jelio_jelev Публикувано Април 21, 2021 Report Share Публикувано Април 21, 2021 Здравейте. От доста време лаптопа доста се замисляше преди да изпълни каквото и да е, ама сега вече въобще не отваря нищо. Интернета не ще да тръгне с кабел. Безжично се свързва, поне засега. Малварбайтс не стартира по никакъв начин. Логовете от FRST са празни, затова сканирах под сейф мод. Лаптопа е с Уиндоус 7 64 битов. Ето и логовете. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021Ran by Жельо (administrator) on JAX-LAPTOP (TOSHIBA SATELLITE L755) (21-04-2021 13:52:43)Running from C:\Users\Жельо\DesktopLoaded Profiles: ЖельоPlatform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)Default browser: IEBoot Mode: Safe Mode (with Networking)==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exeFailed to access process -> csrss.exeFailed to access process -> csrss.exeFailed to access process -> WmiPrvSE.exe==================== Registry (Whitelisted) ===================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [TPwrMain] => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXEHKLM\...\Run: [TosWaitSrv] => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exeHKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exeHKLM\...\Run: [Teco] => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /rHKLM\...\Run: [TCrdMain] => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exeHKLM\...\Run: [HSON] => %ProgramFiles%\TOSHIBA\TBS\HSON.exeHKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation -> NVIDIA Corporation)HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-11] (Conexant Systems, Inc. -> Conexant Systems, Inc.)HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) [File not signed]HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [109160 2020-08-19] (Avast Software s.r.o. -> AVAST Software)HKLM-x32\...\Run: [unlockerAssistant] => "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"HKLM-x32\...\Run: [TSleepSrv] => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exeHKLM-x32\...\Run: [iTSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)HKLM-x32\...\Run: [AveoSTI.exe] => C:\Program Files (x86)\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe [32768 2010-12-02] (AVEO) [File not signed]HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)HKLM Group Policy restriction on software: *.gif*.scr <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.scr <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.avi*.com <==== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.pif <==== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <==== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.scr <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.jse <==== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.js <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.js <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.exe <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.com <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <==== ATTENTIONHKLM Group Policy restriction on software: cipher.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.avi*.scr <==== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.docx*.js <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.com <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.pub*.js <==== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.7z*.com <==== ATTENTIONHKLM Group Policy restriction on software: *.png*.com <==== ATTENTIONHKLM Group Policy restriction on software: *.7z*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.exe <==== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.pif <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.wav*.scr <==== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.exe <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.xls*.bat <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.com <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.doc*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.bat <==== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <==== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.jse <==== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.com <==== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <==== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.pif <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.js <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.docx*.bat <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.com <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.pub*.pif <==== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.js <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.txt*.jse <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.gif*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.docx*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.xls*.com <==== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.com <==== ATTENTIONHKLM Group Policy restriction on software: *.gif*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.7z*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.jse <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.wav*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.wma*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.com <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.wma*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.zip*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.rar*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.avi*.pif <==== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.scr <==== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.exe <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.scr <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.pub*.com <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.gif*.exe <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.png*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.docx*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.txt*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.avi*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.gif*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.jse <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.com <==== ATTENTIONHKLM Group Policy restriction on software: *.xls*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.txt*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.xls*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.docx*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.zip*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.js <==== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.com <==== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.scr <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.bat <==== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.jse <==== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*\svchost.exe <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.docx*.com <==== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.com <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.7z*.pif <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.zip*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.doc*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.wma*.com <==== ATTENTIONHKLM Group Policy restriction on software: *.wma*.scr <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.pub*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.wav*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.png*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.gif*.bat <==== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.avi*.exe <==== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.bat <==== ATTENTIONHKLM Group Policy restriction on software: ** <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.bat <==== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.jse <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.js <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.exe <==== ATTENTIONHKLM Group Policy restriction on software: scsvserv.exe <==== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.com <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.divx*.exe <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.doc*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.scr <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <==== ATTENTIONHKLM Group Policy restriction on software: *.rar*.com <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <==== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.js <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.doc*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.bat <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.pub*.exe <==== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.divx*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.txt*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.divx*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.rar*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.avi*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.rar*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.7z*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.js <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.com <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.com <==== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.com <==== ATTENTIONHKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.txt*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.com <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.pif <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.pif <==== ATTENTIONHKLM Group Policy restriction on software: lsassvrtdbks.exe <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.doc*.js <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.gif*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.txt*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.docx*.scr <==== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.jse <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.zip*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.wav*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.wav*.bat <==== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.pif <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.js <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.png*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.xls*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.wav*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.avi*.jse <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: bcdedit.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.rar*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.scr <==== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.txt*.js <==== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.bat <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.pif <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.divx*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.rar*.bat <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.js <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.divx*.com <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.pub*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.txt*.com <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.pub*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.com <==== ATTENTIONHKLM Group Policy restriction on software: *.zip*.com <==== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.com <==== ATTENTIONHKLM Group Policy restriction on software: *.7z*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.com <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <==== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.pub*.scr <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.zip*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.wma*.jse <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.png*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.divx*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.divx*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.wma*.js <==== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.com <==== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.wma*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.com <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: vssadmin.exe <==== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.png*.exe <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.doc*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.gif*.com <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.xls*.exe <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.pif <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.com <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.xls*.scr <==== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.wma*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.jse <==== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.doc*.com <==== ATTENTIONHKLM Group Policy restriction on software: *.rar*.pif <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.avi*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.zip*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.js <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.scr <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.bat <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.png*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <==== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.bat <==== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.wav*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.com <==== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.png*.bat <==== ATTENTIONHKLM Group Policy restriction on software: syskey.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.doc*.exe <==== ATTENTIONHKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.7z*.exe <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.js <==== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.xls*.js <==== ATTENTIONHKLM Group Policy restriction on software: lsassw86s.exe <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.wav*.com <==== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.bat <==== ATTENTIONHKLM Group Policy restriction on software: *.zip*.bat <==== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.scr <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.js <==== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.com <==== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.jse <==== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.jse <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.divx*.scr <==== ATTENTIONHKLM Group Policy restriction on software: *.7z*.bat <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin <==== ATTENTIONHKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <==== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.jse <==== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <==== ATTENTIONHKLM Group Policy restriction on software: *.docx*.exe <==== ATTENTIONHKLM Group Policy restriction on software: *.rar*.jse <==== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.pif <==== ATTENTIONHKLM\...\Policies\Explorer: [NoAutorun] 2HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTIONHKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: I - I:\Start.exeHKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {b378f1c1-e6af-11e9-8c74-047d7b60ad51} - I:\AutoRun.exeHKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {b378f1ce-e6af-11e9-8c74-e066f7d8f259} - H:\AutoRun.exeHKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {cdb173f4-4794-11e4-9418-047d7b60ad51} - I:\AutoRun.exeHKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {cdb17402-4794-11e4-9418-047d7b60ad51} - H:\AutoRun.exeHKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-16] (Microsoft Windows -> Microsoft Corporation)HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)HKLM\...\Print\Monitors\LIDIL hpzllw71: C:\Windows\system32\hpzllw71.dll [53248 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)HKLM\...\Print\Monitors\Nitro PDF Port Monitor: C:\Windows\system32\nitrolocalmon2.dll [29704 2013-07-24] (Nitro PDF Software -> Nitro PDF Software)HKLM\...\Print\Monitors\Toshiba Bluetooth Monitor: C:\Windows\system32\tbtmon.dll [208208 2009-06-18] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION.)HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCacheHKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.128\Installer\chrmstp.exe [2021-04-15] (Google LLC -> Google LLC)HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCacheStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-12-06]ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2016-05-04]ShortcutTarget: Bluetooth Manager.lnk -> (No File)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TeamViewer 8.lnk [2017-04-18]ShortcutTarget: TeamViewer 8.lnk -> C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (No File)BootExecute: autocheck autochk * sdnclean64.exeGroupPolicy: Restriction ? <==== ATTENTIONPolicies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTIONHKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTIONHKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION==================== Scheduled Tasks (Whitelisted) ============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {0B2AF4BA-41FD-4C44-8F30-95010B7AC628} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-678885870-2144746608-4001290835-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exeTask: {1140D418-8B03-4A41-8CD1-CA22F1B82C9D} - System32\Tasks\{8A85DBD2-0D91-4408-A38D-1B8F17EA8D1E} => C:\Windows\system32\pcalua.exe -a D:\HDD\Setup.exe -d D:\HDDTask: {11C0E3B4-6FDC-438B-B921-137CB9E9595B} - System32\Tasks\{182100DA-BE87-4F02-9360-BCD1C173F813} => C:\Users\Жельо\Desktop\ClientOCX_Setup.exeTask: {1412A2A8-8491-4815-BA62-4B69EBADD5C9} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exeTask: {14537A78-2B10-4501-9EA2-4F8E4A7FA518} - System32\Tasks\{866AFAD4-ECBD-4111-9342-41BBFA98D026} => E:\GAME\Kran Simulator\RE3DPlayer.exeTask: {16556FE5-2CA1-4F74-9791-2368D7AD5A13} - System32\Tasks\{F78FF1FF-7F8C-40BF-956E-099D61E0547F} => G:\Install Train Simulator 2013.exe -> /i "G:\FileID.msi" AI_RESUME=1 ADDLOCAL=MainFeature,Steam ALLUSERS="1" PRIMARYFOLDER="APPDIR" ROOTDRIVE="D:\" PIDKEY="75841-54734-75036" TARGETDIR="D:\" APPDIR="E:\GAME\Train Simulator 2013\" USERNAME="Жельо" AGREE_CHECKBOX="Yes"Task: {1A6D1557-A626-4DD5-8E49-3867B358CFC6} - System32\Tasks\{9E9A51CC-F8A0-49AB-AB98-6DD6F72C165F} => E:\GAME\Ship Simulator Extremes\Steam.exeTask: {1B3F7C82-A53B-4C18-956B-A03982BAA93D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-678885870-2144746608-4001290835-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {1D387C07-7F33-4B41-8722-CE457524CE62} - System32\Tasks\{5B40C6F8-88F6-46FA-8105-93BBDAA7E45D} => E:\GAME\RECYCLE v1.0.0.2\recycle.exeTask: {205F7C02-D290-4FDD-ACC6-82E3B18811F8} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3810408 2020-08-19] (Avast Software s.r.o. -> AVAST Software)Task: {4381DCF5-41DD-4AD3-AAD9-E06DD6556851} - System32\Tasks\{87965B1F-4F0F-4431-AB98-39230743E032} => C:\Users\Жельо\Desktop\DVD 2 AVI\divx03\BeSweetGUIv0.6b71\BeSweetGUIv0.6b71.exeTask: {4768A8D9-4137-4280-902F-D652CF8B6329} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exeTask: {49E0A9A1-3C9C-4CAC-ACE2-593E19A91674} - System32\Tasks\{BDEF390D-E6C1-405C-A41F-FBAAF17B72D0} => C:\Windows\system32\pcalua.exe -a G:\Setup_AR.exe -d G:\Task: {4C5B5BEB-F304-47FB-A1E3-C2D37800AB20} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-678885870-2144746608-4001290835-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exeTask: {4D7CDDE6-9F9C-43E7-9137-CAF7975D7E3B} - System32\Tasks\{A801FFDC-4694-49F4-99C9-543BB27B785F} => G:\Autorun.exeTask: {54710BB0-ACE2-4EDC-AA46-1C9550C85C50} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1791712 2021-02-23] (Avast Software s.r.o. -> Avast Software)Task: {57BB5DD2-9072-48B5-A951-BBBA74357AF8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-678885870-2144746608-4001290835-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {5A24A855-0309-4753-879D-E8D30C89685D} - System32\Tasks\{F3FFF0B5-8D8E-4E32-984C-C44E7C0A7853} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\MP3Gain\uninst-mp3gain.exe" -d "C:\Program Files (x86)\MP3Gain"Task: {5C38B2C5-9D1C-421C-88BB-651CE44E5B57} - System32\Tasks\{E2AA76DB-4BD2-42D6-A378-2DD32F4ABE14} => E:\GAME\RECYCLE v1.0.0.2\recycle.exeTask: {5D9E8D7F-B99A-4E1F-9FB9-5E31041A3905} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exeTask: {5F1351C9-23E8-4294-9DCC-5A402D837B82} - System32\Tasks\{FE589B07-B5C5-4434-AADD-522BB7F6FC1A} => E:\GAME\RECYCLE v1.0.0.2\recycle.exeTask: {61A25CF6-55A7-4EB9-B122-977626A5D2F1} - System32\Tasks\{C1ADE806-304C-4EBA-A734-D2C874B1EC00} => C:\Windows\system32\pcalua.exe -a "E:\GAME\Ship Simulator Extremes\Steam.exe" -d "E:\GAME\Ship Simulator Extremes"Task: {66D7FC83-BEFB-49F3-8438-0E3F80DC4832} - System32\Tasks\{B01B5A14-35E5-4B7F-A7BF-B28B6404E63F} => E:\GAME\Kran Simulator\RE3DPlayer.exeTask: {7272B04D-C3CA-4453-A29E-C1DF51625310} - System32\Tasks\{C86732D3-F816-4EEB-B029-EC1495EF32E0} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\PowerISO\uninstall.exe"Task: {7673F375-167E-4FA5-9EF9-54F282FAC57E} - System32\Tasks\{A34D5BA6-1D52-403E-BADD-ECB4E0779B62} => E:\GAME\Ship Simulator Extremes\Steam.exeTask: {77612E78-C51D-43CF-BB18-678F216C5C84} - System32\Tasks\{CFB5F731-038D-4336-9B75-FE298C0CBA37} => C:\Windows\system32\pcalua.exe -a "C:\Users\Жельо\Desktop\OPTIONS\Shinyekap Nezha-1.exe" -d C:\Users\Жельо\Desktop\OPTIONSTask: {7E9BBDE7-0EE7-47F1-B082-609231DBFBC6} - System32\Tasks\{3FD6C113-D6B5-4CB7-BC40-438AE6F38C07} => C:\Users\Жельо\Desktop\ClientOCX_Setup.exeTask: {7F260276-D7F7-4FC0-B84C-A5F05BCCF0E6} - System32\Tasks\{CDEB13FE-4FD7-4CD0-8145-FCA599B0AB8E} => G:\Autorun.exeTask: {86743A88-4EA7-4983-A7A4-4894B45B63E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-06] (Google LLC -> Google LLC)Task: {8E24899E-13D8-443F-A13C-77442B77507D} - System32\Tasks\{61A0EF18-3E08-43CB-ABFA-926AF19AAD94} => C:\Users\Жельо\Desktop\DVD 2 AVI\divx03\BeSweetGUIv0.6b71\BeSweetGUIv0.6b71.exeTask: {91ACB7E0-F70E-494C-8365-575A843ACCD0} - System32\Tasks\{F6631136-A40B-4193-9954-4E5DD9A10186} => C:\Users\Жельо\Desktop\pscan13.exeTask: {9E6502D2-6B3D-4CEC-85FF-D0510A8D4155} - System32\Tasks\{031792C4-DBF0-413D-B0BA-78618583440E} => C:\Users\Жельо\Desktop\DVD 2 AVI\divx03\BeSweetGUIv0.6b71\BeSweetGUIv0.6b71.exeTask: {B100195E-89C3-43E6-B5F6-D1EBC91D4705} - System32\Tasks\{F4874670-DBC8-4C97-B15B-B59D153C4B3A} => C:\Program Files (x86)\Advanced Port Scanner\Advanced Port Scanner.exeTask: {B44909F0-D6D5-45BF-A67C-307EDEBF8513} - System32\Tasks\{FE11CFCA-1A2E-4401-A5FC-1D944CA1F25D} => C:\Users\Жельо\Desktop\DVD 2 AVI\divx03\BeSweetGUIv0.6b71\BeSweetGUIv0.6b71.exeTask: {BB098717-C280-4EFC-8105-2C56578F6AFE} - System32\Tasks\{381E5223-4811-4126-B261-7C48A51F1FA7} => E:\GAME\Ship Simulator Extremes\Steam.exeTask: {BE84C073-87C9-489C-A148-5F890375D1C2} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [693456 2021-01-06] (Mozilla Corporation -> Mozilla Foundation)Task: {BEBC36E6-CA83-4CE2-AE99-1F12FD357A5A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exeTask: {BF29AF14-D5C8-4BAD-89A8-451DCC13C00B} - System32\Tasks\{0340AF45-9663-498C-9CF9-0D65935DDCA5} => E:\GAME\Kran Simulator\RE3DPlayer.exeTask: {C295EDB3-E3AD-470E-AF7A-1377FC70CBFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-06] (Google LLC -> Google LLC)Task: {C2DA9EBB-2D82-4B80-AC59-6AD3DAFAE0DF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exeTask: {C68F4671-9FFE-4D6B-B4CF-98F5366CF49C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-678885870-2144746608-4001290835-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exeTask: {CB5EEB6B-045C-4426-A4D1-1BCDBE63410D} - System32\Tasks\{E4E1FD23-4F20-41AC-A60A-00572A06799D} => C:\Windows\system32\pcalua.exe -a C:\Users\Жельо\Desktop\NetFx64.exe -d C:\Users\Жельо\DesktopTask: {D20ECE81-F47C-4564-851D-D85BE879AA82} - System32\Tasks\{53B932BC-E3AF-45E9-9B5A-0E91CEF69E27} => C:\Users\Жельо\Desktop\DVD 2 AVI\divx03\BeSweetGUIv0.6b71\BeSweetGUIv0.6b71.exeTask: {D3E809E4-0102-41C0-A206-C5E704FBF7D6} - System32\Tasks\{FBBA76C0-4A9B-4AFD-B5B0-399C48E58931} => E:\GAME\Kran Simulator\RE3DPlayer.exeTask: {DA8BDD69-C800-4CC7-895C-042F45E1E552} - System32\Tasks\{A64CD2AE-D75B-4451-A844-AFB546E1B211} => E:\GAME\Kran\RE3DPlayer.exeTask: {E17D72FE-D226-48B0-A06D-67B3881D9509} - System32\Tasks\{9A6C4155-C55E-4E53-BD48-D0975DE1B5F5} => E:\GAME\Kran\RE3DPlayer.exeTask: {E8FDED4B-1DD7-402E-9FA3-F69DCA35B2C1} - System32\Tasks\{31E8DC32-D40A-464F-9A1F-26DC63AB8D6A} => E:\GAME\Ship Simulator Extremes\Steam.exeTask: {EAB5762D-B1AD-434B-963A-2D14700B7410} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exeTask: {F19508CD-F2FD-4E1F-B1E6-E77D4C4E1DA0} - System32\Tasks\{CC31CF1A-D2D0-4263-97D5-F93BDE476762} => G:\Autorun.exeTask: {F793FED3-F6F0-4949-8773-00099B24E523} - System32\Tasks\{3ED79E8A-6383-4FD7-800A-2D417AED6D61} => C:\Windows\system32\pcalua.exe -a C:\Users\Жельо\Desktop\ACS_Unified_Driver_MSI_Win_4280_P\redist\InstMsiW.exe -d C:\Users\Жельо\Desktop\ACS_Unified_Driver_MSI_Win_4280_P\redist(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exeTask: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exeTask: C:\Windows\Tasks\{F78FF1FF-7F8C-40BF-956E-099D61E0547F}.job => G:\Install Train Simulator 2013.exeæ/i G:\FileID.msi==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4Tcpip\..\Interfaces\{27B45E86-2256-4219-8342-E50970CBA1BC}: [NameServer] 8.8.8.8,8.8.4.4Tcpip\..\Interfaces\{2894CFE3-2384-4537-933E-ED6B8A4F469A}: [DhcpNameServer] 192.168.8.1 192.168.8.1Tcpip\..\Interfaces\{36CC85D9-D772-49DE-9279-337C18A326B0}: [NameServer] 212.39.90.42 212.39.90.43Tcpip\..\Interfaces\{521254B9-7035-4424-A79B-C73FEF009E56}: [DhcpNameServer] 192.168.8.1 192.168.8.1Tcpip\..\Interfaces\{6408F382-43EF-45F8-A183-6E98326494E7}: [NameServer] 212.39.90.42 212.39.90.43Tcpip\..\Interfaces\{A41B8DB8-C9BE-4B37-B8E9-4F4D5D0EDF75}: [DhcpNameServer] 8.8.8.8 8.8.4.4Tcpip\..\Interfaces\{BBA08E84-E9B5-4B8C-8E2B-BE9854F9D071}: [DhcpNameServer] 192.168.8.1 192.168.8.1Tcpip\..\Interfaces\{C1BEB88E-16D3-4CA3-B902-802B99874DED}: [DhcpNameServer] 192.168.8.1 192.168.8.1Tcpip\..\Interfaces\{F2AD340F-E8ED-4214-9BE5-F6DE710C1244}: [NameServer] 212.39.90.42 212.39.90.43HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1]Edge:=======Edge DefaultProfile: DefaultEdge Profile: C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-16]Edge Notifications: Default -> hxxps://www.youtube.comEdge HomePage: Default -> about:blankEdge Extension: (Video Downloader Premium) - C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\apjbepmacnpdneiebljlfoejfcadpkff [2020-12-17]Edge Extension: (Avast Passwords) - C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2020-03-03]Edge Extension: (Video Downloader с едно кликване) - C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fghpggflpedbjjmjghkgdjbhbfclgobk [2020-12-17]Edge Extension: (Блокиране на реклами в Youtube) - C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mbdlpgncclnhomdpmicmgdihapedhhak [2020-12-17]Edge Extension: (AdBlock - Най-добрия в блокирането на реклами) - C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2021-04-16]Edge Profile: C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2020-03-03]Edge Profile: C:\Users\Жельо\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2020-03-03]FireFox:========FF DefaultProfile: 8ee7rh3h.default-1566656681801FF ProfilePath: C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801 [2021-01-10]FF Notifications: Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801 -> hxxps://www.vbox7.comFF Extension: (AdBlock - Най-добрия в блокирането на реклами) - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2021-01-06]FF Extension: (Avast SafePrice | Сравнение, сделки, купони) - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801\Extensions\sp@avast.com.xpi [2021-01-06]FF Extension: (Avast Online Security) - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801\Extensions\wrc@avast.com.xpi [2021-01-06]FF Extension: (Video DownloadHelper) - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-01-06]FF Extension: (YouTube Video and Audio Downloader (Dev Edt.)) - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\8ee7rh3h.default-1566656681801\Extensions\{f73df109-8fb4-453e-8373-f59e61ca4da3}.xpi [2021-01-06]FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-19] (Adobe Systems Incorporated -> )FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-19] (Adobe Systems Incorporated -> )FF Plugin-x32: @DVR/npmedia,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin\npmedia.dll [2014-11-17] (Zhejiang Dahua Technology CO.,LTD. -> )FF Plugin-x32: @DVR/npmedia,version=33.2.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\33.2.0.4\npmedia.dll [2016-09-27] (Zhejiang Dahua Technology CO.,LTD. -> ) [File not signed]FF Plugin-x32: @DVR/npTimeGrid,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin\npTimeGrid.dll [2014-11-17] (Zhejiang Dahua Technology CO.,LTD. -> Unauthorized copy)FF Plugin-x32: @DVR/npTimeGrid,version=33.2.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\33.2.0.4\npTimeGrid.dll [2016-09-27] (Zhejiang Dahua Technology CO.,LTD. -> Unauthorized copy) [File not signed]FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]FF Plugin-x32: @google.com/sewebplugin -> C:\Windows\system32\npsewebplugin.dll [No File]FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2013-01-11] (Intel® Identity Protection Technology Software -> Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2013-01-11] (Intel® Identity Protection Technology Software -> Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-07-24] (Nitro PDF Software -> Nitro PDF)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-04-27] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-04-27] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\My Program\VideoLAN\VLC\npvlc.dll [No File]FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2019-09-19] () [File not signed]FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2019-09-19] () [File not signed]FF Plugin HKU\S-1-5-21-678885870-2144746608-4001290835-1000: www.mydlink.com/Uplayer -> C:\Users\Жельо\AppData\Roaming\D-Link\mydlink services plugin\1.0.2.7\npUplayer.dll [2015-12-11] (D-LINK CORPORATION -> D-Link Corporation)Chrome:=======CHR DefaultProfile: DefaultCHR Profile: C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default [2021-04-21]CHR Notifications: Default -> hxxps://www.emart.bgCHR HomePage: Default -> hxxp://www.homepage.bg/CHR Extension: (W2MO: Logistics Design, Optimization, 3D) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\acbokjkdobbboamnnfehlboekicdhcog [2016-08-28]CHR Extension: (Angry Birds) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-16]CHR Extension: (YouTube) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]CHR Extension: (Adblock Plus — безплатен блокер на реклами) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29]CHR Extension: (FARMERAMA) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkfdgnfefjmciocbhnffnbpkjpdleca [2017-03-08]CHR Extension: (Google Търсене) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]CHR Extension: (Avast Online Security) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-02-17]CHR Extension: (Weather Underground) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhloacinaafedjelpfeffmmlckblidke [2021-04-19]CHR Extension: (Pixorial Photo & Video Sharing) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilbibicalpgnmbjnganinjppjephokai [2014-02-25]CHR Extension: (Happy Farmer by Fupa) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjdmmbgcdeojkmeablmdjkhplahnmii [2012-08-17]CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]CHR Extension: (Gmail) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]CHR Extension: (Chrome Media Router) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-15]CHR Extension: (радио) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\plaapjbgohfgkalmmjpakodbpomahebn [2017-01-23]CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url>CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>StartMenuInternet: Google Chrome.MBWLTUWGU5OHAGWKF2LZRQIORY - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\chrome.exe==================== Services (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)S2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3743464 2021-03-09] (philandro Software GmbH -> philandro Software GmbH)S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7776160 2020-08-19] (Avast Software s.r.o. -> AVAST Software)S2 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2012-07-17] (Autodata Limited) [File not signed]S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [353696 2020-08-19] (Avast Software s.r.o. -> AVAST Software)S3 BITCOMET_HELPER_SERVICE; C:\My Program\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (Shanghai Comet Network Technology -> www.BitComet.com)S2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [115536 2018-08-02] (Brother Industries, Ltd. -> )S2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd) [File not signed]S2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [200704 2006-08-11] (InterVideo Inc.) [File not signed]S2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [793560 2015-05-06] (Open Source Developer, Tim Kosse -> FileZilla Project)S2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [1995184 2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] (Huawei Technologies Co., Ltd. -> )S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] (Huawei Technologies Co., Ltd. -> )S2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software -> Nitro PDF Software)S2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation -> NTI Corporation)S2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia -> Secunia)S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia -> Secunia)S2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12097024 2019-11-06] (TeamViewer GmbH -> TeamViewer Germany GmbH)S2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-08] (Reason Software Company Inc. -> Reason Software Company Inc.)S2 VIVACOM 3G USB Modem. RunOuc; C:\Program Files (x86)\VIVACOM 3G USB Modem\UpdateDog\ouc.exe [651856 2013-10-26] (Huawei Technologies Co., Ltd. -> )S2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)===================== Drivers (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S3 ACR122U; C:\Windows\System32\DRIVERS\acr122.sys [79840 2018-03-20] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Card Systems Ltd.)S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Co., Ltd. -> AnvSoft Inc.)S1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [312184 2010-09-21] (ArcSoft, Inc. -> )R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37152 2020-08-19] (Avast Software s.r.o. -> AVAST Software)S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205888 2020-08-19] (Avast Software s.r.o. -> AVAST Software)S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [235592 2020-08-19] (Avast Software s.r.o. -> AVAST Software)S0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [195656 2020-08-19] (Avast Software s.r.o. -> AVAST Software)S0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [60488 2020-08-19] (Avast Software s.r.o. -> AVAST Software)R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42776 2020-08-19] (Avast Software s.r.o. -> AVAST Software)S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175200 2020-08-19] (Avast Software s.r.o. -> AVAST Software)R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [515544 2020-08-19] (Avast Software s.r.o. -> AVAST Software)R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-04-18] (AVAST Software s.r.o. -> AVAST Software)R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [109280 2020-08-19] (Avast Software s.r.o. -> AVAST Software)S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84856 2020-08-19] (Avast Software s.r.o. -> AVAST Software)S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851608 2020-08-19] (Avast Software s.r.o. -> AVAST Software)S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [466752 2020-08-19] (Avast Software s.r.o. -> AVAST Software)S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [217336 2020-08-19] (Avast Software s.r.o. -> AVAST Software)S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [323784 2020-08-19] (Avast Software s.r.o. -> AVAST Software)R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2750464 2011-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)S3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1847296 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [348672 2010-12-31] (Aveo Technology Corp. -> AVEO Corp)S3 cpuz132; C:\Windows\system32\drivers\cpuz132_x64.sys [19432 2009-03-27] (CPUID -> Windows ® Codename Longhorn DDK provider)S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [109568 2013-01-25] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [14976 2012-12-22] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2014-04-30] () [File not signed]S3 GRemoteBus; C:\Windows\System32\DRIVERS\GRemoteBus64.sys [27336 2009-08-05] (GBM Software -> GBM Software)S3 GRemoteJoy; C:\Windows\System32\DRIVERS\GRemoteJoy64.sys [46792 2009-08-05] (GBM Software -> GBM Software)S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed]R3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [91648 2013-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [121728 2013-10-23] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [376448 2013-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros -> Qualcomm Atheros Co., Ltd.)S3 MSBDA; C:\Windows\System32\DRIVERS\UTVAD.sys [1410952 2011-07-15] (Qing YuanGadmei Electronics Technology Co., Ltd -> Gadmei Electronic Technology Corporation)S2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia -> Secunia)R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [12800 2009-06-15] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA)S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [225256 2011-05-17] (Realtek Semiconductor Corp -> REALTEK SEMICONDUCTOR Corp.)S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-05-17] (Realtek Semiconductor Corp -> REALTEK SEMICONDUCTOR Corp.)S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek Semiconductor Corp -> Realtek)S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc. -> SafeNet, Inc.)S3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl64.sys [100864 2011-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Prolific Technology Inc.)S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-07-10] (Duplex Secure Ltd -> Duplex Secure Ltd.)S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)S3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [63488 2010-04-26] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation)U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Hard Disk Manager 16 Basic\program\BioNTDrv.SYS [X]S3 CM2593; system32\DRIVERS\CM2593.sys [X]S3 GWHid; system32\DRIVERS\GWHid.sys [X]S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S1 UimBus; system32\DRIVERS\uimbus.sys [X]S1 Uim_DEVIM; system32\DRIVERS\uimdevim.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]S3 WINIO; \??\C:\Users\Жельо\Desktop\Test na sistemata\Test na sistemata\psc_2.071\winio.sys [X]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One month (created) (Whitelisted) =========(If an entry is included in the fixlist, the file/folder will be moved.)2021-04-21 13:31 - 2021-04-21 13:53 - 000068589 _____ C:\Users\Жельо\Desktop\FRST.txt2021-04-21 13:17 - 2021-04-21 13:17 - 002298368 _____ (Farbar) C:\Users\Жельо\Desktop\FRST64 (1).exe2021-04-21 10:26 - 2021-04-21 10:26 - 000000000 ____D C:\Program Files (x86)\ESET2021-04-19 18:07 - 2021-04-19 18:07 - 000000000 ____D C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения в Chrome2021-04-19 11:33 - 2021-04-19 11:33 - 000000078 _____ C:\Нов текстов документ.txt2021-04-15 17:43 - 2020-08-19 15:28 - 000335968 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2021-04-12 20:12 - 2021-04-12 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN2021-04-12 20:11 - 2021-04-12 20:11 - 000000000 ____D C:\Program Files\VideoLAN2021-04-07 20:37 - 2021-04-07 20:37 - 000067457 _____ C:\Users\Жельо\Desktop\Перевал.Дятлова.2020.(8.серии.от.8).WEB-DL.1080p.H264.AC3-BULGAR.torrent2021-04-07 19:54 - 2021-04-07 19:54 - 000077000 _____ C:\Users\Жельо\Desktop\line6.protv.cc MACs-Hits.txt2021-03-27 10:07 - 2021-03-27 10:21 - 000000000 ____D C:\Users\Жельо\Desktop\Нова папка (2)2021-03-24 19:58 - 2021-03-24 19:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes2021-03-24 19:58 - 2017-11-01 09:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys2021-03-24 19:56 - 2021-03-24 19:56 - 000220616 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys2021-03-24 17:06 - 2021-03-24 19:54 - 000000000 ____D C:\Users\Жельо\AppData\LocalLow\IGDump2021-03-24 16:57 - 2021-03-24 16:57 - 000000000 ____D C:\Users\Жельо\AppData\Local\mbam2021-03-24 16:54 - 2021-03-24 16:54 - 011636936 _____ C:\Users\Жельо\Downloads\MB-SupportTool.exe2021-03-24 16:39 - 2021-04-21 13:52 - 000000000 ____D C:\FRST2021-03-24 16:38 - 2021-03-24 16:38 - 002300928 _____ (Farbar) C:\Users\Жельо\Desktop\FRST64.exe==================== One month (modified) ==================(If an entry is included in the fixlist, the file/folder will be moved.)2021-04-21 13:41 - 2009-07-14 08:13 - 000796930 _____ C:\Windows\system32\PerfStringBackup.INI2021-04-21 13:41 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf2021-04-21 13:36 - 2013-08-31 11:42 - 002700838 _____ C:\Windows\ntbtlog.txt2021-04-21 13:35 - 2013-08-09 19:15 - 000065536 _____ C:\Windows\system32\Ikeext.etl2021-04-21 13:13 - 2015-11-24 15:32 - 000000000 ____D C:\Users\Жельо\AppData\LocalLow\Adblock Plus for IE2021-04-21 13:07 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\tracing2021-04-21 13:05 - 2017-03-08 08:59 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update2021-04-21 11:14 - 2015-06-16 08:52 - 000000000 ____D C:\Program Files (x86)\TeamViewer2021-04-21 10:50 - 2009-07-14 07:45 - 000020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02021-04-21 10:50 - 2009-07-14 07:45 - 000020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02021-04-21 10:47 - 2018-07-26 18:28 - 000000000 ____D C:\Users\Жельо\AppData\Local\AVAST Software2021-04-21 10:41 - 2012-07-10 13:59 - 000000000 ____D C:\ProgramData\NVIDIA2021-04-21 10:41 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT2021-04-21 10:38 - 2015-03-13 15:38 - 000000000 ___HD C:\Users\Жельо\Documents\ViberDownloads2021-04-21 10:37 - 2017-01-13 21:18 - 000000000 ____D C:\Users\Жельо\AppData\Roaming\ViberPC2021-04-21 10:22 - 2012-07-10 15:32 - 000000000 ____D C:\Users\Жельо\AppData\Local\ElevatedDiagnostics2021-04-21 10:18 - 2017-10-24 15:44 - 020749312 ___SH C:\Users\Жельо\Desktop\Thumbs.db2021-04-21 01:40 - 2012-08-23 17:41 - 000000000 ____D C:\ProgramData\AVAST Software2021-04-20 09:15 - 2020-12-15 22:59 - 000000000 ____D C:\Users\Жельо\Desktop\Промоции2021-04-19 21:25 - 2020-04-06 20:06 - 000003432 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA2021-04-19 21:25 - 2020-04-06 20:06 - 000003304 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore2021-04-19 21:25 - 2020-03-03 19:20 - 000003490 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA2021-04-19 21:25 - 2020-03-03 19:20 - 000003362 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore2021-04-19 21:25 - 2020-02-10 19:21 - 000003284 _____ C:\Windows\system32\Tasks\{3ED79E8A-6383-4FD7-800A-2D417AED6D61}2021-04-19 21:25 - 2019-11-01 17:19 - 000003172 _____ C:\Windows\system32\Tasks\{F3FFF0B5-8D8E-4E32-984C-C44E7C0A7853}2021-04-19 21:25 - 2018-09-19 14:36 - 000003092 _____ C:\Windows\system32\Tasks\{C86732D3-F816-4EEB-B029-EC1495EF32E0}2021-04-19 21:25 - 2018-04-17 14:41 - 000003050 _____ C:\Windows\system32\Tasks\{8A85DBD2-0D91-4408-A38D-1B8F17EA8D1E}2021-04-19 21:25 - 2015-12-04 12:01 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software2021-04-19 18:10 - 2012-07-10 17:50 - 000000000 ___RD C:\Users\Жельо\Desktop\OPTIONS2021-04-18 13:02 - 2013-08-25 16:02 - 000000000 ____D C:\Users\Жельо\AppData\Roaming\FileZilla2021-04-16 20:04 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF2021-04-16 18:55 - 2020-03-03 19:22 - 000002221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk2021-04-15 20:34 - 2020-04-06 20:07 - 000002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2021-04-15 20:34 - 2020-04-06 20:07 - 000002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk2021-04-13 19:27 - 2015-04-30 17:26 - 000000000 ____D C:\RecordDownload2021-04-12 20:16 - 2012-07-17 11:26 - 000000000 ____D C:\Users\Жельо\AppData\Roaming\vlc2021-04-12 20:10 - 2016-05-16 15:43 - 000000000 ____D C:\Users\Жельо\AppData\Local\CrashDumps2021-04-07 19:55 - 2018-02-25 21:53 - 000448512 ___SH C:\Users\Жельо\Downloads\Thumbs.db2021-03-24 16:49 - 2012-08-22 20:07 - 000000000 ____D C:\ProgramData\Malwarebytes==================== Files in the root of some directories ========2013-08-06 19:00 - 2013-08-06 20:00 - 000000067 _____ () C:\Users\Жельо\Network_Meter_Data.js2015-12-01 10:06 - 2015-12-01 10:06 - 000000060 ____R () C:\Program Files (x86)\BRINST.INI2013-09-01 10:52 - 2013-09-01 10:52 - 000039523 _____ () C:\Program Files (x86)\CMS Setup Log.txt2012-05-04 10:04 - 2012-05-04 10:04 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll2013-09-30 14:38 - 2013-09-30 14:38 - 000000053 _____ () C:\Users\Жельо\AppData\Roaming\Battery Meter_Data.ini2015-10-26 23:05 - 2015-10-26 23:05 - 000016384 _____ () C:\Users\Жельо\AppData\Roaming\CryptoPrevent_Test_Module.exe2012-07-17 11:20 - 2018-09-20 12:17 - 000000160 _____ () C:\Users\Жельо\AppData\Roaming\default.rss2013-01-11 15:13 - 2013-01-11 15:13 - 000022464 _____ (Intel Corporation) C:\Users\Жельо\AppData\Roaming\JomCap.dll2013-08-06 18:10 - 2013-08-06 20:48 - 000000018 _____ () C:\Users\Жельо\AppData\Roaming\Network Meter_Usage.ini2015-10-26 22:47 - 2015-10-26 22:47 - 000401934 _____ () C:\Users\Жельо\AppData\Roaming\recovery.bmp2015-10-27 19:11 - 2019-04-12 21:44 - 000014848 ___SH () C:\Users\Жельо\AppData\Roaming\Thumbs.db2012-08-22 12:27 - 2021-01-10 18:33 - 000005632 _____ () C:\Users\Жельо\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-02-10 22:27 - 2014-02-10 22:27 - 000000093 _____ () C:\Users\Жельо\AppData\Local\fusioncache.dat2015-03-26 14:56 - 2015-03-26 14:56 - 000000054 _____ () C:\Users\Жельо\AppData\Local\oPlayer.ini2012-07-17 17:18 - 2021-01-11 14:21 - 000007644 _____ () C:\Users\Жельо\AppData\Local\Resmon.ResmonCfg==================== SigCheck ============================(There is no automatic fix for files that do not pass verification.)LastRegBack: 2021-04-12 00:13==================== End of FRST.txt ======================== Addition.txt Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Април 24, 2021 Report Share Публикувано Април 24, 2021 Това прилича по-скоро на имунизация срещу ransomware. Виждам, че ползваш CryptoPrevent. Ако си извършвал имунизации чрез нея, опитай да ги отмениш. Предполагам ще се наложи да стане под Safe Mode. Цитирай Link to comment Сподели другаде More sharing options...
jelio_jelev Публикувано Април 24, 2021 Author Report Share Публикувано Април 24, 2021 (Редактиран) Спрях защитата на CryptoPrevent, не под safe mode, и инсталирах Malwarebytes наново. Качвам доклада от нея, защото карантинира нещо. Проблема с интернета по кабел се оказа от конфликт на IP адрес с един TV BOX. Забелязах, че като отворя Google Chrome в диспечера на задачите стартират около 10-15 процеса Google Chrome, макар и да няма заредена страница. Че дори и при затварянето на браузера понякога процесите остават. Това се случва и с explorer.exe. Знам, че той трябва да е стартиран, ама понякога при нищо отворено също вървят 10-12 процеса. и лаптопа увисва. Malwarebyteswww.malwarebytes.com-Детайли за регистъра-Дата на сканиране: 24.04.21 г.Час на сканиране: 18:30Файл на регистъра: ff18ea86-a511-11eb-986a-047d7b60ad51.json-Информация за софтуера-Версия: 4.3.0.98Версия на компонентите: 1.0.1273Актуализирай версията на пакета: 1.0.39773Лиценз: Free-Системна информация-OS: Windows 7 Service Pack 1CPU: x64Файлова система: NTFSПотребител: JAX-LAPTOP\Жельо-Резюме на сканирането-Тип сканиране: Сканиране за заплахиСканирането е стартирано от: РъчноРезултат: ЗавършеноСканирани обекти: 289566Открити заплахи: 9Заплахи под карантина: 9Изтекло време: 25 мин, 26 сек-Опции за сканиране-Памет: РазрешеноСтартиране: РазрешеноФайлова система: РазрешеноАрхиви: Разрешеноруткитове: РазрешеноЕвристика: РазрешеноPUP: ОткрийPUM: Открий-Детайли за сканирането-Процес: 0(Не бяха открити зловредни елементи)Модул: 0(Не бяха открити зловредни елементи)Ключ на регистъра: 6Malware.Heuristic.1001, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}, Под карантина, 1000001, 0, , , , , ,Malware.Heuristic.1001, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}, Под карантина, 1000001, 0, , , , , ,Malware.Heuristic.1001, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}, Под карантина, 1000001, 0, , , , , ,Malware.Heuristic.1001, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}, Под карантина, 1000001, 0, , , , , ,Malware.Heuristic.1001, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}\InprocServer32, Под карантина, 1000001, 0, , , , , ,Malware.Heuristic.1001, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}\InprocServer32, Под карантина, 1000001, 0, , , , , ,Стойност на регистъра: 0(Не бяха открити зловредни елементи)Данни на регистъра: 0(Не бяха открити зловредни елементи)Поток данни: 0(Не бяха открити зловредни елементи)Папка: 0(Не бяха открити зловредни елементи)Файл: 3Malware.AI.1693988425, C:\USERS\Жельо\DESKTOP\OPTIONS\КОНВЕРТОРИ\Easy CD-DA Extractor.lnk, Под карантина, 1000000, 0, , , , , 5411FC014588CCD7D2DC6CFF93D3E492, AB68759449CB15916695E0FD5B3BD0D1850930BDF1049E96BBFC017306969B9AMalware.AI.1693988425, C:\PROGRAM FILES\EASY CD-DA EXTRACTOR 12\EZCDDAX.EXE, Под карантина, 1000000, 0, 1.0.39773, 31B755C9AF43C65F64F83649, dds, 01216166, BB8BB479A61209201D01E79B3FAABB4E, FDEA387FAB54C7EE0D451D5C05461E8E7591E511B4A3CA1313BE8984462C21BEMalware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINAMP\ELEVATORPS.DLL, Под карантина, 1000001, 0, 1.0.39773, 0000000000000000000003E9, dds, 01216166, 6B4B815310306458554233AF4855EDF6, A714CC78C135F423ABE10C9FFDA62973DA96CE972F80CC3ADF2281C20FAE6ADBФизически сектор: 0(Не бяха открити зловредни елементи)WMI: 0(Не бяха открити зловредни елементи)(end) Редактиран Април 24, 2021 от jelio_jelev Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Април 25, 2021 Report Share Публикувано Април 25, 2021 Поставените под карантина обекти изглеждат фалшиви тревоги. Според мен спокойно можеш да ги възстановиш. Не се сещам за причина за проблема с Chrome. По принцип е нормално да има поне 2-3 процеса, дори и никаква страница да не е отворена, но в случая са доста повече. Може би се използват от някое(и) от инсталираните разширения или Chrome ги използва за разшерния. Според мен тествай да спреш всички допълнителни разширения и рестартирай браузъра. За Windows Explorer провери дали не е включена опцията всеки прозорец да се отваря в отделен процес: стартирай Windows Explorer, (горе вляво) Organize -> Folder and search options -> View -> махни отметката на Launch folder windows in a separate process (ако е поставена) -> OK.Ако това не помогне или не е имало отметка, дай един дневник от Autoruns (в ARN формат). Предполагам ще се ориентираш как. Цитирай Link to comment Сподели другаде More sharing options...
jelio_jelev Публикувано Април 27, 2021 Author Report Share Публикувано Април 27, 2021 Ето дневника от ауторънс. JAX-LAPTOP.rar Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Май 1, 2021 Report Share Публикувано Май 1, 2021 Нищо не ми се набива на очи като потенциална причина. Увери ли се, че опцията „Launch folder windows in a separate process“ не е включена? Ако да, тогава можеш да опиташ да рестартираш системата в Safe Mode и/или в Clean Boot, за да провериш дали проблемът ще остане.Ако не знаеш точно как да рестартираш в тези режими, пиши. Цитирай Link to comment Сподели другаде More sharing options...
jelio_jelev Публикувано Май 5, 2021 Author Report Share Публикувано Май 5, 2021 Launch folder windows in a separate process не е включена. За момента процесите са нормални. Не го прави постоянно и не знам под сейф мод дали ще се разбере нещо, защото може с дни да не го направи. Когато зацикли ще пробвам да кача дневник от ауторънс. Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Май 9, 2021 Report Share Публикувано Май 9, 2021 Дневникът от Autoruns ще е същият, няма смисъл. По-скоро можеш да направиш следното, ако/когато се появят допълнителни процеси на Explorer, изтегли и стартирай Process Explorer. Кликни два пъти върху единия от допълнителните процеси и виж какъв е командния ред. Можеш да публикуваш снимка и/или да копираш целия ред тук. Същото можеш да направиш и с останалите допълнителни процеси. Цитирай Link to comment Сподели другаде More sharing options...
jelio_jelev Публикувано Май 10, 2021 Author Report Share Публикувано Май 10, 2021 Сега не се е появил проблема, но къде трябва да е този команден ред? Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Май 10, 2021 Report Share Публикувано Май 10, 2021 В подпрозорец Image, който се отваря по подразбиране при двоен клик: Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.