Сега не се е появил проблема, но къде трябва да е този команден ред?
Мненията на jelio_jelev
Има 5 елемента от jelio_jelev (Търсенето е ограничено от 29-March 22)
#172619 Май пак хванах вирус
Публикувано: от
на 10 May 2021 - 16:09
в
Премахване на зловреден код
#172617 Май пак хванах вирус
Публикувано: от
на 05 May 2021 - 17:10
в
Премахване на зловреден код
Launch folder windows in a separate process не е включена. За момента процесите са нормални. Не го прави постоянно и не знам под сейф мод дали ще се разбере нещо, защото може с дни да не го направи. Когато зацикли ще пробвам да кача дневник от ауторънс.
#172610 Май пак хванах вирус
Публикувано: от
на 27 April 2021 - 21:30
в
Премахване на зловреден код
#172601 Май пак хванах вирус
Публикувано: от
на 24 April 2021 - 20:59
в
Премахване на зловреден код
Спрях защитата на CryptoPrevent, не под safe mode, и инсталирах Malwarebytes наново. Качвам доклада от нея, защото карантинира нещо. Проблема с интернета по кабел се оказа от конфликт на IP адрес с един TV BOX. Забелязах, че като отворя Google Chrome в диспечера на задачите стартират около 10-15 процеса Google Chrome, макар и да няма заредена страница. Че дори и при затварянето на браузера понякога процесите остават. Това се случва и с explorer.exe. Знам, че той трябва да е стартиран, ама понякога при нищо отворено също вървят 10-12 процеса. и лаптопа увисва.
Malwarebytes
www.malwarebytes.com
-Детайли за регистъра-
Дата на сканиране: 24.04.21 г.
Час на сканиране: 18:30
Файл на регистъра: ff18ea86-a511-11eb-986a-047d7b60ad51.json
-Информация за софтуера-
Версия: 4.3.0.98
Версия на компонентите: 1.0.1273
Актуализирай версията на пакета: 1.0.39773
Лиценз: Free
-Системна информация-
OS: Windows 7 Service Pack 1
CPU: x64
Файлова система: NTFS
Потребител: JAX-LAPTOP\Жельо
-Резюме на сканирането-
Тип сканиране: Сканиране за заплахи
Сканирането е стартирано от: Ръчно
Резултат: Завършено
Сканирани обекти: 289566
Открити заплахи: 9
Заплахи под карантина: 9
Изтекло време: 25 мин, 26 сек
-Опции за сканиране-
Памет: Разрешено
Стартиране: Разрешено
Файлова система: Разрешено
Архиви: Разрешено
руткитове: Разрешено
Евристика: Разрешено
PUP: Открий
PUM: Открий
-Детайли за сканирането-
Процес: 0
(Не бяха открити зловредни елементи)
Модул: 0
(Не бяха открити зловредни елементи)
Ключ на регистъра: 6
Malware.Heuristic.1001, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}, Под карантина, 1000001, 0, , , , , ,
Malware.Heuristic.1001, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}, Под карантина, 1000001, 0, , , , , ,
Malware.Heuristic.1001, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}, Под карантина, 1000001, 0, , , , , ,
Malware.Heuristic.1001, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}, Под карантина, 1000001, 0, , , , , ,
Malware.Heuristic.1001, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}\InprocServer32, Под карантина, 1000001, 0, , , , , ,
Malware.Heuristic.1001, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}\InprocServer32, Под карантина, 1000001, 0, , , , , ,
Стойност на регистъра: 0
(Не бяха открити зловредни елементи)
Данни на регистъра: 0
(Не бяха открити зловредни елементи)
Поток данни: 0
(Не бяха открити зловредни елементи)
Папка: 0
(Не бяха открити зловредни елементи)
Файл: 3
Malware.AI.1693988425, C:\USERS\Жельо\DESKTOP\OPTIONS\КОНВЕРТОРИ\Easy CD-DA Extractor.lnk, Под карантина, 1000000, 0, , , , , 5411FC014588CCD7D2DC6CFF93D3E492, AB68759449CB15916695E0FD5B3BD0D1850930BDF1049E96BBFC017306969B9A
Malware.AI.1693988425, C:\PROGRAM FILES\EASY CD-DA EXTRACTOR 12\EZCDDAX.EXE, Под карантина, 1000000, 0, 1.0.39773, 31B755C9AF43C65F64F83649, dds, 01216166, BB8BB479A61209201D01E79B3FAABB4E, FDEA387FAB54C7EE0D451D5C05461E8E7591E511B4A3CA1313BE8984462C21BE
Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINAMP\ELEVATORPS.DLL, Под карантина, 1000001, 0, 1.0.39773, 0000000000000000000003E9, dds, 01216166, 6B4B815310306458554233AF4855EDF6, A714CC78C135F423ABE10C9FFDA62973DA96CE972F80CC3ADF2281C20FAE6ADB
Физически сектор: 0
(Не бяха открити зловредни елементи)
WMI: 0
(Не бяха открити зловредни елементи)
(end)
#172598 Май пак хванах вирус
Публикувано: от
на 21 April 2021 - 13:29
в
Премахване на зловреден код
Здравейте. От доста време лаптопа доста се замисляше преди да изпълни каквото и да е, ама сега вече въобще не отваря нищо. Интернета не ще да тръгне с кабел. Безжично се свързва, поне засега. Малварбайтс не стартира по никакъв начин. Логовете от FRST са празни, затова сканирах под сейф мод. Лаптопа е с Уиндоус 7 64 битов. Ето и логовете.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
Ran by Жельо (administrator) on JAX-LAPTOP (TOSHIBA SATELLITE L755) (21-04-2021 13:52:43)
Running from C:\Users\Жельо\Desktop
Loaded Profiles: Жельо
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
Default browser: IE
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> WmiPrvSE.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TPwrMain] => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM\...\Run: [TosWaitSrv] => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
HKLM\...\Run: [Teco] => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
HKLM\...\Run: [TCrdMain] => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM\...\Run: [HSON] => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-11] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) [File not signed]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [109160 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [UnlockerAssistant] => "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
HKLM-x32\...\Run: [TSleepSrv] => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
HKLM-x32\...\Run: [AveoSTI.exe] => C:\Program Files (x86)\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe [32768 2010-12-02] (AVEO) [File not signed]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: *.gif*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <==== ATTENTION
HKLM Group Policy restriction on software: ** <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <==== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: bcdedit.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <==== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <==== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <==== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <==== ATTENTION
HKLM\...\Policies\Explorer: [NoAutorun] 2
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: I - I:\Start.exe
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {b378f1c1-e6af-11e9-8c74-047d7b60ad51} - I:\AutoRun.exe
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {b378f1ce-e6af-11e9-8c74-e066f7d8f259} - H:\AutoRun.exe
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {cdb173f4-4794-11e4-9418-047d7b60ad51} - I:\AutoRun.exe
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {cdb17402-4794-11e4-9418-047d7b60ad51} - H:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-16] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\LIDIL hpzllw71: C:\Windows\system32\hpzllw71.dll [53248 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Nitro PDF Port Monitor: C:\Windows\system32\nitrolocalmon2.dll [29704 2013-07-24] (Nitro PDF Software -> Nitro PDF Software)
HKLM\...\Print\Monitors\Toshiba Bluetooth Monitor: C:\Windows\system32\tbtmon.dll [208208 2009-06-18] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.128\Installer\chrmstp.exe [2021-04-15] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-12-06]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2016-05-04]
ShortcutTarget: Bluetooth Manager.lnk -> (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TeamViewer 8.lnk [2017-04-18]
ShortcutTarget: TeamViewer 8.lnk -> C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B2AF4BA-41FD-4C44-8F30-95010B7AC628} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-678885870-2144746608-4001290835-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {1140D418-8B03-4A41-8CD1-CA22F1B82C9D} - System32\Tasks\{8A85DBD2-0D91-4408-A38D-1B8F17EA8D1E} => C:\Windows\system32\pcalua.exe -a D:\HDD\Setup.exe -d D:\HDD
Task: {11C0E3B4-6FDC-438B-B921-137CB9E9595B} - System32\Tasks\{182100DA-BE87-4F02-9360-BCD1C173F813} => C:\Users\Жельо\Desktop\ClientOCX_Setup.exe
Task: {1412A2A8-8491-4815-BA62-4B69EBADD5C9} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {14537A78-2B10-4501-9EA2-4F8E4A7FA518} - System32\Tasks\{866AFAD4-ECBD-4111-9342-41BBFA98D026} => E:\GAME\Kran Simulator\RE3DPlayer.exe
Task: {16556FE5-2CA1-4F74-9791-2368D7AD5A13} - System32\Tasks\{F78FF1FF-7F8C-40BF-956E-099D61E0547F} => G:\Install Train Simulator 2013.exe -> /i "G:\FileID.msi" AI_RESUME=1 ADDLOCAL=MainFeature,Steam ALLUSERS="1" PRIMARYFOLDER="APPDIR" ROOTDRIVE="D:\" PIDKEY="75841-54734-75036" TARGETDIR="D:\" APPDIR="E:\GAME\Train Simulator 2013\" USERNAME="Жельо" AGREE_CHECKBOX="Yes"
Task: {1A6D1557-A626-4DD5-8E49-3867B358CFC6} - System32\Tasks\{9E9A51CC-F8A0-49AB-AB98-6DD6F72C165F} => E:\GAME\Ship Simulator Extremes\Steam.exe
Task: {1B3F7C82-A53B-4C18-956B-A03982BAA93D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-678885870-2144746608-4001290835-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {1D387C07-7F33-4B41-8722-CE457524CE62} - System32\Tasks\{5B40C6F8-88F6-46FA-8105-93BBDAA7E45D} => E:\GAME\RECYCLE v1.0.0.2\recycle.exe
Task: {205F7C02-D290-4FDD-ACC6-82E3B18811F8} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3810408 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
Task: {4381DCF5-41DD-4AD3-AAD9-E06DD6556851} - System32\Tasks\{87965B1F-4F0F-4431-AB98-39230743E032} => C:\Users\Жельо\Desktop\DVD 2 AVI\divx03\BeSweetGUIv0.6b71\BeSweetGUIv0.6b71.exe
Task: {4768A8D9-4137-4280-902F-D652CF8B6329} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {49E0A9A1-3C9C-4CAC-ACE2-593E19A91674} - System32\Tasks\{BDEF390D-E6C1-405C-A41F-FBAAF17B72D0} => C:\Windows\system32\pcalua.exe -a G:\Setup_AR.exe -d G:\
Task: {4C5B5BEB-F304-47FB-A1E3-C2D37800AB20} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-678885870-2144746608-4001290835-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {4D7CDDE6-9F9C-43E7-9137-CAF7975D7E3B} - System32\Tasks\{A801FFDC-4694-49F4-99C9-543BB27B785F} => G:\Autorun.exe
Task: {54710BB0-ACE2-4EDC-AA46-1C9550C85C50} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1791712 2021-02-23] (Avast Software s.r.o. -> Avast Software)
Task: {57BB5DD2-9072-48B5-A951-BBBA74357AF8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-678885870-2144746608-4001290835-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5A24A855-0309-4753-879D-E8D30C89685D} - System32\Tasks\{F3FFF0B5-8D8E-4E32-984C-C44E7C0A7853} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\MP3Gain\uninst-mp3gain.exe" -d "C:\Program Files (x86)\MP3Gain"
Task: {5C38B2C5-9D1C-421C-88BB-651CE44E5B57} - System32\Tasks\{E2AA76DB-4BD2-42D6-A378-2DD32F4ABE14} => E:\GAME\RECYCLE v1.0.0.2\recycle.exe
Task: {5D9E8D7F-B99A-4E1F-9FB9-5E31041A3905} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
Task: {5F1351C9-23E8-4294-9DCC-5A402D837B82} - System32\Tasks\{FE589B07-B5C5-4434-AADD-522BB7F6FC1A} => E:\GAME\RECYCLE v1.0.0.2\recycle.exe
Task: {61A25CF6-55A7-4EB9-B122-977626A5D2F1} - System32\Tasks\{C1ADE806-304C-4EBA-A734-D2C874B1EC00} => C:\Windows\system32\pcalua.exe -a "E:\GAME\Ship Simulator Extremes\Steam.exe" -d "E:\GAME\Ship Simulator Extremes"
Task: {66D7FC83-BEFB-49F3-8438-0E3F80DC4832} - System32\Tasks\{B01B5A14-35E5-4B7F-A7BF-B28B6404E63F} => E:\GAME\Kran Simulator\RE3DPlayer.exe
Task: {7272B04D-C3CA-4453-A29E-C1DF51625310} - System32\Tasks\{C86732D3-F816-4EEB-B029-EC1495EF32E0} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\PowerISO\uninstall.exe"
Task: {7673F375-167E-4FA5-9EF9-54F282FAC57E} - System32\Tasks\{A34D5BA6-1D52-403E-BADD-ECB4E0779B62} => E:\GAME\Ship Simulator Extremes\Steam.exe
Task: {77612E78-C51D-43CF-BB18-678F216C5C84} - System32\Tasks\{CFB5F731-038D-4336-9B75-FE298C0CBA37} => C:\Windows\system32\pcalua.exe -a "C:\Users\Жельо\Desktop\OPTIONS\Shinyekap Nezha-1.exe" -d C:\Users\Жельо\Desktop\OPTIONS
Task: {7E9BBDE7-0EE7-47F1-B082-609231DBFBC6} - System32\Tasks\{3FD6C113-D6B5-4CB7-BC40-438AE6F38C07} => C:\Users\Жельо\Desktop\ClientOCX_Setup.exe
Task: {7F260276-D7F7-4FC0-B84C-A5F05BCCF0E6} - System32\Tasks\{CDEB13FE-4FD7-4CD0-8145-FCA599B0AB8E} => G:\Autorun.exe
Task: {86743A88-4EA7-4983-A7A4-4894B45B63E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-06] (Google LLC -> Google LLC)
Task: {8E24899E-13D8-443F-A13C-77442B77507D} - System32\Tasks\{61A0EF18-3E08-43CB-ABFA-926AF19AAD94} => C:\Users\Жельо\Desktop\DVD 2 AVI\divx03\BeSweetGUIv0.6b71\BeSweetGUIv0.6b71.exe
Task: {91ACB7E0-F70E-494C-8365-575A843ACCD0} - System32\Tasks\{F6631136-A40B-4193-9954-4E5DD9A10186} => C:\Users\Жельо\Desktop\pscan13.exe
Task: {9E6502D2-6B3D-4CEC-85FF-D0510A8D4155} - System32\Tasks\{031792C4-DBF0-413D-B0BA-78618583440E} => C:\Users\Жельо\Desktop\DVD 2 AVI\divx03\BeSweetGUIv0.6b71\BeSweetGUIv0.6b71.exe
Task: {B100195E-89C3-43E6-B5F6-D1EBC91D4705} - System32\Tasks\{F4874670-DBC8-4C97-B15B-B59D153C4B3A} => C:\Program Files (x86)\Advanced Port Scanner\Advanced Port Scanner.exe
Task: {B44909F0-D6D5-45BF-A67C-307EDEBF8513} - System32\Tasks\{FE11CFCA-1A2E-4401-A5FC-1D944CA1F25D} => C:\Users\Жельо\Desktop\DVD 2 AVI\divx03\BeSweetGUIv0.6b71\BeSweetGUIv0.6b71.exe
Task: {BB098717-C280-4EFC-8105-2C56578F6AFE} - System32\Tasks\{381E5223-4811-4126-B261-7C48A51F1FA7} => E:\GAME\Ship Simulator Extremes\Steam.exe
Task: {BE84C073-87C9-489C-A148-5F890375D1C2} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [693456 2021-01-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {BEBC36E6-CA83-4CE2-AE99-1F12FD357A5A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {BF29AF14-D5C8-4BAD-89A8-451DCC13C00B} - System32\Tasks\{0340AF45-9663-498C-9CF9-0D65935DDCA5} => E:\GAME\Kran Simulator\RE3DPlayer.exe
Task: {C295EDB3-E3AD-470E-AF7A-1377FC70CBFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-06] (Google LLC -> Google LLC)
Task: {C2DA9EBB-2D82-4B80-AC59-6AD3DAFAE0DF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {C68F4671-9FFE-4D6B-B4CF-98F5366CF49C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-678885870-2144746608-4001290835-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {CB5EEB6B-045C-4426-A4D1-1BCDBE63410D} - System32\Tasks\{E4E1FD23-4F20-41AC-A60A-00572A06799D} => C:\Windows\system32\pcalua.exe -a C:\Users\Жельо\Desktop\NetFx64.exe -d C:\Users\Жельо\Desktop
Task: {D20ECE81-F47C-4564-851D-D85BE879AA82} - System32\Tasks\{53B932BC-E3AF-45E9-9B5A-0E91CEF69E27} => C:\Users\Жельо\Desktop\DVD 2 AVI\divx03\BeSweetGUIv0.6b71\BeSweetGUIv0.6b71.exe
Task: {D3E809E4-0102-41C0-A206-C5E704FBF7D6} - System32\Tasks\{FBBA76C0-4A9B-4AFD-B5B0-399C48E58931} => E:\GAME\Kran Simulator\RE3DPlayer.exe
Task: {DA8BDD69-C800-4CC7-895C-042F45E1E552} - System32\Tasks\{A64CD2AE-D75B-4451-A844-AFB546E1B211} => E:\GAME\Kran\RE3DPlayer.exe
Task: {E17D72FE-D226-48B0-A06D-67B3881D9509} - System32\Tasks\{9A6C4155-C55E-4E53-BD48-D0975DE1B5F5} => E:\GAME\Kran\RE3DPlayer.exe
Task: {E8FDED4B-1DD7-402E-9FA3-F69DCA35B2C1} - System32\Tasks\{31E8DC32-D40A-464F-9A1F-26DC63AB8D6A} => E:\GAME\Ship Simulator Extremes\Steam.exe
Task: {EAB5762D-B1AD-434B-963A-2D14700B7410} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe
Task: {F19508CD-F2FD-4E1F-B1E6-E77D4C4E1DA0} - System32\Tasks\{CC31CF1A-D2D0-4263-97D5-F93BDE476762} => G:\Autorun.exe
Task: {F793FED3-F6F0-4949-8773-00099B24E523} - System32\Tasks\{3ED79E8A-6383-4FD7-800A-2D417AED6D61} => C:\Windows\system32\pcalua.exe -a C:\Users\Жельо\Desktop\ACS_Unified_Driver_MSI_Win_4280_P\redist\InstMsiW.exe -d C:\Users\Жельо\Desktop\ACS_Unified_Driver_MSI_Win_4280_P\redist
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\{F78FF1FF-7F8C-40BF-956E-099D61E0547F}.job => G:\Install Train Simulator 2013.exeæ/i G:\FileID.msi
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{27B45E86-2256-4219-8342-E50970CBA1BC}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2894CFE3-2384-4537-933E-ED6B8A4F469A}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{36CC85D9-D772-49DE-9279-337C18A326B0}: [NameServer] 212.39.90.42 212.39.90.43
Tcpip\..\Interfaces\{521254B9-7035-4424-A79B-C73FEF009E56}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{6408F382-43EF-45F8-A183-6E98326494E7}: [NameServer] 212.39.90.42 212.39.90.43
Tcpip\..\Interfaces\{A41B8DB8-C9BE-4B37-B8E9-4F4D5D0EDF75}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{BBA08E84-E9B5-4B8C-8E2B-BE9854F9D071}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{C1BEB88E-16D3-4CA3-B902-802B99874DED}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{F2AD340F-E8ED-4214-9BE5-F6DE710C1244}: [NameServer] 212.39.90.42 212.39.90.43
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1]
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-16]
Edge Notifications: Default -> hxxps://www.youtube.com
Edge HomePage: Default -> about:blank
Edge Extension: (Video Downloader Premium) - C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\apjbepmacnpdneiebljlfoejfcadpkff [2020-12-17]
Edge Extension: (Avast Passwords) - C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2020-03-03]
Edge Extension: (Video Downloader с едно кликване) - C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fghpggflpedbjjmjghkgdjbhbfclgobk [2020-12-17]
Edge Extension: (Блокиране на реклами в Youtube) - C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mbdlpgncclnhomdpmicmgdihapedhhak [2020-12-17]
Edge Extension: (AdBlock - Най-добрия в блокирането на реклами) - C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2021-04-16]
Edge Profile: C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2020-03-03]
Edge Profile: C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2020-03-03]
FireFox:
========
FF DefaultProfile: 8ee7rh3h.default-1566656681801
FF ProfilePath: C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801 [2021-01-10]
FF Notifications: Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801 -> hxxps://www.vbox7.com
FF Extension: (AdBlock - Най-добрия в блокирането на реклами) - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2021-01-06]
FF Extension: (Avast SafePrice | Сравнение, сделки, купони) - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801\Extensions\sp@avast.com.xpi [2021-01-06]
FF Extension: (Avast Online Security) - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801\Extensions\wrc@avast.com.xpi [2021-01-06]
FF Extension: (Video DownloadHelper) - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-01-06]
FF Extension: (YouTube Video and Audio Downloader (Dev Edt.)) - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801\Extensions\{f73df109-8fb4-453e-8373-f59e61ca4da3}.xpi [2021-01-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-19] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-19] (Adobe Systems Incorporated -> )
FF Plugin-x32: @DVR/npmedia,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin\npmedia.dll [2014-11-17] (Zhejiang Dahua Technology CO.,LTD. -> )
FF Plugin-x32: @DVR/npmedia,version=33.2.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\33.2.0.4\npmedia.dll [2016-09-27] (Zhejiang Dahua Technology CO.,LTD. -> ) [File not signed]
FF Plugin-x32: @DVR/npTimeGrid,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin\npTimeGrid.dll [2014-11-17] (Zhejiang Dahua Technology CO.,LTD. -> Unauthorized copy)
FF Plugin-x32: @DVR/npTimeGrid,version=33.2.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\33.2.0.4\npTimeGrid.dll [2016-09-27] (Zhejiang Dahua Technology CO.,LTD. -> Unauthorized copy) [File not signed]
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]
FF Plugin-x32: @google.com/sewebplugin -> C:\Windows\system32\npsewebplugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2013-01-11] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2013-01-11] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-07-24] (Nitro PDF Software -> Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-04-27] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-04-27] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\My Program\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2019-09-19] () [File not signed]
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2019-09-19] () [File not signed]
FF Plugin HKU\S-1-5-21-678885870-2144746608-4001290835-1000: www.mydlink.com/Uplayer -> C:\Users\Жельо\AppData\Roaming\D-Link\mydlink services plugin\1.0.2.7\npUplayer.dll [2015-12-11] (D-LINK CORPORATION -> D-Link Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default [2021-04-21]
CHR Notifications: Default -> hxxps://www.emart.bg
CHR HomePage: Default -> hxxp://www.homepage.bg/
CHR Extension: (W2MO: Logistics Design, Optimization, 3D) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\acbokjkdobbboamnnfehlboekicdhcog [2016-08-28]
CHR Extension: (Angry Birds) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-16]
CHR Extension: (YouTube) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Adblock Plus — безплатен блокер на реклами) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29]
CHR Extension: (FARMERAMA) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkfdgnfefjmciocbhnffnbpkjpdleca [2017-03-08]
CHR Extension: (Google Търсене) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Avast Online Security) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-02-17]
CHR Extension: (Weather Underground) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhloacinaafedjelpfeffmmlckblidke [2021-04-19]
CHR Extension: (Pixorial Photo & Video Sharing) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilbibicalpgnmbjnganinjppjephokai [2014-02-25]
CHR Extension: (Happy Farmer by Fupa) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjdmmbgcdeojkmeablmdjkhplahnmii [2012-08-17]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-15]
CHR Extension: (радио) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\plaapjbgohfgkalmmjpakodbpomahebn [2017-01-23]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
StartMenuInternet: Google Chrome.MBWLTUWGU5OHAGWKF2LZRQIORY - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
S2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3743464 2021-03-09] (philandro Software GmbH -> philandro Software GmbH)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7776160 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S2 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2012-07-17] (Autodata Limited) [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [353696 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S3 BITCOMET_HELPER_SERVICE; C:\My Program\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (Shanghai Comet Network Technology -> www.BitComet.com)
S2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [115536 2018-08-02] (Brother Industries, Ltd. -> )
S2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd) [File not signed]
S2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [200704 2006-08-11] (InterVideo Inc.) [File not signed]
S2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [793560 2015-05-06] (Open Source Developer, Tim Kosse -> FileZilla Project)
S2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [1995184 2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] (Huawei Technologies Co., Ltd. -> )
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] (Huawei Technologies Co., Ltd. -> )
S2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software -> Nitro PDF Software)
S2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation -> NTI Corporation)
S2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia -> Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia -> Secunia)
S2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12097024 2019-11-06] (TeamViewer GmbH -> TeamViewer Germany GmbH)
S2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-08] (Reason Software Company Inc. -> Reason Software Company Inc.)
S2 VIVACOM 3G USB Modem. RunOuc; C:\Program Files (x86)\VIVACOM 3G USB Modem\UpdateDog\ouc.exe [651856 2013-10-26] (Huawei Technologies Co., Ltd. -> )
S2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACR122U; C:\Windows\System32\DRIVERS\acr122.sys [79840 2018-03-20] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Card Systems Ltd.)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Co., Ltd. -> AnvSoft Inc.)
S1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [312184 2010-09-21] (ArcSoft, Inc. -> )
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37152 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205888 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [235592 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [195656 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [60488 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42776 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175200 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [515544 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-04-18] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [109280 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84856 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851608 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [466752 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [217336 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [323784 2020-08-19] (Avast Software s.r.o. -> AVAST Software)
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2750464 2011-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
S3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1847296 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [348672 2010-12-31] (Aveo Technology Corp. -> AVEO Corp)
S3 cpuz132; C:\Windows\system32\drivers\cpuz132_x64.sys [19432 2009-03-27] (CPUID -> Windows ® Codename Longhorn DDK provider)
S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [109568 2013-01-25] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [14976 2012-12-22] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2014-04-30] () [File not signed]
S3 GRemoteBus; C:\Windows\System32\DRIVERS\GRemoteBus64.sys [27336 2009-08-05] (GBM Software -> GBM Software)
S3 GRemoteJoy; C:\Windows\System32\DRIVERS\GRemoteJoy64.sys [46792 2009-08-05] (GBM Software -> GBM Software)
S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed]
R3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [91648 2013-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [121728 2013-10-23] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [376448 2013-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros -> Qualcomm Atheros Co., Ltd.)
S3 MSBDA; C:\Windows\System32\DRIVERS\UTVAD.sys [1410952 2011-07-15] (Qing YuanGadmei Electronics Technology Co., Ltd -> Gadmei Electronic Technology Corporation)
S2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia -> Secunia)
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [12800 2009-06-15] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [225256 2011-05-17] (Realtek Semiconductor Corp -> REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-05-17] (Realtek Semiconductor Corp -> REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek Semiconductor Corp -> Realtek)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc. -> SafeNet, Inc.)
S3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl64.sys [100864 2011-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Prolific Technology Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-07-10] (Duplex Secure Ltd -> Duplex Secure Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [63488 2010-04-26] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Hard Disk Manager 16 Basic\program\BioNTDrv.SYS [X]
S3 CM2593; system32\DRIVERS\CM2593.sys [X]
S3 GWHid; system32\DRIVERS\GWHid.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S1 UimBus; system32\DRIVERS\uimbus.sys [X]
S1 Uim_DEVIM; system32\DRIVERS\uimdevim.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WINIO; \??\C:\Users\Жельо\Desktop\Test na sistemata\Test na sistemata\psc_2.071\winio.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-21 13:31 - 2021-04-21 13:53 - 000068589 _____ C:\Users\Жельо\Desktop\FRST.txt
2021-04-21 13:17 - 2021-04-21 13:17 - 002298368 _____ (Farbar) C:\Users\Жельо\Desktop\FRST64 (1).exe
2021-04-21 10:26 - 2021-04-21 10:26 - 000000000 ____D C:\Program Files (x86)\ESET
2021-04-19 18:07 - 2021-04-19 18:07 - 000000000 ____D C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения в Chrome
2021-04-19 11:33 - 2021-04-19 11:33 - 000000078 _____ C:\Нов текстов документ.txt
2021-04-15 17:43 - 2020-08-19 15:28 - 000335968 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2021-04-12 20:12 - 2021-04-12 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-04-12 20:11 - 2021-04-12 20:11 - 000000000 ____D C:\Program Files\VideoLAN
2021-04-07 20:37 - 2021-04-07 20:37 - 000067457 _____ C:\Users\Жельо\Desktop\Перевал.Дятлова.2020.(8.серии.от.8).WEB-DL.1080p.H264.AC3-BULGAR.torrent
2021-04-07 19:54 - 2021-04-07 19:54 - 000077000 _____ C:\Users\Жельо\Desktop\line6.protv.cc MACs-Hits.txt
2021-03-27 10:07 - 2021-03-27 10:21 - 000000000 ____D C:\Users\Жельо\Desktop\Нова папка (2)
2021-03-24 19:58 - 2021-03-24 19:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2021-03-24 19:58 - 2017-11-01 09:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2021-03-24 19:56 - 2021-03-24 19:56 - 000220616 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-03-24 17:06 - 2021-03-24 19:54 - 000000000 ____D C:\Users\Жельо\AppData\LocalLow\IGDump
2021-03-24 16:57 - 2021-03-24 16:57 - 000000000 ____D C:\Users\Жельо\AppData\Local\mbam
2021-03-24 16:54 - 2021-03-24 16:54 - 011636936 _____ C:\Users\Жельо\Downloads\MB-SupportTool.exe
2021-03-24 16:39 - 2021-04-21 13:52 - 000000000 ____D C:\FRST
2021-03-24 16:38 - 2021-03-24 16:38 - 002300928 _____ (Farbar) C:\Users\Жельо\Desktop\FRST64.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-21 13:41 - 2009-07-14 08:13 - 000796930 _____ C:\Windows\system32\PerfStringBackup.INI
2021-04-21 13:41 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2021-04-21 13:36 - 2013-08-31 11:42 - 002700838 _____ C:\Windows\ntbtlog.txt
2021-04-21 13:35 - 2013-08-09 19:15 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2021-04-21 13:13 - 2015-11-24 15:32 - 000000000 ____D C:\Users\Жельо\AppData\LocalLow\Adblock Plus for IE
2021-04-21 13:07 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\tracing
2021-04-21 13:05 - 2017-03-08 08:59 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2021-04-21 11:14 - 2015-06-16 08:52 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-04-21 10:50 - 2009-07-14 07:45 - 000020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-04-21 10:50 - 2009-07-14 07:45 - 000020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-04-21 10:47 - 2018-07-26 18:28 - 000000000 ____D C:\Users\Жельо\AppData\Local\AVAST Software
2021-04-21 10:41 - 2012-07-10 13:59 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-21 10:41 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-04-21 10:38 - 2015-03-13 15:38 - 000000000 ___HD C:\Users\Жельо\Documents\ViberDownloads
2021-04-21 10:37 - 2017-01-13 21:18 - 000000000 ____D C:\Users\Жельо\AppData\Roaming\ViberPC
2021-04-21 10:22 - 2012-07-10 15:32 - 000000000 ____D C:\Users\Жельо\AppData\Local\ElevatedDiagnostics
2021-04-21 10:18 - 2017-10-24 15:44 - 020749312 ___SH C:\Users\Жельо\Desktop\Thumbs.db
2021-04-21 01:40 - 2012-08-23 17:41 - 000000000 ____D C:\ProgramData\AVAST Software
2021-04-20 09:15 - 2020-12-15 22:59 - 000000000 ____D C:\Users\Жельо\Desktop\Промоции
2021-04-19 21:25 - 2020-04-06 20:06 - 000003432 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-19 21:25 - 2020-04-06 20:06 - 000003304 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-19 21:25 - 2020-03-03 19:20 - 000003490 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-19 21:25 - 2020-03-03 19:20 - 000003362 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-19 21:25 - 2020-02-10 19:21 - 000003284 _____ C:\Windows\system32\Tasks\{3ED79E8A-6383-4FD7-800A-2D417AED6D61}
2021-04-19 21:25 - 2019-11-01 17:19 - 000003172 _____ C:\Windows\system32\Tasks\{F3FFF0B5-8D8E-4E32-984C-C44E7C0A7853}
2021-04-19 21:25 - 2018-09-19 14:36 - 000003092 _____ C:\Windows\system32\Tasks\{C86732D3-F816-4EEB-B029-EC1495EF32E0}
2021-04-19 21:25 - 2018-04-17 14:41 - 000003050 _____ C:\Windows\system32\Tasks\{8A85DBD2-0D91-4408-A38D-1B8F17EA8D1E}
2021-04-19 21:25 - 2015-12-04 12:01 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2021-04-19 18:10 - 2012-07-10 17:50 - 000000000 ___RD C:\Users\Жельо\Desktop\OPTIONS
2021-04-18 13:02 - 2013-08-25 16:02 - 000000000 ____D C:\Users\Жельо\AppData\Roaming\FileZilla
2021-04-16 20:04 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF
2021-04-16 18:55 - 2020-03-03 19:22 - 000002221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-15 20:34 - 2020-04-06 20:07 - 000002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-15 20:34 - 2020-04-06 20:07 - 000002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-13 19:27 - 2015-04-30 17:26 - 000000000 ____D C:\RecordDownload
2021-04-12 20:16 - 2012-07-17 11:26 - 000000000 ____D C:\Users\Жельо\AppData\Roaming\vlc
2021-04-12 20:10 - 2016-05-16 15:43 - 000000000 ____D C:\Users\Жельо\AppData\Local\CrashDumps
2021-04-07 19:55 - 2018-02-25 21:53 - 000448512 ___SH C:\Users\Жельо\Downloads\Thumbs.db
2021-03-24 16:49 - 2012-08-22 20:07 - 000000000 ____D C:\ProgramData\Malwarebytes
==================== Files in the root of some directories ========
2013-08-06 19:00 - 2013-08-06 20:00 - 000000067 _____ () C:\Users\Жельо\Network_Meter_Data.js
2015-12-01 10:06 - 2015-12-01 10:06 - 000000060 ____R () C:\Program Files (x86)\BRINST.INI
2013-09-01 10:52 - 2013-09-01 10:52 - 000039523 _____ () C:\Program Files (x86)\CMS Setup Log.txt
2012-05-04 10:04 - 2012-05-04 10:04 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2013-09-30 14:38 - 2013-09-30 14:38 - 000000053 _____ () C:\Users\Жельо\AppData\Roaming\Battery Meter_Data.ini
2015-10-26 23:05 - 2015-10-26 23:05 - 000016384 _____ () C:\Users\Жельо\AppData\Roaming\CryptoPrevent_Test_Module.exe
2012-07-17 11:20 - 2018-09-20 12:17 - 000000160 _____ () C:\Users\Жельо\AppData\Roaming\default.rss
2013-01-11 15:13 - 2013-01-11 15:13 - 000022464 _____ (Intel Corporation) C:\Users\Жельо\AppData\Roaming\JomCap.dll
2013-08-06 18:10 - 2013-08-06 20:48 - 000000018 _____ () C:\Users\Жельо\AppData\Roaming\Network Meter_Usage.ini
2015-10-26 22:47 - 2015-10-26 22:47 - 000401934 _____ () C:\Users\Жельо\AppData\Roaming\recovery.bmp
2015-10-27 19:11 - 2019-04-12 21:44 - 000014848 ___SH () C:\Users\Жельо\AppData\Roaming\Thumbs.db
2012-08-22 12:27 - 2021-01-10 18:33 - 000005632 _____ () C:\Users\Жельо\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-10 22:27 - 2014-02-10 22:27 - 000000093 _____ () C:\Users\Жельо\AppData\Local\fusioncache.dat
2015-03-26 14:56 - 2015-03-26 14:56 - 000000054 _____ () C:\Users\Жельо\AppData\Local\oPlayer.ini
2012-07-17 17:18 - 2021-01-11 14:21 - 000007644 _____ () C:\Users\Жельо\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2021-04-12 00:13
==================== End of FRST.txt ========================
Прикрепен(и) файл(ове)
-
Addition.txt 115.82К
1 Брой изтегляния
