В прикачения файл Ви показвам какво ми засече антивърусната програма. Трия го от карантината. И като пусна отново антивирусната се появява отново. Трябва ли да изтрия google chrome  и да го инсталирам отново или това нее опасно? 

Здравейте,
Моля, прочетете темата зад линка

https://www.kaldata.com/forums/topic/132819-системата-ми-е-инфектирана-какво-да-правя-сега/

и изпълнете инструкциите, като създадете нова тема в Раздел
https://www.kaldata.com/forums/forum/137-премахване-на-зловреден-софтуер/

Изчакайте спокойно член на HJT екипа (САМО такъв с табелка ) да разпише инструкции за действие. Понякога те не са на линия известно време. Все пак всичко е на доброволни начала.
И по време на асистираното почистване не прилагайте други инструменти за почистване. Това само пречи на процеса на почистване.
Успех!

 

Редактирано 28 декември 20187 г. от DarkEdge (преглед на промените)

Здравейте,

Намерените обекти според снимката не приличат на злонамерени обекти. Едната грешка била за невалиден стартиращ обект, другата не се вижда каква е, но определено не става въпрос за засичане на обектите с дефиниция. Иначе това са легитимни обекти (не че не могат да бъдат пачнати от зловреден софтуер), но в този случай по-скоро антивирусната е направила един вид сканиране за невалидни обекти (нещо, което обикновено антивирусните не правят, а оставят това на "оптимизиращия" софтуер).

Все пак за да проверим системата пуснете лог файловете от FRST, както е описано в тази тема:

Системата ми е инфектирана - Какво да правя сега?

Но на този етап не мисля, че има поводи за притеснения.

Поздрави!

преди 5 минути, B-boy/StyLe/ написа:

Здравейте,

Намерените обекти според снимката не приличат на злонамерени обекти. Едната грешка била за невалиден стартиращ обект, другата не се вижда каква е, но определено не става въпрос за засичане на обектите с дефиниция. Иначе това са легитимни обекти (не че не могат да бъдат пачнати от зловреден софтуер), но в този случай по-скоро антивирусната е направила един вид сканиране за невалидни обекти (нещо, което обикновено антивирусните не правят, а оставят това на "оптимизиращия" софтуер).

Все пак за да проверим системата пуснете лог файловете от FRST, както е описано в тази тема:

Системата ми е инфектирана - Какво да правя сега?

Но на този етап не мисля, че има поводи за притеснения.

Поздрави!

Благодаря за отговора, имах съмнения, че не е нещо зловредно

преди 19 минути, B-boy/StyLe/ написа:

Здравейте,

Намерените обекти според снимката не приличат на злонамерени обекти. Едната грешка била за невалиден стартиращ обект, другата не се вижда каква е, но определено не става въпрос за засичане на обектите с дефиниция. Иначе това са легитимни обекти (не че не могат да бъдат пачнати от зловреден софтуер), но в този случай по-скоро антивирусната е направила един вид сканиране за невалидни обекти (нещо, което обикновено антивирусните не правят, а оставят това на "оптимизиращия" софтуер).

Все пак за да проверим системата пуснете лог файловете от FRST, както е описано в тази тема:

Системата ми е инфектирана - Какво да правя сега?

Но на този етап не мисля, че има поводи за притеснения.

Поздрави!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28.12.2018 01
Ran by DELL (administrator) on DELL-PC (28-12-2018 20:56:31)
Running from C:\Users\DELL\Downloads
Loaded Profiles: DELL (Available Profiles: DELL)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Български (България)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Qihoo 360 Technology Co. Ltd.) C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Qihoo 360 Technology Co. Ltd.) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
(© 2015 Microsoft Corporation) C:\Users\DELL\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHWatchdog.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(MPC-HC Team) C:\Program Files\MPC-HC\mpc-hc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2241832 2011-04-22] (Synaptics Incorporated)
HKLM\...\Run: [QHSafeTray] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe [2327616 2018-07-25] (Qihoo 360 Technology Co. Ltd.)
HKU\S-1-5-21-562318626-4177380717-3042065283-1000\...\Run: [BingSvc] => C:\Users\DELL\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-01-15] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-562318626-4177380717-3042065283-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd)
HKU\S-1-5-21-562318626-4177380717-3042065283-1000\...\Run: [GoogleChromeAutoLaunch_4061A3059D27C63A84FB99ECD0D22755] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426400 2018-12-12] (Google Inc.)
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\system32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
HKLM\...\Drivers32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32: [VIDC.VP80] => vp8vfw.dll

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{01A977F9-B0DC-4663-AB6D-F48534569936}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-562318626-4177380717-3042065283-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
SearchScopes: HKU\S-1-5-21-562318626-4177380717-3042065283-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler: sacore - No CLSID Value - 

FireFox:
========
FF DefaultProfile: 9sbbef98.default
FF ProfilePath: C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\9sbbef98.default [2018-12-28]
FF Extension: (No Name) - C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\9sbbef98.default\extensions\[email protected] [not found]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\360\Total Security\safemon\webprotection_firefox
FF Extension: (360 Internet Protection) - C:\Program Files\360\Total Security\safemon\webprotection_firefox [2016-06-25] [Legacy]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-02-09]
FF HKU\S-1-5-21-562318626-4177380717-3042065283-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\DELL\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-05] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default [2018-12-28]
CHR Extension: (Качване на снимки на Instagram™) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdelcidjafappdngohdlmokobehkgijc [2018-07-09]
CHR Extension: (Mini for Instagram™) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\elgkaganeohngoabbfjlnfchfbaeapcg [2018-10-13]
CHR Extension: (AdBlock) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-12-11]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Notifications for Instagram) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2018-11-05]
CHR Extension: (Chrome Media Router) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-19]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-562318626-4177380717-3042065283-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-12] (Google Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 QHActiveDefense; C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe [960576 2018-07-25] (Qihoo 360 Technology Co. Ltd.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2462160 2014-07-21] (Paramount Software UK Ltd)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker.sys [158328 2017-12-01] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [74472 2018-07-25] (360.cn)
R1 360Box; C:\Windows\System32\DRIVERS\360Box.sys [214464 2018-07-25] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera.sys [43456 2017-06-09] (360.cn)
R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [79992 2018-01-12] (360.cn)
R1 360SelfProtection; C:\Windows\System32\drivers\360SelfProtection.sys [192704 2017-06-09] (360安全中心)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV.sys [202360 2018-07-25] (360.cn)
R3 BRCMDECO; C:\Windows\System32\DRIVERS\BRCMHD32.sys [114688 2010-08-15] (Broadcom Corporation)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [71208 2010-11-15] (Broadcom Corporation.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-12-22] (Disc Soft Ltd)
R1 EfiMon; C:\Windows\System32\Drivers\Efimon.sys [40880 2017-12-01] (360.cn)
R0 HookPort; C:\Windows\System32\Drivers\Hookport.sys [73664 2017-06-09] (360安全中心)
R3 IdcFltr; C:\Windows\System32\DRIVERS\idcfltr.sys [37632 2010-09-14] (IdeaCom Technology Inc.)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2018-12-24] (Malwarebytes)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [13528 2014-07-21] ()
R1 qutmdserv; C:\Windows\System32\DRIVERS\qutmdrv.sys [354168 2018-07-25] (360.cn)
R1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [70720 2017-06-09] (360.cn)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [267480 2013-07-09] (Realtek Semiconductor Corp.)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [59248 2012-05-21] (STMicroelectronics)
U3 aswbdisk; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-28 20:56 - 2018-12-28 20:57 - 000011916 _____ C:\Users\DELL\Downloads\FRST.txt
2018-12-28 20:56 - 2018-12-28 20:56 - 000000000 ____D C:\FRST
2018-12-28 20:52 - 2018-12-28 20:52 - 001781248 _____ (Farbar) C:\Users\DELL\Downloads\FRST.exe
2018-12-28 19:33 - 2018-12-28 19:33 - 000000000 ____D C:\Users\DELL\AppData\Local\Viber Media S.à r.l
2018-12-28 19:31 - 2018-12-28 19:33 - 000000000 ____D C:\Users\DELL\AppData\Roaming\ViberPC
2018-12-28 19:30 - 2018-12-28 19:30 - 000000938 _____ C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2018-12-28 19:30 - 2018-12-28 19:30 - 000000936 _____ C:\Users\DELL\Desktop\Viber.lnk
2018-12-28 19:30 - 2018-12-28 19:30 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2018-12-28 19:29 - 2018-12-28 19:30 - 000000000 ____D C:\Users\DELL\AppData\Local\Viber
2018-12-28 19:29 - 2018-12-28 19:29 - 000000000 ____D C:\Users\DELL\AppData\Local\Package Cache
2018-12-28 19:22 - 2018-12-28 19:22 - 089690680 _____ (Viber Media Inc.) C:\Users\DELL\Downloads\ViberSetup.exe
2018-12-27 11:29 - 2018-12-27 11:29 - 000000000 ____D C:\Users\DELL\Downloads\MF3200_series_MFDrivers_W64_uk_EN
2018-12-27 11:28 - 2018-12-27 11:28 - 009960576 _____ C:\Users\DELL\Downloads\MF3200_series_MFDrivers_W64_uk_EN.exe
2018-12-27 01:14 - 2018-12-27 01:14 - 000061544 _____ C:\Users\DELL\AppData\Local\GDIPFONTCACHEV1.DAT
2018-12-27 00:17 - 2018-12-27 00:17 - 000448512 _____ (OldTimer Tools) C:\Users\DELL\Desktop\TFC.exe
2018-12-22 23:35 - 2018-12-24 14:37 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-18 23:59 - 2018-12-18 23:59 - 000000000 ____D C:\Users\DELL\AppData\Roaming\MPC-HC
2018-12-18 23:55 - 2018-12-18 23:55 - 000001821 _____ C:\Users\DELL\Desktop\MPC-HC.lnk
2018-12-18 23:55 - 2018-12-18 23:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2018-12-18 23:55 - 2018-12-18 23:55 - 000000000 ____D C:\Program Files\MPC-HC
2018-12-18 23:28 - 2018-12-18 23:42 - 000000000 ____D C:\KMPlayer
2018-12-11 20:55 - 2018-12-11 21:01 - 000000000 ____D C:\Users\DELL\Desktop\ел. пила

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-28 20:16 - 2015-07-23 16:29 - 000000000 ____D C:\Users\DELL\AppData\LocalLow\360WD
2018-12-28 20:13 - 2009-07-14 06:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-28 20:13 - 2009-07-14 06:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-28 20:04 - 2014-12-22 15:43 - 000000202 _____ C:\Windows\Tasks\AutoKMSDaily.job
2018-12-28 20:04 - 2014-12-22 15:43 - 000000198 _____ C:\Windows\Tasks\AutoKMS.job
2018-12-28 20:04 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-28 19:57 - 2015-07-23 16:07 - 000000000 ____D C:\ProgramData\360Quarant
2018-12-28 19:32 - 2018-01-20 11:03 - 000000000 ____D C:\Users\DELL\AppData\Roaming\360DrvMgr
2018-12-27 19:45 - 2016-08-06 07:32 - 000000000 ____D C:\Users\DELL\Documents\ViberDownloads
2018-12-27 10:33 - 2015-07-01 11:46 - 000000000 ____D C:\Users\DELL\AppData\Local\ElevatedDiagnostics
2018-12-27 10:33 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2018-12-27 00:10 - 2017-01-10 18:43 - 000000000 __SHD C:\found.002
2018-12-27 00:10 - 2016-10-05 14:18 - 000000000 __SHD C:\found.001
2018-12-27 00:10 - 2015-12-29 17:50 - 000000000 __SHD C:\found.000
2018-12-27 00:10 - 2014-12-22 15:35 - 000000000 ____D C:\Users\DELL\AppData\Roaming\uTorrent
2018-12-26 16:31 - 2010-11-20 23:01 - 000713888 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-23 11:39 - 2015-08-08 12:46 - 000000000 ____D C:\Windows\system32\Macromed
2018-12-23 00:52 - 2016-06-24 14:06 - 000000000 __SHD C:\$360Section
2018-12-22 23:24 - 2018-10-15 16:49 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-12-20 11:13 - 2015-07-08 17:11 - 000000000 ____D C:\Program Files\CCleaner
2018-12-20 11:09 - 2015-08-11 19:13 - 000000000 ____D C:\Users\DELL\AppData\Roaming\ACEStream
2018-12-19 17:59 - 2015-08-11 19:16 - 000000000 ____D C:\Users\DELL\AppData\Roaming\.ACEStream
2018-12-18 10:54 - 2018-07-26 13:41 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-18 10:54 - 2018-07-26 13:41 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-13 15:31 - 2018-11-02 23:30 - 000001264 _____ C:\Users\Public\Desktop\Skype.lnk
2018-12-13 15:31 - 2018-11-02 23:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-12-12 15:34 - 2016-07-25 18:02 - 000000000 ____D C:\Program Files\TeamViewer
2018-12-09 12:56 - 2015-07-23 16:29 - 000000000 ____D C:\ProgramData\360safe
2018-12-06 14:21 - 2009-07-14 06:53 - 000032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-12-05 17:51 - 2015-08-08 12:46 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-12-05 17:51 - 2015-08-08 12:46 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-12-02 15:48 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2016-07-20 23:52 - 2016-07-22 15:38 - 000129024 _____ () C:\Users\DELL\AppData\Roaming\Installer.dat
2015-09-18 15:56 - 2015-09-18 15:56 - 000000000 _____ () C:\Users\DELL\AppData\Local\{0B6843CC-42E9-4281-989F-0E7D42CEA04E}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-27 19:16

==================== End of FRST.txt ============================

Addition.txt