> C:\Windows\system32\npsewebplugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2013-01-11] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2013-01-11] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-07-24] (Nitro PDF Software -> Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-04-27] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-04-27] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\My Program\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2019-09-19] () [File not signed]
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2019-09-19] () [File not signed]
FF Plugin HKU\S-1-5-21-678885870-2144746608-4001290835-1000: www.mydlink.com/Uplayer -> C:\Users\Жельо\AppData\Roaming\D-Link\mydlink services plugin\1.0.2.7\npUplayer.dll [2015-12-11] (D-LINK CORPORATION -> D-Link Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default [2021-04-21]
CHR Notifications: Default -> hxxps://www.emart.bg
CHR HomePage: Default -> hxxp://www.homepage.bg/
CHR Extension: (W2MO: Logistics Design, Optimization, 3D) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\acbokjkdobbboamnnfehlboekicdhcog [2016-08-28]
CHR Extension: (Angry Birds) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-16]
CHR Extension: (YouTube) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Adblock Plus — безплатен блокер на реклами) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29]
CHR Extension: (FARMERAMA) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkfdgnfefjmciocbhnffnbpkjpdleca [2017-03-08]
CHR Extension: (Google Търсене) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Avast Online Security) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-02-17]
CHR Extension: (Weather Underground) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhloacinaafedjelpfeffmmlckblidke [2021-04-19]
CHR Extension: (Pixorial Photo & Video Sharing) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilbibicalpgnmbjnganinjppjephokai [2014-02-25]
CHR Extension: (Happy Farmer by Fupa) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjdmmbgcdeojkmeablmdjkhplahnmii [2012-08-17]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-15]
CHR Extension: (радио) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\plaapjbgohfgkalmmjpakodbpomahebn [2017-01-23]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
StartMenuInternet: Google Chrome.MBWLTUWGU5OHAGWKF2LZRQIORY - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
S2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3743464 2021-03-09] (philandro Software GmbH -> philandro Software GmbH)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7776160 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S2 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2012-07-17] (Autodata Limited) [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [353696 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S3 BITCOMET_HELPER_SERVICE; C:\My Program\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (Shanghai Comet Network Technology -> www.BitComet.com)
S2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [115536 2018-08-02] (Brother Industries, Ltd. -> )
S2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd) [File not signed]
S2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [200704 2006-08-11] (InterVideo Inc.) [File not signed]
S2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [793560 2015-05-06] (Open Source Developer, Tim Kosse -> FileZilla Project)
S2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [1995184 2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] (Huawei Technologies Co., Ltd. -> )
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] (Huawei Technologies Co., Ltd. -> )
S2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software -> Nitro PDF Software)
S2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation -> NTI Corporation)
S2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia -> Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia -> Secunia)
S2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12097024 2019-11-06] (TeamViewer GmbH -> TeamViewer Germany GmbH)
S2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-08] (Reason Software Company Inc. -> Reason Software Company Inc.)
S2 VIVACOM 3G USB Modem. RunOuc; C:\Program Files (x86)\VIVACOM 3G USB Modem\UpdateDog\ouc.exe [651856 2013-10-26] (Huawei Technologies Co., Ltd. -> )
S2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACR122U; C:\Windows\System32\DRIVERS\acr122.sys [79840 2018-03-20] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Card Systems Ltd.)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Co., Ltd. -> AnvSoft Inc.)
S1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [312184 2010-09-21] (ArcSoft, Inc. -> )
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37152 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205888 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [235592 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [195656 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [60488 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42776 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175200 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [515544 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-04-18] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [109280 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84856 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851608 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [466752 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [217336 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [323784 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2750464 2011-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
S3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1847296 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [348672 2010-12-31] (Aveo Technology Corp. -> AVEO Corp)
S3 cpuz132; C:\Windows\system32\drivers\cpuz132_x64.sys [19432 2009-03-27] (CPUID -> Windows ® Codename Longhorn DDK provider)
S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [109568 2013-01-25] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [14976 2012-12-22] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2014-04-30] () [File not signed]
S3 GRemoteBus; C:\Windows\System32\DRIVERS\GRemoteBus64.sys [27336 2009-08-05] (GBM Software -> GBM Software)
S3 GRemoteJoy; C:\Windows\System32\DRIVERS\GRemoteJoy64.sys [46792 2009-08-05] (GBM Software -> GBM Software)
S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed]
R3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [91648 2013-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [121728 2013-10-23] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [376448 2013-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros -> Qualcomm Atheros Co., Ltd.)
S3 MSBDA; C:\Windows\System32\DRIVERS\UTVAD.sys [1410952 2011-07-15] (Qing YuanGadmei Electronics Technology Co., Ltd -> Gadmei Electronic Technology Corporation)
S2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia -> Secunia)
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [12800 2009-06-15] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [225256 2011-05-17] (Realtek Semiconductor Corp -> REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-05-17] (Realtek Semiconductor Corp -> REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek Semiconductor Corp -> Realtek)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc. -> SafeNet, Inc.)
S3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl64.sys [100864 2011-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Prolific Technology Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-07-10] (Duplex Secure Ltd -> Duplex Secure Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [63488 2010-04-26] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Hard Disk Manager 16 Basic\program\BioNTDrv.SYS [X]
S3 CM2593; system32\DRIVERS\CM2593.sys [X]
S3 GWHid; system32\DRIVERS\GWHid.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S1 UimBus; system32\DRIVERS\uimbus.sys [X]
S1 Uim_DEVIM; system32\DRIVERS\uimdevim.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WINIO; \??\C:\Users\Жельо\Desktop\Test na sistemata\Test na sistemata\psc_2.071\winio.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-21 13:31 - 2021-04-21 13:53 - 000068589 _____ C:\Users\Жельо\Desktop\FRST.txt
2021-04-21 13:17 - 2021-04-21 13:17 - 002298368 _____ (Farbar) C:\Users\Жельо\Desktop\FRST64 (1).exe
2021-04-21 10:26 - 2021-04-21 10:26 - 000000000 ____D C:\Program Files (x86)\ESET
2021-04-19 18:07 - 2021-04-19 18:07 - 000000000 ____D C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения в Chrome
2021-04-19 11:33 - 2021-04-19 11:33 - 000000078 _____ C:\Нов текстов документ.txt
2021-04-15 17:43 - 2020-08-19 15:28 - 000335968 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2021-04-12 20:12 - 2021-04-12 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-04-12 20:11 - 2021-04-12 20:11 - 000000000 ____D C:\Program Files\VideoLAN
2021-04-07 20:37 - 2021-04-07 20:37 - 000067457 _____ C:\Users\Жельо\Desktop\Перевал.Дятлова.2020.(8.серии.от.8).WEB-DL.1080p.H264.AC3-BULGAR.torrent
2021-04-07 19:54 - 2021-04-07 19:54 - 000077000 _____ C:\Users\Жельо\Desktop\line6.protv.cc MACs-Hits.txt
2021-03-27 10:07 - 2021-03-27 10:21 - 000000000 ____D C:\Users\Жельо\Desktop\Нова папка (2)
2021-03-24 19:58 - 2021-03-24 19:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2021-03-24 19:58 - 2017-11-01 09:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2021-03-24 19:56 - 2021-03-24 19:56 - 000220616 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-03-24 17:06 - 2021-03-24 19:54 - 000000000 ____D C:\Users\Жельо\AppData\LocalLow\IGDump
2021-03-24 16:57 - 2021-03-24 16:57 - 000000000 ____D C:\Users\Жельо\AppData\Local\mbam
2021-03-24 16:54 - 2021-03-24 16:54 - 011636936 _____ C:\Users\Жельо\Downloads\MB-SupportTool.exe
2021-03-24 16:39 - 2021-04-21 13:52 - 000000000 ____D C:\FRST
2021-03-24 16:38 - 2021-03-24 16:38 - 002300928 _____ (Farbar) C:\Users\Жельо\Desktop\FRST64.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-21 13:41 - 2009-07-14 08:13 - 000796930 _____ C:\Windows\system32\PerfStringBackup.INI
2021-04-21 13:41 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2021-04-21 13:36 - 2013-08-31 11:42 - 002700838 _____ C:\Windows\ntbtlog.txt
2021-04-21 13:35 - 2013-08-09 19:15 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2021-04-21 13:13 - 2015-11-24 15:32 - 000000000 ____D C:\Users\Жельо\AppData\LocalLow\Adblock Plus for IE
2021-04-21 13:07 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\tracing
2021-04-21 13:05 - 2017-03-08 08:59 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2021-04-21 11:14 - 2015-06-16 08:52 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-04-21 10:50 - 2009-07-14 07:45 - 000020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-04-21 10:50 - 2009-07-14 07:45 - 000020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-04-21 10:47 - 2018-07-26 18:28 - 000000000 ____D C:\Users\Жельо\AppData\Local\AVAST Software
2021-04-21 10:41 - 2012-07-10 13:59 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-21 10:41 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-04-21 10:38 - 2015-03-13 15:38 - 000000000 ___HD C:\Users\Жельо\Documents\ViberDownloads
2021-04-21 10:37 - 2017-01-13 21:18 - 000000000 ____D C:\Users\Жельо\AppData\Roaming\ViberPC
2021-04-21 10:22 - 2012-07-10 15:32 - 000000000 ____D C:\Users\Жельо\AppData\Local\ElevatedDiagnostics
2021-04-21 10:18 - 2017-10-24 15:44 - 020749312 ___SH C:\Users\Жельо\Desktop\Thumbs.db
2021-04-21 01:40 - 2012-08-23 17:41 - 000000000 ____D C:\ProgramData\AVAST Software
2021-04-20 09:15 - 2020-12-15 22:59 - 000000000 ____D C:\Users\Жельо\Desktop\Промоции
2021-04-19 21:25 - 2020-04-06 20:06 - 000003432 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-19 21:25 - 2020-04-06 20:06 - 000003304 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-19 21:25 - 2020-03-03 19:20 - 000003490 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-19 21:25 - 2020-03-03 19:20 - 000003362 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-19 21:25 - 2020-02-10 19:21 - 000003284 _____ C:\Windows\system32\Tasks\{3ED79E8A-6383-4FD7-800A-2D417AED6D61}
2021-04-19 21:25 - 2019-11-01 17:19 - 000003172 _____ C:\Windows\system32\Tasks\{F3FFF0B5-8D8E-4E32-984C-C44E7C0A7853}
2021-04-19 21:25 - 2018-09-19 14:36 - 000003092 _____ C:\Windows\system32\Tasks\{C86732D3-F816-4EEB-B029-EC1495EF32E0}
2021-04-19 21:25 - 2018-04-17 14:41 - 000003050 _____ C:\Windows\system32\Tasks\{8A85DBD2-0D91-4408-A38D-1B8F17EA8D1E}
2021-04-19 21:25 - 2015-12-04 12:01 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2021-04-19 18:10 - 2012-07-10 17:50 - 000000000 ___RD C:\Users\Жельо\Desktop\OPTIONS
2021-04-18 13:02 - 2013-08-25 16:02 - 000000000 ____D C:\Users\Жельо\AppData\Roaming\FileZilla
2021-04-16 20:04 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF
2021-04-16 18:55 - 2020-03-03 19:22 - 000002221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-15 20:34 - 2020-04-06 20:07 - 000002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-15 20:34 - 2020-04-06 20:07 - 000002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-13 19:27 - 2015-04-30 17:26 - 000000000 ____D C:\RecordDownload
2021-04-12 20:16 - 2012-07-17 11:26 - 000000000 ____D C:\Users\Жельо\AppData\Roaming\vlc
2021-04-12 20:10 - 2016-05-16 15:43 - 000000000 ____D C:\Users\Жельо\AppData\Local\CrashDumps
2021-04-07 19:55 - 2018-02-25 21:53 - 000448512 ___SH C:\Users\Жельо\Downloads\Thumbs.db
2021-03-24 16:49 - 2012-08-22 20:07 - 000000000 ____D C:\ProgramData\Malwarebytes

==================== Files in the root of some directories ========

2013-08-06 19:00 - 2013-08-06 20:00 - 000000067 _____ () C:\Users\Жельо\Network_Meter_Data.js
2015-12-01 10:06 - 2015-12-01 10:06 - 000000060 ____R () C:\Program Files (x86)\BRINST.INI
2013-09-01 10:52 - 2013-09-01 10:52 - 000039523 _____ () C:\Program Files (x86)\CMS Setup Log.txt
2012-05-04 10:04 - 2012-05-04 10:04 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2013-09-30 14:38 - 2013-09-30 14:38 - 000000053 _____ () C:\Users\Жельо\AppData\Roaming\Battery Meter_Data.ini
2015-10-26 23:05 - 2015-10-26 23:05 - 000016384 _____ () C:\Users\Жельо\AppData\Roaming\CryptoPrevent_Test_Module.exe
2012-07-17 11:20 - 2018-09-20 12:17 - 000000160 _____ () C:\Users\Жельо\AppData\Roaming\default.rss
2013-01-11 15:13 - 2013-01-11 15:13 - 000022464 _____ (Intel Corporation) C:\Users\Жельо\AppData\Roaming\JomCap.dll
2013-08-06 18:10 - 2013-08-06 20:48 - 000000018 _____ () C:\Users\Жельо\AppData\Roaming\Network Meter_Usage.ini
2015-10-26 22:47 - 2015-10-26 22:47 - 000401934 _____ () C:\Users\Жельо\AppData\Roaming\recovery.bmp
2015-10-27 19:11 - 2019-04-12 21:44 - 000014848 ___SH () C:\Users\Жельо\AppData\Roaming\Thumbs.db
2012-08-22 12:27 - 2021-01-10 18:33 - 000005632 _____ () C:\Users\Жельо\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-10 22:27 - 2014-02-10 22:27 - 000000093 _____ () C:\Users\Жельо\AppData\Local\fusioncache.dat
2015-03-26 14:56 - 2015-03-26 14:56 - 000000054 _____ () C:\Users\Жельо\AppData\Local\oPlayer.ini
2012-07-17 17:18 - 2021-01-11 14:21 - 000007644 _____ () C:\Users\Жельо\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2021-04-12 00:13
==================== End of FRST.txt ========================

 

Addition.txt

Link to comment
Сподели другаде

Това прилича по-скоро на имунизация срещу ransomware. Виждам, че ползваш CryptoPrevent. Ако си извършвал имунизации чрез нея, опитай да ги отмениш. Предполагам ще се наложи да стане под Safe Mode.

 

Link to comment
Сподели другаде

Спрях защитата на CryptoPrevent, не под safe mode, и инсталирах Malwarebytes наново. Качвам доклада от нея, защото карантинира нещо. Проблема с интернета по кабел се оказа от конфликт на IP адрес с един TV BOX. Забелязах, че като отворя Google Chrome в диспечера на задачите стартират около 10-15 процеса Google Chrome, макар и да няма заредена страница. Че дори и при затварянето на браузера понякога процесите остават. Това се случва и с explorer.exe. Знам, че той трябва да е стартиран, ама понякога при нищо отворено също вървят 10-12 процеса. и лаптопа увисва.

 

 

Malwarebytes
www.malwarebytes.com

-Детайли за регистъра-
Дата на сканиране: 24.04.21 г.
Час на сканиране: 18:30
Файл на регистъра: ff18ea86-a511-11eb-986a-047d7b60ad51.json

-Информация за софтуера-
Версия: 4.3.0.98
Версия на компонентите: 1.0.1273
Актуализирай версията на пакета: 1.0.39773
Лиценз: Free

-Системна информация-
OS: Windows 7 Service Pack 1
CPU: x64
Файлова система: NTFS
Потребител: JAX-LAPTOP\Жельо

-Резюме на сканирането-
Тип сканиране: Сканиране за заплахи
Сканирането е стартирано от: Ръчно
Резултат: Завършено
Сканирани обекти: 289566
Открити заплахи: 9
Заплахи под карантина: 9
Изтекло време: 25 мин, 26 сек

-Опции за сканиране-
Памет: Разрешено
Стартиране: Разрешено
Файлова система: Разрешено
Архиви: Разрешено
руткитове: Разрешено
Евристика: Разрешено
PUP: Открий
PUM: Открий

-Детайли за сканирането-
Процес: 0
(Не бяха открити зловредни елементи)

Модул: 0
(Не бяха открити зловредни елементи)

Ключ на регистъра: 6
Malware.Heuristic.1001, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}, Под карантина, 1000001, 0, , , , , ,
Malware.Heuristic.1001, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}, Под карантина, 1000001, 0, , , , , ,
Malware.Heuristic.1001, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}, Под карантина, 1000001, 0, , , , , ,
Malware.Heuristic.1001, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}, Под карантина, 1000001, 0, , , , , ,
Malware.Heuristic.1001, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}\InprocServer32, Под карантина, 1000001, 0, , , , , ,
Malware.Heuristic.1001, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}\InprocServer32, Под карантина, 1000001, 0, , , , , ,

Стойност на регистъра: 0
(Не бяха открити зловредни елементи)

Данни на регистъра: 0
(Не бяха открити зловредни елементи)

Поток данни: 0
(Не бяха открити зловредни елементи)

Папка: 0
(Не бяха открити зловредни елементи)

Файл: 3
Malware.AI.1693988425, C:\USERS\Жельо\DESKTOP\OPTIONS\КОНВЕРТОРИ\Easy CD-DA Extractor.lnk, Под карантина, 1000000, 0, , , , , 5411FC014588CCD7D2DC6CFF93D3E492, AB68759449CB15916695E0FD5B3BD0D1850930BDF1049E96BBFC017306969B9A
Malware.AI.1693988425, C:\PROGRAM FILES\EASY CD-DA EXTRACTOR 12\EZCDDAX.EXE, Под карантина, 1000000, 0, 1.0.39773, 31B755C9AF43C65F64F83649, dds, 01216166, BB8BB479A61209201D01E79B3FAABB4E, FDEA387FAB54C7EE0D451D5C05461E8E7591E511B4A3CA1313BE8984462C21BE
Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINAMP\ELEVATORPS.DLL, Под карантина, 1000001, 0, 1.0.39773, 0000000000000000000003E9, dds, 01216166, 6B4B815310306458554233AF4855EDF6, A714CC78C135F423ABE10C9FFDA62973DA96CE972F80CC3ADF2281C20FAE6ADB

Физически сектор: 0
(Не бяха открити зловредни елементи)

WMI: 0
(Не бяха открити зловредни елементи)

(end)

Редактиран от jelio_jelev
Link to comment
Сподели другаде

Поставените под карантина обекти изглеждат фалшиви тревоги. Според мен спокойно можеш да ги възстановиш.

 

Не се сещам за причина за проблема с Chrome. По принцип е нормално да има поне 2-3 процеса, дори и никаква страница да не е отворена, но в случая са доста повече. Може би се използват от някое(и) от инсталираните разширения или Chrome ги използва за разшерния. Според мен тествай да спреш всички допълнителни разширения и рестартирай браузъра.

 

За Windows Explorer провери дали не е включена опцията всеки прозорец да се отваря в отделен процес: стартирай Windows Explorer, (горе вляво) Organize -> Folder and search options -> View -> махни отметката на Launch folder windows in a separate process (ако е поставена) -> OK.

Ако това не помогне или не е имало отметка, дай един дневник от Autoruns (в ARN формат). Предполагам ще се ориентираш как.

Link to comment
Сподели другаде

Нищо не ми се набива на очи като потенциална причина.

 

Увери ли се, че опцията „Launch folder windows in a separate process“ не е включена?

 

Ако да, тогава можеш да опиташ да рестартираш системата в Safe Mode и/или в Clean Boot, за да провериш дали проблемът ще остане.

Ако не знаеш точно как да рестартираш в тези режими, пиши.

Link to comment
Сподели другаде

Launch folder windows in a separate process не е включена. За момента процесите са нормални. Не го прави постоянно и не знам под сейф мод дали ще се разбере нещо, защото може с дни да не го направи. Когато зацикли ще пробвам да кача дневник от ауторънс.

Link to comment
Сподели другаде

Дневникът от Autoruns ще е същият, няма смисъл.

 

По-скоро можеш да направиш следното, ако/когато се появят допълнителни процеси на Explorer, изтегли и стартирай Process Explorer. Кликни два пъти върху единия от допълнителните процеси и виж какъв е командния ред. Можеш да публикуваш снимка и/или да копираш целия ред тук. Същото можеш да направиш и с останалите допълнителни процеси.

Link to comment
Сподели другаде

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гост
Отговори на тази тема

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   Не можете да качите директно снимка. Качете или добавете изображението от линк (URL)

Loading...
×
×
  • Създай ново...