Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Премахване на зловреден софтуер - логове


Препоръчан отговор

My phone and computer have been behaving strangely for several days, and on top of all that, my phone's antivirus has detected "Android / TrojanSMS.Agent.DLE (option)", and it says NextGen-Games.apk above it, saved in /storage/emulated/0/Download/NextGen-Games.apk, there is a chance that besides a virus it will also be a rootkit, can you tell me how the rootkit can be removed from a phone and a computer? After the phone and my computer have been charged with a charger and headphones have been inserted, can the virus be transmitted from the charger or headset devices?

  • Еха 1
  • Ха-ха 2
Линк към коментара
Сподели в други сайтове

За компютъра:
Моля, прочетете темата зад линка


и изпълнете инструкциите, като създадете нова тема в Раздел
https://www.kaldata.com/forums/forum/137-премахване-на-зловреден-софтуер/

Изчакайте спокойно член на HJT екипа (САМО такъв с табелка hjt.png.29274ffd9e6d6ed57ca706eb25723906  да разпише инструкции за действие. Понякога те не са на линия известно време. Все пак всичко е на доброволни начала.

И по време на асистираното почистване не прилагайте други инструменти за почистване. Това само пречи на процеса на почистване.
Ако експертите от този раздел преценят, че не е за тях, ще я преместят в друг подходящ раздел.
Успех!



Сканиране с Farbar Recovery Scan Tool 

  • Моля изтеглете Farbar Recovery Scan Tool (според версията на Windows изберете 32-битовата или 64-битовата версия) и го запазете на десктопа.
  • Стартирайте файла FRST.exe (или FRST64.exe)
  • Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
  • Натиснете бутона [Scan].
  • Изчакайте търпеливо проверката да приключи.
  • Ще се създадат два лог файла с имена FRST.txt и Addition.txt на десктопа.
  • Копирайте съдържанието на файла FRST.txt в следващия си пост. Прикачете Addition.txt в коментара си (погледнете опцията Прикачване на файлове, когато публикувате мнение).

Дневници 

В следващия си отговор, моля да включите (като копирате целите съдържания ) следните дневници:

  • FRST.txt (копирате цялото съдържание)
  • Addition.txt (копирате цялото съдържание) 

 

Линк към коментара
Сподели в други сайтове

Аз прехвърлих темата в раздела за Андроид устройства. Моля не ни я връщайте пак в нашия раздел. Тук лекуваме САМО Windows базирани системи.

https://www.kaldata.com/forums/topic/304159-телефонна-сигурност/?tab=comments#comment-4975495

Благодарим! :biggrin:

  • Харесване 2
Линк към коментара
Сподели в други сайтове

Аааа тук има създадена и втора тема и вече в играта се включва и компютъра ...! От половин час се чудя какво става ..!   :)

  • Харесване 1
Линк към коментара
Сподели в други сайтове

преди 2 часа, Jokera42 написа:

Може ли след като телефона и компютъра ми да бъдат зареждани със зарядно и да са вкарвани слушалки в тях да се предаде вируса от устройствата на зарядните или слушалките?

Не знам какво се включва, но мен лично ме загубихте след това изречение. Ице, случая е твой. ;)

  • Ха-ха 5
Линк към коментара
Сподели в други сайтове

преди 1 минута, B-boy/StyLe/ написа:

но мен лично ме загубихте след това изречение

Нормално е ..! :)

Към автора..! Моля да се поуспокоим малко  и да прочетем какво е зловреден софтуер:

What is malware? Definition and how to tell if you're infected | Malwarebytes

 

 

преди 7 минути, B-boy/StyLe/ написа:

Ице, случая е твой

Знаех си че ще кажеш така ..! :emoji_smiley-14:

  • Харесване 1
  • Ха-ха 1
Линк към коментара
Сподели в други сайтове

преди 12 минути, icotonev написа:

Знаех си че ще кажеш така ..! :emoji_smiley-14:

Ами аз си взех квотата и без това. Имах вече един случай за UEFI firmware rootkit и се изчерпах. ;)

  • Ха-ха 1
Линк към коментара
Сподели в други сайтове

Шегувам се, разбира се ..! Ще видим какво мога да направя ..! Само че като гледам май само си пишем тук , а топикстартера  го няма никакъв ..!!!  :) 

  • Харесване 3
Линк към коментара
Сподели в други сайтове

преди 3 часа, Jokera42 написа:

Може ли след като телефона и компютъра ми да бъдат зареждани със зарядно и да са вкарвани слушалки в тях да се предаде вируса от устройствата на зарядните или слушалките?

Голям бисер..! Категорично не...! :) 

Линк към коментара
Сподели в други сайтове

преди 2 часа, B-boy/StyLe/ написа:

Не знам какво се включва, но мен лично ме загубихте след това изречение. Ице, случая е твой. ;)

Не знам за какъв случай говорите , тъй като не съм болен, че да има такъв, и не знам дали съм ви загубил, но не разбирам от компютри и телефони до такава степен, за това питам. Ако разбирам дали щях да пусна темата във форума ? Също така не мога да разбера и ''ха-ха''-тата с които хората реагират, тъй като не виждам нищо смешно в това когато човек не разбира от нещо да поразпита за повече информация, защото и най-нелепите неща може да станат реалност.

Линк към коментара
Сподели в други сайтове

преди 1 час, icotonev написа:

Голям бисер..! Категорично не...! :) 

в англоезични форуми видях, че използват термина IoT за да обозначат нещата който си служат с интернет, но не са мобилни устройства и компютри, а може ли да се предава руткит  или вирус от устройство на устройство ако например в телефона ми има руткит или др. вирус и съм го свързвал чрез кабел за лаптопа ми, и възможно ли е ако телефона ми има руткит или др. вирус и съм се свързал към рутер и след това свържа други устройства без проблеми да прихванат руткита или вируса и той да е един вид като разпространител ?

Линк към коментара
Сподели в други сайтове

За втори път ви предупреждавам че в този раздел почистваме компютърни системи с  Windows базирани системи.Моля изпълнете изискванията от тази тема:

 

Очаквам вашите дневници за анализ само на компютъра ви и след като ги прегледам ще мога да кажа повече ..Така наизуст в този раздел няма как да се случат нещата ...! Това не е раздел за въпроси и отговори а специализиран такъв и си има специфични правила..! 

  • Харесване 3
Линк към коментара
Сподели в други сайтове

Здравейте..! Дневникът FRST.txt не е пълен..! Възможно е при копирането да е имало проблем..Очаквам да публикувате пълен дневник... моля, стартирайте ново FRST сканиране.

Линк към коментара
Сподели в други сайтове

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-09-2021
Ran by NITRO 5 (administrator) on DESKTOP-9RURBSP (Acer Nitro AN515-44) (07-09-2021 14:03:49)
Running from C:\Users\NITRO 5\Pictures
Loaded Profiles: NITRO 5
Platform: Windows 10 Pro Version 20H2 19042.1165 (X64) Language: Български (България)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0357176.inf_amd64_828ff99cacd4aa89\B356563\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0357176.inf_amd64_828ff99cacd4aa89\B356563\atiesrxx.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4>
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(Garena Online Pte Ltd -> Garena Online) C:\Program Files (x86)\Garena\Garena\2.0.1909.2618\gxxsvc.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <41>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\NITRO 5\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2108.25001.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20206.0_x64__8wekyb3d8bbwe\HxAccounts.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20206.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20206.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CredentialEnrollmentManager.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_1aa46fd50478221c\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\KAPS.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1076016 2020-04-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [171832 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-590008821-3718230565-1910597314-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [409280 2020-12-23] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-590008821-3718230565-1910597314-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4110568 2021-07-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-590008821-3718230565-1910597314-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33310688 2021-09-01] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-590008821-3718230565-1910597314-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91016568 2020-12-30] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-590008821-3718230565-1910597314-1001\...\Run: [Discord] => C:\Users\NITRO 5\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-590008821-3718230565-1910597314-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\NITRO 5\AppData\Local\Microsoft\Teams\Update.exe [2455264 2021-09-04] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-590008821-3718230565-1910597314-1001\...\Run: [101XPGameCenter] => "C:\Program Files (x86)\101XP Game Center\launcher101xp.exe"
HKU\S-1-5-21-590008821-3718230565-1910597314-1001\...\Run: [MicrosoftEdgeAutoLaunch_0A23C8B0BE15785F02973E14C321845E] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\93.0.4577.63\Installer\chrmstp.exe [2021-09-02] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16A9A127-07F5-482D-9BEC-3BBA608A416B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {1A259CD3-0A73-479C-A9BA-5FF4D7C4B7F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-23] (Google LLC -> Google LLC)
Task: {26E700E0-31F0-492F-8F2D-5F9CF1614855} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {272394A7-0BDF-4B67-A989-2CF5755E43C4} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1821968 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {39551AF7-8F04-4686-9DDA-046A2E64F6B4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-23] (Google LLC -> Google LLC)
Task: {6CC6EE01-3A6E-467E-93DB-4F0BB468E4EB} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4965176 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {804B981A-1691-45D7-89A0-03B15E7B1773} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {84C519C7-14BB-4799-AE0B-D1C02CC8374F} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {90A96F6E-1416-4864-A0F7-38809E17B758} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {989AC529-9158-4371-8B83-D02164379667} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A0756FD1-FAA6-46D4-8BA6-C83776AC7DB3} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A21A038A-F5AA-4E0D-8C9F-54538F5F4356} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ADBE3664-D165-4FDB-AA4F-20438F48915B} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ADC5A34A-F269-47A3-A7E6-5A83E9FF0150} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {ADE8BC21-C914-405C-96B3-8B4D811E615E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C7EAE236-3235-42EF-B29D-591FF255FFA7} - System32\Tasks\gxx speed launcher => C:\Program Files (x86)\Garena\Garena\Garena.exe [457600 2019-09-26] (Garena Online Pte Ltd -> Garena Online)
Task: {C7F370C0-50A8-47DF-B629-F0F2FBAF20AF} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693456 2020-12-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {CAEA09D4-92B1-4241-B50A-F71C643F6B4A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {D402F29E-4EF3-42D4-B6D4-6D7C2A759806} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {D64D5E36-17D9-4E5B-88A6-3AF8CCA519AE} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{15bf6b3f-b88d-4c79-85d1-31bee8047cf0}: [DhcpNameServer] 192.168.0.1

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\NITRO 5\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-07]
Edge Extension: (Outlook) - C:\Users\NITRO 5\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-12-23]
Edge Extension: (Word) - C:\Users\NITRO 5\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-12-23]
Edge Extension: (Excel) - C:\Users\NITRO 5\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-12-23]
Edge Extension: (PowerPoint) - C:\Users\NITRO 5\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-12-23]

FireFox:
========
FF DefaultProfile: z7s3bjqr.default
FF ProfilePath: C:\Users\NITRO 5\AppData\Roaming\Mozilla\Firefox\Profiles\z7s3bjqr.default [2021-07-30]
FF ProfilePath: C:\Users\NITRO 5\AppData\Roaming\Mozilla\Firefox\Profiles\5h3pm3k8.default-release [2021-07-30]
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2021-03-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2021-03-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\NITRO 5\AppData\Local\Google\Chrome\User Data\Default [2021-09-07]
CHR Extension: (Adblock Plus — безплатен блокер на реклами) - C:\Users\NITRO 5\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-09-01]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\NITRO 5\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [630584 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [378168 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8350832 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8906088 2021-03-23] (BattlEye Innovations e.K. -> )
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [5030592 2020-12-23] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 FACEITService; C:\Program Files\FACEIT AC\faceitservice.exe [24687048 2021-07-27] (FACE IT LIMITED -> )
R2 GarenaPlatform; C:\Program Files (x86)\Garena\Garena\2.0.1909.2618\gxxsvc.exe [320512 2019-09-26] (Garena Online Pte Ltd -> Garena Online)
R2 Killer Analytics Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [1747464 2019-12-06] (Rivet Networks LLC -> Rivet Networks)
R2 Killer Network Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2651656 2019-12-06] (Rivet Networks LLC -> Rivet Networks)
R3 Killer Wifi Optimization Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe [73720 2019-12-06] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 KNDBWM; C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [73720 2019-12-06] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-08-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 xTendSoftAPService; C:\Windows\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [73728 2019-12-06] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 xTendUtilityService; C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [73736 2019-12-06] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_1aa46fd50478221c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_1aa46fd50478221c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\Windows\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated)
S0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [35856 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [221728 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [367704 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [250480 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [99440 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S0 avgElam; C:\Windows\System32\drivers\avgElam.sys [17336 2021-09-07] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [41488 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [184288 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [538632 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [107976 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [83040 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [851856 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [553640 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [215528 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [328712 2021-09-07] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2020-12-23] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [59360 2020-12-23] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R0 FACEIT; C:\Windows\System32\Drivers\FACEIT.sys [12092432 2021-08-11] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 KfeCoSvc; C:\Windows\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [177288 2019-12-06] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49568 2021-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [434424 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [2742720 2021-07-27] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-07 13:01 - 2021-09-07 14:04 - 000000000 ____D C:\FRST
2021-09-07 10:20 - 2021-09-07 10:20 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2021-09-07 10:20 - 2021-09-07 10:20 - 000002059 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2021-09-07 10:20 - 2021-09-07 10:20 - 000000000 ____D C:\Users\NITRO 5\AppData\Roaming\AVG
2021-09-07 10:20 - 2021-09-07 10:20 - 000000000 ____D C:\Users\NITRO 5\AppData\Local\AVG
2021-09-07 10:18 - 2021-09-07 10:18 - 000851856 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2021-09-07 10:18 - 2021-09-07 10:18 - 000553640 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2021-09-07 10:18 - 2021-09-07 10:18 - 000538632 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetHub.sys
2021-09-07 10:18 - 2021-09-07 10:18 - 000367704 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2021-09-07 10:18 - 2021-09-07 10:18 - 000340792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2021-09-07 10:18 - 2021-09-07 10:18 - 000328712 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2021-09-07 10:18 - 2021-09-07 10:18 - 000250480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2021-09-07 10:18 - 2021-09-07 10:18 - 000221728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2021-09-07 10:18 - 2021-09-07 10:18 - 000215528 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2021-09-07 10:18 - 2021-09-07 10:18 - 000184288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2021-09-07 10:18 - 2021-09-07 10:18 - 000107976 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2021-09-07 10:18 - 2021-09-07 10:18 - 000099440 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2021-09-07 10:18 - 2021-09-07 10:18 - 000083040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2021-09-07 10:18 - 2021-09-07 10:18 - 000041488 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2021-09-07 10:18 - 2021-09-07 10:18 - 000035856 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
2021-09-07 10:18 - 2021-09-07 10:18 - 000017336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgElam.sys
2021-09-07 10:18 - 2021-09-07 10:18 - 000003992 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2021-09-07 10:18 - 2021-09-07 10:18 - 000000000 ____D C:\Windows\system32\Tasks\AVG
2021-09-07 10:18 - 2021-09-07 10:18 - 000000000 ____D C:\Program Files\Common Files\AVG
2021-09-07 10:16 - 2021-09-07 10:18 - 000000000 ____D C:\ProgramData\AVG
2021-09-07 10:16 - 2021-09-07 10:16 - 000000000 ____D C:\Program Files\AVG
2021-09-05 14:55 - 2021-09-06 18:03 - 000000780 _____ C:\Users\NITRO 5\Desktop\Нов текстов документ (3).txt
2021-08-30 19:19 - 2021-08-30 19:19 - 000907780 _____ C:\Users\NITRO 5\Downloads\Информация за студенти - за сайта.pdf
2021-08-14 13:43 - 2021-08-14 13:43 - 000000000 ____D C:\ProgramData\Apple Computer
2021-08-14 13:43 - 2021-08-14 13:43 - 000000000 ____D C:\ProgramData\Apple
2021-08-13 12:22 - 2021-08-13 12:22 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-08-13 12:22 - 2021-08-13 12:22 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-08-13 12:22 - 2021-08-13 12:22 - 001823280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-08-13 12:22 - 2021-08-13 12:22 - 001393480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-08-13 12:22 - 2021-08-13 12:22 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-08-13 12:22 - 2021-08-13 12:22 - 000011347 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-08-13 12:21 - 2021-08-13 12:21 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2021-08-13 12:16 - 2021-08-13 12:16 - 000000000 ___HD C:\$WinREAgent
2021-08-11 18:24 - 2021-08-11 18:25 - 012092432 _____ C:\Windows\system32\Drivers\FACEIT.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-07 14:01 - 2020-12-23 12:28 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-07 14:00 - 2020-11-19 00:44 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-09-07 12:57 - 2020-12-23 23:37 - 000000000 ____D C:\ProgramData\NVIDIA
2021-09-07 10:18 - 2019-12-07 12:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-09-06 13:53 - 2020-12-23 11:48 - 000000000 ____D C:\Users\NITRO 5\AppData\Local\D3DSCache
2021-09-06 12:35 - 2021-01-03 00:11 - 000000000 ____D C:\Users\NITRO 5\AppData\Roaming\discord
2021-09-06 12:34 - 2021-01-03 00:11 - 000000000 ____D C:\Users\NITRO 5\AppData\Local\Discord
2021-09-06 12:04 - 2020-12-23 17:42 - 000000000 ____D C:\Program Files (x86)\Steam
2021-09-06 12:03 - 2020-12-30 14:35 - 000000000 ____D C:\Users\NITRO 5\AppData\Roaming\FACEIT
2021-09-05 21:51 - 2019-12-07 12:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-05 11:34 - 2020-12-23 22:20 - 000000000 ____D C:\ProgramData\Riot Games
2021-09-04 21:40 - 2021-03-21 21:03 - 000000000 ____D C:\Users\NITRO 5\AppData\Local\CrashDumps
2021-09-04 17:46 - 2021-01-13 11:18 - 000002374 _____ C:\Users\NITRO 5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-09-04 17:46 - 2021-01-13 11:18 - 000002366 _____ C:\Users\NITRO 5\Desktop\Microsoft Teams.lnk
2021-09-04 17:15 - 2020-11-19 02:47 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-04 17:15 - 2020-11-19 02:47 - 000002288 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-09-04 17:15 - 2019-12-07 12:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-04 17:15 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\AppReadiness
2021-09-02 23:51 - 2021-07-27 10:05 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-09-02 23:50 - 2020-12-23 11:48 - 000795742 _____ C:\Windows\system32\PerfStringBackup.INI
2021-09-02 23:50 - 2019-12-07 12:13 - 000000000 ____D C:\Windows\INF
2021-09-02 23:47 - 2020-12-23 12:29 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-02 23:47 - 2020-12-23 12:29 - 000002204 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-09-02 19:36 - 2020-12-23 17:38 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-02 19:36 - 2020-11-19 02:44 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-09-02 19:35 - 2019-12-07 12:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-08-31 11:19 - 2020-12-23 11:46 - 000803176 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2021-08-23 10:57 - 2020-12-23 17:41 - 000002413 _____ C:\Users\NITRO 5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-08-23 10:57 - 2020-12-23 11:44 - 000003382 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-590008821-3718230565-1910597314-1001
2021-08-18 13:17 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-08-16 17:33 - 2020-11-19 00:44 - 000445776 _____ C:\Windows\system32\FNTCACHE.DAT
2021-08-16 17:32 - 2019-12-07 17:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-08-16 17:32 - 2019-12-07 12:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-08-16 17:32 - 2019-12-07 12:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-08-16 17:32 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-08-16 17:32 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\SystemResources
2021-08-16 17:32 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\oobe
2021-08-16 17:32 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\Dism
2021-08-16 17:32 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\ShellComponents
2021-08-16 17:32 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-08-16 17:32 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\bcastdvr
2021-08-16 17:32 - 2019-12-07 12:03 - 000000000 ____D C:\Windows\servicing
2021-08-16 09:38 - 2020-11-19 02:47 - 000003590 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-16 09:38 - 2020-11-19 02:47 - 000003466 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-08-15 21:26 - 2021-04-19 00:40 - 000000642 _____ C:\Users\NITRO 5\Desktop\Нов текстов документ (2).txt
2021-08-14 15:00 - 2020-12-23 17:43 - 000000000 ____D C:\Users\NITRO 5\AppData\Local\PlaceholderTileLogoFolder
2021-08-14 13:42 - 2020-12-23 17:42 - 000000000 ____D C:\Users\NITRO 5\AppData\Local\Publishers
2021-08-14 13:42 - 2020-12-23 17:41 - 000000000 ____D C:\Users\NITRO 5\AppData\Local\Packages
2021-08-14 13:42 - 2020-11-19 02:48 - 000000000 ____D C:\ProgramData\Packages
2021-08-13 20:07 - 2021-08-07 10:56 - 000000086 _____ C:\Users\NITRO 5\Desktop\Нов текстов документ.txt
2021-08-13 12:24 - 2019-12-07 12:03 - 000000000 ____D C:\Windows\CbsTemp
2021-08-13 12:16 - 2020-12-23 11:49 - 000000000 ____D C:\Windows\system32\MRT
2021-08-13 12:05 - 2020-12-23 11:49 - 133215968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-08-11 18:25 - 2021-02-21 16:27 - 000000000 ____D C:\Program Files\FACEIT AC
2021-08-09 10:54 - 2020-12-23 11:44 - 000000000 ___RD C:\Users\NITRO 5\OneDrive
2021-08-08 11:18 - 2020-12-24 22:44 - 000000000 ____D C:\Users\NITRO 5\AppData\Local\ElevatedDiagnostics

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Линк към коментара
Сподели в други сайтове

Здравейте отново..! Благодаря ви за дневниците..! В интерес на истината два пъти съм преглеждал логовете и не виждам активен зловреден софтуер ..! За мен този компютър е чист..! Въпреки това да направим допълнителни проверки:

СТЪПКА 1:

Сканиране с Malwarebytes Anti-Malware (MBAM)

  • Ако вече имате инсталиран Malwarebytes, отворете Malwarebytes и кликнете върху бутона Сканиране. Той автоматично ще провери за актуализации и ще стартира сканиране на заплахи.
  • Ако все още нямате инсталиран Malwarebytes, моля, изтеглете го от тук и го инсталирайте..... !
  • След като инсталирате, отворете Malwarebytes и изберете Сканиране и го оставете да работи....!
  • След като сканирането приключи, уверете се, че сте поставили под карантина на всички открити обекти
  • Ако не са открити никакви заплахи, щракнете върху падащото меню Запазване на резултатите, след това бутона Експортиране в TXT и запазете файла като текстов файл на работния плот или на друго място, което можете да намерите и прикачите  този дневник при следващия си отговор.
  • Ако е имало засечени заплахи, след като карантината приключи, щракнете върху бутона Преглед на отчета, След това щракнете върху падащото меню Експортиране, след това бутона Експортиране в TXT и запазете файла като текстов файл на вашия работен плот или друго място, което можете да намерите и Прикачете този дневник към следващия си отговор.
  • Ако компютърът се рестартира на етап карантиниране, можете да получите достъп до регистрационните файлове от историята на откриване, а след това раздела История. Маркирайте най-новото сканиране и щракнете двукратно, за да го отворите. След това щракнете върху падащото меню Експортиране, след това върху бутона Експортиране в TXT и запазете файла като текстов файл на вашия работен плот или на друго място, което можете да намерите и прикачите към този дневник при следващия си отговор.

 

СТЪПКА 2:

Моля, изтеглете AdwCleaner от Malwarebytes и запазете файла на вашия работен плот.

    Кликнете с десния бутон върху програмата и изберете Run as Administrator (Стартиране като администратор) , за да стартирате инструмента.
    Приемете Условията за ползване (Terms of use).
    Изчакайте, докато базата данни се актуализира.
    Кликнете върху Сканиране сега (Scan Now).
    Когато приключите, кликнете върху Почистване и ремонт (Clean & Repair).
    Вашият компютър трябва да се рестартира сега, ако са намерени елементи.
    След рестартиране ще се отвори лог файл (AdwCleaner.txt). Прикачете или копирайте съдържанието му в следващия си отговор.

 

СТЪПКА 3:

Microsoft Safety Scanner

  • Microsoft Safety Scanner е безплатен самостоятелен скенер за вируси на Microsoft, който може да се използва за сканиране и премахване на зловреден или потенциално нежелан софтуер от системата.
  •  Изтеглете инструмента от тази връзка на Microsoft:

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

  • Моля, уведомете ме за резултатите от това сканиране.
  • Дневникът се казва MSERT.log
  • Регистрационният файл ще бъде на% SYSTEMROOT% debug msert.log, който в повечето случаи е C:\Windows\debug\msert.log
  • Моля, прикачете този дневник със следващия си отговор.
  • Харесване 1
Линк към коментара
Сподели в други сайтове

След като натиснах експортирането ( на malwarebytes) ми изписа ''Вие нямате разрешение да запазвате на това място. Обърнете се към администратора за да получите това разрешение'', това стана след като исках да запазя текста в ''Този компютър->Локален Диск C. Дали това е повод за тревога? Също така бих искал да попитам възможно ли е да предам някакъв вирус/malware или нещо злонамерено на рутера ми? Ако да, как мога да проверя и евентуално да го изчистя?След като натиснах експортирането ( на malwarebytes) ми изписа ''Вие нямате разрешение да запазвате на това място. Обърнете се към администратора за да получите това разрешение'', това стана след като исках да запазя текста в ''Този компютър->Локален Диск C. Дали това е повод за тревога? Също така бих искал да попитам възможно ли е да предам някакъв вирус/malware или нещо злонамерено на рутера ми, защото наистина от няколко дни устройствата ми работят по-бавно и зареждат страници по-бавно. Ако е възможно, как мога да проверя и евентуално да го изчистя?

txt mlwrbts.txt msert.log AdwCleaner[C02].txt

Линк към коментара
Сподели в други сайтове

преди 44 минути, Jokera42 написа:

защото наистина от няколко дни устройствата ми работят по-бавно и зареждат страници по-бавно.

..това е нещо ново ..за първи път го споменавате..! Може ли малко подробности..? А с доставчика свързахте ли се ...? 

Линк към коментара
Сподели в други сайтове

 

преди 1 час, icotonev написа:

..това е нещо ново ..за първи път го споменавате..! Може ли малко подробности..? А с доставчика свързахте ли се ...? 

Не съм се свързвал с доставчика, а за подробности например отварям гугъл и влизам в някой сайт, при което зарежда по-бавно, а на телефона например отварям ютуб и зарежда по-бавно, а след това ако искам да отида на начален екран натискам хоум бутона и трябва малко повече време за да отида на начален екран, за това си и мисля, че може да имам вирус или някакъв руткит или софтуер ( както казах, не съм толкова на ти със тези технологии) който може да съм предал към рутера ми и съответно да съм предоставил някакъв достъп и до другите ми устройства.

Линк към коментара
Сподели в други сайтове

Това което споменавате е толкова относително и може да е предизвикано от хиляди неща...Вашите дневници не показват наличие на какъвто и да е  зловреден софтуер..! Защо не ресетнете вашия рутер..:

How To Reset Your Router & Modem 2021 - The Ultimate Guide (networkshardware.com)

Фикс с Farbar Recovery Scan Tool

  • Щракнете с десния бутон върху иконата FRST и изберете Изпълнете като администратор
  • Маркирайте  информацията от карето по долу , след което натиснете клавишите Ctrl + C едновременно и текстът ще бъде копиран
  • Няма нужда да поставяте информацията , FRST ще я направи вместо вас.
Start::
CreateRestorePoint:
CloseProcesses:

AlternateDataStreams: C:\Users\NITRO 5\Application Data:ec1be289b1dc3f0834b6b7f0a7240eb6 [394]
AlternateDataStreams: C:\Users\NITRO 5\AppData\Roaming:ec1be289b1dc3f0834b6b7f0a7240eb6 [394]
FirewallRules: [{CD6BDD63-70B1-4F51-B733-91141CE920E1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{09378A05-0C25-4F0C-A5A2-2B5D65554493}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{F584FCDB-E3EF-437C-9854-F5301E408DE3}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

EmptyTemp:
Restart:
End::

 

ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

Следните директории се изпразват:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Натиснете бутона Fix само веднъж и изчакайте.


Забележка:    Не е необходимо да поставяте скрипта в FRST .
Рестартирайте компютъра, ако бъдете подканени.
Когато поправката е завършена, FRST ще генерира дневник на същото място, от което е стартиран (Fixlog.txt)
Моля, копирайте и поставете съдържанието му във вашия отговор.

Линк към коментара
Сподели в други сайтове

преди 1 час, icotonev написа:

Това което споменавате е толкова относително и може да е предизвикано от хиляди неща...Вашите дневници не показват наличие на какъвто и да е  зловреден софтуер..! Защо не ресетнете вашия рутер..:

How To Reset Your Router & Modem 2021 - The Ultimate Guide (networkshardware.com)

Фикс с Farbar Recovery Scan Tool

  • Щракнете с десния бутон върху иконата FRST и изберете Изпълнете като администратор
  • Маркирайте  информацията от карето по долу , след което натиснете клавишите Ctrl + C едновременно и текстът ще бъде копиран
  • Няма нужда да поставяте информацията , FRST ще я направи вместо вас.
Start::
CreateRestorePoint:
CloseProcesses:

AlternateDataStreams: C:\Users\NITRO 5\Application Data:ec1be289b1dc3f0834b6b7f0a7240eb6 [394]
AlternateDataStreams: C:\Users\NITRO 5\AppData\Roaming:ec1be289b1dc3f0834b6b7f0a7240eb6 [394]
FirewallRules: [{CD6BDD63-70B1-4F51-B733-91141CE920E1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{09378A05-0C25-4F0C-A5A2-2B5D65554493}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{F584FCDB-E3EF-437C-9854-F5301E408DE3}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

EmptyTemp:
Restart:
End::

 

ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

Следните директории се изпразват:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Натиснете бутона Fix само веднъж и изчакайте.


Забележка:    Не е необходимо да поставяте скрипта в FRST .
Рестартирайте компютъра, ако бъдете подканени.
Когато поправката е завършена, FRST ще генерира дневник на същото място, от което е стартиран (Fixlog.txt)
Моля, копирайте и поставете съдържанието му във вашия отговор.

Мерси за информацията, вчера също така от нищото докато бях във ФБ ми изписа ''сесията изтече'', като използвах мобилни данни и докато гледах във Ютуб ( на телевизор който е в друга стая и има отделен рутер, като рутера понякога се използва и от другите ми устройства) пак от нищото докато гледах изписа ''Приложението ще се рестартира за да се освободи повече памет'', което до сега никога не ми е излизало. За това си и мислех да не би да стават много съвпаденията и по някакъв начин да предавам от телефона към компютъра към рутерите и така в кръговрат.

Линк към коментара
Сподели в други сайтове

Здравейте..! Какво се случва при вас ..? Моля уведомете ме ако сте решили проблема си..! Благодаря..! 

Линк към коментара
Сподели в други сайтове

 Изглежда, че този проблем е решен ...!  Поради липса на обратна връзка, затварям тази тема .Ако имате нужда тази тема да бъде отворена отново, моля, свържете се с мен с лично съобщение или с друг член на персонала ...! Радвам се, че можем да помогнем...!  :) 

Линк към коментара
Сподели в други сайтове

Гост
Тази тема е заключена за нови отговори.
  • Разглеждащи това в момента   0 потребители

    • Няма регистрирани потребители разглеждащи тази страница.
  • Горещи теми в момента

  • Подобни теми

    • от Wizard
      Здравейте, имам съмнение, че системата ми е заразена, тъй като наскоро пробваха да ми източат дебитната карта през Фейсбук, въпреки че паролите ми са силни и ги сменям често. Не ходя по порносайтове, но въпреки това... Благодаря предварително за помощта!
      Addition.txt FRST.txt
    • от Yavor Stoyanov
      Здравейте, става дума за Windows 8 64б. 
      Съветвам се с вас и моля за помощ, тъй като компютъра имаше сериозни проблеми с този лаптоп. Като цяло с инсталациите на множество програми беше вкарала няколко гадни червея с които се справих с лекота, но остана проблема с свалянето на файлове като цяло, като дава грешка ( сканирането за вируси не може да бъде завършено). Абсолютно всяка програма която се слага на лаптопа минава през флашка и моя компютър. На лаптопа преди моята намеса имаше инсталирани съвместно множество антивирусни, които премахнах, или поне тези които можах, възможни са останки от тях!
      Пробвах да активирам дефендъра на уиндоус ама и той ми каза да си гледам работата, защото е забранен от груповите правила, а познайте какво не виждам там: раздел Windows Defender
      Прикрепям логовете, и моля за помощ, с вързани ръце съм...
       
      Addition.txt FRST.txt
    • от miroslav24
      Здравейте,странно нещо се случи след като си пуснах компютъра и опитах да си вляза в пощата,установих че при натискане на един бутон се изписват две букви.Прави го само на горния ред и на някои от цифрите.Сканирах с Malwarebytes и публикувам резултата.Не съм предприемал никакви действия по карантиниране или изчистване на намереното.
      Malwarebytes
      www.malwarebytes.com
      -Log Details-
      Scan Date: 11/5/21
      Scan Time: 11:58 AM
      Log File: e0e93651-3e1e-11ec-93b7-180373dd34b3.json
      -Software Information-
      Version: 4.4.10.144
      Components Version: 1.0.1499
      Update Package Version: 1.0.46810
      License: Trial
      -System Information-
      OS: Windows 7 Service Pack 1
      CPU: x64
      File System: NTFS
      User: m-PC\user
      -Scan Summary-
      Scan Type: Threat Scan
      Scan Initiated By: Manual
      Result: Completed
      Objects Scanned: 314020
      Threats Detected: 1
      Threats Quarantined: 0
      Time Elapsed: 5 min, 16 sec
      -Scan Options-
      Memory: Enabled
      Startup: Enabled
      Filesystem: Enabled
      Archives: Enabled
      Rootkits: Disabled
      Heuristics: Enabled
      PUP: Detect
      PUM: Detect
      -Scan Details-
      Process: 0
      (No malicious items detected)
      Module: 0
      (No malicious items detected)
      Registry Key: 0
      (No malicious items detected)
      Registry Value: 0
      (No malicious items detected)
      Registry Data: 0
      (No malicious items detected)
      Data Stream: 0
      (No malicious items detected)
      Folder: 0
      (No malicious items detected)
      File: 1
      Adware.InstallCore, C:\USERS\USER\APPDATA\LOCAL\TEMP\BITC986.TMP.EXE, No Action By User, 517, 640569, 1.0.46810, 760370905C2B1C149042EF74, dds, 01496465, C292D40EF8D20CA5CCCEBA246BE70754, 622A4F58BBAE04994DFA4625E24009DE2B1AE01FE6B7691C6D24BCA0014BAE21
      Physical Sector: 0
      (No malicious items detected)
      WMI: 0
      (No malicious items detected)

      (end)
      прикачам и файлове от сканиране с FRST
       
       
      FRST.txt Addition.txt
    • от valyo_93
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-09-2021
      Ran by Administrator (administrator) on GLBG1543PC04 (Hewlett-Packard HP Compaq 6005 Pro SFF PC) (16-09-2021 11:56:16)
      Running from D:\Users\Administrator\Desktop
      Loaded Profiles: Administrator
      Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) Language: English (United States)
      Default browser: IE
      Boot Mode: Normal
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      () [File not signed] C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe
      () [File not signed] C:\Windows\System32\xWD35bgnd.exe
      () [File not signed] C:\Windows\Xerox\PanelMgr\SSMMgr.exe
      (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
      (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
      (Advanced Micro Devices Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
      (ATI Technologies Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
      (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <16>
      (Google LLC -> Google LLC) C:\Program Files\Google\Update\1.3.36.102\GoogleCrashHandler.exe
      (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
      (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
      (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
      (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
      (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
      (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
      (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
      (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
      (OCS Inventory NG) [File not signed] C:\Program Files\OCS Inventory Agent\OcsService.exe
      (OCS Inventory NG) [File not signed] C:\Program Files\OCS Inventory Agent\OcsSystray.exe
      (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
      (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
      (Skype Software Sarl -> Skype Technologies) C:\Program Files\Skype\Browser\SkypeBrowserHost.exe
      (TeamViewer -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
      (TeamViewer -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
      (TeamViewer -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe
      (Xerox Corporation) [File not signed] C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe
      ==================== Registry (Whitelisted) ===================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [IME JPN 2007 Migration] => C:\Program Files\Common Files\microsoft shared\IME12\IMEJP\IMJPKLMG.EXE [63856 2011-09-19] (Microsoft Corporation -> Microsoft Corporation)
      HKLM\...\Run: [Korean IME Migration] => C:\Program Files\Common Files\microsoft shared\IME12\IMEKR\IMKRMIG.EXE [26400 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
      HKLM\...\Run: [Microsoft Pinyin IME Migration] => C:\Program Files\Common Files\microsoft shared\IME12\IMESC\IMSCMIG.EXE [32112 2011-05-31] (Microsoft Corporation -> Microsoft Corporation)
      HKLM\...\Run: [XeroxScanUtility] => C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe [430080 2008-04-15] (Xerox Corporation) [File not signed]
      HKLM\...\Run: [XeroxEndeavorBackgroundTask] => C:\Windows\system32\xWD35bgnd.exe [80896 2008-04-14] () [File not signed]
      HKLM\...\Run: [Xerox PanelMgr] => C:\Windows\Xerox\PanelMgr\SSMMgr.exe [626688 2010-01-26] () [File not signed]
      HKLM\...\Run: [Stanley-H_XRX_S2P] => C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe [253952 2010-01-26] () [File not signed]
      HKLM\...\Run: [fssui] => C:\Program Files\Windows Live\Family Safety\fsui.exe [884584 2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-13] (Advanced Micro Devices, Inc.) [File not signed]
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-05-31] (Realtek Semiconductor Corp -> Realtek Semiconductor)
      HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [112920 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Run: [Google Update] => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-04] (Google Inc -> Google Inc.)
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\system: [LogonHoursAction] 2
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\system: [DisableTaskMgr] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\system: [NoDispScrSavPage] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\Explorer: [DisablePersonalDirChange] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\Explorer: [NoRun] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Run: [AvastBrowserAutoLaunch_9E0AB01C37B94381383AE0CDA0DCCFE4] => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [2049792 2021-08-20] (Avast Software s.r.o. -> AVAST Software)
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\system: [LogonHoursAction] 2
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\system: [DisableTaskMgr] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\system: [NoDispScrSavPage] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\Explorer: [DisablePersonalDirChange] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\Explorer: [NoRun] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\MountPoints2: {6a2c2d8e-b410-11e3-9029-3cd92b632c53} - G:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Run: [AvastBrowserAutoLaunch_8901C211194C0DFF277C9606C1448E31] => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [2049792 2021-08-20] (Avast Software s.r.o. -> AVAST Software)
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\system: [LogonHoursAction] 2
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\system: [DisableTaskMgr] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\system: [NoDispScrSavPage] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\Explorer: [DisablePersonalDirChange] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\Explorer: [NoRun] 1
      HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
      HKLM\...\Windows NT x86\Print Processors\sxs2mPC: C:\Windows\System32\spool\prtprocs\W32X86\sxs2mpc.dll [19968 2010-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) 2000 DDK provider)
      HKLM\...\Windows NT x86\Print Processors\XeroxV5Print: C:\Windows\System32\spool\prtprocs\W32X86\x5print.dll [10752 2008-05-09] (Xerox Corporation) [File not signed]
      HKLM\...\Windows NT x86\Print Processors\xp3220: C:\Windows\System32\spool\prtprocs\W32X86\xp3220pp.dll [56320 2009-06-17] (Windows (R) Codename Longhorn DDK provider) [File not signed]
      HKLM\...\Print\Monitors\Language Monitor for Xerox Phaser 6125N: C:\Windows\SYSTEM32\XRZWSLBI.DLL [135284 2009-08-30] (Xerox Co., Ltd.) [File not signed]
      HKLM\...\Print\Monitors\sxs2m Langmon: C:\Windows\SYSTEM32\sxs2ml3.dll [22723 2010-03-29] (Microsoft Windows Hardware Compatibility Publisher -> )
      HKLM\...\Print\Monitors\Xerox PC Fax Port: C:\Windows\SYSTEM32\XeroxFaxPort.dll [94208 2009-04-02] () [File not signed]
      HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
      HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files\AVAST Software\Browser\Application\92.2.11575.159\Installer\chrmstp.exe [2021-09-03] (Avast Software s.r.o. -> AVAST Software)
      HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\93.0.4577.82\Installer\chrmstp.exe [2021-09-14] (Google LLC -> Google LLC)
      HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OCS Inventory NG Systray.lnk [2013-09-20]
      ShortcutTarget: OCS Inventory NG Systray.lnk -> C:\Program Files\OCS Inventory Agent\OcsSystray.exe (OCS Inventory NG) [File not signed]
      GroupPolicy: Restriction ? <==== ATTENTION
      GroupPolicy\User: Restriction ? <==== ATTENTION
      GroupPolicyUsers\S-1-5-21-299244719-1399796724-3294634451-1006\User: Restriction <==== ATTENTION
      GroupPolicyUsers\S-1-5-21-299244719-1399796724-3294634451-1005\User: Restriction <==== ATTENTION
      Policies: C:\Users\Administrator\NTUSER.pol: Restriction <==== ATTENTION
      Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
      Policies: C:\Users\Librarian\NTUSER.pol: Restriction <==== ATTENTION
      Policies: C:\Users\Visitor\NTUSER.pol: Restriction <==== ATTENTION
      HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
      ==================== Scheduled Tasks (Whitelisted) ============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      Task: {08DF9C6D-7CB5-4684-B618-67D60F53BEA0} - System32\Tasks\Del Old File => C:\Windows\Scripts\del.bat [1302 2010-10-30] () [File not signed]
      Task: {30793A5D-DAF8-4DCF-9F2D-90350B4C812B} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2021-09-07] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
      Task: {3267B5BB-592E-4EB5-BABA-3B6CFF35A841} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [2049792 2021-08-20] (Avast Software s.r.o. -> AVAST Software)
      Task: {3559AB34-18E1-482D-8F96-4536BA328936} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1546480 2021-06-25] (Avast Software s.r.o. -> Avast Software)
      Task: {3910E168-A173-4EF4-A61E-E5D13CCE99DD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-04] (Google Inc -> Google Inc.)
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Flash Player NPAPI Notifier" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Flash Player PPAPI Notifier" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{40BCF64C-47D6-4908-90A6-7F9040AFF644}" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\{671B1A2E-C698-451F-BF5F-C59EABFF1053}" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\{B082BF56-1FC4-46B4-A49A-712889734CCB}" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
      Task: {4E4163B2-2F9B-40BC-BCE1-8CA082945A05} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      Task: {59788F2F-057B-497D-AD10-26F6EBE7DD6E} - \GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1001Core -> No File <==== ATTENTION
      Task: {5CC8CDED-13A6-4AB9-B10C-ADC7F2CE961B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [345824 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
      Task: {5F353FD2-DAE7-4B61-B6D2-013DE73E0D84} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4364056 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      Task: {67F3E56F-BF81-40A9-9B43-E0B8D326CF35} - System32\Tasks\{671B1A2E-C698-451F-BF5F-C59EABFF1053} => C:\Program Files\Skype\\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
      Task: {6D041990-9703-495B-922D-A29D1E951CF5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-04] (Google Inc -> Google Inc.)
      Task: {6D725850-4BEA-4C22-ADFF-0B008091ECAD} - System32\Tasks\delete => C:\Windows\Scripts\del.bat [1302 2010-10-30] () [File not signed]
      Task: {6E99A771-BE6E-4451-865F-6FB9DCBBDFCE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-09-15] (Adobe Inc. -> Adobe)
      Task: {88F25EBE-0AD6-45B2-BB52-208CF5A62B03} - System32\Tasks\Log off => C:\Windows\Scripts\logoff.bat [16 2010-10-31] () [File not signed]
      Task: {982A605B-F3AD-4C0D-8BBF-E7630ADB1F1E} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [2049792 2021-08-20] (Avast Software s.r.o. -> AVAST Software)
      Task: {9F2A0AEF-F85F-4784-A1C3-68726ED402A0} - \GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1001UA -> No File <==== ATTENTION
      Task: {A2DF1937-8BB7-429B-838F-9BB6B671ABA2} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} C:\Program Files\Windows Live\SOXE\wlsoxe.dll [179584 2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      Task: {AED1AD05-FC83-4BAD-945F-721B4890EC84} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_433_pepper.exe [1497656 2020-09-15] (Adobe Inc. -> Adobe)
      Task: {B1AE9B04-84F1-4831-8527-D76B753CBA2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-06-20] (Google Inc -> Google Inc.)
      Task: {BBBB72F5-3A2B-4A01-A640-A5FF57FD1EB6} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_433_Plugin.exe [1502264 2020-09-09] (Adobe Inc. -> Adobe)
      Task: {BD743956-DC62-4307-843F-D62CE84AD182} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
      Task: {C55964AC-A211-4B5D-B595-C77C191E72DB} - System32\Tasks\{B082BF56-1FC4-46B4-A49A-712889734CCB} => "C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain
      Task: {DDA3604F-53D8-4D74-AB76-64F76053088A} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      Task: {EF23F159-7109-499A-A25E-2BF8A8FE9116} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-06-20] (Google Inc -> Google Inc.)
      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core.job => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe
      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA.job => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe
      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-421337976-2832419435-3520994213-1001Core.job => C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe
      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-421337976-2832419435-3520994213-1001UA.job => C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Winsock: Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
      Winsock: Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{A753DA6E-FE95-49B7-AA56-3DC81D3E4609}: [DhcpNameServer] 192.168.0.1
      HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
      FireFox:
      ========
      FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c21lr0at.default [2018-09-27]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_433.dll [2020-09-09] (Adobe Inc. -> )
      FF Plugin: @IPC/WebClient -> C:\windows\system32\SuperClient2\npSuperClient.dll [2013-09-26] (Chipspoint Electronics Co., Ltd -> )
      FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-09-25] (Oracle America, Inc. -> Oracle Corporation)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-11-26] (Nullsoft, Inc.) [File not signed]
      FF Plugin: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      FF Plugin: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
      FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1005: @tools.google.com/Google Update;version=3 -> C:\Users\Librarian\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll [2011-11-14] (Google Inc -> Google Inc.)
      FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1005: @tools.google.com/Google Update;version=9 -> C:\Users\Librarian\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll [2011-11-14] (Google Inc -> Google Inc.)
      FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1006: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Visitor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies SF -> Unity Technologies ApS)
      FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\services-sync.js [2010-01-01]
      FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox-branding.js [2010-01-01]
      FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox-l10n.js [2010-01-01]
      FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox.js [2013-08-12]
      FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2007-04-03] <==== ATTENTION
      Chrome: 
      =======
      CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2021-09-16]
      CHR Notifications: Default -> hxxps://www.facebook.com
      CHR Extension: (Документи) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-27]
      CHR Extension: (Google Диск) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-31]
      CHR Extension: (Google Документи офлайн) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-01]
      CHR Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-08-31]
      CHR Extension: (Skype) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-09-27]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-31]
      CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-31]
      CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
      CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
      CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
      ==================== Services (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
      S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-09-15] (Adobe Inc. -> Adobe)
      S2 AgentService; C:\Program Files\LibraryClient\globalLibx32\service.exe [46592 2012-02-20] () [File not signed]
      R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [176128 2011-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
      R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2011-07-13] (Advanced Micro Devices, Inc.) [File not signed]
      R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7466064 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [575768 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [357656 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      S3 AvastSecureBrowserElevationService; C:\Program Files\AVAST Software\Browser\Application\92.2.11575.159\elevation_service.exe [1197032 2021-08-20] (Avast Software s.r.o. -> AVAST Software)
      R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
      R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
      R2 OCS Inventory Service; C:\Program Files\OCS Inventory Agent\OcsService.exe [38912 2013-04-08] (OCS Inventory NG) [File not signed]
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
      R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [1713536 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
      ===================== Drivers (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 amdiox86; C:\Windows\System32\DRIVERS\amdiox86.sys [37944 2010-02-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
      R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [8395776 2011-07-13] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
      R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [247296 2011-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
      R2 AODDriver4.01; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [39424 2011-06-24] (Advanced Micro Devices) [File not signed]
      R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [33600 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185776 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [309264 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [206352 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [91664 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [39312 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [153496 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [393016 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2020-06-18] (AVAST Software s.r.o. -> AVAST Software)
      R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [92752 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71920 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [690128 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455920 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [161864 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [278184 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [259800 2021-09-07] (Bluestack Systems, Inc -> Bluestack System Inc.)
      S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2008-10-28] (Samsung Electronics Co., Ltd.) [File not signed]
      S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [108032 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
      R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
      R3 MpKslc0e71772; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5AEB6EB6-B91A-4C67-B3E5-99CBE32CCFF4}\MpKslDrv.sys [36072 2021-09-16] (Microsoft Windows -> Microsoft Corporation)
      S3 nmwcd; C:\Windows\System32\drivers\ccdcmb.sys [18560 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
      S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbo.sys [23168 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
      S3 qcusbser-forge; C:\Windows\System32\DRIVERS\qcusbser.sys [214080 2015-06-08] (Microsoft Windows Hardware Compatibility Publisher -> FORGE Incorporated)
      S3 qcusbwwan-forge; C:\Windows\System32\DRIVERS\qcusbwwan.sys [422976 2015-06-08] (Microsoft Windows Hardware Compatibility Publisher -> FORGE Incorporated)
      R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2008-10-27] (Samsung Electronics) [File not signed]
      S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI Corporation -> MCCI)
      S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8192 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
      S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Windows -> Microsoft Corporation)
      S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8192 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
      U1 aswbdisk; no ImagePath
      S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
      S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One month (created) (Whitelisted) =========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2021-09-16 11:55 - 2021-09-16 11:57 - 000000000 ____D C:\FRST
      2021-09-16 11:39 - 2021-09-16 11:39 - 000003872 _____ C:\Windows\system32\Tasks\BlueStacksHelper_nxt
      2021-09-16 11:39 - 2021-09-16 11:39 - 000002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5 Multi-Instance Manager.lnk
      2021-09-16 11:39 - 2021-09-16 11:39 - 000002141 _____ C:\Users\Public\Desktop\BlueStacks 5 Multi-Instance Manager.lnk
      2021-09-16 11:39 - 2021-09-16 11:39 - 000002005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk
      2021-09-16 11:39 - 2021-09-16 11:39 - 000001993 _____ C:\Users\Public\Desktop\BlueStacks 5.lnk
      2021-09-16 11:38 - 2021-09-16 11:38 - 000006890 _____ C:\Users\Administrator\-1.14-windows.xml
      2021-09-16 11:36 - 2021-09-16 11:49 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
      2021-09-16 11:36 - 2021-09-16 11:36 - 000000000 ____D C:\Program Files\BlueStacks_nxt
      2021-09-16 11:33 - 2021-09-16 11:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\BlueStacksSetup
      2021-09-16 11:33 - 2021-09-16 11:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\Bluestacks
      2021-09-16 11:33 - 2021-09-16 11:33 - 000000000 ____D C:\Users\Public\BlueStacks
      2021-09-16 08:54 - 2021-09-16 11:42 - 000000262 _____ C:\Users\Administrator\advanced_ip_scanner_MAC.bin
      2021-09-16 08:54 - 2021-09-16 11:42 - 000000015 _____ C:\Users\Administrator\advanced_ip_scanner_Comments.bin
      2021-09-16 08:54 - 2021-09-16 11:42 - 000000015 _____ C:\Users\Administrator\advanced_ip_scanner_Aliases.bin
      2021-09-16 08:51 - 2013-09-26 14:21 - 000000000 ____D C:\Windows\system32\SuperClient2
      2021-09-16 08:51 - 2013-09-26 14:07 - 000237568 _____ () C:\Windows\system32\SuperClient Save.exe
      2021-09-16 08:48 - 2021-09-16 08:48 - 000000957 _____ C:\Users\Public\Desktop\Advanced IP Scanner.lnk
      2021-09-16 08:48 - 2021-09-16 08:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2
      2021-09-16 08:48 - 2021-09-16 08:48 - 000000000 ____D C:\Program Files\Advanced IP Scanner
      2021-09-08 12:11 - 2021-09-08 12:09 - 000287000 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      2021-09-08 12:11 - 2021-09-08 12:09 - 000161864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2021-09-02 09:25 - 2021-09-13 09:22 - 000004464 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
      2021-08-31 14:56 - 2021-08-31 14:56 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Adobe
      ==================== One month (modified) ==================
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2021-09-16 11:56 - 2010-10-25 14:45 - 000000000 ____D C:\Users\Visitor
      2021-09-16 11:56 - 2010-10-25 14:24 - 000000000 ____D C:\Users\Librarian
      2021-09-16 11:52 - 2010-10-31 18:37 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
      2021-09-16 11:45 - 2011-04-04 16:21 - 000000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA.job
      2021-09-16 11:39 - 2010-10-25 14:50 - 000000000 ____D C:\Users\Administrator
      2021-09-16 11:24 - 2013-09-25 11:17 - 000000000 ____D C:\Program Files\Google
      2021-09-16 09:16 - 2009-07-14 07:34 - 000024352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2021-09-16 09:16 - 2009-07-14 07:34 - 000024352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2021-09-16 08:39 - 2017-07-18 16:04 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
      2021-09-16 08:37 - 2017-07-18 16:00 - 000000000 ____D C:\ProgramData\AVAST Software
      2021-09-16 08:37 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2021-09-15 15:07 - 2018-09-27 09:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\AVAST Software
      2021-09-14 09:15 - 2017-06-20 14:26 - 000002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2021-09-14 09:15 - 2017-06-20 14:26 - 000002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2021-09-08 12:13 - 2017-07-18 16:03 - 000278184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2021-09-08 12:09 - 2020-07-30 09:14 - 000153496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2021-09-08 12:09 - 2020-06-18 16:34 - 000393016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
      2021-09-08 12:09 - 2019-03-21 12:06 - 000206352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
      2021-09-08 12:09 - 2019-03-21 12:06 - 000091664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
      2021-09-08 12:09 - 2017-07-18 16:06 - 000039312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
      2021-09-08 12:09 - 2017-07-18 16:03 - 000455920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2021-09-08 12:09 - 2017-07-18 16:03 - 000092752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2021-09-08 12:09 - 2017-07-18 16:03 - 000071920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2021-09-08 12:08 - 2019-03-21 12:06 - 000309264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
      2021-09-08 12:08 - 2019-03-21 12:06 - 000033600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
      2021-09-08 12:08 - 2017-11-17 09:11 - 000185776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2021-09-08 12:08 - 2017-07-18 16:03 - 000690128 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2021-09-03 09:26 - 2019-04-12 09:35 - 000003720 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
      2021-09-03 09:26 - 2018-09-27 09:29 - 000002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
      2021-09-03 09:26 - 2018-09-27 09:29 - 000002338 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
      2021-09-03 09:16 - 2010-10-30 10:53 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe
      2021-09-02 12:01 - 2011-04-04 16:21 - 000000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core.job
      2021-09-02 09:04 - 2018-03-28 15:58 - 000004474 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
      2021-09-02 09:04 - 2017-06-20 14:25 - 000003322 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
      2021-09-02 09:04 - 2017-06-20 14:25 - 000003194 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
      2021-09-02 09:04 - 2017-06-20 10:51 - 000004486 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
      2021-09-02 09:04 - 2013-09-25 11:14 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
      2021-09-02 09:04 - 2012-07-26 12:09 - 000003068 _____ C:\Windows\system32\Tasks\{B082BF56-1FC4-46B4-A49A-712889734CCB}
      2021-09-02 09:04 - 2012-03-30 10:56 - 000003950 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{40BCF64C-47D6-4908-90A6-7F9040AFF644}
      2021-09-02 09:04 - 2011-04-04 16:21 - 000003912 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA
      2021-09-02 09:04 - 2011-04-04 16:21 - 000003516 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core
      2021-09-02 09:04 - 2010-10-24 18:33 - 000002866 _____ C:\Windows\system32\Tasks\{671B1A2E-C698-451F-BF5F-C59EABFF1053}
      2021-09-01 12:43 - 2017-12-07 11:48 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
      2021-09-01 12:25 - 2010-10-24 19:51 - 000000000 ____D C:\ProgramData\Adobe
      2021-08-31 14:56 - 2010-10-29 10:05 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
      2021-08-31 14:56 - 2010-10-24 19:26 - 003890712 _____ C:\Windows\system32\perfh01F.dat
      2021-08-31 14:56 - 2010-10-24 19:26 - 003245800 _____ C:\Windows\system32\perfc01F.dat
      2021-08-31 14:56 - 2010-10-24 18:25 - 000006252 _____ C:\Windows\system32\PerfStringBackup.INI
      2021-08-30 23:45 - 2010-10-24 18:20 - 000652664 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      ==================== Files in the root of some directories ========
      2010-10-29 19:41 - 2010-10-30 10:58 - 000008049 _____ () C:\Users\Administrator\AppData\Roaming\XeroxFaxOptions.xml
      2010-10-26 17:33 - 2010-10-26 17:33 - 000000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
      ==================== SigCheck ============================
      (There is no automatic fix for files that do not pass verification.)

      LastRegBack: 2021-09-09 10:36
      ==================== End of FRST.txt ========================
      Addition.txt
    • от vlado1985
      Здравейте мисля че имам вирус, следкато днес инсталирах една актуализация защото ми показваше че има проблем с сертификатите и не ми се зареждаха някои страници. Следкато инсталирах въпросната актуализация ми се появи този страмен сервиз и немога да го махна. Атктуализацията която качих е тази https://www.microsoft.com/en-us/download/details.aspx?id=45633 от тази страница видях че въпросната актуализация е помогнала на няколко човека и аз я качих на мен https://support.google.com/chrome/thread/128686072/net-err-cert-date-invalid-error?hl=en 
      Прилагам снимки на сервиза който ми се появи


×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване