Премини към съдържанието

Препоръчан отговор


Здравейте .. Днес докато бях на лаптопа . Ми излезе прозорец  acnom.exe - Application error 

The application was unable to start correctly (0xc0000142).Click OK to close the application ...    след като ми излезе го затворих и не обърнах внимание... по късно ми се наложи да отворя Notepad ... и като го отворя се затваря сам след секунда... същото със Paint ... 2те неща имат ли връзка ... също и процесора почна да заглява повече  ? Погледнах в нета и там изтеглих някаква програма iExplore(тази) ... Та оправи това с затварянето на NotePad  и Paint ...  и ме е страх да рестартирам лаптопа или да си включа телефона през USB-то ...  незнам какво ще последва . Това всъщност някаква програма ли е ? Или някакв вирус ... Странна работа :no-no::ohmy:

IMG_20170610_212206.jpg

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-06-2017
Ran by Alex (administrator) on ALEX-PC (10-06-2017 22:08:30)
Running from C:\Users\Alex\Downloads
Loaded Profiles: Alex (Available Profiles: Alex)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo) C:\Users\Alex\AppData\Local\Apps\2.0\4MHXETT2.GXM\3XKNGPCD.ZN9\lsb...tion_2d7b41b05b24775e_0001.0006_3b0a905c8de4f74a\LSB.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\SysData\control.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
() C:\SysData\acnom.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-668039837-2378809781-489334385-1001\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-668039837-2378809781-489334385-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6851288 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-668039837-2378809781-489334385-1001\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
HKU\S-1-5-21-668039837-2378809781-489334385-1001\...\Run: [Registry Driver] => C:\Windows\registration\regdrv.exe [2882560 2017-06-10] ()
HKU\S-1-5-21-668039837-2378809781-489334385-1001\...\MountPoints2: F - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-668039837-2378809781-489334385-1001\...\MountPoints2: {1c906f89-8672-11e6-ac12-001e37d0f238} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-668039837-2378809781-489334385-1001\...\MountPoints2: {5be227d3-cace-11e6-b9d6-001e37d0f238} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-668039837-2378809781-489334385-1001\...\MountPoints2: {9e625f31-8339-11e6-ab64-001e37d0f238} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2017-04-02] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{E56D20B9-0C0F-44E2-A995-E2403EDBBA2C}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F10BE1E1-714E-4F64-8DE0-7188217C427E}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
HKU\S-1-5-21-668039837-2378809781-489334385-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File

FireFox:
========
FF DefaultProfile: 4jwz8oph.default
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\4jwz8oph.default [2017-05-30]
FF Extension: (Firefox All Aboard 1.6) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\4jwz8oph.default\Extensions\@all-aboard-v1-6 [2017-03-26]
FF Extension: (Site Deployment Checker) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\4jwz8oph.default\features\{5e11a0df-ac6f-4493-8184-b3e953c4a1ea}\deployment-checker@mozilla.org.xpi [2017-03-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default [2017-06-10]
CHR Extension: (Adblock Plus) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (AliExpress Tools) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\eenflijjbchafephdplkdmeenekabdfb [2017-04-28]
CHR Extension: (Until AM for Chrome) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjafmkicbmhcbapadecadciafbkecofl [2016-10-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
S2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [694360 2016-10-17] (Lenovo.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [15360 2016-05-25] (Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2016-07-06] (REALiX(tm))
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2016-07-06] (Intel Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [324152 2016-09-02] (Duplex Secure Ltd.)
U3 agrizx55; C:\Windows\system32\Drivers\agrizx55.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [X]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2016-05-25] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Addition.txt

Едвам успях да копирам нещата който пише... все пак като отворя notepad ми се затваря почти веднага :(  

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Тогава прикачи лог файла. Той е нужен, за да напиша скрипт.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Логът отново не е целият. Моля, направете нови логове и ги прикачете без да ги отваряте!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
публикувано (редактирано)
преди 10 минути, Stoyannnov написа:

Логът отново не е целият. Моля направете нови логове и ги прикачете без да ги отваряте!

Сега ок ли е ? Не съм отварял нищо :)

FRST.txt 

Addition.txt

Редактирано от crashgold (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не е ок. Друг вариант ще пробваме.

 

Стъпка 1

Изтеглете: gOxqojg.pngRkill.

  • Запазете файла на вашия десктоп.
  • Стартирайте файла като администратор. Десен бутон => Стартирай като администратор(Run as Administrator).
  • След като приключи работа, програмата ще отвори лог.
  • Прикачете лога към следващия Ви коментар. 

 

Стъпка 2

Изтеглете: 8864097u.png ADWCleaner.

  • Затворете всички браузъри и стартирайте AdwCleaner.exe.
  • Натиснете бутона SCAN.
  • След като приключи проверката натиснете бутона CLEAN.
  • Програмата ще затвори излишния софтуер и ще започне почистването.
  • След като приключи почистването ADWCleaner ще поиска рестарт. Съгласете се.
  • След зареждането на системата отидете до: C:\AdwCleaner и потърсете лог файл с името AdwCleaner[C0].txt.
  • Публикувайте съдържанието на "AdwCleaner[C0]" в следващия Ви коментар.

 

Стъпка 3

Изтеглете: 27GTdjx.png JRT.

  • Запазете файла на вашия десктоп.
  • Затворете всички браузъри.
  • Стартирайте JRT.exe.
  • След като се появи съобщението "Press any key to continue . . .". Натиснете което и да е копче от клавиатурата.
  • Програмата ще започне почистването. Не прекъсвайте работата и, и не използвайте системата докато протича почистването.
  • След като приключи почистването ще се отвори лог файл, който се намира на десктопа с име JRT.txt.
  • Копирайте съдържанието му и го поставете към следващия Ви коментар.

 

Стъпка 4

  • Направете нови логове с FRST и ги прикачете към следващия Ви коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 21 минути, Stoyannnov написа:

Не е ок. Друг вариант ще пробваме.

 

Стъпка 1

Изтеглете: gOxqojg.pngRkill.

  • Запазете файла на вашия десктоп.
  • Стартирайте файла като администратор. Десен бутон => Стартирай като администратор(Run as Administrator).
  • След като приключи работа, програмата ще отвори лог.
  • Прикачете лога към следващия Ви коментар. 

 

Стъпка 2

Изтеглете: 8864097u.png ADWCleaner.

  • Затворете всички браузъри и стартирайте AdwCleaner.exe.
  • Натиснете бутона SCAN.
  • След като приключи проверката натиснете бутона CLEAN.
  • Програмата ще затвори излишния софтуер и ще започне почистването.
  • След като приключи почистването ADWCleaner ще поиска рестарт. Съгласете се.
  • След зареждането на системата отидете до: C:\AdwCleaner и потърсете лог файл с името AdwCleaner[C0].txt.
  • Публикувайте съдържанието на "AdwCleaner[C0]" в следващия Ви коментар.

 

Стъпка 3

Изтеглете: 27GTdjx.png JRT.

  • Запазете файла на вашия десктоп.
  • Затворете всички браузъри.
  • Стартирайте JRT.exe.
  • След като се появи съобщението "Press any key to continue . . .". Натиснете което и да е копче от клавиатурата.
  • Програмата ще започне почистването. Не прекъсвайте работата и, и не използвайте системата докато протича почистването.
  • След като приключи почистването ще се отвори лог файл, който се намира на десктопа с име JRT.txt.
  • Копирайте съдържанието му и го поставете към следващия Ви коментар.

 

Стъпка 4

  • Направете нови логове с FRST и ги прикачете към следващия Ви коментар.

3тата стъпка неуспях да я изпълня ,защото когато го отворя ... ми изписва нали да натисна някое копче ... натискам .. и се затваря това черното прозорче подобно на Notepada-а ... след секуна се затваря само 

Addition.txt

FRST.txt

Rkill.txt

AdwCleaner[C0].txt

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Разбира се .. :) 

Както кажете така ще бъде :)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стъпка 1

Архивирайте следните файлове/папки:

Цитат

C:\Windows\registration\regdrv.exe

C:\Windows\inst.exe

C:\SysData

Забележка: Някои от тях може да са скрити!

  • Създайте 3 архива, като им сложите ЗАДЪЛЖИТЕЛНО парола: infected.
  • Качете 3-те архива в http://dox.abv.bg/files/sharenof и ми дайте линкове за изтегляне на лично съобщение!

 

Стъпка 2

Изтеглете файла fixlist и го запазете на вашия десктоп.

  • Стартирайте FRST.exe и натиснете бутона FIX веднъж!
  • Почистването ще започне, не използвайте системата!
  • След като приключи, ако ви поиска рестартиране, съгласете се.
  • След като зареди системата публикувайте лог файла с име fixlog.txt, който се намира на десктопа Ви.

Забележка: Текущия фикс да не се използва на други системи!

 

Стъпка 3

Изтеглете: MKLLMRQ.png Malwarebytes Anti-Malware.

  • Стартирайте инсталационния файл и следвайте съветника за инсталация.
  • Преди края на инсталацията премахнете отметката от: "Enable free trial of Malwarebytes Anti-Malware Premium" и се уверете че има отметка пред "Launch Malwarebytes Anti-Malware".
  • Отидете до табът Settings => Detection and Protection => сложете отметка на "Scan for rootkits".
  • Отидете до табът Dashboard => натиснете бутона "SCAN NOW".
  • Програмата автоматично ще провери за актуализации и ще започне сканирането.

Забележка: Ако видите съобщението "Could not load DDA driver" натиснете бутона "YES". След което разрешете на системата да се рестартира.

  • След като проверката приключи натиснете бутона "Remove Selected".
  • Системата ще поиска рестарт, съгласете се.
  • След като системата зареди MBAB ще зареди.
  • Отидете до табът History => Applications Logs.
  • Потърсете лог с име "SCAN LOG" с последната дата и час и натиснете върху него.
  • Натиснете бутона EXPORT => Copy to Clipboard.
  • Поставете съдържанието на лога с клавишната комбинация CTRL+V към следващия Ви коментар.

 

Стъпка 4

Изтеглете: QlYrtp7.jpg HitmanPro.

  • Запазете файла на вашия десктоп.
  • Стартирайте програмата.

Забележка: Програмата ще се актуализира, след актуализацията HitmanPro ще се рестартира.

  • Натиснете бутона "Напред".
  • Сложете отметка на лицензионното споразумение и натиснете отново бутона "Напред".
  • Кликнете върху "Не, искам да извърша еднократно сканиране на компютъра" и натиснете бутона "Напред".
  • Програмата ще започне да сканира. Сканирането ще отнеме ~2 минути.
  • След като сканирането приключи от списъка с намерените обекти(ако има такива) изберете Apply to all => Ignore.
  • Натиснете бутона "Next" и след това бутона "Изнеси резултатите от сканирането в XML файл" и запазете лог файла на десктопа.
  • Отворете лог файла, копирайте съдържанието му и го поставете в следващия Ви коментар.

Забележка: Ако от падащото меню няма Ignore тогава просто затворете програмата след края на проверката без да премахвате нищо!

От My Computer => Tools => Folder Options => View => Сложете отметка пред "Show hidden files, folders and drives".
Натиснете Apply.

Влезте в C:\Programdata\HitmanPro\Logs прикачете лога към следващия Ви коментар.

 

Стъпка 5

Изтеглете: jFsdnZn.png Emsissoft Emergency Kit

  • Стартирайте файла и посочете къде да се разархивира програмата - например в (C:\EEK), натискайки бутона Extract.
  • Стартирайте файла Start Emsisoft Emergency Kit от десктопа за да стартирате програмата.
  • Натиснете бутона "Yes", когато бъдете подканени да обновите дефинициите на програмата.
  • След като обновяването на дефинициите приключи натиснете бутона "Scan".
  • Програмата ще Ви попита дали искате да включите засичането на Potentially Unwanted Applications,  натиснете бутона "Yes".
  • Натиснете бутона "Custom Scan". Премахнете от списъка оставете само дял C:\.
  • Натиснете "Next" за да започне проверката.
  • Когато проверката приключи натиснете бутона "View Report".
  • Копирайте съдържанието на лог файла в следващия Ви коментар.

 

 

 

П.С. Утре сутринта ще прегледам логовете, които сте качили, че много ми се спи.

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 48 минути, Stoyannnov написа:

Стъпка 1

Архивирайте следните файлове/папки:

Забележка: Някои от тях може да са скрити!

  • Създайте 3 архива, като им сложите ЗАДЪЛЖИТЕЛНО парола: infected.
  • Качете 3-те архива в http://dox.abv.bg/files/sharenof и ми дайте линкове за изтегляне на лично съобщение!

 

Стъпка 2

Изтеглете файла fixlist и го запазете на вашия десктоп.

  • Стартирайте FRST.exe и натиснете бутона FIX веднъж!
  • Почистването ще започне, не използвайте системата!
  • След като приключи, ако ви поиска рестартиране, съгласете се.
  • След като зареди системата публикувайте лог файла с име fixlog.txt, който се намира на десктопа Ви.

Забележка: Текущия фикс да не се използва на други системи!

 

Стъпка 3

Изтеглете: MKLLMRQ.png Malwarebytes Anti-Malware.

  • Стартирайте инсталационния файл и следвайте съветника за инсталация.
  • Преди края на инсталацията премахнете отметката от: "Enable free trial of Malwarebytes Anti-Malware Premium" и се уверете че има отметка пред "Launch Malwarebytes Anti-Malware".
  • Отидете до табът Settings => Detection and Protection => сложете отметка на "Scan for rootkits".
  • Отидете до табът Dashboard => натиснете бутона "SCAN NOW".
  • Програмата автоматично ще провери за актуализации и ще започне сканирането.

Забележка: Ако видите съобщението "Could not load DDA driver" натиснете бутона "YES". След което разрешете на системата да се рестартира.

  • След като проверката приключи натиснете бутона "Remove Selected".
  • Системата ще поиска рестарт, съгласете се.
  • След като системата зареди MBAB ще зареди.
  • Отидете до табът History => Applications Logs.
  • Потърсете лог с име "SCAN LOG" с последната дата и час и натиснете върху него.
  • Натиснете бутона EXPORT => Copy to Clipboard.
  • Поставете съдържанието на лога с клавишната комбинация CTRL+V към следващия Ви коментар.

 

Стъпка 4

Изтеглете: QlYrtp7.jpg HitmanPro.

  • Запазете файла на вашия десктоп.
  • Стартирайте програмата.

Забележка: Програмата ще се актуализира, след актуализацията HitmanPro ще се рестартира.

  • Натиснете бутона "Напред".
  • Сложете отметка на лицензионното споразумение и натиснете отново бутона "Напред".
  • Кликнете върху "Не, искам да извърша еднократно сканиране на компютъра" и натиснете бутона "Напред".
  • Програмата ще започне да сканира. Сканирането ще отнеме ~2 минути.
  • След като сканирането приключи от списъка с намерените обекти(ако има такива) изберете Apply to all => Ignore.
  • Натиснете бутона "Next" и след това бутона "Изнеси резултатите от сканирането в XML файл" и запазете лог файла на десктопа.
  • Отворете лог файла, копирайте съдържанието му и го поставете в следващия Ви коментар.

Забележка: Ако от падащото меню няма Ignore тогава просто затворете програмата след края на проверката без да премахвате нищо!

От My Computer => Tools => Folder Options => View => Сложете отметка пред "Show hidden files, folders and drives".
Натиснете Apply.

Влезте в C:\Programdata\HitmanPro\Logs прикачете лога към следващия Ви коментар.

 

Стъпка 5

Изтеглете: jFsdnZn.png Emsissoft Emergency Kit

  • Стартирайте файла и посочете къде да се разархивира програмата - например в (C:\EEK), натискайки бутона Extract.
  • Стартирайте файла Start Emsisoft Emergency Kit от десктопа за да стартирате програмата.
  • Натиснете бутона "Yes", когато бъдете подканени да обновите дефинициите на програмата.
  • След като обновяването на дефинициите приключи натиснете бутона "Scan".
  • Програмата ще Ви попита дали искате да включите засичането на Potentially Unwanted Applications,  натиснете бутона "Yes".
  • Натиснете бутона "Custom Scan". Премахнете от списъка оставете само дял C:\.
  • Натиснете "Next" за да започне проверката.
  • Когато проверката приключи натиснете бутона "View Report".
  • Копирайте съдържанието на лог файла в следващия Ви коментар.

 

 

 

П.С. Утре сутринта ще прегледам логовете, които сте качили, че много ми се спи.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10.6.2017 г.
Scan Time: 23:34 ч.
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.06.10.06
Rootkit Database: v2017.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Alex

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 224181
Time Elapsed: 12 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.FusionCore, C:\$Recycle.Bin\S-1-5-21-668039837-2378809781-489334385-1001\$R3YUPKF.exe, Quarantined, [404ebe7f3574bd794d66d51f629e6c94], 

Physical Sectors: 0
(No malicious items detected)


(end)

Fixlog.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

HitmanPro 3.7.20.286
www.hitmanpro.com
	   Computer name . . . . : ALEX-PC
   Windows . . . . . . . : 6.1.1.7601.X86/2
   User name . . . . . . : Alex-PC\Alex
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free
	   Scan date . . . . . . : 2017-06-10 23:52:04
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 11s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
	   Threats . . . . . . . : 6
   Traces  . . . . . . . : 8
	   Objects scanned . . . : 571 114
   Files scanned . . . . : 11 820
   Remnants scanned  . . : 110 069 files / 449 225 keys
	Miniport ____________________________________________________________________
	   Primary
      DriverObject . . . : 85969030
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 00000000 +0
      IRP_MJ_SCSI  . . . : 84C201F8 +0
   Solution
      DriverObject . . . : 85969030
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 00000000 +0
      IRP_MJ_SCSI  . . . : 894CD44E \SystemRoot\system32\drivers\ataport.SYS+25678
	Malware _____________________________________________________________________
	   C:\FRST\Quarantine\C\SysData\acnom.exe
      Size . . . . . . . : 1 490 432 bytes
      Age  . . . . . . . : 0.4 days (2017-06-10 15:08:12)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 7374051E75AE97BA687CD153927FACCD21FCDCC0B41A42867D38AC62064F6ABA
    > Bitdefender  . . . : Trojan.Generic.19781622
    > Kaspersky  . . . . : not-a-virus:RiskTool.Win32.BitCoinMiner.hzkc
    > HitmanPro  . . . . : Mal/Miner-C
      Fuzzy  . . . . . . : 116.0
      Forensic Cluster
         -39.4s C:\Windows\Prefetch\NEW.EXE-F4502095.pf
         -22.5s C:\Windows\Prefetch\NETSH.EXE-F1B6DA12.pf
         -21.2s C:\Windows\Prefetch\NET1.EXE-849DA590.pf
         -21.2s C:\Windows\Prefetch\NET.EXE-DF44F913.pf
         -20.8s C:\Windows\Prefetch\SC.EXE-945D79AE.pf
         -20.8s C:\FRST\Quarantine\C\Windows\Registration\regdrv.exe
         -10.6s C:\Windows\Prefetch\REGDRV.EXE-BA3E6977.pf
         -9.2s C:\FRST\Quarantine\C\Windows\System32\Tasks\RegUpdate.xBAD
         -8.1s C:\Windows\Prefetch\SCHTASKS.EXE-5CA45734.pf
         -6.7s C:\FRST\Quarantine\C\Windows\Registration\reg.cnf
         -6.4s C:\FRST\Quarantine\C\Windows\inst.exe.xBAD
         -3.5s C:\FRST\Quarantine\C\SysData\
         -3.5s C:\FRST\Quarantine\C\SysData\kill.exe
         -3.5s C:\FRST\Quarantine\C\SysData\install.exe
         -3.3s C:\Windows\Prefetch\INST.EXE-67B10D50.pf
         -0.1s C:\Windows\Prefetch\KILL.EXE-910AD0DC.pf
         -0.1s C:\FRST\Quarantine\C\SysData\control.exe
         -0.1s C:\FRST\Quarantine\C\SysData\acnon.exe
          0.0s C:\FRST\Quarantine\C\SysData\acnom.exe
          0.1s C:\Windows\Prefetch\INSTALL.EXE-49F7FADB.pf
          3.0s C:\Windows\Prefetch\POWERCFG.EXE-668FA411.pf
         10.1s C:\Windows\Prefetch\CONTROL.EXE-2196A7BD.pf
         12.7s C:\Windows\Prefetch\DWM.EXE-6FFD3DA8.pf
         20.7s C:\Windows\Prefetch\ACNOM.EXE-0D59A89E.pf
	   C:\FRST\Quarantine\C\SysData\acnon.exe
      Size . . . . . . . : 2 574 336 bytes
      Age  . . . . . . . : 0.4 days (2017-06-10 15:08:12)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : F687CDA3D24EEE4D4A4F495BE268439EE8A9C76A5D5532D024814DBC8D8A3E1A
    > Bitdefender  . . . : Trojan.GenericKD.4948405
    > Kaspersky  . . . . : HEUR:Trojan.Win32.Generic
    > HitmanPro  . . . . : Mal/Generic-S
      Fuzzy  . . . . . . : 116.0
      Forensic Cluster
         -39.4s C:\Windows\Prefetch\NEW.EXE-F4502095.pf
         -22.4s C:\Windows\Prefetch\NETSH.EXE-F1B6DA12.pf
         -21.2s C:\Windows\Prefetch\NET1.EXE-849DA590.pf
         -21.2s C:\Windows\Prefetch\NET.EXE-DF44F913.pf
         -20.7s C:\Windows\Prefetch\SC.EXE-945D79AE.pf
         -20.7s C:\FRST\Quarantine\C\Windows\Registration\regdrv.exe
         -10.5s C:\Windows\Prefetch\REGDRV.EXE-BA3E6977.pf
         -9.2s C:\FRST\Quarantine\C\Windows\System32\Tasks\RegUpdate.xBAD
         -8.0s C:\Windows\Prefetch\SCHTASKS.EXE-5CA45734.pf
         -6.7s C:\FRST\Quarantine\C\Windows\Registration\reg.cnf
         -6.4s C:\FRST\Quarantine\C\Windows\inst.exe.xBAD
         -3.5s C:\FRST\Quarantine\C\SysData\
         -3.4s C:\FRST\Quarantine\C\SysData\kill.exe
         -3.4s C:\FRST\Quarantine\C\SysData\install.exe
         -3.2s C:\Windows\Prefetch\INST.EXE-67B10D50.pf
         -0.1s C:\Windows\Prefetch\KILL.EXE-910AD0DC.pf
         -0.0s C:\FRST\Quarantine\C\SysData\control.exe
          0.0s C:\FRST\Quarantine\C\SysData\acnon.exe
          0.1s C:\FRST\Quarantine\C\SysData\acnom.exe
          0.2s C:\Windows\Prefetch\INSTALL.EXE-49F7FADB.pf
          3.1s C:\Windows\Prefetch\POWERCFG.EXE-668FA411.pf
         10.2s C:\Windows\Prefetch\CONTROL.EXE-2196A7BD.pf
         12.7s C:\Windows\Prefetch\DWM.EXE-6FFD3DA8.pf
         20.8s C:\Windows\Prefetch\ACNOM.EXE-0D59A89E.pf
	   C:\FRST\Quarantine\C\SysData\control.exe
      Size . . . . . . . : 97 280 bytes
      Age  . . . . . . . : 0.4 days (2017-06-10 15:08:12)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 0011B2FAF04AEDD7105DFD595FA719ECD4A465E32BB9F4D05F5228EE1F1B572E
    > Bitdefender  . . . : Trojan.Generic.21297371
    > Kaspersky  . . . . : HEUR:Trojan.Win32.AntiAV
    > HitmanPro  . . . . : Mal/Generic-S
      Fuzzy  . . . . . . : 115.0
      Forensic Cluster
         -39.4s C:\Windows\Prefetch\NEW.EXE-F4502095.pf
         -22.4s C:\Windows\Prefetch\NETSH.EXE-F1B6DA12.pf
         -21.2s C:\Windows\Prefetch\NET1.EXE-849DA590.pf
         -21.2s C:\Windows\Prefetch\NET.EXE-DF44F913.pf
         -20.7s C:\Windows\Prefetch\SC.EXE-945D79AE.pf
         -20.7s C:\FRST\Quarantine\C\Windows\Registration\regdrv.exe
         -10.5s C:\Windows\Prefetch\REGDRV.EXE-BA3E6977.pf
         -9.2s C:\FRST\Quarantine\C\Windows\System32\Tasks\RegUpdate.xBAD
         -8.0s C:\Windows\Prefetch\SCHTASKS.EXE-5CA45734.pf
         -6.7s C:\FRST\Quarantine\C\Windows\Registration\reg.cnf
         -6.4s C:\FRST\Quarantine\C\Windows\inst.exe.xBAD
         -3.5s C:\FRST\Quarantine\C\SysData\
         -3.4s C:\FRST\Quarantine\C\SysData\kill.exe
         -3.4s C:\FRST\Quarantine\C\SysData\install.exe
         -3.2s C:\Windows\Prefetch\INST.EXE-67B10D50.pf
         -0.1s C:\Windows\Prefetch\KILL.EXE-910AD0DC.pf
          0.0s C:\FRST\Quarantine\C\SysData\control.exe
          0.0s C:\FRST\Quarantine\C\SysData\acnon.exe
          0.1s C:\FRST\Quarantine\C\SysData\acnom.exe
          0.2s C:\Windows\Prefetch\INSTALL.EXE-49F7FADB.pf
          3.1s C:\Windows\Prefetch\POWERCFG.EXE-668FA411.pf
         10.2s C:\Windows\Prefetch\CONTROL.EXE-2196A7BD.pf
         12.7s C:\Windows\Prefetch\DWM.EXE-6FFD3DA8.pf
         20.8s C:\Windows\Prefetch\ACNOM.EXE-0D59A89E.pf
	   C:\FRST\Quarantine\C\SysData\install.exe
      Size . . . . . . . : 4 249 883 bytes
      Age  . . . . . . . : 0.4 days (2017-06-10 15:08:08)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : DA0253F680D5FDDC7C927671F830DE84D0B04C4528D2BBE72DEEAEAD26292B3C
    > Bitdefender  . . . : Trojan.Generic.19781622
    > Kaspersky  . . . . : not-a-virus:RiskTool.Win32.BitCoinMiner.hzkc
      Fuzzy  . . . . . . : 111.0
      Forensic Cluster
         -35.9s C:\Windows\Prefetch\NEW.EXE-F4502095.pf
         -19.0s C:\Windows\Prefetch\NETSH.EXE-F1B6DA12.pf
         -17.7s C:\Windows\Prefetch\NET1.EXE-849DA590.pf
         -17.7s C:\Windows\Prefetch\NET.EXE-DF44F913.pf
         -17.3s C:\Windows\Prefetch\SC.EXE-945D79AE.pf
         -17.3s C:\FRST\Quarantine\C\Windows\Registration\regdrv.exe
         -7.1s C:\Windows\Prefetch\REGDRV.EXE-BA3E6977.pf
         -5.7s C:\FRST\Quarantine\C\Windows\System32\Tasks\RegUpdate.xBAD
         -4.6s C:\Windows\Prefetch\SCHTASKS.EXE-5CA45734.pf
         -3.2s C:\FRST\Quarantine\C\Windows\Registration\reg.cnf
         -2.9s C:\FRST\Quarantine\C\Windows\inst.exe.xBAD
         -0.0s C:\FRST\Quarantine\C\SysData\
         -0.0s C:\FRST\Quarantine\C\SysData\kill.exe
          0.0s C:\FRST\Quarantine\C\SysData\install.exe
          0.2s C:\Windows\Prefetch\INST.EXE-67B10D50.pf
          3.4s C:\Windows\Prefetch\KILL.EXE-910AD0DC.pf
          3.4s C:\FRST\Quarantine\C\SysData\control.exe
          3.4s C:\FRST\Quarantine\C\SysData\acnon.exe
          3.5s C:\FRST\Quarantine\C\SysData\acnom.exe
          3.6s C:\Windows\Prefetch\INSTALL.EXE-49F7FADB.pf
          6.5s C:\Windows\Prefetch\POWERCFG.EXE-668FA411.pf
         13.6s C:\Windows\Prefetch\CONTROL.EXE-2196A7BD.pf
         16.2s C:\Windows\Prefetch\DWM.EXE-6FFD3DA8.pf
         24.2s C:\Windows\Prefetch\ACNOM.EXE-0D59A89E.pf
	   C:\FRST\Quarantine\C\SysData\kill.exe
      Size . . . . . . . : 400 896 bytes
      Age  . . . . . . . : 0.4 days (2017-06-10 15:08:08)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 992D091EDF1591D4F629BAD3FEAB0213AF3EB04A356C29758A8C3B4612565307
    > Bitdefender  . . . : Trojan.GenericKD.4944206
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.Generic
    > HitmanPro  . . . . : App/Generic-KE
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -35.9s C:\Windows\Prefetch\NEW.EXE-F4502095.pf
         -19.0s C:\Windows\Prefetch\NETSH.EXE-F1B6DA12.pf
         -17.7s C:\Windows\Prefetch\NET1.EXE-849DA590.pf
         -17.7s C:\Windows\Prefetch\NET.EXE-DF44F913.pf
         -17.3s C:\Windows\Prefetch\SC.EXE-945D79AE.pf
         -17.2s C:\FRST\Quarantine\C\Windows\Registration\regdrv.exe
         -7.1s C:\Windows\Prefetch\REGDRV.EXE-BA3E6977.pf
         -5.7s C:\FRST\Quarantine\C\Windows\System32\Tasks\RegUpdate.xBAD
         -4.6s C:\Windows\Prefetch\SCHTASKS.EXE-5CA45734.pf
         -3.2s C:\FRST\Quarantine\C\Windows\Registration\reg.cnf
         -2.9s C:\FRST\Quarantine\C\Windows\inst.exe.xBAD
         -0.0s C:\FRST\Quarantine\C\SysData\
          0.0s C:\FRST\Quarantine\C\SysData\kill.exe
          0.0s C:\FRST\Quarantine\C\SysData\install.exe
          0.2s C:\Windows\Prefetch\INST.EXE-67B10D50.pf
          3.4s C:\Windows\Prefetch\KILL.EXE-910AD0DC.pf
          3.4s C:\FRST\Quarantine\C\SysData\control.exe
          3.4s C:\FRST\Quarantine\C\SysData\acnon.exe
          3.5s C:\FRST\Quarantine\C\SysData\acnom.exe
          3.6s C:\Windows\Prefetch\INSTALL.EXE-49F7FADB.pf
          6.5s C:\Windows\Prefetch\POWERCFG.EXE-668FA411.pf
         13.6s C:\Windows\Prefetch\CONTROL.EXE-2196A7BD.pf
         16.2s C:\Windows\Prefetch\DWM.EXE-6FFD3DA8.pf
         24.2s C:\Windows\Prefetch\ACNOM.EXE-0D59A89E.pf
	   C:\FRST\Quarantine\C\Windows\Registration\regdrv.exe
      Size . . . . . . . : 2 882 560 bytes
      Age  . . . . . . . : 0.4 days (2017-06-10 15:07:51)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 3BBB752EAB10F117C21B2DE3D2C954188E9069A532EF8721DB21613BA0A576B0
    > Bitdefender  . . . : Trojan.GenericKD.4965748
    > Kaspersky  . . . . : HEUR:Trojan.Win32.Generic
    > HitmanPro  . . . . : Mal/Generic-S
      Fuzzy  . . . . . . : 121.0
      Forensic Cluster
         -18.7s C:\Windows\Prefetch\NEW.EXE-F4502095.pf
         -1.7s C:\Windows\Prefetch\NETSH.EXE-F1B6DA12.pf
         -0.5s C:\Windows\Prefetch\NET1.EXE-849DA590.pf
         -0.5s C:\Windows\Prefetch\NET.EXE-DF44F913.pf
         -0.0s C:\Windows\Prefetch\SC.EXE-945D79AE.pf
          0.0s C:\FRST\Quarantine\C\Windows\Registration\regdrv.exe
         10.2s C:\Windows\Prefetch\REGDRV.EXE-BA3E6977.pf
         11.5s C:\FRST\Quarantine\C\Windows\System32\Tasks\RegUpdate.xBAD
         12.7s C:\Windows\Prefetch\SCHTASKS.EXE-5CA45734.pf
         14.0s C:\FRST\Quarantine\C\Windows\Registration\reg.cnf
         14.3s C:\FRST\Quarantine\C\Windows\inst.exe.xBAD
         17.2s C:\FRST\Quarantine\C\SysData\
         17.2s C:\FRST\Quarantine\C\SysData\kill.exe
         17.3s C:\FRST\Quarantine\C\SysData\install.exe
         17.4s C:\Windows\Prefetch\INST.EXE-67B10D50.pf
         20.6s C:\Windows\Prefetch\KILL.EXE-910AD0DC.pf
         20.7s C:\FRST\Quarantine\C\SysData\control.exe
         20.7s C:\FRST\Quarantine\C\SysData\acnon.exe
         20.8s C:\FRST\Quarantine\C\SysData\acnom.exe
         20.9s C:\Windows\Prefetch\INSTALL.EXE-49F7FADB.pf
         23.8s C:\Windows\Prefetch\POWERCFG.EXE-668FA411.pf
         30.9s C:\Windows\Prefetch\CONTROL.EXE-2196A7BD.pf
         33.4s C:\Windows\Prefetch\DWM.EXE-6FFD3DA8.pf
         41.5s C:\Windows\Prefetch\ACNOM.EXE-0D59A89E.pf
	
Suspicious files ____________________________________________________________
	   C:\Users\Alex\Downloads\FRST.exe
      Size . . . . . . . : 1 776 640 bytes
      Age  . . . . . . . : 0.1 days (2017-06-10 22:04:45)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3490836F2F9267DBB31730D80904185ED995CE1C241661272795E3A09545E756
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
	
Cookies _____________________________________________________________________
	   C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com


 

Emsisoft Emergency Kit - Version 2017.4
Last update: 11.6.2017 г. 00:11:15
User account: Alex-PC\Alex
Computer name: ALEX-PC
OS version: Windows 7x86 Service Pack 1

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start:    11.6.2017 г. 00:12:36
C:\Program Files\GameSpy Arcade\     detected: Adware.Win32.Gaspacade (A) [221680]
Key: HKEY_USERS\S-1-5-21-668039837-2378809781-489334385-1001\SOFTWARE\GAMESPY\GAMESPY ARCADE     detected: Adware.Win32.Gaspacade (A) [250601]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\GAMESPY\GAMESPY ARCADE     detected: Adware.Win32.Gaspacade (A) [250602]
C:\FRST\Quarantine\C\SysData\install.exe -> (RAR Sfx o) -> [Comment] -> (unicode)     detected: Trojan.ScriptKD.4307 (B) [krnl.xmd]
C:\FRST\Quarantine\C\SysData\install.exe -> (RAR Sfx o) -> control.exe     detected: Trojan.Agent.CGTQ (B) [krnl.xmd]
C:\FRST\Quarantine\C\SysData\install.exe -> (RAR Sfx o) -> acnon.exe     detected: Trojan.Generic.21260223 (B) [krnl.xmd]
C:\FRST\Quarantine\C\SysData\install.exe -> (RAR Sfx o) -> acnom.exe     detected: Trojan.Generic.19781622 (B) [krnl.xmd]
C:\FRST\Quarantine\C\Windows\inst.exe.xBAD -> (RAR Sfx o) -> [Comment] -> (unicode)     detected: Trojan.ScriptKD.4274 (B) [krnl.xmd]
C:\FRST\Quarantine\C\Windows\inst.exe.xBAD -> (RAR Sfx o) -> kill.exe     detected: Trojan.GenericKD.4944206 (B) [krnl.xmd]
C:\FRST\Quarantine\C\Windows\inst.exe.xBAD -> (RAR Sfx o) -> install.exe -> (RAR Sfx o) -> [Comment] -> (unicode)     detected: Trojan.ScriptKD.4307 (B) [krnl.xmd]
C:\FRST\Quarantine\C\Windows\inst.exe.xBAD -> (RAR Sfx o) -> install.exe -> (RAR Sfx o) -> control.exe     detected: Trojan.Agent.CGTQ (B) [krnl.xmd]
C:\FRST\Quarantine\C\Windows\inst.exe.xBAD -> (RAR Sfx o) -> install.exe -> (RAR Sfx o) -> acnon.exe     detected: Trojan.Generic.21260223 (B) [krnl.xmd]
C:\FRST\Quarantine\C\Windows\inst.exe.xBAD -> (RAR Sfx o) -> install.exe -> (RAR Sfx o) -> acnom.exe     detected: Trojan.Generic.19781622 (B) [krnl.xmd]
C:\FRST\Quarantine\C\SysData\control.exe     detected: Trojan.Agent.CGTQ (B) [krnl.xmd]
C:\FRST\Quarantine\C\SysData\acnom.exe     detected: Trojan.Generic.19781622 (B) [krnl.xmd]
C:\FRST\Quarantine\C\SysData\kill.exe     detected: Trojan.GenericKD.4944206 (B) [krnl.xmd]
C:\FRST\Quarantine\C\SysData\acnon.exe     detected: Trojan.Generic.21260223 (B) [krnl.xmd]
C:\FRST\Quarantine\C\Users\Alex\AppData\Roaming\new.exe.xBAD     detected: Trojan.GenericKD.4965748 (B) [krnl.xmd]
C:\FRST\Quarantine\C\Users\Alex\AppData\Roaming\regdrv.exe.xBAD     detected: Worm.Generic.901198 (B) [krnl.xmd]
C:\FRST\Quarantine\C\Users\Alex\AppData\Local\Temp\regdrv.exe.xBAD     detected: Trojan.GenericKD.4965748 (B) [krnl.xmd]
C:\FRST\Quarantine\C\Windows\Registration\regdrv.exe     detected: Trojan.GenericKD.4965748 (B) [krnl.xmd]
C:\Users\Alex\Desktop\Music\krafteers.apk -> com/adwhirl/assets/ad_frame.gif     detected: Android.Adware.Yekrand.GM (B) [krnl.xmd]

Scanned    140366
Found    22

Scan end:    11.6.2017 г. 00:31:08
Scan time:    0:18:32
 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изтеглете: P6YS34D.png Delfix.

  • Стартирайте Delfix.exе.
  • По подразбиране трябва да има 2 отметки на "Remove disinfection tools" и "Purge system restore ". Ако липсват, ги сложете.
  • Натиснете бутона "Run". 
  • Инструмента ще се самоизтрие след като приключи своята задача.
  • Прикачете лог файла от Delfix.

 

Предполагам, че вече не излиза прозореца, прав ли съм?

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 3 часа, Stoyannnov написа:

Изтеглете: P6YS34D.png Delfix.

  • Стартирайте Delfix.exе.
  • По подразбиране трябва да има 2 отметки на "Remove disinfection tools" и "Purge system restore ". Ако липсват, ги сложете.
  • Натиснете бутона "Run". 
  • Инструмента ще се самоизтрие след като приключи своята задача.
  • Прикачете лог файла от Delfix.

 

Предполагам, че вече не излиза прозореца, прав ли съм?

Да не се е появявал .. .. Всъщност мисля че се оправило ... та готово ли е ? 

DelFix.txt

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Да. Системата вече е чиста. Ако нямате въпроси ще маркирам темата като решена.

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 1 час, Stoyannnov написа:

Да. Системата вече е чиста. Ако нямате въпроси ще маркирам темата като решена.

Много Ви БЛАГОДАРЯ за отделеното време :):) .. 

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от Йорданка Т. Иванова
      Здравейте, при опит за възстановяване на системата към предишна дата, Avast направи пълно сканиране на компютъра и ми премести в клетка заразените файлове.
      Има ли възможност да се почисти компютъра от въпросните заплахи и съответно да си възстановя файловете, най-вече тези /ако има такива/, които са необходими за правилното функциониране на системата.
      П.П.: Пълен лаик съм на тема антивирусни програми.
      Нов Microsoft Office PowerPoint Presentation.pptx


      Ето го резултата от файла FRST
       
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
      Ran by Rosko (administrator) on ROSKO-PC (28-10-2018 14:36:09)
      Running from C:\Users\Rosko\Downloads
      Loaded Profiles: Rosko (Available Profiles: Rosko)
      Platform: Windows 7 Ultimate (X64) Language: Български (България)
      Internet Explorer Version 8 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
      (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BAVSvc.exe
      (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BHipsSvc.exe
      (Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe
      (Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
      (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BavTray.exe
      (Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSATray.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      () C:\Program Files (x86)\CalendarTool\2.0.0.1000176\CalendarServ.exe
      () C:\Program Files (x86)\CalendarTool\2.0.0.1000176\calendar.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\bavhm.exe
      (Intel Corporation) C:\Windows\System32\igfxEM.exe
      (Intel Corporation) C:\Windows\System32\igfxHK.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
      () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Baidu Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavadvtools2\8C8AEEC1-5166-4CE7-BBAD-7C37409D0C73\tool\bdMiniDownloaderGB_BAV-Mini_32_1002.exe
      (Baidu Inc.) C:\Users\Rosko\AppData\Local\MiniService\MiniService.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Viber Media S.à r.l.) C:\Users\Rosko\AppData\Local\Viber\Viber.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778352 2014-01-24] (Synaptics Incorporated)
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-10-18] (AVAST Software)
      HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BavTray.exe [2553328 2015-07-14] (Baidu, Inc.)
      HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe [132856 2017-05-18] (Intel)
      HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] (Qualcomm®Atheros®)
      HKU\S-1-5-21-749869763-3409154425-2811610640-1000\...\Run: [Viber] => C:\Users\Rosko\AppData\Local\Viber\Viber.exe [36762184 2018-10-22] (Viber Media S.à r.l.)
      HKU\S-1-5-21-749869763-3409154425-2811610640-1000\...\MountPoints2: {c4a92fbb-e173-11e7-9426-f8a963743fcb} - G:\LG_PC_Programs.exe
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 172.16.1.1
      Tcpip\..\Interfaces\{2FB69C23-4CBD-4252-994A-27D31EDC0D6D}: [DhcpNameServer] 172.16.1.1
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKU\S-1-5-21-749869763-3409154425-2811610640-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKU\S-1-5-21-749869763-3409154425-2811610640-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKU\S-1-5-21-749869763-3409154425-2811610640-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
      Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
      Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
      Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
      FireFox:
      ========
      FF DefaultProfile: 2csmqmsd.default
      FF ProfilePath: C:\Users\Rosko\AppData\Roaming\Mozilla\Firefox\Profiles\2csmqmsd.default [2018-07-05]
      FF Homepage: Mozilla\Firefox\Profiles\2csmqmsd.default -> about:blank
      FF Extension: (Avast SafePrice) - C:\Users\Rosko\AppData\Roaming\Mozilla\Firefox\Profiles\2csmqmsd.default\Extensions\sp@avast.com.xpi [2018-10-18]
      FF Extension: (Avast Online Security) - C:\Users\Rosko\AppData\Roaming\Mozilla\Firefox\Profiles\2csmqmsd.default\Extensions\wrc@avast.com.xpi [2018-10-18]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-09] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-09] ()
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
      FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2015-08-18] (Sun Microsystems, Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
      FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\enpsysau.js [2017-09-10]
      Chrome: 
      =======
      CHR DefaultProfile: Default
      CHR Profile: C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default [2018-10-28]
      CHR Extension: (Презентации) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-02]
      CHR Extension: (Документи) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-02]
      CHR Extension: (Google Диск) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-02]
      CHR Extension: (YouTube) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-02]
      CHR Extension: (Adobe Acrobat) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-10-02]
      CHR Extension: (Avast SafePrice | Сравнение, сделки, купони) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-10-19]
      CHR Extension: (Таблици) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-02]
      CHR Extension: (Google Документи офлайн) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-08]
      CHR Extension: (АБВ Уведомител) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\glkfpmcniebkbeakjdpobddpjghbapec [2018-10-28]
      CHR Extension: (Avast Online Security) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-18]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-02]
      CHR Extension: (Gmail) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-02]
      CHR Extension: (Chrome Media Router) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-28]
      CHR Profile: C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey [2018-10-28] <==== ATTENTION
      CHR Extension: (Презентации) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-23]
      CHR Extension: (Документи) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-23]
      CHR Extension: (Google Диск) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
      CHR Extension: (YouTube) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
      CHR Extension: (Google Търсене) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
      CHR Extension: (АБВ Уведомител) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\cpbekonjicgkldkmopnamgglbfaiojje [2015-11-25]
      CHR Extension: (Adobe Acrobat) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-08]
      CHR Extension: (Таблици) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-11]
      CHR Extension: (Farmville2 X-Press) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\gbgjpdhhnbgmnafojckjmjogcpoinlim [2018-10-24]
      CHR Extension: (Google Документи офлайн) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
      CHR Extension: (Avast Online Security) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-18]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-12]
      CHR Extension: (Gmail) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-23]
      CHR Extension: (Chrome Media Router) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-01]
      CHR HKU\S-1-5-21-749869763-3409154425-2811610640-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-10-18] (AVAST Software)
      R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows (R) Win 7 DDK provider) [File not signed]
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [325024 2018-10-18] (AVAST Software)
      R2 BavSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BavSvc.exe [2805208 2015-07-14] (Baidu, Inc.)
      S3 BdSandboxSrv; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BdSandboxSrv64.exe [490480 2015-04-29] (Baidu, Inc.)
      R2 BHipsSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BHipsSvc.exe [544032 2015-07-14] (Baidu, Inc.)
      S3 BsrSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools2\128B4BEC-5D89-43AD-BAA8-207084AA0E4F\tool\BsrSvc.exe [3503416 2015-07-08] (Baidu, Inc.)
      R2 DSAService; C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [21240 2017-05-18] (Intel)
      R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
      R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
      R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
      S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
      R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
      R2 MiniService; C:\Users\Rosko\AppData\Local\MiniService\MiniService.exe [103616 2018-10-28] (Baidu Inc.) [File not signed] <==== ATTENTION
      R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-09-10] (TeamViewer GmbH)
      R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.1000176\CalendarServ.exe [152720 2017-08-09] ()
      S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201408 2018-10-18] (AVAST Software)
      S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230512 2018-10-18] (AVAST Software)
      S3 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201928 2018-10-18] (AVAST Software)
      S3 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346760 2018-10-18] (AVAST Software)
      S3 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59664 2018-10-18] (AVAST Software)
      R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [185240 2018-10-18] (AVAST Software)
      S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47064 2018-10-18] (AVAST Software)
      R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42456 2018-10-18] (AVAST Software)
      R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163376 2018-10-18] (AVAST Software)
      S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111968 2018-10-18] (AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88112 2018-10-18] (AVAST Software)
      S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028840 2018-10-18] (AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467904 2018-10-18] (AVAST Software)
      S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [208640 2018-10-18] (AVAST Software)
      S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381144 2018-10-18] (AVAST Software)
      U3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BdApiUtil64.sys [116936 2015-07-14] (Baidu, Inc.)
      R3 bdark64; C:\Windows\system32\drivers\bdark64.sys [78792 2015-04-20] ()
      U3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BdCameraProtect64.sys [25000 2015-07-14] (Baidu, Inc.)
      S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [235976 2015-04-29] (Baidu, Inc.)
      R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [62920 2015-07-14] (Baidu, Inc.)
      R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38344 2015-07-14] (Baidu, Inc.)
      R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [62792 2015-07-14] (Baidu, Inc.)
      R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [487144 2015-07-14] (Baidu, Inc.)
      R3 Bnmon; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\Bnmon64.sys [82376 2015-07-14] (Baidu, Inc.)
      R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [171464 2015-07-14] (Baidu, Inc.)
      S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
      R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-08-08] (REALiX(tm))
      R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
      R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
      R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
      U3 aswbdisk; no ImagePath
      U0 Partizan; system32\drivers\Partizan.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-10-28 14:35 - 2018-10-28 14:36 - 000000000 ____D C:\FRST
      2018-10-28 14:35 - 2018-10-28 14:35 - 002414592 _____ (Farbar) C:\Users\Rosko\Downloads\FRST64.exe
      2018-10-28 14:28 - 2018-10-28 14:36 - 000021836 _____ C:\Users\Rosko\Downloads\FRST.txt
      2018-10-28 14:26 - 2018-10-28 14:27 - 000020080 _____ C:\Users\Rosko\Downloads\Addition.txt
      2018-10-28 13:34 - 2018-10-28 13:34 - 000000000 ____D C:\Users\Rosko\AppData\Local\MiniService
      2018-10-28 13:29 - 2018-10-28 13:32 - 000000000 ____D C:\ProgramData\BsrSvc_exe
      2018-10-28 13:19 - 2018-10-28 13:20 - 000617400 _____ C:\Users\Rosko\Desktop\Нов Microsoft Office PowerPoint Presentation.pptx
      2018-10-28 12:40 - 2018-10-28 13:16 - 000000000 ____D C:\ProgramData\BavSvc_exe
      2018-10-28 12:37 - 2018-10-28 12:37 - 000000000 ____D C:\Users\Rosko\AppData\Local\Viber
      2018-10-28 09:17 - 2018-10-28 11:16 - 000000000 ____D C:\Users\Rosko\Desktop\официялни споразумения 2018-2019г
      2018-10-26 17:03 - 2018-10-26 17:03 - 000102327 _____ C:\Users\Rosko\Downloads\П-03001718127835-177-001_archive (1).zip
      2018-10-24 10:41 - 2018-10-24 10:41 - 000000000 ____D C:\Users\Rosko\AppData\Roaming\AVAST Software
      2018-10-24 10:39 - 2018-10-24 10:39 - 000611358 _____ C:\Users\Rosko\Downloads\379984975 (1).pdf
      2018-10-24 10:32 - 2018-10-28 12:37 - 000000000 ____D C:\Users\Rosko\AppData\Local\AVAST Software
      2018-10-22 15:05 - 2018-10-22 15:06 - 000103383 _____ C:\Users\Rosko\Downloads\П-03001718185275-040-001_archive.zip
      2018-10-20 07:48 - 2018-10-20 07:48 - 000230931 _____ C:\Users\Rosko\Downloads\ЗП Ростислав Недков 19.10 (1).pdf
      2018-10-20 07:40 - 2018-10-20 07:40 - 000230931 _____ C:\Users\Rosko\Downloads\ЗП Ростислав Недков 19.10.pdf
      2018-10-19 08:51 - 2018-10-19 08:51 - 002437339 _____ C:\Users\Rosko\Downloads\dec92_2016_1010_баркод_с_ръководство_за_потребителя.rar
      2018-10-18 18:17 - 2018-10-18 18:17 - 000665976 _____ C:\Users\Rosko\Downloads\Re6enie_VAS_27.02.2018 (1).pdf
      2018-10-18 11:52 - 2018-10-18 11:52 - 000039854 _____ C:\Users\Rosko\Downloads\nlnazadyljenia[1] (1).pdf
      2018-10-18 10:16 - 2018-10-18 10:16 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2018-10-18 10:16 - 2018-10-18 10:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
      2018-10-18 10:15 - 2018-10-18 10:15 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
      2018-10-18 10:14 - 2018-10-26 00:45 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
      2018-10-18 10:13 - 2018-10-18 10:13 - 001142072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
      2018-10-18 10:13 - 2018-10-18 10:13 - 000467904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000381144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      2018-10-18 10:13 - 2018-10-18 10:13 - 000208640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000201408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000163376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000111968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000088112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000047064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
      2018-10-18 10:13 - 2018-10-18 10:12 - 001028840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 001001272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
      2018-10-18 10:13 - 2018-10-18 10:12 - 000346760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 000230512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 000201928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 000185240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 000059664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 000042456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
      2018-10-18 10:11 - 2018-10-18 11:43 - 000000000 ____D C:\ProgramData\AVAST Software
      2018-10-18 10:11 - 2018-10-18 10:11 - 000000000 ____D C:\Program Files\AVAST Software
      2018-10-18 10:09 - 2018-10-18 16:40 - 000000000 ____D C:\Users\Rosko\Documents\ViberDownloads
      2018-10-18 10:09 - 2018-10-18 10:09 - 000000000 ____D C:\Users\Rosko\AppData\Local\Viber Media S.à r.l
      2018-10-18 10:08 - 2018-10-28 13:47 - 000000000 ____D C:\Users\Rosko\AppData\Roaming\ViberPC
      2018-10-18 10:08 - 2018-10-18 10:08 - 000000956 _____ C:\Users\Rosko\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
      2018-10-18 10:08 - 2018-10-18 10:08 - 000000954 _____ C:\Users\Rosko\Desktop\Viber.lnk
      2018-10-18 10:08 - 2018-10-18 10:08 - 000000000 ____D C:\Users\Rosko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
      2018-10-18 10:08 - 2018-10-18 10:08 - 000000000 ____D C:\Users\Rosko\AppData\Local\cache
      2018-10-18 10:07 - 2018-10-18 10:07 - 000000000 ____D C:\Users\Rosko\AppData\Local\Package Cache
      2018-10-18 10:06 - 2018-10-18 10:07 - 089186064 _____ (Viber Media Inc.) C:\Users\Rosko\Downloads\ViberSetup.exe
      2018-10-17 22:33 - 2018-10-17 22:33 - 000267977 _____ C:\Users\Rosko\Downloads\danuchno_oblagane_vnoski_na_zemedelski_proizvoditeli (4).pdf
      2018-10-17 22:08 - 2018-10-17 22:09 - 000749389 _____ C:\Users\Rosko\Downloads\Нов Презентация на Microsoft PowerPoint (2).pptx
      2018-10-17 21:41 - 2018-10-17 21:41 - 000749389 _____ C:\Users\Rosko\Downloads\Нов Презентация на Microsoft PowerPoint (1).pptx
      2018-10-17 21:14 - 2018-10-17 21:14 - 000267977 _____ C:\Users\Rosko\Downloads\danuchno_oblagane_vnoski_na_zemedelski_proizvoditeli (3).pdf
      2018-10-17 16:19 - 2018-10-17 16:19 - 000289368 _____ C:\Windows\Minidump\101718-14539-01.dmp
      2018-10-17 15:07 - 2018-10-17 15:07 - 003833305 _____ C:\Users\Rosko\Downloads\dec50_2017_19.03.2018.rar
      2018-10-17 14:45 - 2018-10-17 14:45 - 004074946 _____ C:\Users\Rosko\Downloads\dec50_2016_баркод_с_ръководство_за_потребителя.rar
      2018-10-17 12:55 - 2018-10-17 12:55 - 000648847 _____ C:\Users\Rosko\Downloads\DOM (2).pdf
      2018-10-17 07:52 - 2018-10-17 07:52 - 000012846 _____ C:\Users\Rosko\Downloads\Spravka vazstanovqvane (4).ods
      2018-10-17 07:52 - 2018-10-17 07:52 - 000000165 ____H C:\Users\Rosko\Downloads\~$Spravka vazstanovqvane (4).ods
      2018-10-16 13:59 - 2018-10-16 13:59 - 070935933 _____ C:\Users\Rosko\Downloads\wetransfer-a3a156.zip
      2018-10-16 12:10 - 2018-10-16 12:10 - 001266784 _____ C:\Users\Rosko\Downloads\statement (21).pdf
      2018-10-16 12:09 - 2018-10-16 12:09 - 001105420 _____ C:\Users\Rosko\Downloads\statement (20).pdf
      2018-10-16 10:58 - 2018-10-16 10:58 - 000648847 _____ C:\Users\Rosko\Downloads\DOM (1).pdf
      2018-10-16 08:14 - 2018-10-16 08:14 - 001939889 _____ C:\Users\Rosko\Downloads\95_09.pdf
      2018-10-15 16:01 - 2018-10-15 16:01 - 000749389 _____ C:\Users\Rosko\Downloads\Нов Презентация на Microsoft PowerPoint.pptx
      2018-10-15 15:57 - 2018-10-15 15:57 - 000102327 _____ C:\Users\Rosko\Downloads\П-03001718127835-177-001_archive.zip
      2018-10-15 13:54 - 2018-10-15 13:54 - 000648847 _____ C:\Users\Rosko\Downloads\Ползване на данъчни облекчения и наличие на задължения.pdf
      2018-10-15 13:47 - 2018-10-15 13:47 - 000648847 _____ C:\Users\Rosko\Downloads\DOM.pdf
      2018-10-12 13:49 - 2018-10-12 13:49 - 000009969 _____ C:\Users\Rosko\Downloads\РОСТИСЛАВ НЕДКОВ БОРИСОВ_2019_ЮПЕР.ZIP
      2018-10-12 13:49 - 2018-10-12 13:49 - 000001382 _____ C:\Users\Rosko\Downloads\НЕДКО БОРИСОВ КОЛЕВ_2019_ЮПЕР.ZIP
      2018-10-12 13:48 - 2018-10-12 13:48 - 000001499 _____ C:\Users\Rosko\Downloads\НЕДКО БОРИСОВ КОЛЕВ_2019_БОЖУРОВО.ZIP
      2018-10-12 09:23 - 2018-10-12 09:23 - 000075048 _____ C:\Users\Rosko\Downloads\Crystal Reports - sp_invoice_text_only_2007_5_l.rpt (1).pdf
      2018-10-10 12:50 - 2018-10-10 12:50 - 004808921 _____ C:\Users\Rosko\Downloads\П-03001718168660-004-001_archive.zip
      2018-10-06 15:09 - 2018-10-06 15:09 - 000611358 _____ C:\Users\Rosko\Downloads\379984975.pdf
      2018-10-04 13:28 - 2018-10-04 13:28 - 000156030 _____ C:\Users\Rosko\Downloads\П-03001718168660-040-001_archive.zip
      2018-10-01 18:27 - 2018-10-01 18:27 - 000143428 _____ C:\Users\Rosko\Downloads\Информационна брошура за бъдещите майки.pdf
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-10-28 14:23 - 2009-07-14 06:45 - 000016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-10-28 14:23 - 2009-07-14 06:45 - 000016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-10-28 14:19 - 2009-07-14 05:20 - 000000000 ____D C:\PerfLogs
      2018-10-28 14:11 - 2017-08-24 12:56 - 000000000 ____D C:\Users\Rosko\AppData\Roaming\CalendarTool
      2018-10-28 12:42 - 2009-07-14 07:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-10-28 12:42 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      2018-10-28 12:36 - 2017-06-10 14:47 - 000000000 __SHD C:\Users\Rosko\IntelGraphicsProfiles
      2018-10-28 12:36 - 2015-04-23 13:38 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-10-28 12:35 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-10-28 11:44 - 2016-08-08 17:51 - 000000000 ___HD C:\Program Files (x86)\m3yE3E0
      2018-10-28 10:43 - 2015-04-23 12:58 - 000000000 ____D C:\Users\Rosko\AppData\Local\Microsoft Help
      2018-10-28 10:29 - 2017-01-10 10:04 - 000000000 ____D C:\Users\Rosko\AppData\Local\CrashDumps
      2018-10-27 19:48 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\tracing
      2018-10-24 07:25 - 2015-04-24 13:10 - 000000000 ____D C:\Users\Rosko\AppData\Roaming\Skype
      2018-10-23 08:18 - 2017-02-01 21:07 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2018-10-18 09:43 - 2018-07-09 15:03 - 000000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
      2018-10-18 09:43 - 2016-02-04 18:11 - 000002998 _____ C:\Windows\wininit.ini
      2018-10-17 16:19 - 2015-06-12 12:20 - 000000000 ____D C:\Windows\Minidump
      2018-10-17 16:18 - 2015-06-12 12:20 - 375178840 _____ C:\Windows\MEMORY.DMP
      2018-10-15 10:59 - 2009-07-14 07:08 - 000032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
      2018-10-09 21:41 - 2018-03-14 11:33 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
      2018-10-09 21:41 - 2017-02-01 18:37 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2018-10-09 21:41 - 2017-02-01 18:37 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2018-10-09 21:41 - 2017-02-01 18:37 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2018-10-09 21:41 - 2017-02-01 18:37 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2018-10-09 21:41 - 2017-02-01 18:37 - 000000000 ____D C:\Windows\system32\Macromed
      2018-10-04 13:28 - 2015-11-03 22:05 - 000000000 ____D C:\Users\Rosko\AppData\LocalLow\Adobe
      2018-10-01 21:10 - 2015-04-23 13:18 - 000000000 ____D C:\KMPlayer
      2018-10-01 08:27 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
      ==================== Files in the root of some directories =======
      2015-10-10 07:33 - 2015-10-10 07:33 - 000229019 _____ () C:\ProgramData\KTLVGTHRCQSO.dat
      2017-06-08 17:31 - 2017-06-08 17:31 - 000000017 _____ () C:\Users\Rosko\AppData\Local\resmon.resmoncfg
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-10-26 08:40
      ==================== End of FRST.txt ============================
      Addition.txt
    • от Magnolia D
      Здравейте, 
      От два - три дни интернет връзката ми се влоши драматично - почти невъзможно беше да се зареди каквато и да е страница (отнемаше минути, ако въобще успееше да го направи). Анти вирусната показа, че има Троянец(нещо си ) - може би е трябвало да запомня какво точно нещо си, но аз просто натиснах да го изтрие. Повторната проверка показа, че всичко е наред, но не мисля че е точно така. Сега зарежда малко по-бързо, но като цяло е изключително бавно и не мисля, че е от връзката. Предполагам, че се разбира, че знанието за компютрите не е една от най-силните ми страни, но за всеки случай ще го подчертая, за да се опитам да оправдая глупостите , които евентуално съм направила  и елементарния си "компютърен изказ". Относно стъпките за публикуване - нямам диск с операционната система, прикачвам другите два файла. П.С. Предварително благодаря за времето и съдействието!
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11.11.2018
      Ran by Grigorovi (administrator) on DIDI (13-11-2018 15:39:12)
      Running from D:\Instal
      Loaded Profiles: Grigorovi (Available Profiles: Grigorovi)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Български (България)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
      (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
      (SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
      (Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [CL-22-D39888C9-D725-485F-B4A2-1AD9369147B7] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-22-4DEB32A9-F15E-4B9A-A7FB-125105229440\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-22-4DEB32A (the data entry has 44 more characters).
      HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)
      HKU\S-1-5-21-2744073735-3007959217-1321240149-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
      Tcpip\..\Interfaces\{3247EA78-9C23-40D4-AF6B-21088034F9BF}: [DhcpNameServer] 192.168.8.1 192.168.8.1
      Tcpip\..\Interfaces\{AE99D80D-ED5E-4FA1-8934-689D4319410D}: [DhcpNameServer] 192.168.8.1 192.168.8.1
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
      FireFox:
      ========
      FF DefaultProfile: ixj5pejf.default-1538731853205
      FF ProfilePath: C:\Users\Grigorovi\AppData\Roaming\Mozilla\Firefox\Profiles\ixj5pejf.default-1538731853205 [2018-11-12]
      FF Extension: (Firefox Monitor) - C:\Users\Grigorovi\AppData\Roaming\Mozilla\Firefox\Profiles\ixj5pejf.default-1538731853205\features\{a452a5ff-64b4-44fa-910c-c6debf5ffb1d}\fxmonitor@mozilla.org.xpi [2018-10-05]
      FF Extension: (Telemetry coverage) - C:\Users\Grigorovi\AppData\Roaming\Mozilla\Firefox\Profiles\ixj5pejf.default-1538731853205\features\{a452a5ff-64b4-44fa-910c-c6debf5ffb1d}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-05] [Legacy]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-14] ()
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-29] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-29] (Google Inc.)
      FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
      FF Plugin HKU\S-1-5-21-2744073735-3007959217-1321240149-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Grigorovi\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-08-10] (Zoom Video Communications, Inc.)
      Chrome: 
      =======
      CHR Profile: C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default [2018-11-13]
      CHR Extension: (Презентации) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Документи) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Диск) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
      CHR Extension: (YouTube) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-26]
      CHR Extension: (Adblock Plus) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-10-31]
      CHR Extension: (Adobe Acrobat) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
      CHR Extension: (Facebook Pixel Helper) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2018-10-23]
      CHR Extension: (Таблици) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Google Документи офлайн) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
      CHR Extension: (Pinterest Save Button) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-10-19]
      CHR Extension: (Grammar.com) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hamhaljjdpcgkelbadepgmnocknejief [2018-10-02]
      CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2018-09-19]
      CHR Extension: (Reasy) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfiiflbfkgfmeinikcgikgiijegkhgf [2017-12-09]
      CHR Extension: (Grammar and Spelling checker by Ginger) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfieneakcjfaiglcfcgkidlkmlijjnh [2018-11-07]
      CHR Extension: (Tag Assistant (by Google)) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2018-09-27]
      CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-10-09]
      CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2018-07-23]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
      CHR Extension: (Gmail) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-26]
      CHR Extension: (Chrome Media Router) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-19]
      CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
      R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [114648 2018-11-12] (SurfRight B.V.)
      R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [4406408 2018-11-12] (SurfRight B.V.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
      R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
      R3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
      R1 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [263288 2018-11-12] (SurfRight B.V.)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [229568 2018-11-13] (Malwarebytes)
      R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
      R1 MpKsl5e3716e3; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4EE32FF0-58AB-4EF4-90BC-B7873B344D95}\MpKsl5e3716e3.sys [49504 2018-11-13] (Microsoft Corporation)
      R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2099-10-22 18:57 - 30826-10-22 18:57 - 000186368 ____N (Microsoft Corporation) C:\Windows\foJiYOYp.exe
      2099-10-22 18:57 - 30826-10-22 18:57 - 000073216 ____N (Microsoft Corporation) C:\Windows\system32\rNZYYO.exe
      2099-10-22 18:57 - 30826-10-22 18:57 - 000073216 ____N (Microsoft Corporation) C:\Windows\system32\OmATowuMEtOu.exe
      2018-11-13 10:08 - 2018-11-13 10:08 - 000229568 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-11-12 18:25 - 2018-11-13 15:38 - 000000000 ____D C:\Windows\CryptoGuard
      2018-11-12 18:25 - 2018-11-13 10:06 - 000000000 ___DC C:\ProgramData\HitmanPro.Alert
      2018-11-12 18:25 - 2018-11-12 18:25 - 000875656 _____ (SurfRight B.V.) C:\Windows\system32\hmpalert.dll
      2018-11-12 18:25 - 2018-11-12 18:25 - 000263288 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpalert.sys
      2018-11-12 18:25 - 2018-11-12 18:25 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
      2018-11-12 18:25 - 2018-11-12 18:25 - 000000000 ___DC C:\Program Files\HitmanPro.Alert
      2018-11-12 18:14 - 2018-11-12 18:14 - 000001847 _____ C:\Users\Public\Desktop\HitmanPro.lnk
      2018-11-12 18:14 - 2018-11-12 18:14 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
      2018-11-12 18:13 - 2018-11-12 18:14 - 000000000 ___DC C:\Program Files\HitmanPro
      2018-11-07 09:29 - 2018-11-07 09:29 - 001292716 _____ C:\Users\Grigorovi\Desktop\ros.zip
      2018-11-07 02:23 - 2018-11-05 16:55 - 009162423 _____ C:\Users\Grigorovi\Desktop\139_da_badesh_bog2.zip
      2018-11-07 02:14 - 2018-11-07 02:14 - 001062670 _____ C:\Users\Grigorovi\Desktop\Ерик Бърн -Психология на човешките взаимоотношения.pdf
      2018-11-07 02:13 - 2018-11-07 02:13 - 000798148 _____ C:\Users\Grigorovi\Desktop\Игрите, които хората играят.pdf
      2018-11-01 17:09 - 2018-11-04 22:36 - 000000000 ____D C:\Users\Grigorovi\Desktop\WP-UnEducatedMermad
      2018-10-29 18:44 - 2018-10-29 18:44 - 001092248 _____ C:\Users\Grigorovi\Desktop\Quick-Start-Affiliate-Marketing-Report.pdf
      2018-10-26 22:52 - 2018-10-26 22:52 - 002583150 _____ C:\Users\Grigorovi\Desktop\lipton_spontanna.zip
      2018-10-26 22:51 - 2018-10-26 22:51 - 001290479 _____ C:\Users\Grigorovi\Desktop\24_lipton_honemoon.zip
      2018-10-20 16:07 - 2018-10-20 16:07 - 002677746 _____ C:\Users\Grigorovi\Desktop\unblock_your_abundance_by_christiemarie_sheldon_workbook_nsp2.pdf
      2018-10-17 01:23 - 2018-10-17 01:24 - 000507221 _____ C:\Users\Grigorovi\Desktop\shum_v_ushite.zip
      2018-10-16 18:55 - 2018-10-16 18:55 - 006273583 _____ C:\Users\Grigorovi\Desktop\Шакти Гуаейн-Пътят към истинското блоагоденствие.rar
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-11-13 15:39 - 2018-04-07 19:16 - 000000000 ___DC C:\FRST
      2018-11-13 10:15 - 2009-07-14 06:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-11-13 10:15 - 2009-07-14 06:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-11-13 10:10 - 2018-04-10 19:56 - 000000386 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
      2018-11-13 10:06 - 2018-04-07 21:35 - 000065536 _____ C:\Windows\system32\Ikeext.etl
      2018-11-13 10:06 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-11-13 05:49 - 2017-04-26 17:00 - 000000000 ___DC C:\ProgramData\HitmanPro
      2018-11-12 19:59 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
      2018-11-12 18:48 - 2014-10-15 19:19 - 000000000 ____D C:\Windows\Minidump
      2018-11-12 18:34 - 2016-12-02 16:12 - 000000702 _____ C:\Users\Public\Desktop\System Ninja.lnk
      2018-11-12 18:34 - 2016-12-02 16:12 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Ninja
      2018-11-09 18:05 - 2018-07-24 14:22 - 000000000 ___DC C:\Users\Grigorovi\AppData\Local\gtk-2.0
      2018-10-30 09:45 - 2016-10-28 18:07 - 000660594 _____ C:\Windows\system32\perfh01D.dat
      2018-10-30 09:45 - 2016-10-28 18:07 - 000144252 _____ C:\Windows\system32\perfc01D.dat
      2018-10-30 09:45 - 2016-10-28 17:31 - 000425298 _____ C:\Windows\system32\perfh012.dat
      2018-10-30 09:45 - 2016-10-28 17:31 - 000122162 _____ C:\Windows\system32\perfc012.dat
      2018-10-30 09:45 - 2016-10-28 16:02 - 000378044 _____ C:\Windows\system32\prfh0804.dat
      2018-10-30 09:45 - 2016-10-28 16:02 - 000121370 _____ C:\Windows\system32\prfc0804.dat
      2018-10-30 09:45 - 2016-10-28 15:29 - 000413652 _____ C:\Windows\system32\perfh011.dat
      2018-10-30 09:45 - 2016-10-28 15:29 - 000123878 _____ C:\Windows\system32\perfc011.dat
      2018-10-30 09:45 - 2016-10-28 15:09 - 000680628 _____ C:\Windows\system32\perfh00E.dat
      2018-10-30 09:45 - 2016-10-28 15:09 - 000173052 _____ C:\Windows\system32\perfc00E.dat
      2018-10-30 09:45 - 2016-10-28 14:49 - 000478376 _____ C:\Windows\system32\perfh00B.dat
      2018-10-30 09:45 - 2016-10-28 14:49 - 000103298 _____ C:\Windows\system32\perfc00B.dat
      2018-10-30 09:45 - 2016-10-28 14:25 - 000389218 _____ C:\Windows\system32\perfh00D.dat
      2018-10-30 09:45 - 2016-10-28 14:25 - 000086536 _____ C:\Windows\system32\perfc00D.dat
      2018-10-30 09:45 - 2016-10-28 13:57 - 000740372 _____ C:\Windows\system32\perfh013.dat
      2018-10-30 09:45 - 2016-10-28 13:57 - 000154880 _____ C:\Windows\system32\perfc013.dat
      2018-10-30 09:45 - 2016-10-28 13:42 - 000491388 _____ C:\Windows\system32\perfh014.dat
      2018-10-30 09:45 - 2016-10-28 13:42 - 000097182 _____ C:\Windows\system32\perfc014.dat
      2018-10-30 09:45 - 2016-10-28 13:17 - 000603862 _____ C:\Windows\system32\perfh008.dat
      2018-10-30 09:45 - 2016-10-28 13:17 - 000112906 _____ C:\Windows\system32\perfc008.dat
      2018-10-30 09:45 - 2016-10-28 12:51 - 000736920 _____ C:\Windows\system32\perfh010.dat
      2018-10-30 09:45 - 2016-10-28 12:51 - 000148624 _____ C:\Windows\system32\perfc010.dat
      2018-10-30 09:45 - 2016-10-28 12:37 - 000665714 _____ C:\Windows\system32\perfh005.dat
      2018-10-30 09:45 - 2016-10-28 12:37 - 000143204 _____ C:\Windows\system32\perfc005.dat
      2018-10-30 09:45 - 2016-10-28 12:18 - 000475888 _____ C:\Windows\system32\perfh001.dat
      2018-10-30 09:45 - 2016-10-28 12:18 - 000096550 _____ C:\Windows\system32\perfc001.dat
      2018-10-30 09:45 - 2016-10-28 12:05 - 000742590 _____ C:\Windows\system32\perfh00C.dat
      2018-10-30 09:45 - 2016-10-28 12:05 - 000151358 _____ C:\Windows\system32\perfc00C.dat
      2018-10-30 09:45 - 2016-10-28 11:52 - 000725892 _____ C:\Windows\system32\prfh0816.dat
      2018-10-30 09:45 - 2016-10-28 11:52 - 000154684 _____ C:\Windows\system32\prfc0816.dat
      2018-10-30 09:45 - 2016-10-28 11:36 - 000506288 _____ C:\Windows\system32\perfh006.dat
      2018-10-30 09:45 - 2016-10-28 11:36 - 000100436 _____ C:\Windows\system32\perfc006.dat
      2018-10-30 09:45 - 2016-10-28 11:24 - 000742330 _____ C:\Windows\system32\perfh00A.dat
      2018-10-30 09:45 - 2016-10-28 11:24 - 000160252 _____ C:\Windows\system32\perfc00A.dat
      2018-10-30 09:45 - 2016-10-28 11:11 - 000395216 _____ C:\Windows\system32\prfh0404.dat
      2018-10-30 09:45 - 2016-10-28 11:11 - 000116868 _____ C:\Windows\system32\prfc0404.dat
      2018-10-30 09:45 - 2016-10-28 10:59 - 000737232 _____ C:\Windows\system32\perfh015.dat
      2018-10-30 09:45 - 2016-10-28 10:59 - 000157650 _____ C:\Windows\system32\perfc015.dat
      2018-10-30 09:45 - 2016-10-28 10:44 - 000721474 _____ C:\Windows\system32\perfh019.dat
      2018-10-30 09:45 - 2016-10-28 10:44 - 000152620 _____ C:\Windows\system32\perfc019.dat
      2018-10-30 09:45 - 2016-10-28 10:25 - 000710754 _____ C:\Windows\system32\prfh0416.dat
      2018-10-30 09:45 - 2016-10-28 10:25 - 000149434 _____ C:\Windows\system32\prfc0416.dat
      2018-10-30 09:45 - 2016-10-28 09:57 - 000694082 _____ C:\Windows\system32\perfh007.dat
      2018-10-30 09:45 - 2016-10-28 09:57 - 000150894 _____ C:\Windows\system32\perfc007.dat
      2018-10-30 09:45 - 2016-10-28 09:41 - 000653556 _____ C:\Windows\system32\perfh01F.dat
      2018-10-30 09:45 - 2016-10-28 09:41 - 000141778 _____ C:\Windows\system32\perfc01F.dat
      2018-10-30 09:45 - 2016-10-28 09:41 - 000126256 _____ C:\Windows\system32\perfh002.dat
      2018-10-30 09:45 - 2016-10-28 09:41 - 000028684 _____ C:\Windows\system32\perfc002.dat
      2018-10-30 09:45 - 2010-11-20 23:01 - 017739850 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-10-26 11:12 - 2018-10-05 13:08 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
      2018-10-25 10:37 - 2018-04-10 18:45 - 000002093 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-10-25 10:37 - 2016-08-26 11:58 - 000002134 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-10-24 12:51 - 2018-04-15 10:33 - 000000000 ___DC C:\Users\Grigorovi\AppData\Local\ElevatedDiagnostics
      2018-10-23 08:50 - 2016-08-24 15:28 - 000002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2018-10-15 23:48 - 2014-10-15 19:37 - 000479504 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      ==================== Files in the root of some directories =======
      2017-11-23 15:47 - 2017-11-23 15:47 - 001276776 _____ () C:\Users\Grigorovi\AppData\Roaming\screenshot11Thursday1547301350000.png
      2018-05-17 11:44 - 2018-05-17 11:44 - 001302316 _____ () C:\Users\Grigorovi\AppData\Roaming\screenshot5Thursday1244426890000.png
      2018-05-17 11:44 - 2018-05-17 11:44 - 001299942 _____ () C:\Users\Grigorovi\AppData\Roaming\screenshot5Thursday1244446010000.png
      2016-09-01 09:53 - 2016-09-01 09:53 - 000000000 ____C () C:\Users\Grigorovi\AppData\Local\AtStart.txt
      2016-09-01 09:53 - 2016-09-01 09:53 - 000000000 ____C () C:\Users\Grigorovi\AppData\Local\DSwitch.txt
      2016-09-01 09:53 - 2016-09-01 09:53 - 000000000 ____C () C:\Users\Grigorovi\AppData\Local\QSwitch.txt
      2018-07-31 22:52 - 2018-07-31 22:52 - 000003292 ____C () C:\Users\Grigorovi\AppData\Local\recently-used.xbel
      2017-08-26 20:16 - 2017-08-26 20:16 - 000007597 ____C () C:\Users\Grigorovi\AppData\Local\Resmon.ResmonCfg
      2018-04-07 13:19 - 2018-04-07 13:19 - 000000003 ____C () C:\Users\Grigorovi\AppData\Local\wbem.ini
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-11-04 00:42
      ==================== End of FRST.txt ============================
       
      Addition.txt
    • от Venci Velikov
      Здравейте от няколко дни имам няколко процеса без име ,не използват диск или интернет само рам .
      От както те се появиха започнаха да ми излизат реклами директно ми отваря опера браузърът с някоко таба с реклами.
      Свързах се с майкрософт но те казаха да си изтрия всичко от компютъра и да инсталирам windows наново ...това е невъзможно. 
      Когато дам дясното копче и отиди на детайли всеки от процесите води към 1 svchost.exe 
      Един от 3те процеса е винаги suspended ...незнам дали е съвпадение но компютъра ми забиваше  точно преди да цъкна download на adw cleaner и по време на сканирането успях да мина през сканирате и почистването  като постоянно прекратявах процесите ,но това не помогна все още са в компютъра ми и моля за помощ. 
      От майкрософт ме караха и да правя offline scan със windows defender ,но тази програма я нямам за нищо ,както и всяка друга антивирусна затова не използвам.
      Не разполагам с диск или флашка както и не желая да преинсталирам защото не искам да презаписвам толкова голямо количество на SSD .... благодаря за разбирането.
      edit : операционна система windows 10 x64 bit pro
      Не успях да изтегля FRST.exe ....опера спира да отговаря а компютъра ми започва да работи супер бавно и е нужен пълен рестарт за подобрение 
      Edit успях да го подкарам ,извинявам се че е много редактирано ,ноо знаете ...
      Addition.txt
      FRST.txt
    • от nikchas
      Здравейте!
      От известно време се чудя как мога да си направя собствена марка, да речем за тениски ? Какво е нужно да знам и да направя ? Целта ми е нещо от сорта на print on demand системата само че да се намери солиден спонсор на продукти. Ще съм благодарен ако ми помогнете. 
    • от D101149
      Здравейте! Съмнявам се, че система ми е заразена ако може да ми помогнете ще съм ви благодарен (за пореден път)  Първите 3-4 минути изобщо хрома не зарежда страниците..
       
      Addition.txt
      FRST.txt
  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.