Премини към съдържанието

Препоръчан отговор


Здравейте, искам да направим една обща профилактика на пц-то.Да се деинсталира анти-вирусната програма, браузърите и да се инсталират на ново и обновят.Напоследък работи малко по нестабилно компютъра,понякога не изпълнява дадена команда а просто си стои все едно не го пипаш.Друг път докато съм във хром,просто излиза от всичко и след секунди пак от само себе си си стартира всичко което се е затворило. И още куп дребни бъгове от този род, желанието ми е ако има някакви вирусчета или бъгнали се програми да бъдат отстранени.След това да се преинсталира антивирусната и всички браузъри.

 

лог файл от farbar recovery:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by ASQ (administrator) on VASILIS-666 on 19-06-2015 08:28:31
Running from C:\Documents and Settings\ASQ\Desktop\Profilaktika
Loaded Profiles: ASQ (Available Profiles: ASQ & LogMeInRemoteUser)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashServ.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(ALWIL Software) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
() C:\Program Files\Datecs\FlexType 2K\FType2K.exe
() C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe
() C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmwj.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Autodata Limited) C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
() C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Documents and Settings\All Users\Application Data\VIVACOM 3G USB Modem\OnlineUpdate\ouc.exe
() C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
(WinZip Computing, S.L. (WinZip Computing)) C:\Program Files\WinZip Driver Updater\winzipdu.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16844800 2007-09-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [avast!] => C:\Program Files\Alwil Software\Avast4\ashDisp.exe [81000 2009-11-25] (ALWIL Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [VMSnap3] => C:\WINDOWS\VMSnap3.EXE [49152 2006-08-30] (ZSMCSNAP)
HKLM\...\Run: [statusAutoRun3010] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [3166720 2012-07-16] ()
HKLM\...\Run: [Launcher3010] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2570752 2011-04-19] (Xerox)
HKLM\...\Run: [3010 RUN] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [357376 2012-07-16] ()
HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2014-01-07] (Advanced Micro Devices, Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2014-01-07] (ATI Technologies Inc.)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll [2011-09-17] (LogMeIn, Inc.)
HKU\S-1-5-21-1454471165-602162358-527237240-1003\...\Run: [WINZIPDUDriverUpdater] => C:\Program Files\WinZip Driver Updater\winzipdu.exe [10989736 2014-07-11] (WinZip Computing, S.L. (WinZip Computing))
HKU\S-1-5-21-1454471165-602162358-527237240-1003\...\RunOnce: [Adobe Speed Launcher] => 1434349540
HKU\S-1-5-21-1454471165-602162358-527237240-1003\...\MountPoints2: {393b0a6e-7149-11e3-a9cc-001e8c7ba91b} - F:\AutoRun.exe
HKU\S-1-5-21-1454471165-602162358-527237240-1003\...\MountPoints2: {393b0a71-7149-11e3-a9cc-001e8c7ba91b} - F:\AutoRun.exe
HKU\S-1-5-21-1454471165-602162358-527237240-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 nwprovau
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk [2014-07-27]
ShortcutTarget: FlexType 2K.lnk -> C:\Program Files\Datecs\FlexType 2K\FType2K.exe ()
Startup: C:\Documents and Settings\ASQ\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-06-15]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
HKU\S-1-5-21-1454471165-602162358-527237240-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
HKU\S-1-5-21-1454471165-602162358-527237240-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1454471165-602162358-527237240-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1432386962&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpc&uid=HitachiXHDP725050GLA360_GEB531RE0997XF0997XFX
SearchScopes: HKU\S-1-5-21-1454471165-602162358-527237240-1003 -> DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
SearchScopes: HKU\S-1-5-21-1454471165-602162358-527237240-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
SearchScopes: HKU\S-1-5-21-1454471165-602162358-527237240-1003 -> {B6269E61-9E2B-4567-8EDE-69A49357B561} URL = https://www.google.com/search?q={searchTerms}
BHO: RobboSaver -> {0241D2F2-FC90-4E1C-AA28-F2F052E5FA5E} -> C:\Program Files\RobboSaver\SZpySbPYDMsQ5J.dll [2015-06-12] ()
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: EnjoyCoaupoon -> {24D74265-95D7-4A82-865F-0D1AC83B4E56} -> C:\Program Files\EnjoyCoaupoon\lxNI8TvJhhzfqd.dll [2015-05-30] ()
BHO: IIsaVeer -> {6CFC6069-5B38-4E59-A351-487F994CB9BF} -> C:\Program Files\IIsaVeer\vaWpQi1DF6JrO4.dll [2015-05-30] ()
DPF: {6714928B-F4BF-4E44-82EF-BB036DBD9213} http://192.168.1.5/TLNetDvr.CAB
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} http://78.128.52.19:81/codebase/IPCam902.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default
FF NewTab: hxxp://www.mystartsearch.com/newtab/?type=nt&ts=1432386962&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpc&uid=HitachiXHDP725050GLA360_GEB531RE0997XF0997XFX
FF DefaultSearchEngine: mystartsearch
FF DefaultSearchUrl: 
FF SelectedSearchEngine: mystartsearch
FF Homepage: hxxp://search.gboxapp.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2011-08-02] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=0.9.9 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2009-04-01] (the VideoLAN Team)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\searchplugins\conduit.xml [2010-12-15]
FF SearchPlugin: C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\searchplugins\my-web-search.xml [2012-10-13]
FF SearchPlugin: C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\searchplugins\sweetim.xml [2011-08-11]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystartsearch.xml [2015-05-23]
FF Extension: No Name - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\profiles\extensions\extensions [2012-10-08]
FF Extension: 2YourFace - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\profiles\extensions\support@2yourface.com [2011-08-11]
FF Extension: No Name - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com [2014-01-04]
FF Extension: QuickSearch - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\Extensions\searchffv2@gmail.com [2015-05-23]
FF Extension: 2YourFace - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\Extensions\support@2yourface.com [2011-08-11]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-12-06]
FF Extension: Search Results Toolbar - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\Extensions\{94366e2c-9923-431c-b0d6-747447dd0f2b} [2012-03-07]
FF Extension: BS Player Community Toolbar - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}(2) [2011-08-14]
FF Extension: BS Player Community Toolbar - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}(3) [2012-03-07]
FF Extension: SweetPacks Toolbar for Firefox - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-11-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-12-04]
FF HKLM\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\extensions\searchffv2@gmail.com
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: No Name - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2015-05-08]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\ASQ\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\ASQ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-22]
CHR Extension: (No Name) - C:\Documents and Settings\ASQ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-22]
CHR Extension: (Google Wallet) - C:\Documents and Settings\ASQ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-26]
CHR Extension: (Adblock Pro) - C:\Documents and Settings\ASQ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-05-28]
CHR Extension: (No Name) - C:\Documents and Settings\ASQ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-22]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [Not Found]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-06-15] (Adobe Systems) [File not signed]
R2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752 2009-11-25] (ALWIL Software)
R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [643072 2014-01-07] (ATI Technologies Inc.) [File not signed]
R2 Autodata Limited License Service; C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2015-01-30] (Autodata Limited) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [138680 2009-11-25] (ALWIL Software)
R3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [254040 2009-11-25] (ALWIL Software)
R3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [352920 2009-11-25] (ALWIL Software)
R2 c027e3d4; c:\Program Files\couponight\couponight.dll [1761792 2015-05-23] () [File not signed]
R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [632832 2011-03-21] (Nokia) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S2 VIVACOM 3G USB Modem. RunOuc; C:\Program Files\VIVACOM 3G USB Modem\UpdateDog\ouc.exe [246112 2013-12-30] ()
R2 XRNADB; C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [80896 2012-07-16] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Aavmker4; C:\WINDOWS\system32\Drivers\Aavmker4.sys [27408 2009-11-25] (ALWIL Software)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
R2 aswFsBlk; C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys [20560 2009-11-25] (ALWIL Software)
R2 aswMon2; C:\WINDOWS\system32\Drivers\aswMon2.sys [94160 2009-11-25] (ALWIL Software)
R3 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [23120 2009-11-25] (ALWIL Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [114768 2009-11-25] (ALWIL Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [48560 2009-11-25] (ALWIL Software)
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [7875072 2014-01-07] (ATI Technologies Inc.) [File not signed]
R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [16384 2004-07-09] (Microsoft Corporation)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 HdAudAddService; C:\WINDOWS\System32\drivers\AtiHdAud.sys [84992 2006-12-28] (ATI Research Inc.) [File not signed]
S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [90368 2013-12-30] (Huawei Technologies Co., Ltd.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10112 2004-07-09] (Microsoft Corporation)
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [105472 2006-10-18] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [46080 2007-05-21] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2007-05-21] (NVIDIA Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2010-11-29] () [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 vmfilter303; C:\WINDOWS\System32\drivers\vmfilter303.sys [428160 2006-04-25] (Vimicro Corporation) [File not signed]
S3 ZSMC303; C:\WINDOWS\System32\Drivers\usbVM303.sys [392122 2006-12-01] (Vimicro Corporation) [File not signed]
R1 {a16a1775-5ab3-4034-ac52-de0795db97f0}Gt; C:\WINDOWS\System32\drivers\{a16a1775-5ab3-4034-ac52-de0795db97f0}Gt.sys [55824 2014-12-12] (StdLib)
U3 axn8wue6; C:\WINDOWS\system32\Drivers\axn8wue6.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [235392 2013-12-30] (Huawei Technologies Co., Ltd.)
S4 IntelIde; No ImagePath
S4 LMIRfsClientNP; No ImagePath
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-19 08:28 - 2015-06-19 08:28 - 00000000 ____D C:\FRST
2015-06-19 08:26 - 2015-06-19 08:28 - 00000000 ____D C:\Documents and Settings\ASQ\Desktop\Profilaktika
2015-06-15 10:31 - 2015-06-15 10:31 - 00000000 ____D C:\Documents and Settings\ASQ\My Documents\Updater
2015-06-15 10:30 - 2015-06-15 10:30 - 00001744 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help Center.lnk
2015-06-15 10:28 - 2015-06-15 10:28 - 00001726 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge.lnk
2015-06-15 10:27 - 2015-06-15 10:27 - 00000000 ____D C:\Program Files\Common Files\Adobe Systems Shared
2015-06-15 10:27 - 2015-06-15 10:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe Systems
2015-06-15 10:26 - 2015-06-15 10:26 - 00001776 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS2.lnk
2015-06-15 10:26 - 2015-06-15 10:26 - 00001773 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady CS2.lnk
2015-06-15 10:04 - 2015-06-15 10:04 - 00000000 ____D C:\Documents and Settings\ASQ\Local Settings\Application Data\WMTools Downloaded Files
2015-06-12 01:01 - 2015-06-12 01:01 - 00000000 ____D C:\Program Files\RobboSaver
2015-06-04 10:19 - 2015-06-04 10:19 - 00000038 _____ C:\WINDOWS\DAOCONV.T1C
2015-06-04 10:19 - 2015-06-04 10:19 - 00000000 ____D C:\Program Files\HT Audio
2015-06-04 10:19 - 2015-06-04 10:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HT Audio
2015-06-04 10:19 - 1998-08-26 15:26 - 01045776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjet35.dll
2015-06-04 10:19 - 1998-08-11 17:28 - 00407312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrepl35.dll
2015-06-04 10:19 - 1997-08-29 14:14 - 00270344 _____ () C:\WINDOWS\system32\Btn32x10.ocx
2015-06-04 10:19 - 1997-07-19 16:01 - 00196880 ____N (Microsoft Corporation) C:\WINDOWS\system32\RICHTX32.OCX
2015-06-04 10:19 - 1997-07-19 16:01 - 00192784 ____N (Microsoft Corporation) C:\WINDOWS\system32\TABCTL32.OCX
2015-06-04 10:19 - 1997-07-19 16:00 - 00604432 ____N (Microsoft Corporation) C:\WINDOWS\system32\COMCTL32.OCX
2015-06-04 10:19 - 1997-07-19 16:00 - 00155920 ____N (Microsoft Corporation) C:\WINDOWS\system32\COMCT232.OCX
2015-06-04 10:19 - 1997-07-19 16:00 - 00129808 ____N (Microsoft Corporation) C:\WINDOWS\system32\COMDLG32.OCX
2015-06-04 10:19 - 1997-01-24 00:00 - 00078608 _____ (Microsoft Corporation) C:\WINDOWS\system32\VB5DB.DLL
2015-06-04 10:19 - 1997-01-13 17:18 - 00037136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSJINT35.DLL
2015-06-04 10:19 - 1996-12-05 00:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ODBCTL32.DLL
2015-06-04 10:19 - 1996-12-02 18:44 - 00251664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSRD2X35.DLL
2015-06-04 10:19 - 1996-12-02 18:44 - 00024336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSJTER35.DLL
2015-06-04 10:19 - 1996-01-12 00:00 - 00200704 ____R (Sheridan Software Systems, Inc.) C:\WINDOWS\system32\THREED32.OCX
2015-06-04 10:16 - 2015-06-04 10:16 - 00000000 ____D C:\Documents and Settings\ASQ\WINDOWS
2015-06-04 10:11 - 2015-06-04 10:11 - 00000305 _____ C:\WINDOWS\system32\secushr.dat
2015-05-30 14:07 - 2015-05-30 14:07 - 00000000 ____D C:\Program Files\IIsaVeer
2015-05-30 14:07 - 2015-05-30 14:07 - 00000000 ____D C:\Program Files\EnjoyCoaupoon
2015-05-30 14:06 - 2015-05-30 14:06 - 00000000 ____D C:\Program Files\DigiSaavuera
2015-05-29 13:51 - 2015-05-29 13:51 - 00118784 _____ C:\WINDOWS\Minidump\Mini052915-01.dmp
2015-05-28 08:17 - 2015-06-18 15:20 - 00000024 _____ C:\Documents and Settings\ASQ\Application Data\appdataFr25.bin
2015-05-27 15:38 - 2015-05-27 16:33 - 00000000 ____D C:\Documents and Settings\ASQ\Application Data\DMCache
2015-05-27 15:38 - 2015-05-27 15:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IDM
2015-05-27 11:42 - 2015-05-27 11:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Samsung
2015-05-23 16:15 - 2015-05-23 16:15 - 00000000 ____D C:\Program Files\Passter
2015-05-23 16:15 - 2015-05-23 16:15 - 00000000 ____D C:\Program Files\couponight
2015-05-23 16:14 - 2015-06-12 01:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\10696673281268315387
2015-05-23 16:14 - 2015-05-23 16:14 - 00000000 ____D C:\Program Files\PriceMinuus
2015-05-23 16:14 - 2015-05-23 16:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\jaminbeahcmgifklimggjagabkaphode
2015-05-23 16:13 - 2015-06-19 04:13 - 00000442 _____ C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job
2015-05-23 16:13 - 2015-06-09 08:42 - 00000248 _____ C:\WINDOWS\system32\secustat.dat
2015-05-23 16:13 - 2015-05-24 04:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{d067a482-fa51-f593-d067-7a482fa5920b}
2015-05-23 15:58 - 2015-06-09 08:42 - 00000000 ____D C:\Documents and Settings\ASQ\Application Data\BITS
2015-05-23 15:58 - 2015-05-23 15:58 - 00000025 _____ C:\WINDOWS\libem.INI
2015-05-23 15:58 - 2015-05-23 15:58 - 00000000 ____D C:\Program Files\FlashGet Network
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-19 08:29 - 2010-11-29 19:39 - 00000000 ____D C:\Documents and Settings\ASQ\Local Settings\Temp
2015-06-19 08:14 - 2012-03-30 15:29 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-19 07:30 - 2010-11-29 21:06 - 00000986 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-19 05:30 - 2010-11-29 19:38 - 00032654 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-19 00:30 - 2010-11-29 21:06 - 00000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-18 15:26 - 2010-11-29 21:59 - 00000000 ____D C:\Documents and Settings\ASQ\Application Data\Canon
2015-06-18 12:33 - 2010-11-29 21:25 - 00000538 _____ C:\WINDOWS\wiadebug.log
2015-06-17 09:18 - 2013-01-31 15:44 - 00000000 _____ C:\sparkraw.log
2015-06-17 09:14 - 2013-12-28 10:14 - 00000280 _____ C:\WINDOWS\Tasks\WinZipDriverUpdater_UPDATES.job
2015-06-17 08:52 - 2010-11-29 19:41 - 00000000 ____D C:\Documents and Settings\ASQ\Desktop\Skrabna vest
2015-06-17 08:48 - 2010-11-29 21:05 - 00001901 _____ C:\WINDOWS\panose.bin
2015-06-16 17:13 - 2010-11-29 20:46 - 00000000 ____D C:\Documents and Settings\ASQ\Application Data\uTorrent
2015-06-16 15:10 - 2010-11-29 19:39 - 00028984 _____ C:\Documents and Settings\ASQ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-06-16 15:08 - 2010-11-29 19:40 - 00000000 ____D C:\Documents and Settings\ASQ\My Documents\ASIA
2015-06-15 11:42 - 2010-11-29 20:14 - 00000000 ____D C:\Documents and Settings\ASQ\Application Data\Adobe
2015-06-15 11:08 - 2011-04-29 12:32 - 00000000 ____D C:\Documents and Settings\ASQ\Local Settings\Application Data\Adobe
2015-06-15 10:31 - 2010-11-29 20:14 - 00000000 ____D C:\Program Files\Adobe
2015-06-15 10:29 - 2010-11-29 20:14 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-06-15 10:28 - 2010-11-29 21:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
2015-06-15 10:26 - 2011-04-20 10:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2015-06-15 10:10 - 2010-11-29 19:32 - 01565615 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-15 09:25 - 2012-02-21 12:05 - 01084418 _____ C:\WINDOWS\setupapi.log
2015-06-15 09:25 - 2011-09-16 18:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn
2015-06-15 09:25 - 2010-11-29 21:25 - 00000052 _____ C:\WINDOWS\wiaservc.log
2015-06-15 09:25 - 2008-04-14 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-15 09:24 - 2010-11-29 19:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-10 19:14 - 2012-03-30 15:29 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-10 19:14 - 2011-09-15 18:41 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-10 01:31 - 2015-05-08 10:29 - 00001811 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-06-09 11:50 - 2010-11-29 19:41 - 00000000 ____D C:\Documents and Settings\ASQ\Desktop\Tajen pomrn
2015-06-08 08:33 - 2010-11-29 20:34 - 10485760 _____ C:\WINDOWS\system32\config\Antivirus.Evt
2015-06-08 08:33 - 2010-11-29 20:11 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2015-06-08 08:33 - 2010-11-29 19:39 - 00000178 ___SH C:\Documents and Settings\ASQ\ntuser.ini
2015-06-04 13:04 - 2014-07-23 12:08 - 00000000 ____D C:\Program Files\SpeedFan
2015-06-04 10:16 - 2010-11-29 19:39 - 00000000 ____D C:\Documents and Settings\ASQ
2015-05-29 13:51 - 2010-12-04 16:32 - 00000000 ____D C:\WINDOWS\Minidump
2015-05-28 08:35 - 2010-11-29 21:20 - 00186629 _____ C:\WINDOWS\setupact.log
2015-05-27 11:42 - 2015-01-27 14:23 - 00000000 ____D C:\Program Files\SAMSUNG
2015-05-27 11:42 - 2010-11-29 19:50 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
 
==================== Files in the root of some directories =======
 
2015-05-28 08:17 - 2015-06-18 15:20 - 0000024 _____ () C:\Documents and Settings\ASQ\Application Data\appdataFr25.bin
2010-11-29 19:40 - 2011-09-15 19:03 - 0037888 _____ () C:\Documents and Settings\ASQ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some files in TEMP:
====================
C:\Documents and Settings\ASQ\Local Settings\Temp\DrvInst64.exe
C:\Documents and Settings\ASQ\Local Settings\Temp\gtapi_signed.dll
C:\Documents and Settings\ASQ\Local Settings\Temp\NEventMessages.dll
C:\Documents and Settings\ASQ\Local Settings\Temp\NOSEventMessages.dll
C:\Documents and Settings\ASQ\Local Settings\Temp\pyl1.tmp.exe
C:\Documents and Settings\ASQ\Local Settings\Temp\pyl144.tmp.exe
C:\Documents and Settings\ASQ\Local Settings\Temp\pyl1E.tmp.exe
C:\Documents and Settings\ASQ\Local Settings\Temp\setacl.exe
C:\Documents and Settings\ASQ\Local Settings\Temp\sfamcc00001.dll
C:\Documents and Settings\ASQ\Local Settings\Temp\sfamcc00002.dll
C:\Documents and Settings\ASQ\Local Settings\Temp\sfextra.dll
C:\Documents and Settings\ASQ\Local Settings\Temp\Uninstall.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of log ============================

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте..! :)

 

remove%20outdated.jpg Деинсталиране нa програми

  • Натиснете WindowsKey.png + R на клавиатурата си по едно и също време. Въведете appwiz.cpl и щракнете върху OK.

 

 

Clickable Links

DigiSaavuera

EnjoyCoaupoon

IIsaVeer

ParallelEdit
Passter

PriceMinuus

RobboSaver

 

 

 

 

adwcleaner_new.png Сканиране с AdwCleaner
 
Моля, изтеглете и стартирайте програмата AdwCleaner (by Xplode):

  • Затворете всички стартирани програми и браузъри
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
  • Маркирайте Clean
  • Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта.
  • Моля, да публикувате съдържанието на този лог в отговора си
  • Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

 

 

JRTbythisisu.png Сканиране с Junkware Removal Tool
 
Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

Направете ново  сканиране с:

 

 

FRST.gif Сканиране с Farbar Recovery Scan Tool

 

  • Моля изтеглете icon1337953436.pngFarbar Recovery Scan Tool (според версията на Windows изберете 32 битовата или 64 битовата версия) и го запазете на десктопа.
  • Стартирайте файла FRST.exe (или FRST64.exe)
  • Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
  • Натиснете бутона YClYkft.jpg.
  • Изчакайте търпеливо проверката да приключи.
  • Ще се създадат два лог файла с името - FRST.txt и Addition.txt на десктопа.
  • Копирайте съдържанието на файла FRST.txt в следващия си пост. Прикачете Addition.txt в коментар си (погледнете опцията Прикачване на файлове, когато публикувате мнение).

 

xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg  Дневници
 
В следващия си отговор, моля да включите следните дневници:

 

  • FRST.txt
  • Addition.txt
  • AdwCleaner[s0].txt
  • JRT.txt
  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

По тази система има много работа...! :)

 

Първо съм длъжен да ви обърна внимание че  поддръжката за Windows XP завърши на 8 април 2014 г.
 
Какво представлява прекратяването на поддръжката за Windows XP?

 

 

Използвате много стара версия на avast! antivirus...Няма смисъл от нея на този етап...да я деинсталираме,за да не ни пречи в почистването..:

 

1. Изтеглете инструмента aswclear.exe и да го запишете на вашия работен плот.

2. Рестартирайте компютъра и преминете в режим Safe Mode.

3. Стартирайте инструмента.

4. Ако Avast  не е инсталиран в папката по подразбиране, укажете пътя до него. (Забележка: Съдържанието на тази папка ще бъде премахнато!)

5.Маркираме REMOVE.

6.Рестартирайте компютъра и преминавате в нормален режим.

 

 

 

icon1348768721.jpg  Изтеглете Security Check (автор: screen317) от тук

  • Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.
  • Когато програмата завърши работата си, ще се отвори един текстов документ: checkup.txt.
  • Копирайте съдържанието на checkup.txt с Копирай (Copy) и с Постави (Paste) го поставете в следващия си коментар.

 

 

 

 

FRST.gif Фикс с Farbar Recovery Scan Tool

 
icon13.gif Изтеглете прикачения файл и го запазете там, където сте свалили FRST.exe => fixlist.txt
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.
Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.

 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

 

 

xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg  Дневници
 
В следващия си отговор, моля да включите следните дневници:

 

  • FixLog.txt
  • checkup.txt
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
 Results of screen317's Security Check version 1.004  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Please wait while WMIC is being installed.d 
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
 Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
  Adobe Flash Player 17.0.0.188 Flash Player out of Date!
 Adobe Reader XI  
 Mozilla Firefox (38.0.5) 
 Google Chrome (43.0.2357.124) 
````````Process Check: objlist.exe by Laurent````````
 All Users Application Data VIVACOM 3G USB Modem OnlineUpdate\ouc.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C::  
````````````````````End of Log``````````````````````
 

Fixlog.txt


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

GUZVCQN.jpg Моля, изтеглете Malwarebytes Anti -Malware и го запомнете на вашия работен плот .

Кликнете два пъти върху mbam-setup - 2.1.4.1018.exe и следвайте инструкциите, за да инсталирате програмата . Убедете се че преди края на инсталацията има отметка тук:

  • Launch Malwarebytes Anti-Malware
  • 14-дневен пробен период е предварително избран. Можете да премахнете отметката ако желаете, при което няма да се ограничат възможностите за сканиране и премахване на зловреден софтуер с програмата.
  • Натиснете Finish
  • В края на инсталацията, ще се извърши актуализация на база данни.
  • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
  • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и кликнете върху Scan Now и ще започне сканиране за зловреден софтуер.
  • При някои инфекции можете да видите съобщението:

                                      "Could not load DDA driver"

  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Когато сканирането приключи, ако има някакви открити зарази , щракнете върху Remove Selected за да се позволи на Mbam да почисти засеченото. .
  • В повечето случаи, ще се поиска рестартиране
  • Изчакайте подканата за рестартиране на компютъра, за да се появи, след това кликнете върху Yes
  • След рестарта ,стартирайте Mbam още веднъж.
  • Кликнете на History tab > Application Logs .
  • Кликнете два пъти върху реда , който показва датата и часа на сканирането и натиснете бутона "Copy to Clipboard"
  • Поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.

 

 

GzlsbnV.png.pagespeed.ce.SLxxSJVib_axmA6 Сканиране с ESET Online Scan
 
 
i_arrow-r.gif Изтеглете програмата: ESET Online Scanner

  • Стартирайте esetsmartinstaller_enu.exe 7c9e83b53227ef3d.jpg
  • Сложете отметка на YES, I accept the Terms of Use и изберете Start:

04ed1c15c0abe843.jpg

  • Скенерът ще започне да изтегля компонентите, които са му необходими:

3b734079c5ccd713.jpg

  • Уверете се, че Enable detection of potentially unwanted applications е избран.

Уверете се, че е премахната отметката от:

  • Remove found threats

Уверете се че са маркирани следните позиции:

  • Scan Archives

Кликнете върху Advanced Settings и маркирайте следните опции:

  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

Накрая изберете Start
 
2.JPG
 
Скенерът ще започне да изтегля последните дефиниции и ще започне сканиране на вашия компютър.
Моля, бъдете търпеливи, тъй като това може да отнеме известно време.

  • След, като сканирането завърши кликнете на List of found threats.
  • Щракнете върху Export, и запишете файла на вашия работен плот с  име  ESETScan. Копирайте съдържанието на този доклад, в следващия си отговор.
  • Изберете бутона Back.
  • Изберете бутона Finish.

 

xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg  Дневници
 
В следващия си отговор, моля да включите следните дневници:

 

  • Дневник от Malwarebytes Anti -Malware
  • Дневник от ESET Online Scanner ( List of found threats )
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/20/2015
Scan Time: 09:56:38
Logfile: 
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.19.05
Rootkit Database: v2015.06.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: ASQ
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 363179
Time Elapsed: 14 min, 19 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 7
PUP.Optional.MultiPlug, HKU\S-1-5-21-1454471165-602162358-527237240-1003_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}, Quarantined, [d5bc7448afdbe551506a5c54f3104fb1], 
PUP.Optional.Mindspark.A, HKU\S-1-5-21-1454471165-602162358-527237240-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}, Quarantined, [f79aac10107a22143b2200751ce79868], 
PUP.Optional.Mindspark.A, HKU\S-1-5-21-1454471165-602162358-527237240-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}, Quarantined, [f79aac10107a22143b2200751ce79868], 
PUP.Optional.Mindspark.A, HKU\S-1-5-21-1454471165-602162358-527237240-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A899079D-206F-43A6-BE6A-07E0FA648EA0}, Quarantined, [4d444a72a2e83ef8f1e9e4cae320619f], 
PUP.Optional.Mindspark.A, HKU\S-1-5-21-1454471165-602162358-527237240-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A899079D-206F-43A6-BE6A-07E0FA648EA0}, Quarantined, [4d444a72a2e83ef8f1e9e4cae320619f], 
PUP.Optional.Mindspark.A, HKU\S-1-5-21-1454471165-602162358-527237240-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{93A3111F-4F74-4ED8-895E-D9708497629E}, Quarantined, [7b167a42e9a1ee48baa3fb781ee56f91], 
PUP.Optional.SmartBar.A, HKU\S-1-5-21-1454471165-602162358-527237240-1003\SOFTWARE\SMARTBAR, Quarantined, [573a7a428703f5415e04830e9174b64a], 
 
Registry Values: 1
PUP.Optional.SmartBar.A, HKU\S-1-5-21-1454471165-602162358-527237240-1003\SOFTWARE\SMARTBAR|GlobalUserId, 60876254-AB6B-4168-B8E9-A40E5A87E4CC, Quarantined, [573a7a428703f5415e04830e9174b64a]
 
Registry Data: 3
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[bfd2328a2b5f47eff69db58ef6108e72]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[0b86bdff3f4bcc6a7222d76c0bfbb24e]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[7a175468bbcff640b2e3083bd92d4bb5]
 
Folders: 2
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\conduit, Quarantined, [d9b8e4d89cee7db90aea21d258abb44c], 
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\conduit\facebook, Quarantined, [d9b8e4d89cee7db90aea21d258abb44c], 
 
Files: 18
PUP.Optional.InstallIQ.A, C:\Documents and Settings\ASQ\My Documents\Downloads\installfreefileopener_553.exe, Quarantined, [a5ecc9f341499d99e336f55af40db848], 
Adware.InstallBrain, C:\Documents and Settings\ASQ\My Documents\Downloads\VideoPerformerSetup.exe, Quarantined, [761b813ba8e2a096694ccc742ad70ff1], 
PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\ASQ\My Documents\Downloads\bsplayer257.1051EN_clip(2).exe, Quarantined, [573a4f6d23672a0cbb9df292fb0b14ec], 
PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\ASQ\My Documents\Downloads\bsplayer257.1051EN_clip(3).exe, Quarantined, [0f823587830701351840dba9ec1a3ec2], 
PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\ASQ\My Documents\Downloads\bsplayer257.1051EN_clip.exe, Quarantined, [4f426755c2c80b2bcd8b9aeaa066f907], 
PUP.Optiona.ConduitTB.Gen, C:\Documents and Settings\ASQ\My Documents\Downloads\bsplayer258.1058.exe, Quarantined, [e0b128949bef2c0af365552ff412ac54], 
PUP.Optional.InstallCore.A, C:\Documents and Settings\ASQ\My Documents\Downloads\microsoft-word-2013.exe, Quarantined, [c2cfb5073d4d1c1a637f5414679b6d93], 
PUP.Optional.APNToolBar.A, C:\Documents and Settings\ASQ\My Documents\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe, Quarantined, [9ff21f9dd9b1d0661e086ef85ea4d42c], 
PUP.Optional.InstallIQ.A, C:\Documents and Settings\ASQ\My Documents\Downloads\installfreefileopener_553(1).exe, Quarantined, [b7daceee3d4dc27401187fd09b66db25], 
PUP.Optional.InstallIQ.A, C:\Documents and Settings\ASQ\My Documents\Downloads\installfreefileopener_553(2).exe, Quarantined, [2d645c60acdef541ce4b301ffe031ae6], 
PUP.Optional.InstallIQ.A, C:\Documents and Settings\ASQ\My Documents\Downloads\installfreefileopener_553(3).exe, Quarantined, [d4bde1db4347d3638b8ec38c9071ce32], 
PUP.Optional.InstallIQ.A, C:\Documents and Settings\ASQ\My Documents\Downloads\installfreefileopener_553(4).exe, Quarantined, [a7ea83397b0fe25456c360efc8399967], 
PUP.Optional.MultiPlug, C:\Program Files\Passter\Passter.exe, Quarantined, [ddb41ba13d4db185b19d70e00df5b848], 
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\conduit\alertDB.sqlite, Quarantined, [d9b8e4d89cee7db90aea21d258abb44c], 
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\conduit\facebook\menu-en-us.xml, Quarantined, [d9b8e4d89cee7db90aea21d258abb44c], 
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\conduit\facebook\menu-null.xml, Quarantined, [d9b8e4d89cee7db90aea21d258abb44c], 
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\conduit\facebook\settings.xml, Quarantined, [d9b8e4d89cee7db90aea21d258abb44c], 
PUP.Optional.GboxApp.A, C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\d2qeh6x7.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://search.gboxapp.com/");),Replaced,[cbc6c5f75931092d5f381f694fb7ec14]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ESETScan.txt
 
C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Application Data\{d067a482-fa51-f593-d067-7a482fa5920b}\sammobile.premium_v2.1.3.apk.exe.vir a variant of Win32/Adware.MultiPlug.KV application
C:\AdwCleaner\Quarantine\C\Documents and Settings\ASQ\Application Data\Mozilla\Firefox\Profiles\l32pov3f.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}(3)\chrome(2)\bs_player.jar.vir Win32/Toolbar.Conduit potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\ASQ\Local Settings\Application Data\Conduit\Community Alerts\Aler0.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\ASQ\Local Settings\Application Data\Conduit\Community Alerts\Alert.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\ASQ\LOCALS~1\Temp\BS_Player\tbBS_2.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Clickable Links\Clickable Links.exe.vir Win32/Adware.MultiPlug.KG application
C:\AdwCleaner\Quarantine\C\Program Files\couponight\couponight.dll.vir a variant of Win32/Adware.MultiPlug.IX application
C:\AdwCleaner\Quarantine\C\Program Files\DigiSaavuera\DigiSaavuera.exe.vir Win32/Adware.MultiPlug.KG application
C:\AdwCleaner\Quarantine\C\Program Files\EnjoyCoaupoon\lxNI8TvJhhzfqd.dll.vir a variant of Win32/Adware.MultiPlug.KM application
C:\AdwCleaner\Quarantine\C\Program Files\EnjoyCoaupoon\lxNI8TvJhhzfqd.exe.vir Win32/Adware.MultiPlug.KG application
C:\AdwCleaner\Quarantine\C\Program Files\IIsaVeer\vaWpQi1DF6JrO4.dll.vir a variant of Win32/Adware.MultiPlug.KM application
C:\AdwCleaner\Quarantine\C\Program Files\IIsaVeer\vaWpQi1DF6JrO4.exe.vir Win32/Adware.MultiPlug.KG application
C:\AdwCleaner\Quarantine\C\Program Files\PriceMinuus\PriceMinuus.exe.vir a variant of Win32/Adware.MultiPlug.JY application
C:\AdwCleaner\Quarantine\C\Program Files\RobboSaver\SZpySbPYDMsQ5J.dll.vir a variant of Win32/Adware.MultiPlug.KM application
C:\AdwCleaner\Quarantine\C\Program Files\RobboSaver\SZpySbPYDMsQ5J.exe.vir Win32/Adware.MultiPlug.KG application
C:\AdwCleaner\Quarantine\C\Program Files\WinZip Driver Updater\WDUUninstall.exe.vir a variant of Win32/Systweak.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\WinZip Driver Updater\winzipdu.exe.vir a variant of Win32/Systweak.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\WINDOWS\system32\drivers\{a16a1775-5ab3-4034-ac52-de0795db97f0}Gt.sys.vir a variant of Win32/NetFilter.A potentially unsafe application
C:\Documents and Settings\ASQ\Application Data\WinZip\WinZipDU\WinZip Driver Updater\productSetup_Setup_7_21_2014.exe a variant of Win32/Systweak.R potentially unwanted application
D:\Adobe Photoshop CS2 ISO + Keygen\keygen\keygen.exe a variant of Win32/Keygen.CW potentially unsafe application
D:\programi\klcodec385fxtorrents.rar a variant of Win32/Kryptik.FA trojan
D:\programi\Ambient.Design.ArtRage.v2.5.19.Multilingual.Retail.Incl.Keymaker-ZWT\keygen.exe a variant of Win32/Keygen.CX potentially unsafe application
D:\programi\Winx 3GP PDA MP4 Video Converter 3.5.50\Crack\WinX3GPPDAMP4VideoConverter_GOLDCrack.exe a variant of Win32/HackTool.Patcher.X potentially unsafe application
 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добро утро..? Какво е състоянието на системата след процедурите до тук..? В дневника от ESET се виждат Keygen -и ..Да не ги трия аз...моля направете това ръчно:

 

 

D:\Adobe Photoshop CS2 ISO + Keygen\keygen\keygen.exe a variant of Win32/Keygen.CW potentially unsafe application

D:\programi\Ambient.Design.ArtRage.v2.5.19.Multilingual.Retail.Incl.Keymaker-ZWT\keygen.exe a variant of Win32/Keygen.CX potentially unsafe application
D:\programi\Winx 3GP PDA MP4 Video Converter 3.5.50\Crack\WinX3GPPDAMP4VideoConverter_GOLDCrack.exe a variant of Win32/HackTool.Patcher.X potentially unsafe application
 

 

 

 

FRST.gif Фикс с Farbar Recovery Scan Tool

 
icon13.gif Изтеглете прикачения файл и го запазете там, където сте свалили FRST.exe => fixlist.txt
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.
Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.

 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

 

 

xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg  Дневници
 
В следващия си отговор, моля да включите следните дневници:

 

  • FixLog.txt
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добро утро,компютъра се държи много по добре, даже не мисля ,че някога е бил по добре от сега.Вече ги няма проблемите реагира бързо на командите и изобщо мисля ,че е много добре.Дори стартира по бързо от преди,но програмата malawarebytes Anti-Malware , му тежи адски много на процесора постоянно го държи на 60 70% и като отворя хром застава на 100% и всичко насича.Като я изключа всичко е ок.Ето лога:

 

Fixlog.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Чудесно..! :)

 

icon_arrow.gif Изтеглете следния файл и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи публикувайте лог файла - fixlog.txt, който ще се създаде след работата. Той трябва да изтрие карантинната папка на инструмента разположена в C:FRS\Quarantine.

 

 

icon_arrow.gif Деинсталирайте ESET Online Scaner.

  • Start => Run, въведете control appwiz.cpl в полето.След това натиснете ENTER.
  • Изберете ESET Online Scanner от списъка с приложения, а след това маркирайте Remove. Aко бъдете подканени рестартирайте компютъра си.

 

 

icon_arrow.gif Изтеглете DelFix и го стартирайте. Сложете отметка пред:

  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
  • Create registry backup

delfix.JPG
 
..и след това натиснете бутона Run

  • След като операцията е завърши,ще се създаде дневник
  • Копирате го и го поставите в следващия си отговор

Инструмента ще се самоизтрие след като приключи своята задача!

 

 

 

Заразите които бяха в системата ви са обновили Chrome до developer версия, където всички защитни механизми и вътрешни проверки са изключени.Деинсталирайте сега и Google Chrome..но

преди да го премахнете си експортнете всички запаметени пароли и любими страници (ако имате такива в браузъра).

 

За отметките:

 

Експортиране на отметки от Chrome

  1. В горния десен ъгъл на прозореца на браузъра кликнете върху менюто на Chrome.
  2. Изберете Отметки > Диспечер на отметките.
  3. Кликнете върху менюто „Организиране“ в диспечера.
  4. Сега изберете Export bookmarks to HTML file.

Тук са даден инструкции след това как да ги импортнете обратно след преинсталацията на браузъра:

http://www.wikihow.c...rks-from-Chrome

 

За паролите вижте дали следния инструмент сработва:

http://www.intowindo...chrome-browser/

 

След това изтеглете и инсталирайте последната стабилна версия..!

 

 

vxyzw0.gif Обновете и Adobe Flash Player ..!

 

 

Сега е момента да си инсталирате антивирусна програма.Винаги я  поддържайте   с актуални дефиниции и  сканирайте с нея редовно.Само ще добавя никога да не разчитате само на  AV програма (ако си изберете безплатен вариант) ,добавете задължително и качествен HIPS базиран софтуер... COMODO, PrivateFirewall, Online Armor...What is Host Intrusion Prevention System (HIPS) and how does it work? .Справка: Сигурност и антивирусна защита
 

 

 

Препоръчвам ви да прегледате следните теми:

 

Оптимизиране на Windows с цел по-добра производителност

Ръководство за поддръжка на Windows (XP, Vista и 7) [Revision 2.0]

Какво да направя, ако компютърът ми работи бавно

 

Няма да е излишна и една дефрагментация..!Аз бих заложил това да стане с програмата MyDefrag..(Не се препоръчва дефрагментация на SSD Твърд диск )

 

Изтеглете MyDefrag и я инсталирайте.
 
Изберете System Disk Monthly => Посочете системния и recovery дяловете и натиснете Run
 
t23MhLW.png
 
Може да отнеме доста време...след като приключи ще изпише Finished и можете да затворите програмата от X-са
 
How+do+I+consolidate+free+space+using+My
 
След това рестартирайте системата.

 

Ако нямате други проблеми да приключваме...Маркирам случая за "Решен"...! Пожелавам лек ден и безопасен интернет..! :)

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Да мисля ,че всички проблеми се решиха.Ще последвам съветите ви за безопасността на системата.

Благодаря ви за помощта и за отделеното време.  :handshake:

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от B0rn T0 P0rN (Forest*)
      Нещо не схванах каква е цялата схема на раздела, но моето не е чак толкова голям проблем. Изтеглих си Bandicam от "някакъв" сайт, но когато тръгнах да го инсталирам ми изкара прозорче, в което искаше да му дам достъп като админ, за да продължи инсталацията. Направи ми впечатление, че искаше да инсталира някакъв друг software и направо му цъкнах Cancel, след това компютъра заби за около 1-2 секунди, отворих Task manager-a, поне над 6-7 процеса (непознати) работеха, както и да е, инсталира ми някакви програмки, премахнах ги, всичко ток ама без жицата. Остана един друг проблееем.. Сега от цялата история остана един AD който не намирам начин да го премахна.. Гледах, суках, струвах, изтеглих Junkware Removal Tool-a дето уж щял да помогне но уви, не помогна. Ето ей таз глупост не успявам да я премахна > ЦЪК < На антивирустни изобщо не се доверявам, хем компютъра цикли повече от тях, хем двойно повече вируси се бъкат.. Абе като дъвка са за вирусите. Ето и log-a след края на JRT; 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 7 Ultimate x64 Ran by idk (Administrator) on ўв 15.01.2019 Ј. at 3:38:08,89 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 17 Failed to delete: C:\Program Files (x86)\proxygate (Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F68ZGOQX (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIQK8NQU (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HML355FN (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1LRYOEA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F68ZGOQX (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIQK8NQU (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HML355FN (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1LRYOEA (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on ўв 15.01.2019 Ј. at 3:40:09,86 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Само ми направи впечатление ей това > "Failed to delete: C:\Program Files (x86)\proxygate (Folder)", нещо ми е много мерак да го изтрия ръчно?
    • от legolas69
      Здравейте, въпросният лаптоп се използва от майка ми за ежедневни дейности и то рядко. При стартирането на системата ESET засича PUP.Optional.Reimage, позволих си да сканирам с Malwarebytes, БЕЗ да предприемам действия. Каква е тази папка и има ли нещо притеснително ? Благодаря предварително. 
      Addition.txt
      FRST.txt
      malwarebytes.txt
    • от v3cko
      Здравейте и за много години,моят проблем хром бавно отваря забива и се срива- отварят се по няколко страници . В момента съм safe mode иначе забива
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2019
      Ran by ВЕС (administrator) on WIN-SKFJ6HLGST2 (03-01-2019 20:43:32)
      Running from C:\Users\ВЕС\Downloads
      Loaded Profiles: ВЕС (Available Profiles: ВЕС)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
      Internet Explorer Version 8 (Default browser: Chrome)
      Boot Mode: Safe Mode (with Networking)
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\Run: [DHY0GM3ATCSFE7M] => "C:\Program Files\x0h1djdcnoe\3OQCH.exe"
      HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
      HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\MountPoints2: {41be252d-0f82-11e9-a624-002713343a56} - F:\Lenovo_Suite.exe
      HKLM\...\Drivers32: [MSVideo8] => C:\Windows\system32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
      HKLM\Software\Microsoft\Active Setup\Installed Components: [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> C:\Windows\System32\iedkcs32.dll [2010-11-20] (Microsoft Corporation)
      HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2019-01-03] (Google Inc.)
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{840DEA2A-8553-4D25-A5FB-7DB86C5BFBE5}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{EE11610E-0BCC-42A7-A0AC-89B4A3B92BF1}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-3512987231-521144983-709920193-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
      SearchScopes: HKU\S-1-5-21-3512987231-521144983-709920193-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10477_754_190103&q={searchTerms}
      BHO: YoutubeAdBlock -> {984AFA40-4BEC-457F-AEDE-FE3404A646FA} -> C:\Program Files\VKkhWVSisIE\kwTiXoR.dll => No File
      FireFox:
      ========
      FF ProfilePath: C:\Users\ВЕС\AppData\Roaming\K-Meleon\oytl87x0.default [2019-01-03]
      FF user.js: detected! => C:\Users\ВЕС\AppData\Roaming\K-Meleon\oytl87x0.default\user.js [2006-04-06]
      FF Extension: (NewsFox) - C:\Users\ВЕС\Downloads\k-meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2016-01-04] [Legacy] [not signed]
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]
      Chrome: 
      =======
      CHR HomePage: Default -> hxxp://google.bg/
      CHR Profile: C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default [2019-01-03]
      CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2019-01-03]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-03]
      CHR Extension: (Chrome Media Router) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-03]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      "qamplvkj" => service was unlocked. <==== ATTENTION
      S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-12] (Google Inc.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
      S2 qamplvkj; C:\Windows\system32\qamplvkj\dfaricjc.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
      S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
      S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2019-01-03] (Malwarebytes)
      S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [106144 2019-01-03] (Malwarebytes)
      S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63760 2019-01-03] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2019-01-03] (Malwarebytes)
      S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [83648 2019-01-03] (Malwarebytes)
      U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2019-01-04 03:15 - 2019-01-04 03:15 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
      2019-01-04 03:15 - 2019-01-04 03:15 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
      2019-01-04 03:14 - 2019-01-04 03:14 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
      2019-01-04 03:10 - 2019-01-03 18:31 - 000000000 ____D C:\Windows\Panther
      2019-01-04 03:03 - 2019-01-04 03:03 - 000000000 ____D C:\Windows.old
      2019-01-03 20:43 - 2019-01-03 20:43 - 001783808 _____ (Farbar) C:\Users\ВЕС\Downloads\FRST.exe
      2019-01-03 20:43 - 2019-01-03 20:43 - 000007564 _____ C:\Users\ВЕС\Downloads\FRST.txt
      2019-01-03 20:43 - 2019-01-03 20:43 - 000000000 ____D C:\FRST
      2019-01-03 20:18 - 2019-01-03 20:18 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2019-01-03 20:18 - 2019-01-03 20:18 - 000083648 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2019-01-03 20:18 - 2019-01-03 20:18 - 000063760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2019-01-03 20:03 - 2019-01-03 20:03 - 000000000 ____D C:\Users\ВЕС\AppData\Local\mbam
      2019-01-03 20:02 - 2019-01-03 20:42 - 000172280 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2019-01-03 20:02 - 2019-01-03 20:02 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2019-01-03 20:02 - 2019-01-03 20:02 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\Users\ВЕС\AppData\Local\mbamtray
      2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\ProgramData\Malwarebytes
      2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\Program Files\Malwarebytes
      2019-01-03 20:02 - 2018-12-04 08:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
      2019-01-03 20:00 - 2019-01-03 20:01 - 081227760 _____ (Malwarebytes ) C:\Users\ВЕС\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
      2019-01-03 19:40 - 2019-01-03 20:03 - 000000000 ____D C:\ProgramData\RogueKiller
      2019-01-03 19:40 - 2019-01-03 19:40 - 029162424 _____ (Adlice Software ) C:\Users\ВЕС\Downloads\RogueKiller_setup.exe
      2019-01-03 19:40 - 2019-01-03 19:40 - 000001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
      2019-01-03 19:40 - 2019-01-03 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
      2019-01-03 19:40 - 2019-01-03 19:40 - 000000000 ____D C:\Program Files\RogueKiller
      2019-01-03 19:34 - 2019-01-03 20:42 - 000265284 _____ C:\Windows\ntbtlog.txt
      2019-01-03 19:30 - 2019-01-03 19:30 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
      2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\teiqv2gvtfm
      2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\imgn0qmwmwh
      2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\acysy1vaoki
      2019-01-03 19:10 - 2019-01-03 19:10 - 006161408 _____ C:\Users\ВЕС\AppData\Local\dump007.dat
      2019-01-03 19:09 - 2019-01-03 19:09 - 000000009 _____ C:\Users\ВЕС\rstr1.ini
      2019-01-03 19:08 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\3zxuksmazmq
      2019-01-03 19:07 - 2019-01-03 19:07 - 000000258 __RSH C:\Users\ВЕС\ntuser.pol
      2019-01-03 19:04 - 2019-01-03 19:04 - 000000000 ____D C:\Windows\system32\qamplvkj
      2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\vi5lm2mflim
      2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\sq0zlve2tqj
      2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\qc1oa2vrskn
      2019-01-03 19:02 - 2019-01-03 19:02 - 000000000 ____D C:\Users\ВЕС\AppData\LocalLow\yHNPHHIzKpsCK
      2019-01-03 19:01 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\423viiu5lfu
      2019-01-03 19:01 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Michael
      2019-01-03 19:01 - 2019-01-03 19:19 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\ShopMore
      2019-01-03 19:01 - 2019-01-03 19:07 - 000002964 __RSH C:\ProgramData\ntuser.pol
      2019-01-03 19:01 - 2019-01-03 19:01 - 000493800 _____ (VideoDriver) C:\Windows\D04DE5140B2D.sys
      2019-01-03 19:01 - 2019-01-03 19:01 - 000140800 _____ C:\Users\ВЕС\AppData\Local\installer.dat
      2019-01-03 19:01 - 2019-01-03 19:01 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Python
      2019-01-03 19:00 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\ezc3lfxnx4j
      2019-01-03 19:00 - 2019-01-03 19:00 - 000000003 _____ C:\Users\ВЕС\AppData\Local\wbem.ini
      2019-01-03 19:00 - 2019-01-03 19:00 - 000000000 ____D C:\ProgramData\{AC10FE2E-1A46-0496-3E07-15883EE04CD9}
      2019-01-03 19:00 - 2019-01-03 19:00 - 000000000 ____D C:\ProgramData\{59403C6F-D807-F1C6-7FC5-457D7F221C2C}
      2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\Users\NYBMYXMIG-DECRYPT.txt
      2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\NYBMYXMIG-DECRYPT.txt
      2019-01-03 18:57 - 2019-01-03 18:57 - 000000000 ____H C:\d85105b2d85102533b.lock
      2019-01-03 18:56 - 2019-01-03 18:56 - 000000000 ____D C:\ProgramData\HCRGWPOIZH4OHCKX91M2
      2019-01-03 18:56 - 2015-08-03 08:53 - 000384000 _____ (SafeIP) C:\Windows\system32\SafeIPs.dll
      2019-01-03 18:55 - 2019-01-03 20:05 - 000000000 ____D C:\Program Files\KMSPico 10.2.1 Final
      2019-01-03 18:53 - 2018-12-10 23:04 - 000499424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      2019-01-03 18:48 - 2019-01-03 18:48 - 001259736 _____ (Plarium) C:\Users\ВЕС\Downloads\PlariumPlaySetup (1).exe
      2019-01-03 18:46 - 2019-01-03 18:46 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Package Cache
      2019-01-03 18:45 - 2019-01-03 19:03 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Mozilla
      2019-01-03 18:45 - 2019-01-03 18:45 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\K-Meleon
      2019-01-03 18:45 - 2019-01-03 18:45 - 000000000 ____D C:\Users\ВЕС\AppData\Local\K-Meleon
      2019-01-03 18:44 - 2019-01-03 18:44 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Plarium
      2019-01-03 18:44 - 2019-01-03 18:44 - 000000000 ____D C:\Users\ВЕС\AppData\Local\CEF
      2019-01-03 18:39 - 2019-01-03 18:39 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Google
      2019-01-03 18:38 - 2019-01-03 19:53 - 000002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2019-01-03 18:38 - 2019-01-03 19:53 - 000002161 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2019-01-03 18:37 - 2019-01-03 19:02 - 000000000 ____D C:\Program Files\Google
      2019-01-03 18:37 - 2019-01-03 19:00 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Google
      2019-01-03 18:37 - 2019-01-03 18:37 - 000057560 _____ C:\Users\ВЕС\AppData\Local\GDIPFONTCACHEV1.DAT
      2019-01-03 18:37 - 2019-01-03 18:37 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Deployment
      2019-01-03 18:37 - 2019-01-03 18:37 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Apps\2.0
      2019-01-03 18:36 - 2014-05-14 17:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
      2019-01-03 18:36 - 2014-05-14 17:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
      2019-01-03 18:36 - 2014-05-14 17:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
      2019-01-03 18:36 - 2014-05-14 17:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
      2019-01-03 18:36 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
      2019-01-03 18:36 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
      2019-01-03 18:33 - 2019-01-03 19:53 - 000001335 _____ C:\Users\ВЕС\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2019-01-03 18:33 - 2019-01-03 19:09 - 000000000 ____D C:\Users\ВЕС
      2019-01-03 18:33 - 2019-01-03 18:33 - 000000020 ___SH C:\Users\ВЕС\ntuser.ini
      2019-01-03 18:33 - 2019-01-03 18:33 - 000000000 ____D C:\Users\ВЕС\AppData\Local\VirtualStore
      2019-01-03 18:33 - 2010-11-21 01:46 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Media Center Programs
      2019-01-03 16:27 - 2019-01-03 16:27 - 000000000 ____D C:\My Drivers
      2018-12-30 08:50 - 2018-12-30 08:50 - 005183296 _____ (Marcin Szeniak ) C:\Users\ВЕС\Downloads\BCUninstaller_4.12.1_setup.exe
      2018-12-29 13:35 - 2018-12-29 13:35 - 000000000 ____D C:\SWSetup
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2019-01-04 03:15 - 2009-07-14 05:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      2019-01-04 03:15 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\sysprep
      2019-01-04 03:12 - 2010-11-21 01:46 - 000000000 ____D C:\Windows\CSC
      2019-01-04 03:10 - 2009-07-14 05:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template
      2019-01-03 20:30 - 2010-11-20 22:01 - 000713888 _____ C:\Windows\system32\PerfStringBackup.INI
      2019-01-03 20:30 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
      2019-01-03 20:18 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2019-01-03 20:17 - 2009-07-14 05:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2019-01-03 20:17 - 2009-07-14 05:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2019-01-03 19:01 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\GroupPolicy
      2019-01-03 18:57 - 2018-08-11 19:54 - 000000000 ____D C:\Intel
      2019-01-03 18:57 - 2017-10-21 13:53 - 000000000 ____D C:\LFS
      2019-01-03 18:57 - 2017-09-25 20:50 - 000000000 ___RD C:\BECKO-PC
      2019-01-03 18:57 - 2017-04-14 15:10 - 000036892 ____H C:\iCS Source.suo.nybmyxmig
      2019-01-03 18:33 - 2009-07-14 05:33 - 000266808 _____ C:\Windows\system32\FNTCACHE.DAT
      2019-01-03 18:31 - 2009-07-14 03:37 - 000000000 __RHD C:\Users\Public\Libraries
      2019-01-03 17:30 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\rescache
      2019-01-03 15:34 - 2018-08-11 14:17 - 000000000 ____D C:\Users\ВЕС\Downloads\k-meleon
      2019-01-01 13:09 - 2018-09-02 13:32 - 000000000 ____D C:\Users\ВЕС\Documents\TalkHelper
      ==================== Files in the root of some directories =======
      1601-01-03 21:26 - 1601-01-03 21:26 - 000186368 ____N (Microsoft Corporation) C:\Users\ВЕС\AppData\Local\aIQEonJ.exe
      2019-01-03 19:10 - 2019-01-03 19:10 - 006161408 _____ () C:\Users\ВЕС\AppData\Local\dump007.dat
      2019-01-03 19:01 - 2019-01-03 19:01 - 000140800 _____ () C:\Users\ВЕС\AppData\Local\installer.dat
      2019-01-03 19:00 - 2019-01-03 19:00 - 000000003 _____ () C:\Users\ВЕС\AppData\Local\wbem.ini
      Some files in TEMP:
      ====================
      2019-01-03 18:56 - 2019-01-03 18:56 - 000710464 _____ () C:\Users\ВЕС\AppData\Local\Temp\3.exe
      2019-01-03 19:00 - 2019-01-03 19:00 - 001312696 _____ (                                                            ) C:\Users\ВЕС\AppData\Local\Temp\fastdatax.exe
      2019-01-03 19:09 - 2019-01-03 20:19 - 000000000 ____D () C:\Users\ВЕС\AppData\Local\Temp\IEShims.dll
      2019-01-03 19:00 - 2019-01-03 19:00 - 003520512 _____ () C:\Users\ВЕС\AppData\Local\Temp\installer_mi.exe
      2019-01-03 18:56 - 2019-01-03 18:56 - 002715792 _____ (SafeIP, LLC.                                                ) C:\Users\ВЕС\AppData\Local\Temp\update.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2019-01-04 03:11
      ==================== End of FRST.txt ===========================
      Addition.txt

    • от Шабан Талипов
      Някой може ли дами помогне, тази грешка забранява достъпа на обновление на windows-a и не позволява включването на защитната стена. Пробвах с антивирусна програма bitdefender без успех
    • от Йорданка Т. Иванова
      Здравейте, при опит за възстановяване на системата към предишна дата, Avast направи пълно сканиране на компютъра и ми премести в клетка заразените файлове.
      Има ли възможност да се почисти компютъра от въпросните заплахи и съответно да си възстановя файловете, най-вече тези /ако има такива/, които са необходими за правилното функциониране на системата.
      П.П.: Пълен лаик съм на тема антивирусни програми.
      Нов Microsoft Office PowerPoint Presentation.pptx


      Ето го резултата от файла FRST
       
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
      Ran by Rosko (administrator) on ROSKO-PC (28-10-2018 14:36:09)
      Running from C:\Users\Rosko\Downloads
      Loaded Profiles: Rosko (Available Profiles: Rosko)
      Platform: Windows 7 Ultimate (X64) Language: Български (България)
      Internet Explorer Version 8 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
      (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BAVSvc.exe
      (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BHipsSvc.exe
      (Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe
      (Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
      (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BavTray.exe
      (Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSATray.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      () C:\Program Files (x86)\CalendarTool\2.0.0.1000176\CalendarServ.exe
      () C:\Program Files (x86)\CalendarTool\2.0.0.1000176\calendar.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\bavhm.exe
      (Intel Corporation) C:\Windows\System32\igfxEM.exe
      (Intel Corporation) C:\Windows\System32\igfxHK.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
      () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Baidu Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavadvtools2\8C8AEEC1-5166-4CE7-BBAD-7C37409D0C73\tool\bdMiniDownloaderGB_BAV-Mini_32_1002.exe
      (Baidu Inc.) C:\Users\Rosko\AppData\Local\MiniService\MiniService.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Viber Media S.à r.l.) C:\Users\Rosko\AppData\Local\Viber\Viber.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778352 2014-01-24] (Synaptics Incorporated)
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-10-18] (AVAST Software)
      HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BavTray.exe [2553328 2015-07-14] (Baidu, Inc.)
      HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe [132856 2017-05-18] (Intel)
      HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] (Qualcomm®Atheros®)
      HKU\S-1-5-21-749869763-3409154425-2811610640-1000\...\Run: [Viber] => C:\Users\Rosko\AppData\Local\Viber\Viber.exe [36762184 2018-10-22] (Viber Media S.à r.l.)
      HKU\S-1-5-21-749869763-3409154425-2811610640-1000\...\MountPoints2: {c4a92fbb-e173-11e7-9426-f8a963743fcb} - G:\LG_PC_Programs.exe
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 172.16.1.1
      Tcpip\..\Interfaces\{2FB69C23-4CBD-4252-994A-27D31EDC0D6D}: [DhcpNameServer] 172.16.1.1
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKU\S-1-5-21-749869763-3409154425-2811610640-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKU\S-1-5-21-749869763-3409154425-2811610640-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKU\S-1-5-21-749869763-3409154425-2811610640-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
      Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
      Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
      Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
      FireFox:
      ========
      FF DefaultProfile: 2csmqmsd.default
      FF ProfilePath: C:\Users\Rosko\AppData\Roaming\Mozilla\Firefox\Profiles\2csmqmsd.default [2018-07-05]
      FF Homepage: Mozilla\Firefox\Profiles\2csmqmsd.default -> about:blank
      FF Extension: (Avast SafePrice) - C:\Users\Rosko\AppData\Roaming\Mozilla\Firefox\Profiles\2csmqmsd.default\Extensions\sp@avast.com.xpi [2018-10-18]
      FF Extension: (Avast Online Security) - C:\Users\Rosko\AppData\Roaming\Mozilla\Firefox\Profiles\2csmqmsd.default\Extensions\wrc@avast.com.xpi [2018-10-18]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-09] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-09] ()
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
      FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2015-08-18] (Sun Microsystems, Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
      FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\enpsysau.js [2017-09-10]
      Chrome: 
      =======
      CHR DefaultProfile: Default
      CHR Profile: C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default [2018-10-28]
      CHR Extension: (Презентации) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-02]
      CHR Extension: (Документи) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-02]
      CHR Extension: (Google Диск) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-02]
      CHR Extension: (YouTube) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-02]
      CHR Extension: (Adobe Acrobat) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-10-02]
      CHR Extension: (Avast SafePrice | Сравнение, сделки, купони) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-10-19]
      CHR Extension: (Таблици) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-02]
      CHR Extension: (Google Документи офлайн) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-08]
      CHR Extension: (АБВ Уведомител) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\glkfpmcniebkbeakjdpobddpjghbapec [2018-10-28]
      CHR Extension: (Avast Online Security) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-18]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-02]
      CHR Extension: (Gmail) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-02]
      CHR Extension: (Chrome Media Router) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-28]
      CHR Profile: C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey [2018-10-28] <==== ATTENTION
      CHR Extension: (Презентации) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-23]
      CHR Extension: (Документи) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-23]
      CHR Extension: (Google Диск) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
      CHR Extension: (YouTube) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
      CHR Extension: (Google Търсене) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
      CHR Extension: (АБВ Уведомител) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\cpbekonjicgkldkmopnamgglbfaiojje [2015-11-25]
      CHR Extension: (Adobe Acrobat) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-08]
      CHR Extension: (Таблици) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-11]
      CHR Extension: (Farmville2 X-Press) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\gbgjpdhhnbgmnafojckjmjogcpoinlim [2018-10-24]
      CHR Extension: (Google Документи офлайн) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
      CHR Extension: (Avast Online Security) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-18]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-12]
      CHR Extension: (Gmail) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-23]
      CHR Extension: (Chrome Media Router) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-01]
      CHR HKU\S-1-5-21-749869763-3409154425-2811610640-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-10-18] (AVAST Software)
      R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows (R) Win 7 DDK provider) [File not signed]
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [325024 2018-10-18] (AVAST Software)
      R2 BavSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BavSvc.exe [2805208 2015-07-14] (Baidu, Inc.)
      S3 BdSandboxSrv; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BdSandboxSrv64.exe [490480 2015-04-29] (Baidu, Inc.)
      R2 BHipsSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BHipsSvc.exe [544032 2015-07-14] (Baidu, Inc.)
      S3 BsrSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools2\128B4BEC-5D89-43AD-BAA8-207084AA0E4F\tool\BsrSvc.exe [3503416 2015-07-08] (Baidu, Inc.)
      R2 DSAService; C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [21240 2017-05-18] (Intel)
      R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
      R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
      R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
      S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
      R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
      R2 MiniService; C:\Users\Rosko\AppData\Local\MiniService\MiniService.exe [103616 2018-10-28] (Baidu Inc.) [File not signed] <==== ATTENTION
      R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-09-10] (TeamViewer GmbH)
      R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.1000176\CalendarServ.exe [152720 2017-08-09] ()
      S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201408 2018-10-18] (AVAST Software)
      S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230512 2018-10-18] (AVAST Software)
      S3 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201928 2018-10-18] (AVAST Software)
      S3 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346760 2018-10-18] (AVAST Software)
      S3 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59664 2018-10-18] (AVAST Software)
      R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [185240 2018-10-18] (AVAST Software)
      S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47064 2018-10-18] (AVAST Software)
      R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42456 2018-10-18] (AVAST Software)
      R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163376 2018-10-18] (AVAST Software)
      S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111968 2018-10-18] (AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88112 2018-10-18] (AVAST Software)
      S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028840 2018-10-18] (AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467904 2018-10-18] (AVAST Software)
      S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [208640 2018-10-18] (AVAST Software)
      S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381144 2018-10-18] (AVAST Software)
      U3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BdApiUtil64.sys [116936 2015-07-14] (Baidu, Inc.)
      R3 bdark64; C:\Windows\system32\drivers\bdark64.sys [78792 2015-04-20] ()
      U3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BdCameraProtect64.sys [25000 2015-07-14] (Baidu, Inc.)
      S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [235976 2015-04-29] (Baidu, Inc.)
      R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [62920 2015-07-14] (Baidu, Inc.)
      R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38344 2015-07-14] (Baidu, Inc.)
      R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [62792 2015-07-14] (Baidu, Inc.)
      R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [487144 2015-07-14] (Baidu, Inc.)
      R3 Bnmon; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\Bnmon64.sys [82376 2015-07-14] (Baidu, Inc.)
      R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [171464 2015-07-14] (Baidu, Inc.)
      S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
      R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-08-08] (REALiX(tm))
      R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
      R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
      R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
      U3 aswbdisk; no ImagePath
      U0 Partizan; system32\drivers\Partizan.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-10-28 14:35 - 2018-10-28 14:36 - 000000000 ____D C:\FRST
      2018-10-28 14:35 - 2018-10-28 14:35 - 002414592 _____ (Farbar) C:\Users\Rosko\Downloads\FRST64.exe
      2018-10-28 14:28 - 2018-10-28 14:36 - 000021836 _____ C:\Users\Rosko\Downloads\FRST.txt
      2018-10-28 14:26 - 2018-10-28 14:27 - 000020080 _____ C:\Users\Rosko\Downloads\Addition.txt
      2018-10-28 13:34 - 2018-10-28 13:34 - 000000000 ____D C:\Users\Rosko\AppData\Local\MiniService
      2018-10-28 13:29 - 2018-10-28 13:32 - 000000000 ____D C:\ProgramData\BsrSvc_exe
      2018-10-28 13:19 - 2018-10-28 13:20 - 000617400 _____ C:\Users\Rosko\Desktop\Нов Microsoft Office PowerPoint Presentation.pptx
      2018-10-28 12:40 - 2018-10-28 13:16 - 000000000 ____D C:\ProgramData\BavSvc_exe
      2018-10-28 12:37 - 2018-10-28 12:37 - 000000000 ____D C:\Users\Rosko\AppData\Local\Viber
      2018-10-28 09:17 - 2018-10-28 11:16 - 000000000 ____D C:\Users\Rosko\Desktop\официялни споразумения 2018-2019г
      2018-10-26 17:03 - 2018-10-26 17:03 - 000102327 _____ C:\Users\Rosko\Downloads\П-03001718127835-177-001_archive (1).zip
      2018-10-24 10:41 - 2018-10-24 10:41 - 000000000 ____D C:\Users\Rosko\AppData\Roaming\AVAST Software
      2018-10-24 10:39 - 2018-10-24 10:39 - 000611358 _____ C:\Users\Rosko\Downloads\379984975 (1).pdf
      2018-10-24 10:32 - 2018-10-28 12:37 - 000000000 ____D C:\Users\Rosko\AppData\Local\AVAST Software
      2018-10-22 15:05 - 2018-10-22 15:06 - 000103383 _____ C:\Users\Rosko\Downloads\П-03001718185275-040-001_archive.zip
      2018-10-20 07:48 - 2018-10-20 07:48 - 000230931 _____ C:\Users\Rosko\Downloads\ЗП Ростислав Недков 19.10 (1).pdf
      2018-10-20 07:40 - 2018-10-20 07:40 - 000230931 _____ C:\Users\Rosko\Downloads\ЗП Ростислав Недков 19.10.pdf
      2018-10-19 08:51 - 2018-10-19 08:51 - 002437339 _____ C:\Users\Rosko\Downloads\dec92_2016_1010_баркод_с_ръководство_за_потребителя.rar
      2018-10-18 18:17 - 2018-10-18 18:17 - 000665976 _____ C:\Users\Rosko\Downloads\Re6enie_VAS_27.02.2018 (1).pdf
      2018-10-18 11:52 - 2018-10-18 11:52 - 000039854 _____ C:\Users\Rosko\Downloads\nlnazadyljenia[1] (1).pdf
      2018-10-18 10:16 - 2018-10-18 10:16 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2018-10-18 10:16 - 2018-10-18 10:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
      2018-10-18 10:15 - 2018-10-18 10:15 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
      2018-10-18 10:14 - 2018-10-26 00:45 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
      2018-10-18 10:13 - 2018-10-18 10:13 - 001142072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
      2018-10-18 10:13 - 2018-10-18 10:13 - 000467904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000381144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      2018-10-18 10:13 - 2018-10-18 10:13 - 000208640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000201408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000163376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000111968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000088112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000047064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
      2018-10-18 10:13 - 2018-10-18 10:12 - 001028840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 001001272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
      2018-10-18 10:13 - 2018-10-18 10:12 - 000346760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 000230512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 000201928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 000185240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 000059664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 000042456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
      2018-10-18 10:11 - 2018-10-18 11:43 - 000000000 ____D C:\ProgramData\AVAST Software
      2018-10-18 10:11 - 2018-10-18 10:11 - 000000000 ____D C:\Program Files\AVAST Software
      2018-10-18 10:09 - 2018-10-18 16:40 - 000000000 ____D C:\Users\Rosko\Documents\ViberDownloads
      2018-10-18 10:09 - 2018-10-18 10:09 - 000000000 ____D C:\Users\Rosko\AppData\Local\Viber Media S.à r.l
      2018-10-18 10:08 - 2018-10-28 13:47 - 000000000 ____D C:\Users\Rosko\AppData\Roaming\ViberPC
      2018-10-18 10:08 - 2018-10-18 10:08 - 000000956 _____ C:\Users\Rosko\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
      2018-10-18 10:08 - 2018-10-18 10:08 - 000000954 _____ C:\Users\Rosko\Desktop\Viber.lnk
      2018-10-18 10:08 - 2018-10-18 10:08 - 000000000 ____D C:\Users\Rosko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
      2018-10-18 10:08 - 2018-10-18 10:08 - 000000000 ____D C:\Users\Rosko\AppData\Local\cache
      2018-10-18 10:07 - 2018-10-18 10:07 - 000000000 ____D C:\Users\Rosko\AppData\Local\Package Cache
      2018-10-18 10:06 - 2018-10-18 10:07 - 089186064 _____ (Viber Media Inc.) C:\Users\Rosko\Downloads\ViberSetup.exe
      2018-10-17 22:33 - 2018-10-17 22:33 - 000267977 _____ C:\Users\Rosko\Downloads\danuchno_oblagane_vnoski_na_zemedelski_proizvoditeli (4).pdf
      2018-10-17 22:08 - 2018-10-17 22:09 - 000749389 _____ C:\Users\Rosko\Downloads\Нов Презентация на Microsoft PowerPoint (2).pptx
      2018-10-17 21:41 - 2018-10-17 21:41 - 000749389 _____ C:\Users\Rosko\Downloads\Нов Презентация на Microsoft PowerPoint (1).pptx
      2018-10-17 21:14 - 2018-10-17 21:14 - 000267977 _____ C:\Users\Rosko\Downloads\danuchno_oblagane_vnoski_na_zemedelski_proizvoditeli (3).pdf
      2018-10-17 16:19 - 2018-10-17 16:19 - 000289368 _____ C:\Windows\Minidump\101718-14539-01.dmp
      2018-10-17 15:07 - 2018-10-17 15:07 - 003833305 _____ C:\Users\Rosko\Downloads\dec50_2017_19.03.2018.rar
      2018-10-17 14:45 - 2018-10-17 14:45 - 004074946 _____ C:\Users\Rosko\Downloads\dec50_2016_баркод_с_ръководство_за_потребителя.rar
      2018-10-17 12:55 - 2018-10-17 12:55 - 000648847 _____ C:\Users\Rosko\Downloads\DOM (2).pdf
      2018-10-17 07:52 - 2018-10-17 07:52 - 000012846 _____ C:\Users\Rosko\Downloads\Spravka vazstanovqvane (4).ods
      2018-10-17 07:52 - 2018-10-17 07:52 - 000000165 ____H C:\Users\Rosko\Downloads\~$Spravka vazstanovqvane (4).ods
      2018-10-16 13:59 - 2018-10-16 13:59 - 070935933 _____ C:\Users\Rosko\Downloads\wetransfer-a3a156.zip
      2018-10-16 12:10 - 2018-10-16 12:10 - 001266784 _____ C:\Users\Rosko\Downloads\statement (21).pdf
      2018-10-16 12:09 - 2018-10-16 12:09 - 001105420 _____ C:\Users\Rosko\Downloads\statement (20).pdf
      2018-10-16 10:58 - 2018-10-16 10:58 - 000648847 _____ C:\Users\Rosko\Downloads\DOM (1).pdf
      2018-10-16 08:14 - 2018-10-16 08:14 - 001939889 _____ C:\Users\Rosko\Downloads\95_09.pdf
      2018-10-15 16:01 - 2018-10-15 16:01 - 000749389 _____ C:\Users\Rosko\Downloads\Нов Презентация на Microsoft PowerPoint.pptx
      2018-10-15 15:57 - 2018-10-15 15:57 - 000102327 _____ C:\Users\Rosko\Downloads\П-03001718127835-177-001_archive.zip
      2018-10-15 13:54 - 2018-10-15 13:54 - 000648847 _____ C:\Users\Rosko\Downloads\Ползване на данъчни облекчения и наличие на задължения.pdf
      2018-10-15 13:47 - 2018-10-15 13:47 - 000648847 _____ C:\Users\Rosko\Downloads\DOM.pdf
      2018-10-12 13:49 - 2018-10-12 13:49 - 000009969 _____ C:\Users\Rosko\Downloads\РОСТИСЛАВ НЕДКОВ БОРИСОВ_2019_ЮПЕР.ZIP
      2018-10-12 13:49 - 2018-10-12 13:49 - 000001382 _____ C:\Users\Rosko\Downloads\НЕДКО БОРИСОВ КОЛЕВ_2019_ЮПЕР.ZIP
      2018-10-12 13:48 - 2018-10-12 13:48 - 000001499 _____ C:\Users\Rosko\Downloads\НЕДКО БОРИСОВ КОЛЕВ_2019_БОЖУРОВО.ZIP
      2018-10-12 09:23 - 2018-10-12 09:23 - 000075048 _____ C:\Users\Rosko\Downloads\Crystal Reports - sp_invoice_text_only_2007_5_l.rpt (1).pdf
      2018-10-10 12:50 - 2018-10-10 12:50 - 004808921 _____ C:\Users\Rosko\Downloads\П-03001718168660-004-001_archive.zip
      2018-10-06 15:09 - 2018-10-06 15:09 - 000611358 _____ C:\Users\Rosko\Downloads\379984975.pdf
      2018-10-04 13:28 - 2018-10-04 13:28 - 000156030 _____ C:\Users\Rosko\Downloads\П-03001718168660-040-001_archive.zip
      2018-10-01 18:27 - 2018-10-01 18:27 - 000143428 _____ C:\Users\Rosko\Downloads\Информационна брошура за бъдещите майки.pdf
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-10-28 14:23 - 2009-07-14 06:45 - 000016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-10-28 14:23 - 2009-07-14 06:45 - 000016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-10-28 14:19 - 2009-07-14 05:20 - 000000000 ____D C:\PerfLogs
      2018-10-28 14:11 - 2017-08-24 12:56 - 000000000 ____D C:\Users\Rosko\AppData\Roaming\CalendarTool
      2018-10-28 12:42 - 2009-07-14 07:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-10-28 12:42 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      2018-10-28 12:36 - 2017-06-10 14:47 - 000000000 __SHD C:\Users\Rosko\IntelGraphicsProfiles
      2018-10-28 12:36 - 2015-04-23 13:38 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-10-28 12:35 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-10-28 11:44 - 2016-08-08 17:51 - 000000000 ___HD C:\Program Files (x86)\m3yE3E0
      2018-10-28 10:43 - 2015-04-23 12:58 - 000000000 ____D C:\Users\Rosko\AppData\Local\Microsoft Help
      2018-10-28 10:29 - 2017-01-10 10:04 - 000000000 ____D C:\Users\Rosko\AppData\Local\CrashDumps
      2018-10-27 19:48 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\tracing
      2018-10-24 07:25 - 2015-04-24 13:10 - 000000000 ____D C:\Users\Rosko\AppData\Roaming\Skype
      2018-10-23 08:18 - 2017-02-01 21:07 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2018-10-18 09:43 - 2018-07-09 15:03 - 000000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
      2018-10-18 09:43 - 2016-02-04 18:11 - 000002998 _____ C:\Windows\wininit.ini
      2018-10-17 16:19 - 2015-06-12 12:20 - 000000000 ____D C:\Windows\Minidump
      2018-10-17 16:18 - 2015-06-12 12:20 - 375178840 _____ C:\Windows\MEMORY.DMP
      2018-10-15 10:59 - 2009-07-14 07:08 - 000032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
      2018-10-09 21:41 - 2018-03-14 11:33 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
      2018-10-09 21:41 - 2017-02-01 18:37 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2018-10-09 21:41 - 2017-02-01 18:37 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2018-10-09 21:41 - 2017-02-01 18:37 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2018-10-09 21:41 - 2017-02-01 18:37 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2018-10-09 21:41 - 2017-02-01 18:37 - 000000000 ____D C:\Windows\system32\Macromed
      2018-10-04 13:28 - 2015-11-03 22:05 - 000000000 ____D C:\Users\Rosko\AppData\LocalLow\Adobe
      2018-10-01 21:10 - 2015-04-23 13:18 - 000000000 ____D C:\KMPlayer
      2018-10-01 08:27 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
      ==================== Files in the root of some directories =======
      2015-10-10 07:33 - 2015-10-10 07:33 - 000229019 _____ () C:\ProgramData\KTLVGTHRCQSO.dat
      2017-06-08 17:31 - 2017-06-08 17:31 - 000000017 _____ () C:\Users\Rosko\AppData\Local\resmon.resmoncfg
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-10-26 08:40
      ==================== End of FRST.txt ============================
      Addition.txt
  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.