Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Препоръчан отговор

Здравейте! От няколко дни NOD32 периодично ми изкарва съобщението от картинката, което ме кара да се съмянвам, че компютъра ми има вирус.

fe432ac947cfa400.jpg

Ето и логовете от FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2017 01
Ran by USER (administrator) on USER-PC (23-12-2017 17:16:05)
Running from C:\Users\USER\Desktop
Loaded Profiles: USER (Available Profiles: USER)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Node.js) C:\Windows\Prey\versions\1.7.2\bin\node.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() D:\Install\Testing Tools\quietHDD\quietHDD.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.7.2\node_modules\triggers\bin\lightevt.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [324352 2017-12-21] (ESET)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [322432 2012-04-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-05-14] (IVT Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\WgaLogon:
HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {027c0954-011d-11e7-92c7-b4b52f788ef4} - F:\DriverPack.exe
HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {95871b5f-00b7-11e7-8cf1-b4b52f788ef4} - F:\DriverPack.exe
HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {d96b13d4-6d84-11e5-92f1-b4b52f788ef4} - H:\setup.exe
HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {e6bf35c6-0111-11e7-8df9-b4b52f788ef4} - F:\DriverPack.exe
HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {e80d797e-c983-11e5-bc97-b4b52f788ef4} - F:\setup.exe
AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2014-05-16] (Jaksta Technologies Pty Ltd)
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quietHDD.lnk [2013-03-09]
ShortcutTarget: quietHDD.lnk -> D:\Install\Testing Tools\quietHDD\quietHDD.exe ()
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2316775370-2964681540-2297035872-1000] => https=127.0.0.1:54745
Hosts: 127.0.0.1   www.martau.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3D41CC7B-1CA0-4A34-B378-EF83D183B83F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{42A1B73C-2FD5-4744-A1AC-DD4C68DBB756}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.bg/
HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2316775370-2964681540-2297035872-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)

FireFox:
========
FF DefaultProfile: bx4xcpl7.default
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default [2017-12-23]
FF Homepage: Mozilla\Firefox\Profiles\bx4xcpl7.default -> google.bg
FF NewTabOverride: Mozilla\Firefox\Profiles\bx4xcpl7.default -> Enabled: "id":"{66E978CD-981F-47DF-AC42-E3CF417C1467
FF Extension: (MEGA) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\[email protected] [2017-11-17]
FF Extension: (New Tab Homepage) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2017-11-18]
FF Extension: (image-save) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\{6f99b5da-d696-4a33-8cc4-072873422204}.xpi [2017-11-17]
FF Extension: (Adblock Plus) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-13] ()

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1630456 2013-06-07] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-05-14] (IVT Corporation)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2017-11-22] (Fork, Ltd.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1940584 2017-12-21] (ESET)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [368512 2012-04-04] (Hewlett-Packard Company)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-09-06] (DEVGURU Co., LTD.)
S4 STacSV; C:\Program Files\IDT\WDM\stacsv64.exe [323072 2012-09-20] (IDT, Inc.) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [283480 2017-03-04] (Sysprogs OU)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24840 2009-01-07] (IVT Corporation.)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [35848 2008-12-07] ()
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-06] (Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-06-04] (Disc Soft Ltd)
S3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-10-08] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [134368 2017-12-08] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180088 2017-12-08] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [106304 2017-12-08] (ESET)
S1 ISODrive; C:\Windows\SysWOW64\Drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [31624 2008-07-02] (IVT Corporation.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [1162952 2013-07-13] (Ralink Technology, Corp.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1864328 2012-10-03] ()
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-06] (Samsung Electronics Co., Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 BTCOMBUS; System32\Drivers\btcombus.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-23 17:16 - 2017-12-23 17:16 - 000012226 _____ C:\Users\USER\Desktop\FRST.txt
2017-12-23 17:15 - 2017-12-23 17:16 - 000000000 ____D C:\FRST
2017-12-23 16:58 - 2017-12-23 16:58 - 002392064 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
2017-12-14 23:52 - 2017-12-14 23:52 - 000000000 ____D C:\Users\USER\AppData\Local\Viber
2017-11-29 17:30 - 2017-11-29 17:30 - 000000000 ____D C:\Users\USER\AppData\Roaming\ABBYY
2017-11-28 23:28 - 2017-11-28 23:28 - 000002697 _____ C:\Users\Public\Desktop\Skype.lnk
2017-11-28 23:28 - 2017-11-28 23:28 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-11-28 23:28 - 2017-11-28 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-11-24 13:58 - 2017-12-11 17:13 - 000001438 _____ C:\Users\USER\Desktop\Mozilla Firefox.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-23 17:15 - 2017-03-03 19:29 - 000000000 ____D C:\Users\USER\AppData\LocalLow\Mozilla
2017-12-23 17:14 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-23 17:14 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-23 17:09 - 2017-05-08 00:51 - 000000000 ____D C:\Users\USER\AppData\Roaming\Skype
2017-12-23 17:08 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-12-23 17:06 - 2017-11-22 20:05 - 000000000 ____D C:\Windows\Prey
2017-12-23 17:06 - 2013-09-13 16:20 - 000001017 _____ C:\Windows\SysWOW64\bscs.ini
2017-12-23 17:06 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-23 16:55 - 2009-07-14 07:13 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-23 02:05 - 2013-04-26 22:50 - 000000000 ____D C:\Users\USER\AppData\Local\CrashDumps
2017-12-23 00:51 - 2017-11-22 19:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-12-22 18:37 - 2014-11-03 20:17 - 000004096 _____ C:\Users\USER\AppData\Local\keyfile3.drm
2017-12-22 01:38 - 2017-07-11 22:53 - 000000000 ____D C:\Users\USER\AppData\Roaming\uTorrent
2017-12-21 21:59 - 2013-11-26 22:18 - 000000000 ____D C:\Users\USER\AppData\Roaming\vlc
2017-12-18 15:30 - 2016-03-18 02:15 - 000012288 ___SH C:\Users\USER\AppData\Roaming\Thumbs.db
2017-12-17 10:12 - 2017-10-21 08:34 - 000000000 ____D C:\Users\USER\AppData\Roaming\ViberPC
2017-12-13 01:23 - 2017-11-17 22:38 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-13 01:23 - 2017-11-17 22:38 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-13 01:23 - 2017-11-17 22:38 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-13 01:23 - 2013-03-28 20:01 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-13 01:23 - 2012-12-29 22:02 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-09 11:17 - 2017-11-17 21:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-08 23:22 - 2017-11-17 21:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-08 20:25 - 2017-11-02 09:02 - 000134368 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2017-12-08 20:25 - 2017-10-09 16:49 - 000180088 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2017-12-08 20:25 - 2017-09-19 09:05 - 000106304 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2017-11-28 23:28 - 2012-12-30 00:31 - 000000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2016-03-18 02:15 - 2017-12-18 15:30 - 000012288 ___SH () C:\Users\USER\AppData\Roaming\Thumbs.db
2016-02-08 01:25 - 2016-02-08 01:25 - 000006529 _____ () C:\Users\USER\AppData\Roaming\UserTile.png
2015-06-08 18:55 - 2015-08-20 17:08 - 000000031 _____ () C:\Users\USER\AppData\Local\burnaware.ini
2013-04-18 15:40 - 2015-08-23 12:48 - 000007680 _____ () C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-25 20:21 - 2017-09-25 20:21 - 000000036 _____ () C:\Users\USER\AppData\Local\housecall.guid.cache
2014-11-03 20:17 - 2017-12-22 18:37 - 000004096 _____ () C:\Users\USER\AppData\Local\keyfile3.drm
2013-02-05 23:18 - 2013-02-05 23:18 - 000000001 _____ () C:\Users\USER\AppData\Local\llftool.4.25.agreement
2015-06-19 18:43 - 2015-06-19 18:43 - 000000001 _____ () C:\Users\USER\AppData\Local\llftool.4.40.agreement
2017-06-20 18:27 - 2017-06-20 18:27 - 000000001 _____ () C:\Users\USER\AppData\Local\RawCopy.1.10.agreement
2017-08-28 22:48 - 2017-08-28 22:48 - 000000013 _____ () C:\Users\USER\AppData\Local\RawCopy.savedialog.dir
2017-08-28 22:48 - 2017-08-28 22:48 - 000000001 _____ () C:\Users\USER\AppData\Local\RawCopy.savedialog.filterindex
2017-06-20 18:27 - 2017-08-29 12:08 - 000000001 _____ () C:\Users\USER\AppData\Local\RawCopy.sourcedisk.index
2013-02-18 20:48 - 2017-11-11 20:47 - 000007652 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-19 02:06

==================== End of FRST.txt ============================

 

 

Addition.txt

Линк към коментара
Сподели в други сайтове

Здравейте..! Нали  това е една от задачите  на антивирусната програма - да блокира и защитава компютъра...? Какво ви притеснява...освен блокирания адрес други характерни проблеми със системата наблюдавате ли..?

Цитат

ProxyServer: [S-1-5-21-2316775370-2964681540-2297035872-1000] => https=127.0.0.1:54745

Това прокси познато ли ви е ..?

Линк към коментара
Сподели в други сайтове

Притеснява ме, че съобщението се появява твърде често, други проблеми нямам. Проксито не ми е познато.

Редактирано от embolado (преглед на промените)
Линк към коментара
Сподели в други сайтове

Цитат

ATTENTION: System Restore is disabled

Това защо..?

 

Фикс с Farbar Recovery Scan Tool
 
icon13.gif Изтеглете прикачения файл
 fixlist.txt и го запазете там, където сте свалили FRST.exe
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.

Press%20the%20FIX%20button_zpsdd5zi3mt.p


Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.
 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

 

pfNZP4A.png  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • FixLog.txt
 
 
Линк към коментара
Сподели в други сайтове

преди 11 минути, icotonev написа:

Това защо..?

 

Изключил съм System Restore, понеже имам backup на дял С:\ с Acronis на външен хард и ако стане нещо, въстановявам от него.

 

Fixlog.txt

Линк към коментара
Сподели в други сайтове

Чудесно...! Да направим за контрол  сканиране с Malwarebytes + AdwCleaner ...:

 

GfiJrQ9.png&key=c8330b952021a3c1e5ae3771  Сканиране с Malwarebytes Anti-Malware (MBAM)

Моля изтеглете Malwarebytes Anti-Malware 3.2.2.2018 Final и я запазете на вашиядесктоп.

  • Стартирайте файла mb3-setup-consumer-3.2.2.2018.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи програмата ще стартира автоматично.
  • Отидете до табът Settings => Protection > и под категорията Scan Options включете опцията "Scan for rootkits" като преместите плъзгача надясно.

xTvORSF.png

  • Отидете до табът Scan, и изберете Threat Scan и след това натиснете бутона Start Scan.

RUSrqgW.png

  • Ще започне проверка за зловреден софтуер.

4CJ90KI.png

  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи ще се появи списъка с резултатите (ако има намерени обекти). Ако програмата е минимизирана докато сканира ще се появи следното съобщение ако има открити заплахи. Натиснете бутона View Scan Results.

37b.png

  • . Натиснете бутона Quarantine Selected.

2CfXEk1.png

  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.

8Jc9dl9.png

  • След рестарта, стартирайте отново Malwarebytes Anti-Malware.
  • Отидете то табът Reports и отворете лог файла с името Scan Report.

X0ha4sd.png

  • Натиснете бутона Export и след това =>  "Copy to Clipboard"

fE9qzai.png

  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + Vи го публикувайте в следващия си коментар.

 

+

 

BY4dvz9.png Сканиране с AdwCleaner

 
Моля, изтеглете и стартирайте програмата Malwarebytes AdwCleaner (by Xplode):

  • Затворете всички стартирани програми и браузъри
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
  • Маркирайте A49sxPr.pngScan (провери).
  • След завършване, кликнете на 6cyn5v5.pngLogfile (дневник).Ще се отвори прозорец в който се намира дневника (AdwCleaner [S0] .txt).Кликнете два пъти върх реда и ще се отвори съдържанието на дневника.Публикувайте го в следващия си пост
  • Върнете се към основния прозорец на AdwCleaner .маркирайте MqHawIb.pngClean (Почисти)
  • Следвайте указанията и разрешете на компютъра да се рестартира.
  • След рестарта ще се отвори дневник AdwCleaner[C0].txt . Моля копирайте съдържанието на лог файла в следващия си пост.

 

pfNZP4A.png&key=0a487e0a7cff89c690a32d13  Дневници 

В следващия си отговор, моля да включите (като копирате целите съдържания ) следните дневници:

  • Дневник от Malwarebytes Anti -Malware
  • AdwCleaner.txt
 
Линк към коментара
Сподели в други сайтове

Malwarebytes

www.malwarebytes.com

 

-Детайли за регистъра-

Дата на сканиране: 23.12.17 г.

Час на сканиране: 19:54

Файл на регистъра: 52c1b9d8-e80a-11e7-8de7-b4b52f788ef4.json

Администратор: Да

 

-Информация за софтуера-

Версия: 3.3.1.2183

Версия на компонентите: 1.0.262

Актуализирай версията на пакета: 1.0.3551

Лиценз: Free

 

-Системна информация-

OS: Windows 7 Service Pack 1

CPU: x64

Файлова система: NTFS

Потребител: USER-PC\USER

 

-Резюме на сканирането-

Тип сканиране: Threat Scan

Резултат: Завършено

Сканирани обекти: 245379

Открити заплахи: 0

(Не бяха открити зловредни елементи)

Заплахи под карантина: 0

(Не бяха открити зловредни елементи)

Изтекло време: 6 мин, 8 сек

 

-Опции за сканиране-

Памет: Разрешено

Стартиране: Разрешено

Файлова система: Разрешено

Архиви: Разрешено

руткитове: Разрешено

Евристика: Разрешено

PUP: Открий

PUM: Открий

 

-Детайли за сканирането-

Процес: 0

(Не бяха открити зловредни елементи)

 

Модул: 0

(Не бяха открити зловредни елементи)

 

Ключ на регистъра: 0

(Не бяха открити зловредни елементи)

 

Стойност на регистъра: 0

(Не бяха открити зловредни елементи)

 

Данни на регистъра: 0

(Не бяха открити зловредни елементи)

 

Поток данни: 0

(Не бяха открити зловредни елементи)

 

Папка: 0

(Не бяха открити зловредни елементи)

 

Файл: 0

(Не бяха открити зловредни елементи)

 

Физически сектор: 0

(Не бяха открити зловредни елементи)

 

 

(end)

 

 

# AdwCleaner 7.0.6.0 - Logfile created on Sat Dec 23 18:08:54 2017
# Updated on 2017/21/12 by Malwarebytes
# Database: 12-21-2017.1
# Running on Windows 7 Ultimate (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

Линк към коментара
Сподели в други сайтове

Чиста система ...! Някакви проблеми и нередности по системата все още наблюдават ли се..?

Линк към коментара
Сподели в други сайтове

Изтеглете DelFix и го стартирайте. Сложете отметка пред:

  • Remove disinfection tools <----- това ще премахне инструментите които сме използвали
  • Create registry backup <----- тази опция ще създадете резервно копие от регистъра на Windows
  • Purge system restore <---  това ще премахне всички предишни точки за възстановяване, ще бъде създадена нова точка  на състоянието на системата в момента.
  • Reset system settings <--- това ще нулира всички настройки на системата и по подразбиране, които са били променени или от нас по време на почистването или от зловреден софтуер / инфекция

DelFix.png

..и след това натиснете бутона Run

  • След като операцията е завърши,ще се създаде дневник
  • Копирате го и го поставите в следващия си отговор

Инструмента ще се самоизтрие след като приключи своята задача!

 

Ако има нещо което използвахме в лечението до тук и не се е премахнало след последните инструкции го премахнете ръчно ,по стандартните методи..!

 

i_arrow-r.gif&key=65f9fbaa716d42178fcd1eОстана само Malwarebytes...Тук има два варианта ..или да оставите програмата на вашия компютър и периодично да сканирате системата си с нея (поне един -два пъти в седмицата),като не забравяйте да обновите дефинициите и преди всяко сканиране..както и да изключите защитата в реално време на програмата. Другия е да я деинсталирате:

 

i_arrow-r.gif&key=65f9fbaa716d42178fcd1e  Mоля, използвайте инструмента  Malwarebytes Clean Uninstall Tool .Естествено ако искате да премахнете програмата  Този инструмент е създаден, за да премахне напълно всички следи от програмата  от вашия компютър. 

  1. Изтеглете и стартирайте  mb_clean.exe
  2. Когато инструмента приключи работата си, рестартирайте компютъра 

Забележка : Този инструмент ще премахне напълно всички настройки, които сте конфигурирали, лицензионната информация и всичко останало свързано с Malwarebytes.

 

pfNZP4A.png&key=0a487e0a7cff89c690a32d13  Дневници :

В следващия си отговор, моля да включите следните дневници:

  • DelFix 
Линк към коментара
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.

  • Разглеждащи това в момента   0 потребители

    • Няма регистрирани потребители разглеждащи тази страница.
  • Подобни теми

    • от valyo_93
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-09-2021
      Ran by Administrator (administrator) on GLBG1543PC04 (Hewlett-Packard HP Compaq 6005 Pro SFF PC) (16-09-2021 11:56:16)
      Running from D:\Users\Administrator\Desktop
      Loaded Profiles: Administrator
      Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) Language: English (United States)
      Default browser: IE
      Boot Mode: Normal
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      () [File not signed] C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe
      () [File not signed] C:\Windows\System32\xWD35bgnd.exe
      () [File not signed] C:\Windows\Xerox\PanelMgr\SSMMgr.exe
      (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
      (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
      (Advanced Micro Devices Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
      (ATI Technologies Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
      (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <16>
      (Google LLC -> Google LLC) C:\Program Files\Google\Update\1.3.36.102\GoogleCrashHandler.exe
      (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
      (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
      (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
      (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
      (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
      (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
      (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
      (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
      (OCS Inventory NG) [File not signed] C:\Program Files\OCS Inventory Agent\OcsService.exe
      (OCS Inventory NG) [File not signed] C:\Program Files\OCS Inventory Agent\OcsSystray.exe
      (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
      (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
      (Skype Software Sarl -> Skype Technologies) C:\Program Files\Skype\Browser\SkypeBrowserHost.exe
      (TeamViewer -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
      (TeamViewer -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
      (TeamViewer -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe
      (Xerox Corporation) [File not signed] C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe
      ==================== Registry (Whitelisted) ===================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [IME JPN 2007 Migration] => C:\Program Files\Common Files\microsoft shared\IME12\IMEJP\IMJPKLMG.EXE [63856 2011-09-19] (Microsoft Corporation -> Microsoft Corporation)
      HKLM\...\Run: [Korean IME Migration] => C:\Program Files\Common Files\microsoft shared\IME12\IMEKR\IMKRMIG.EXE [26400 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
      HKLM\...\Run: [Microsoft Pinyin IME Migration] => C:\Program Files\Common Files\microsoft shared\IME12\IMESC\IMSCMIG.EXE [32112 2011-05-31] (Microsoft Corporation -> Microsoft Corporation)
      HKLM\...\Run: [XeroxScanUtility] => C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe [430080 2008-04-15] (Xerox Corporation) [File not signed]
      HKLM\...\Run: [XeroxEndeavorBackgroundTask] => C:\Windows\system32\xWD35bgnd.exe [80896 2008-04-14] () [File not signed]
      HKLM\...\Run: [Xerox PanelMgr] => C:\Windows\Xerox\PanelMgr\SSMMgr.exe [626688 2010-01-26] () [File not signed]
      HKLM\...\Run: [Stanley-H_XRX_S2P] => C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe [253952 2010-01-26] () [File not signed]
      HKLM\...\Run: [fssui] => C:\Program Files\Windows Live\Family Safety\fsui.exe [884584 2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-13] (Advanced Micro Devices, Inc.) [File not signed]
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-05-31] (Realtek Semiconductor Corp -> Realtek Semiconductor)
      HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [112920 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Run: [Google Update] => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-04] (Google Inc -> Google Inc.)
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\system: [LogonHoursAction] 2
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\system: [DisableTaskMgr] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\system: [NoDispScrSavPage] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\Explorer: [DisablePersonalDirChange] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\Explorer: [NoRun] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Run: [AvastBrowserAutoLaunch_9E0AB01C37B94381383AE0CDA0DCCFE4] => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [2049792 2021-08-20] (Avast Software s.r.o. -> AVAST Software)
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\system: [LogonHoursAction] 2
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\system: [DisableTaskMgr] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\system: [NoDispScrSavPage] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\Explorer: [DisablePersonalDirChange] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\Explorer: [NoRun] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\MountPoints2: {6a2c2d8e-b410-11e3-9029-3cd92b632c53} - G:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Run: [AvastBrowserAutoLaunch_8901C211194C0DFF277C9606C1448E31] => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [2049792 2021-08-20] (Avast Software s.r.o. -> AVAST Software)
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\system: [LogonHoursAction] 2
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\system: [DisableTaskMgr] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\system: [NoDispScrSavPage] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\Explorer: [DisablePersonalDirChange] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\Explorer: [NoRun] 1
      HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
      HKLM\...\Windows NT x86\Print Processors\sxs2mPC: C:\Windows\System32\spool\prtprocs\W32X86\sxs2mpc.dll [19968 2010-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) 2000 DDK provider)
      HKLM\...\Windows NT x86\Print Processors\XeroxV5Print: C:\Windows\System32\spool\prtprocs\W32X86\x5print.dll [10752 2008-05-09] (Xerox Corporation) [File not signed]
      HKLM\...\Windows NT x86\Print Processors\xp3220: C:\Windows\System32\spool\prtprocs\W32X86\xp3220pp.dll [56320 2009-06-17] (Windows (R) Codename Longhorn DDK provider) [File not signed]
      HKLM\...\Print\Monitors\Language Monitor for Xerox Phaser 6125N: C:\Windows\SYSTEM32\XRZWSLBI.DLL [135284 2009-08-30] (Xerox Co., Ltd.) [File not signed]
      HKLM\...\Print\Monitors\sxs2m Langmon: C:\Windows\SYSTEM32\sxs2ml3.dll [22723 2010-03-29] (Microsoft Windows Hardware Compatibility Publisher -> )
      HKLM\...\Print\Monitors\Xerox PC Fax Port: C:\Windows\SYSTEM32\XeroxFaxPort.dll [94208 2009-04-02] () [File not signed]
      HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
      HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files\AVAST Software\Browser\Application\92.2.11575.159\Installer\chrmstp.exe [2021-09-03] (Avast Software s.r.o. -> AVAST Software)
      HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\93.0.4577.82\Installer\chrmstp.exe [2021-09-14] (Google LLC -> Google LLC)
      HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OCS Inventory NG Systray.lnk [2013-09-20]
      ShortcutTarget: OCS Inventory NG Systray.lnk -> C:\Program Files\OCS Inventory Agent\OcsSystray.exe (OCS Inventory NG) [File not signed]
      GroupPolicy: Restriction ? <==== ATTENTION
      GroupPolicy\User: Restriction ? <==== ATTENTION
      GroupPolicyUsers\S-1-5-21-299244719-1399796724-3294634451-1006\User: Restriction <==== ATTENTION
      GroupPolicyUsers\S-1-5-21-299244719-1399796724-3294634451-1005\User: Restriction <==== ATTENTION
      Policies: C:\Users\Administrator\NTUSER.pol: Restriction <==== ATTENTION
      Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
      Policies: C:\Users\Librarian\NTUSER.pol: Restriction <==== ATTENTION
      Policies: C:\Users\Visitor\NTUSER.pol: Restriction <==== ATTENTION
      HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
      ==================== Scheduled Tasks (Whitelisted) ============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      Task: {08DF9C6D-7CB5-4684-B618-67D60F53BEA0} - System32\Tasks\Del Old File => C:\Windows\Scripts\del.bat [1302 2010-10-30] () [File not signed]
      Task: {30793A5D-DAF8-4DCF-9F2D-90350B4C812B} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2021-09-07] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
      Task: {3267B5BB-592E-4EB5-BABA-3B6CFF35A841} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [2049792 2021-08-20] (Avast Software s.r.o. -> AVAST Software)
      Task: {3559AB34-18E1-482D-8F96-4536BA328936} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1546480 2021-06-25] (Avast Software s.r.o. -> Avast Software)
      Task: {3910E168-A173-4EF4-A61E-E5D13CCE99DD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-04] (Google Inc -> Google Inc.)
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Flash Player NPAPI Notifier" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Flash Player PPAPI Notifier" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{40BCF64C-47D6-4908-90A6-7F9040AFF644}" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\{671B1A2E-C698-451F-BF5F-C59EABFF1053}" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\{B082BF56-1FC4-46B4-A49A-712889734CCB}" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
      Task: {4E4163B2-2F9B-40BC-BCE1-8CA082945A05} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      Task: {59788F2F-057B-497D-AD10-26F6EBE7DD6E} - \GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1001Core -> No File <==== ATTENTION
      Task: {5CC8CDED-13A6-4AB9-B10C-ADC7F2CE961B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [345824 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
      Task: {5F353FD2-DAE7-4B61-B6D2-013DE73E0D84} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4364056 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      Task: {67F3E56F-BF81-40A9-9B43-E0B8D326CF35} - System32\Tasks\{671B1A2E-C698-451F-BF5F-C59EABFF1053} => C:\Program Files\Skype\\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
      Task: {6D041990-9703-495B-922D-A29D1E951CF5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-04] (Google Inc -> Google Inc.)
      Task: {6D725850-4BEA-4C22-ADFF-0B008091ECAD} - System32\Tasks\delete => C:\Windows\Scripts\del.bat [1302 2010-10-30] () [File not signed]
      Task: {6E99A771-BE6E-4451-865F-6FB9DCBBDFCE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-09-15] (Adobe Inc. -> Adobe)
      Task: {88F25EBE-0AD6-45B2-BB52-208CF5A62B03} - System32\Tasks\Log off => C:\Windows\Scripts\logoff.bat [16 2010-10-31] () [File not signed]
      Task: {982A605B-F3AD-4C0D-8BBF-E7630ADB1F1E} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [2049792 2021-08-20] (Avast Software s.r.o. -> AVAST Software)
      Task: {9F2A0AEF-F85F-4784-A1C3-68726ED402A0} - \GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1001UA -> No File <==== ATTENTION
      Task: {A2DF1937-8BB7-429B-838F-9BB6B671ABA2} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} C:\Program Files\Windows Live\SOXE\wlsoxe.dll [179584 2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      Task: {AED1AD05-FC83-4BAD-945F-721B4890EC84} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_433_pepper.exe [1497656 2020-09-15] (Adobe Inc. -> Adobe)
      Task: {B1AE9B04-84F1-4831-8527-D76B753CBA2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-06-20] (Google Inc -> Google Inc.)
      Task: {BBBB72F5-3A2B-4A01-A640-A5FF57FD1EB6} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_433_Plugin.exe [1502264 2020-09-09] (Adobe Inc. -> Adobe)
      Task: {BD743956-DC62-4307-843F-D62CE84AD182} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
      Task: {C55964AC-A211-4B5D-B595-C77C191E72DB} - System32\Tasks\{B082BF56-1FC4-46B4-A49A-712889734CCB} => "C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain
      Task: {DDA3604F-53D8-4D74-AB76-64F76053088A} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      Task: {EF23F159-7109-499A-A25E-2BF8A8FE9116} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-06-20] (Google Inc -> Google Inc.)
      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core.job => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe
      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA.job => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe
      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-421337976-2832419435-3520994213-1001Core.job => C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe
      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-421337976-2832419435-3520994213-1001UA.job => C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Winsock: Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
      Winsock: Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{A753DA6E-FE95-49B7-AA56-3DC81D3E4609}: [DhcpNameServer] 192.168.0.1
      HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
      FireFox:
      ========
      FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c21lr0at.default [2018-09-27]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_433.dll [2020-09-09] (Adobe Inc. -> )
      FF Plugin: @IPC/WebClient -> C:\windows\system32\SuperClient2\npSuperClient.dll [2013-09-26] (Chipspoint Electronics Co., Ltd -> )
      FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-09-25] (Oracle America, Inc. -> Oracle Corporation)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-11-26] (Nullsoft, Inc.) [File not signed]
      FF Plugin: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      FF Plugin: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
      FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1005: @tools.google.com/Google Update;version=3 -> C:\Users\Librarian\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll [2011-11-14] (Google Inc -> Google Inc.)
      FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1005: @tools.google.com/Google Update;version=9 -> C:\Users\Librarian\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll [2011-11-14] (Google Inc -> Google Inc.)
      FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1006: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Visitor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies SF -> Unity Technologies ApS)
      FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\services-sync.js [2010-01-01]
      FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox-branding.js [2010-01-01]
      FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox-l10n.js [2010-01-01]
      FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox.js [2013-08-12]
      FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2007-04-03] <==== ATTENTION
      Chrome: 
      =======
      CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2021-09-16]
      CHR Notifications: Default -> hxxps://www.facebook.com
      CHR Extension: (Документи) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-27]
      CHR Extension: (Google Диск) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-31]
      CHR Extension: (Google Документи офлайн) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-01]
      CHR Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-08-31]
      CHR Extension: (Skype) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-09-27]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-31]
      CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-31]
      CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
      CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
      CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
      ==================== Services (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
      S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-09-15] (Adobe Inc. -> Adobe)
      S2 AgentService; C:\Program Files\LibraryClient\globalLibx32\service.exe [46592 2012-02-20] () [File not signed]
      R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [176128 2011-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
      R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2011-07-13] (Advanced Micro Devices, Inc.) [File not signed]
      R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7466064 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [575768 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [357656 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      S3 AvastSecureBrowserElevationService; C:\Program Files\AVAST Software\Browser\Application\92.2.11575.159\elevation_service.exe [1197032 2021-08-20] (Avast Software s.r.o. -> AVAST Software)
      R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
      R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
      R2 OCS Inventory Service; C:\Program Files\OCS Inventory Agent\OcsService.exe [38912 2013-04-08] (OCS Inventory NG) [File not signed]
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
      R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [1713536 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
      ===================== Drivers (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 amdiox86; C:\Windows\System32\DRIVERS\amdiox86.sys [37944 2010-02-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
      R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [8395776 2011-07-13] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
      R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [247296 2011-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
      R2 AODDriver4.01; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [39424 2011-06-24] (Advanced Micro Devices) [File not signed]
      R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [33600 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185776 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [309264 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [206352 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [91664 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [39312 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [153496 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [393016 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2020-06-18] (AVAST Software s.r.o. -> AVAST Software)
      R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [92752 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71920 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [690128 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455920 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [161864 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [278184 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [259800 2021-09-07] (Bluestack Systems, Inc -> Bluestack System Inc.)
      S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2008-10-28] (Samsung Electronics Co., Ltd.) [File not signed]
      S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [108032 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
      R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
      R3 MpKslc0e71772; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5AEB6EB6-B91A-4C67-B3E5-99CBE32CCFF4}\MpKslDrv.sys [36072 2021-09-16] (Microsoft Windows -> Microsoft Corporation)
      S3 nmwcd; C:\Windows\System32\drivers\ccdcmb.sys [18560 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
      S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbo.sys [23168 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
      S3 qcusbser-forge; C:\Windows\System32\DRIVERS\qcusbser.sys [214080 2015-06-08] (Microsoft Windows Hardware Compatibility Publisher -> FORGE Incorporated)
      S3 qcusbwwan-forge; C:\Windows\System32\DRIVERS\qcusbwwan.sys [422976 2015-06-08] (Microsoft Windows Hardware Compatibility Publisher -> FORGE Incorporated)
      R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2008-10-27] (Samsung Electronics) [File not signed]
      S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI Corporation -> MCCI)
      S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8192 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
      S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Windows -> Microsoft Corporation)
      S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8192 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
      U1 aswbdisk; no ImagePath
      S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
      S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One month (created) (Whitelisted) =========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2021-09-16 11:55 - 2021-09-16 11:57 - 000000000 ____D C:\FRST
      2021-09-16 11:39 - 2021-09-16 11:39 - 000003872 _____ C:\Windows\system32\Tasks\BlueStacksHelper_nxt
      2021-09-16 11:39 - 2021-09-16 11:39 - 000002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5 Multi-Instance Manager.lnk
      2021-09-16 11:39 - 2021-09-16 11:39 - 000002141 _____ C:\Users\Public\Desktop\BlueStacks 5 Multi-Instance Manager.lnk
      2021-09-16 11:39 - 2021-09-16 11:39 - 000002005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk
      2021-09-16 11:39 - 2021-09-16 11:39 - 000001993 _____ C:\Users\Public\Desktop\BlueStacks 5.lnk
      2021-09-16 11:38 - 2021-09-16 11:38 - 000006890 _____ C:\Users\Administrator\-1.14-windows.xml
      2021-09-16 11:36 - 2021-09-16 11:49 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
      2021-09-16 11:36 - 2021-09-16 11:36 - 000000000 ____D C:\Program Files\BlueStacks_nxt
      2021-09-16 11:33 - 2021-09-16 11:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\BlueStacksSetup
      2021-09-16 11:33 - 2021-09-16 11:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\Bluestacks
      2021-09-16 11:33 - 2021-09-16 11:33 - 000000000 ____D C:\Users\Public\BlueStacks
      2021-09-16 08:54 - 2021-09-16 11:42 - 000000262 _____ C:\Users\Administrator\advanced_ip_scanner_MAC.bin
      2021-09-16 08:54 - 2021-09-16 11:42 - 000000015 _____ C:\Users\Administrator\advanced_ip_scanner_Comments.bin
      2021-09-16 08:54 - 2021-09-16 11:42 - 000000015 _____ C:\Users\Administrator\advanced_ip_scanner_Aliases.bin
      2021-09-16 08:51 - 2013-09-26 14:21 - 000000000 ____D C:\Windows\system32\SuperClient2
      2021-09-16 08:51 - 2013-09-26 14:07 - 000237568 _____ () C:\Windows\system32\SuperClient Save.exe
      2021-09-16 08:48 - 2021-09-16 08:48 - 000000957 _____ C:\Users\Public\Desktop\Advanced IP Scanner.lnk
      2021-09-16 08:48 - 2021-09-16 08:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2
      2021-09-16 08:48 - 2021-09-16 08:48 - 000000000 ____D C:\Program Files\Advanced IP Scanner
      2021-09-08 12:11 - 2021-09-08 12:09 - 000287000 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      2021-09-08 12:11 - 2021-09-08 12:09 - 000161864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2021-09-02 09:25 - 2021-09-13 09:22 - 000004464 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
      2021-08-31 14:56 - 2021-08-31 14:56 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Adobe
      ==================== One month (modified) ==================
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2021-09-16 11:56 - 2010-10-25 14:45 - 000000000 ____D C:\Users\Visitor
      2021-09-16 11:56 - 2010-10-25 14:24 - 000000000 ____D C:\Users\Librarian
      2021-09-16 11:52 - 2010-10-31 18:37 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
      2021-09-16 11:45 - 2011-04-04 16:21 - 000000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA.job
      2021-09-16 11:39 - 2010-10-25 14:50 - 000000000 ____D C:\Users\Administrator
      2021-09-16 11:24 - 2013-09-25 11:17 - 000000000 ____D C:\Program Files\Google
      2021-09-16 09:16 - 2009-07-14 07:34 - 000024352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2021-09-16 09:16 - 2009-07-14 07:34 - 000024352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2021-09-16 08:39 - 2017-07-18 16:04 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
      2021-09-16 08:37 - 2017-07-18 16:00 - 000000000 ____D C:\ProgramData\AVAST Software
      2021-09-16 08:37 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2021-09-15 15:07 - 2018-09-27 09:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\AVAST Software
      2021-09-14 09:15 - 2017-06-20 14:26 - 000002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2021-09-14 09:15 - 2017-06-20 14:26 - 000002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2021-09-08 12:13 - 2017-07-18 16:03 - 000278184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2021-09-08 12:09 - 2020-07-30 09:14 - 000153496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2021-09-08 12:09 - 2020-06-18 16:34 - 000393016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
      2021-09-08 12:09 - 2019-03-21 12:06 - 000206352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
      2021-09-08 12:09 - 2019-03-21 12:06 - 000091664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
      2021-09-08 12:09 - 2017-07-18 16:06 - 000039312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
      2021-09-08 12:09 - 2017-07-18 16:03 - 000455920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2021-09-08 12:09 - 2017-07-18 16:03 - 000092752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2021-09-08 12:09 - 2017-07-18 16:03 - 000071920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2021-09-08 12:08 - 2019-03-21 12:06 - 000309264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
      2021-09-08 12:08 - 2019-03-21 12:06 - 000033600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
      2021-09-08 12:08 - 2017-11-17 09:11 - 000185776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2021-09-08 12:08 - 2017-07-18 16:03 - 000690128 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2021-09-03 09:26 - 2019-04-12 09:35 - 000003720 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
      2021-09-03 09:26 - 2018-09-27 09:29 - 000002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
      2021-09-03 09:26 - 2018-09-27 09:29 - 000002338 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
      2021-09-03 09:16 - 2010-10-30 10:53 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe
      2021-09-02 12:01 - 2011-04-04 16:21 - 000000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core.job
      2021-09-02 09:04 - 2018-03-28 15:58 - 000004474 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
      2021-09-02 09:04 - 2017-06-20 14:25 - 000003322 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
      2021-09-02 09:04 - 2017-06-20 14:25 - 000003194 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
      2021-09-02 09:04 - 2017-06-20 10:51 - 000004486 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
      2021-09-02 09:04 - 2013-09-25 11:14 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
      2021-09-02 09:04 - 2012-07-26 12:09 - 000003068 _____ C:\Windows\system32\Tasks\{B082BF56-1FC4-46B4-A49A-712889734CCB}
      2021-09-02 09:04 - 2012-03-30 10:56 - 000003950 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{40BCF64C-47D6-4908-90A6-7F9040AFF644}
      2021-09-02 09:04 - 2011-04-04 16:21 - 000003912 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA
      2021-09-02 09:04 - 2011-04-04 16:21 - 000003516 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core
      2021-09-02 09:04 - 2010-10-24 18:33 - 000002866 _____ C:\Windows\system32\Tasks\{671B1A2E-C698-451F-BF5F-C59EABFF1053}
      2021-09-01 12:43 - 2017-12-07 11:48 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
      2021-09-01 12:25 - 2010-10-24 19:51 - 000000000 ____D C:\ProgramData\Adobe
      2021-08-31 14:56 - 2010-10-29 10:05 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
      2021-08-31 14:56 - 2010-10-24 19:26 - 003890712 _____ C:\Windows\system32\perfh01F.dat
      2021-08-31 14:56 - 2010-10-24 19:26 - 003245800 _____ C:\Windows\system32\perfc01F.dat
      2021-08-31 14:56 - 2010-10-24 18:25 - 000006252 _____ C:\Windows\system32\PerfStringBackup.INI
      2021-08-30 23:45 - 2010-10-24 18:20 - 000652664 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      ==================== Files in the root of some directories ========
      2010-10-29 19:41 - 2010-10-30 10:58 - 000008049 _____ () C:\Users\Administrator\AppData\Roaming\XeroxFaxOptions.xml
      2010-10-26 17:33 - 2010-10-26 17:33 - 000000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
      ==================== SigCheck ============================
      (There is no automatic fix for files that do not pass verification.)

      LastRegBack: 2021-09-09 10:36
      ==================== End of FRST.txt ========================
      Addition.txt
    • от vlado1985
      Здравейте мисля че имам вирус, следкато днес инсталирах една актуализация защото ми показваше че има проблем с сертификатите и не ми се зареждаха някои страници. Следкато инсталирах въпросната актуализация ми се появи този страмен сервиз и немога да го махна. Атктуализацията която качих е тази https://www.microsoft.com/en-us/download/details.aspx?id=45633 от тази страница видях че въпросната актуализация е помогнала на няколко човека и аз я качих на мен https://support.google.com/chrome/thread/128686072/net-err-cert-date-invalid-error?hl=en 
      Прилагам снимки на сервиза който ми се появи


    • от Емил Костов
      Здравейте г-да от HJT. На един познат компютърът е заразаен от Loki Locker. Интересното е, че файловете са само 12 и то *.doc. Другите неща не са пипани. Също така на комютъра работи само той и твърди, че не е стартирал нито прикачени файлове, нито е цъкал на съмнителни линкове. Може ли да дадете информация от какво може да се е заразил? Преди няколко години единият хард, който беше на друг компютър, а сега е закачен за този , също бе заразен от криптовирус. Не помня дали беше същият. Но тогава беше почистен с ваша помощ, даже мисля, че лично после форматирах харда с LLF. Има ли вероятност да е останал този вирус и примерно да се е реактивирал наново?
       Утре ще пусна логовете от Fabar Recovery Scan Tool, защото не съм на неговата машина. AppChеck Anti-Ransomware не е успял да го спаси, но пък и информацията я има записана в облак.

    • от Jokera42
      My phone and computer have been behaving strangely for several days, and on top of all that, my phone's antivirus has detected "Android / TrojanSMS.Agent.DLE (option)", and it says NextGen-Games.apk above it, saved in /storage/emulated/0/Download/NextGen-Games.apk, there is a chance that besides a virus it will also be a rootkit, can you tell me how the rootkit can be removed from a phone and a computer? After the phone and my computer have been charged with a charger and headphones have been inserted, can the virus be transmitted from the charger or headset devices?
    • от 2249
      Здравейте.
      От седмица забелязвам, че компютърът се държи странно - взе да работи по-бавно. През Task manager виждам временно сериозно натоварване на процесора. От два-три дни Старт бутонът спря да функционира. Днес забелязвам, че Старт бутонът продължава да не функционира, Task manager е празен и не показва процеси, Control panel се отваря, но част от опциите не се стартират /напр. System/. Malwarebytes /Premium/ не открива нищо, Windows security не мога да стартирам. Моля за помощ и насоки.
      Addition.txt
      FRST.txt
×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване