Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

може би вирус BITC986.TMP.EXE


Препоръчан отговор

Здравейте,странно нещо се случи след като си пуснах компютъра и опитах да си вляза в пощата,установих че при натискане на един бутон се изписват две букви.Прави го само на горния ред и на някои от цифрите.Сканирах с Malwarebytes и публикувам резултата.Не съм предприемал никакви действия по карантиниране или изчистване на намереното.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/5/21
Scan Time: 11:58 AM
Log File: e0e93651-3e1e-11ec-93b7-180373dd34b3.json

-Software Information-
Version: 4.4.10.144
Components Version: 1.0.1499
Update Package Version: 1.0.46810
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: m-PC\user

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 314020
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 5 min, 16 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Adware.InstallCore, C:\USERS\USER\APPDATA\LOCAL\TEMP\BITC986.TMP.EXE, No Action By User, 517, 640569, 1.0.46810, 760370905C2B1C149042EF74, dds, 01496465, C292D40EF8D20CA5CCCEBA246BE70754, 622A4F58BBAE04994DFA4625E24009DE2B1AE01FE6B7691C6D24BCA0014BAE21

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

прикачам и файлове от сканиране с FRST

 

 

FRST.txt Addition.txt

Линк към коментара
Сподели в други сайтове

Здарвейте..! Каква е причината да стартирате проверките с FRST в безопасен режим..:

Цитат

Boot Mode: Safe Mode (with Networking)

 

преди 1 час, miroslav24 написа:

Не съм предприемал никакви действия по карантиниране или изчистване на намереното.

..ами направете го с Malwarebytes..

Освен това:

Деинсталиране на програми с помощта на Revo Uninstaller Free Portable

  • Изтеглете Revo Uninstaller Free Portable и го запазете на вашия работен плот
  • Щракнете с десния бутон върху папката и изберете Extract All ..., след което щракнете върху Extract
  • Щракнете двукратно върху папката RevoUninstaller-Portable
  • Щракнете с десния бутон върху RevoUPort и изберете Изпълни като администратор (Run as administrator)
  • Щракнете върху OK върху лицензионното споразумение
  • От списъка с програми щракнете двукратно върху изброените програми или други подобни, за да го премахнете (ако съществува):
adaware antivirus
AdAwareInstaller
AdAwareProxyEngine
AntimalwareEngine
AntispamEngine
  • Ако се появи деинсталаторът на програмата, изпълнете стъпките за премахване на програмата (ите)
  • Уверете се, че е избрана опцията Разширени (Advanced), след което щракнете върху Сканиране (Scan)
  • За всеки прозорец, който може да се появи, идентифициращ останалите елементи, щракнете върху Избери всички, Изтрий (Select All, Delete), след което потвърдете изтриването
  • След като приключите, щракнете върху Готово (Finish)
  • Рестартирайте компютъра

Пропуснах:

Деинсталиране на Adobe Flash Player

Забележка: Adobe Flash Player вече не се поддържа и представлява риск за сигурността.

  • Изтеглете Adobe Flash Player Uninstaller и го запазете на вашия работен плот
  • Щракнете с десния бутон върху иконата и изберете Изпълни като администратор
  • Щракнете върху Деинсталиране ( Uninstall)  и след това Готово (Done) , за да рестартирате компютъра си

 

 

Сканиране с SecurityCheck by glax24

  • Изтеглете SecurityCheck by glax24 от тук и запомнете инструмента на десктопа .
  • Стартирате програмата (ако използвате Windows XP) или стартирате с десен бутон на мишката от името на администратор (ако използватеWindows Vista/7/8/10)
  • Изчакайте да приключи сканирането.Ще се отвори в текстов файл с име SecurityCheck.txt. Копирайте съдържанието на  този файл  следващия си пост
  • Можете да намерите този файл в основната директория на системния диск в папка с име SecurityCheck, напр. C:\SecurityCheck\SecurityCheck.txt
Линк към коментара
Сподели в други сайтове

само в Safe Mode можех да пиша с клавиатурата,затова го използвах.Изпълних посочените стъпки и прилагам файла от SecurityCheck

 

SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17]
WebSite: www.safezone.cc
DateLog: 05.11.2021 15:04:22
Path starting: C:\Users\m\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: m
VersionXML: 9.26is-31.10.2021
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) Ultimate Lang: English(0409)
Installation date OS: 11.09.2018 12:55:43
LicenseStatus: Windows(R) 7, Ultimate edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: 😄 FS: [NTFS] Capacity: [99.8 Gb] Used: [71.9 Gb] Free: [27.9 Gb]
------------------------------- [ Windows ] -------------------------------
[color=red][b]Extended support has ended 14.01.2020, Your operating system may be vulnerable to new types of threats[/b][/color]
Internet Explorer 11.0.9600.19596
User Account Control [b]enabled[/b] (Level 3)
Automatically download and schedule installation
Date install updates: 2021-11-04 06:23:06
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2013 x64 v.15.0.4420.1017
---------------------------- [ Antivirus_WMI ] ----------------------------
Malwarebytes (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Malwarebytes (enabled and up to date)
Windows Defender (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 4.4.10.144 v.4.4.10.144 [b][+][/b]
-------------------------- [ SecurityUtilities ] --------------------------
WebAdvisor by McAfee v.4.1.1.641
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft .NET Framework 4.8 v.4.8.03761
------------------------------ [ ArchAndFM ] ------------------------------
WinRAR 5.60 (64-битова версия) v.5.60.0 [color=red][b]Warning! [url=https://www.rarlab.com/download.htm]Download Update[/url][/b][/color]
-------------------------- [ IMAndCollaborate ] ---------------------------
GoToMeeting 10.11.1.18068 v.10.11.1.18068
Skype version 8.68 v.8.68 [color=red][b]Warning! [url=https://go.skype.com/windows.desktop.download]Download Update[/url][/b][/color]
--------------------------------- [ P2P ] ---------------------------------
µTorrent v.3.5.5.45704 [b][color=red]Warning! Ad-supported P2P-client[/color][/b].
BitComet 1.68 v.1.68 [b][color=red]Warning! Ad-supported P2P-client[/color][/b].
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Shockwave Player 12.3 v.12.3.4.204 [b][color=red]Warning! This software is no longer supported.[/color][/b] Please uninstall it.
swMSM v.12.0.0.1 [color=blue][b]<< Hidden[/b][/color] [b][color=red]Warning! This software is no longer supported.[/color][/b] Please uninstall it.
Adobe Acrobat Reader DC v.21.007.20099
------------------------------- [ Browser ] -------------------------------
Opera Stable 80.0.4170.63 v.80.0.4170.63 [color=red][b]Warning! [url=https://net.geo.opera.com/opera/stable/windows]Download Update[/url][/b][/color]
Comodo Dragon v.49.13.20.400 [color=red][b]Warning! [url=https://www.comodo.com/home/browsers-toolbars/browser.php]Download Update[/url][/b][/color]
Google Chrome v.95.0.4638.69
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.4.0.0.1162
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1005
Windows Defender (WinDefend) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
Wondershare Helper Compact 2.5.3 v.2.5.3 [b]Warning![/b] Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------

Линк към коментара
Сподели в други сайтове

Цитат

------------------------------- [ Windows ] -------------------------------
Extended support has ended 14.01.2020, Your operating system may be vulnerable to new types of threats

За това няма да коментирам..!

Цитат

Adobe Shockwave Player 12.3 v.12.3.4.204 Warning! This software is no longer supported. Please uninstall it.
swMSM v.12.0.0.1 << Hidden Warning! This software is no longer supported. Please uninstall it.

..и тези програми не се поддържат вече ..Моля да се деинсталират ..! Също деинсталирайте и тази програма:

Цитат

Wondershare Helper Compact 

 

..и след всичко това:

FRST сканиране

    Щракнете двукратно върху FRST.exe / FRST64.exe, за да го стартирате.
    Натиснете бутона за image.png.e4ea07ecfc9acbc1a7ac79c624db8810.png сканиране.
    Когато приключи, той ще създаде  два лог файла с името FRST.txt и Addition.txt, в същата директория, от която е стартиран инструментът.
    Моля, копирайте и поставете двата файла в следващия си отговор.

Линк към коментара
Сподели в други сайтове

ето и логовете след последното сканиране

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2021
Ran by m (administrator) on M-PC (Dell Inc. OptiPlex 990) (05-11-2021 16:03:40)
Running from C:\Users\m\Desktop
Loaded Profiles: m & UpdatusUser
: Microsoft Windows 7 Ultimate  Service Pack 1 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Comodo Security Solutions -> Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\vsnpstd3.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Opera Software AS -> Opera Software) C:\Users\m\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft) C:\Program Files (x86)\iSkysoft\IAF\2.4.3.241\IsAppService.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\ProgramData\Wondershare\Service\InstallAssistService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-12-20] (Intel Corporation -> Intel Corporation)
HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\...\Run: [Opera Browser Assistant] => C:\Users\m\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4105424 2021-10-14] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\...\MountPoints2: {0a81dba5-27a3-11ea-a847-001966873225} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91016584 2021-01-15] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: G - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: {0a81dba5-27a3-11ea-a847-001966873225} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: {47ff949c-0a92-11ea-a190-001966873225} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: {8577a3fe-b396-11e9-aa0e-001966873225} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: {e039427d-ec0a-11e9-a6c5-001966873225} - G:\HiSuiteDownLoader.exe
HKLM\...\Windows x64\Print Processors\hpzpp5k2: C:\Windows\System32\spool\prtprocs\x64\hpzpp5k2.dll [224768 2007-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\PCL hpz3l5k2: C:\Windows\system32\hpz3l5k2.dll [130048 2007-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-11-02] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2018-09-15]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {34A3C3A9-41B8-4DD7-AFD4-631A74ADB020} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-17] (Google Inc -> Google LLC)
Task: {585061AA-3B0D-466C-8614-66CE8C9A197A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {847DA880-4A40-41C0-92F4-373750132701} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {99DF0363-65B3-487E-B846-603ED223A397} - System32\Tasks\Opera scheduled assistant Autoupdate 1583764303 => C:\Users\m\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\m\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {9CF4AD45-905B-4986-B3B8-0D665F300EE7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {ACD5325D-DC99-4ED9-A3D8-EB8540E8A810} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-17] (Google Inc -> Google LLC)
Task: {D4092DC2-36B9-44A5-92E9-1D0E2FD04052} - System32\Tasks\G2MUploadTask-S-1-5-21-3677490310-1812953499-2719145278-1003 => C:\Users\m\AppData\Local\GoToMeeting\18068\g2mupload.exe [32424 2020-07-07] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {D8C822A7-9352-4816-A40A-A852B43E34AE} - System32\Tasks\G2MUpdateTask-S-1-5-21-3677490310-1812953499-2719145278-1003 => C:\Users\m\AppData\Local\GoToMeeting\18068\g2mupdate.exe [32424 2020-07-07] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {DAFE22E4-BB1F-4CBC-84C3-B62EB2CE1D57} - System32\Tasks\Microsoft Office 15 Sync Maintenance for m-PC-user m-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [469640 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {DD3A4D7A-74CC-4A31-9FC9-DB96ED1449E9} - System32\Tasks\{D5C0511E-22B3-48DF-96F9-9AAB51402E03} => C:\Windows\system32\pcalua.exe -a H:\самуилово\vpn\setup.exe -d H:\самуилово\vpn
Task: {DFF57AE8-0D83-4309-892F-D419979B38FE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {EFA15619-F75B-4EA1-8FAE-6AB1B8B6FAAB} - System32\Tasks\Opera scheduled Autoupdate 1536927954 => C:\Users\m\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3677490310-1812953499-2719145278-1003.job => C:\Users\m\AppData\Local\GoToMeeting\18068\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3677490310-1812953499-2719145278-1003.job => C:\Users\m\AppData\Local\GoToMeeting\18068\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7F4187BD-1817-46B8-86DB-464168D9D2FB}: [NameServer] 46.40.72.9,46.40.72.27
Tcpip\..\Interfaces\{EF05353F-1AB4-4F63-852E-FDF507B7D414}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{EF05353F-1AB4-4F63-852E-FDF507B7D414}: [DhcpNameServer] 192.168.0.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2021-10-20] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\m\AppData\Local\Google\Chrome\User Data\Default [2021-11-05]
CHR Extension: (Презентации) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-05-03]
CHR Extension: (Документи) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-03]
CHR Extension: (Google Диск) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-05]
CHR Extension: (YouTube) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-03]
CHR Extension: (Таблици) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-05-03]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-11-05]
CHR Extension: (Google Документи офлайн) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-05]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-06]
CHR Extension: (Gmail) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-05]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

Opera: 
=======
OPR Profile: C:\Users\m\AppData\Roaming\Opera Software\Opera Stable [2021-11-05]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\m\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-07-26]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (Shanghai Comet Network Technology -> www.BitComet.com)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2307768 2016-05-05] (Comodo Security Solutions -> Comodo)
S4 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2019-08-19] (Huawei Technologies Co., Ltd. -> ) [File not signed]
R2 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.3.241\IsAppService.exe [495240 2018-07-26] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-05] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [973040 2021-10-20] (McAfee, LLC -> McAfee, LLC)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-08-16] (Microsoft Windows -> Microsoft Corporation)
R2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [269200 2020-04-02] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 DFWSIDService; C:\Program Files (x86)\Wondershare\drfone\WsidService.exe [X]
S2 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Unlock\ElevationService.exe [X]
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone\Addins\SocialApps\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] (Cisco Systems, Inc. -> )
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2018-09-11] (Disc Soft Ltd -> Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [160176 2021-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2019-08-19] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2019-08-19] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Microsoft Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [210352 2021-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [193448 2021-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [69040 2021-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-11-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [146864 2021-11-05] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Microsoft Windows Hardware Compatibility Publisher -> Sonix Co. Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-05 15:47 - 2021-11-05 15:47 - 000000000 ____D C:\Windows\system32\Macromed
2021-11-05 15:38 - 2021-11-05 15:38 - 000193448 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-11-05 15:38 - 2021-11-05 15:38 - 000146864 _____ C:\Windows\system32\Drivers\mwac.sys
2021-11-05 15:38 - 2021-11-05 15:38 - 000069040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-11-05 15:04 - 2021-11-05 15:04 - 000000000 ____D C:\SecurityCheck
2021-11-05 14:57 - 2021-11-05 14:57 - 001503928 _____ (Adobe) C:\Users\m\Downloads\uninstall_flash_player.exe
2021-11-05 14:39 - 2021-11-05 14:39 - 009679549 _____ C:\Users\m\Desktop\RevoUninstaller_Portable.zip
2021-11-05 14:30 - 2021-11-05 14:30 - 000004224 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1583764303
2021-11-05 14:08 - 2021-11-05 14:14 - 860890176 _____ (Doctor Web, Ltd.) C:\Users\user\Downloads\drweb-livedisk-900-usb.exe
2021-11-05 12:47 - 2021-11-05 16:04 - 000017019 _____ C:\Users\m\Desktop\FRST.txt
2021-11-05 12:33 - 2021-11-05 12:34 - 000028668 _____ C:\Users\user\Downloads\Addition.txt
2021-11-05 12:32 - 2021-11-05 12:34 - 000023593 _____ C:\Users\user\Downloads\FRST.txt
2021-11-05 12:31 - 2021-11-05 12:32 - 002311168 _____ (Farbar) C:\Users\user\Downloads\FRST64 (1).exe
2021-11-05 12:19 - 2021-11-05 12:19 - 000001441 _____ C:\Users\user\Desktop\mbam.txt
2021-11-05 11:49 - 2021-11-05 14:51 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-11-05 11:49 - 2021-11-05 11:55 - 000210352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-11-05 11:49 - 2021-11-05 11:49 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-11-05 11:49 - 2021-11-05 11:49 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-11-05 11:48 - 2021-11-05 11:48 - 000160176 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-11-05 11:48 - 2021-11-05 11:48 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-11-05 11:48 - 2021-11-05 11:48 - 000000000 ____D C:\Program Files\Malwarebytes
2021-11-05 11:29 - 2021-11-05 11:55 - 000148548 _____ C:\Windows\ntbtlog.txt
2021-10-16 09:14 - 2021-10-16 09:14 - 000000000 ____D C:\Users\user\DxReport
2021-10-13 11:01 - 2021-11-05 13:57 - 000004938 _____ C:\Windows\system32\Tasks\Microsoft Office 15 Sync Maintenance for m-PC-user m-PC

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-05 16:03 - 2020-03-11 06:51 - 000000000 ____D C:\FRST
2021-11-05 15:47 - 2018-09-13 07:32 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2021-11-05 15:46 - 2009-07-14 06:45 - 000030112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-11-05 15:46 - 2009-07-14 06:45 - 000030112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-11-05 15:43 - 2018-09-13 13:13 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-05 15:42 - 2009-07-14 07:13 - 000006182 _____ C:\Windows\system32\PerfStringBackup.INI
2021-11-05 15:36 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-11-05 14:31 - 2018-09-14 14:25 - 000003998 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1536927954
2021-11-05 14:28 - 2020-07-07 15:02 - 000000610 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3677490310-1812953499-2719145278-1003.job
2021-11-05 14:24 - 2020-07-07 15:02 - 000000514 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3677490310-1812953499-2719145278-1003.job
2021-11-05 12:47 - 2020-03-11 06:47 - 002311168 _____ (Farbar) C:\Users\m\Desktop\FRST64.exe
2021-11-04 14:16 - 2018-11-29 12:48 - 000000000 ____D C:\Users\UpdatusUser.m-PC
2021-11-02 14:29 - 2019-04-17 13:57 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-18 10:08 - 2020-02-20 13:03 - 000000000 ____D C:\Users\user\Desktop\пътни листи
2021-10-17 16:19 - 2019-04-16 11:33 - 000000000 ____D C:\Users\user\Desktop\биопродукти
2021-10-14 07:35 - 2018-09-13 13:43 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-10-13 15:31 - 2018-09-17 10:26 - 000000000 ____D C:\Windows\system32\MRT
2021-10-13 15:28 - 2018-09-11 14:54 - 139806512 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-10-13 09:59 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
2021-10-08 07:05 - 2009-07-14 07:08 - 000032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories ========

2010-04-05 15:47 - 2006-08-03 14:02 - 002168933 _____ () C:\Users\user\Easy WIFI Radar 1.0.3 Installer.exe
2010-02-25 20:37 - 2010-02-10 17:08 - 000378368 _____ () C:\Users\user\Rar.exe
2010-02-25 20:37 - 2010-02-10 17:10 - 000141824 _____ () C:\Users\user\RarExt.dll
2010-02-25 20:37 - 2010-02-10 17:10 - 000052224 _____ () C:\Users\user\RarExt64.dll
2010-02-25 20:37 - 2010-02-10 17:10 - 000045056 _____ () C:\Users\user\RarExtLoader.exe
2010-04-05 16:23 - 2010-04-05 16:23 - 000000000 _____ () C:\Users\user\SoftonicDownloader53151(1).exe
2010-04-05 16:23 - 2010-04-05 16:23 - 000253224 _____ () C:\Users\user\SoftonicDownloader53151.exe
2010-04-05 15:43 - 2010-04-05 15:43 - 000000000 _____ () C:\Users\user\SoftonicDownloader54560(1).exe
2010-04-05 15:43 - 2010-04-05 15:43 - 000253232 _____ () C:\Users\user\SoftonicDownloader54560.exe
2010-02-25 20:37 - 2010-02-10 17:10 - 000120832 _____ () C:\Users\user\Uninstall.exe
2010-02-25 20:37 - 2010-02-10 17:08 - 000246272 _____ () C:\Users\user\UnRAR.exe
2010-02-25 20:33 - 2010-02-25 20:32 - 001531691 _____ () C:\Users\user\winrar-x64-392.exe
2010-02-25 20:37 - 2010-02-10 17:08 - 001039360 _____ () C:\Users\user\WinRAR.exe
2010-04-05 17:54 - 2010-04-05 17:54 - 000000000 _____ () C:\Users\user\wlsetup-custom(1).exe
2010-04-05 17:54 - 2010-04-05 17:54 - 001203024 _____ () C:\Users\user\wlsetup-custom.exe
2010-03-25 22:44 - 2010-03-25 22:44 - 000000012 _____ () C:\Users\user\_ERSION.DAT
2010-04-04 11:41 - 2010-04-04 11:38 - 000110646 _____ () C:\Users\user\_TORRENT.EXE
2020-06-29 11:35 - 2019-11-21 07:27 - 002317824 _____ (Remo Software) C:\Program Files (x86)\rs-repairdoc.exe
2018-09-13 07:27 - 2018-09-13 07:27 - 000007613 _____ () C:\Users\m\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-10-29 08:10
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2021
Ran by m (05-11-2021 16:04:39)
Running from C:\Users\m\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X64) (2018-09-11 12:55:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3677490310-1812953499-2719145278-500 - Administrator - Disabled)
Guest (S-1-5-21-3677490310-1812953499-2719145278-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3677490310-1812953499-2719145278-1005 - Limited - Enabled)
m (S-1-5-21-3677490310-1812953499-2719145278-1001 - Administrator - Enabled) => C:\Users\m
UpdatusUser (S-1-5-21-3677490310-1812953499-2719145278-1004 - Limited - Enabled) => C:\Users\UpdatusUser.m-PC
user (S-1-5-21-3677490310-1812953499-2719145278-1003 - Limited - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\...\uTorrent) (Version: 3.5.5.45704 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
AgriDent HandHeldDemo V1.6 (HKLM-x32\...\AgriDent_is1) (Version:  - )
BitComet 1.68 (HKLM-x32\...\BitComet_x64) (Version: 1.68 - CometNetwork)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 49.13.20.400 - Comodo)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoTo Opener (HKLM-x32\...\{E69269DB-A77B-4BC1-8F39-241107B09F26}) (Version: 1.0.539 - LogMeIn, Inc.)
GoToMeeting 10.11.1.18068 (HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\...\GoToMeeting) (Version: 10.11.1.18068 - LogMeIn, Inc.)
GoToMeeting 10.16.0.19598 (HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\GoToMeeting) (Version: 10.16.0.19598 - LogMeIn, Inc.)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 9.1.0.309 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel)
iSkysoft Data Recovery(Build 5.0.0.9) (HKLM-x32\...\{656DB838-DB63-4acd-82E3-BB363ED99116}_is1) (Version: 5.0.0.9 - iSkysoft Software Co.,Ltd.)
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Ontrack® EasyRecovery™ (HKLM\...\Ontrack® EasyRecovery™_is1) (Version: 14.0.0.4 - Ontrack)
Opera Stable 80.0.4170.63 (HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\...\Opera 80.0.4170.63) (Version: 80.0.4170.63 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
RAR Password Unlocker (HKLM-x32\...\{69B77D45-F5AD-4AB9-933D-352703324469}_is1) (Version:  - RAR Password Unlocker, Inc.)
Skype version 8.68 (HKLM-x32\...\Skype_is1) (Version: 8.68 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.641 - McAfee, LLC)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/27/2012 7.0.0000.00004) (HKLM\...\70EE67FB13B2F2BE1F5A57AB193643AEFBA8D39C) (Version: 08/27/2012 7.0.0000.00004 - Google, Inc.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/27/2012 7.0.0000.00004) (HKLM\...\BE156A27AFEAEA39D6A7C9D25CFA8DAFAF91756B) (Version: 08/27/2012 7.0.0000.00004 - Google, Inc.)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (dg_ssudbus) USB  (12/02/2015 2.12.1.0) (HKLM\...\85A33267F12961AF9ED9AE799DEDA5E62BEA236F) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudmdm) Modem  (12/02/2015 2.12.1.0) (HKLM\...\88ED314360B98E6E82E7CC3201FAEB4A9FD291B4) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (WinUSB) AndroidUsbDeviceClass  (12/02/2015 2.12.1.0) (HKLM\...\701281E8283E9E3681220099A9DA5013A5A437AF) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )
WinRAR 5.60 (64-битова версия) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3677490310-1812953499-2719145278-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\m\AppData\Local\GoToMeeting\18068\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-11-05] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-01-31] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-11-05] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Какво е новото в последната версия.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () <==== Cyrillic
Shortcut: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Помощен файл на WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () <==== Cyrillic
Shortcut: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ръководство за конзолната версия на RAR.lnk -> C:\Program Files\WinRAR\Rar.txt () <==== Cyrillic
ShortcutWithArgument: C:\Users\m\AppData\Roaming\Microsoft\Word\Добрин%2030.05.2019_000308224943653414088\Добрин%2030.05.2019_000.doc.lnk -> C:\Users\m\Desktop\flash\Recovered data 07-01 14_51_45\Quick Scan result\Existing Partition(FAT32)\Other lost files\марки\поръчка ДПЖ\Добрин 30.05.2019_000.doc () -> 14 <==== Cyrillic

==================== Loaded Modules (Whitelisted) =============

2021-07-26 14:00 - 2010-12-20 16:49 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2019-01-28 14:17 - 2008-09-25 01:00 - 000088576 _____ (Brother Industries Ltd.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\BRDSMA80.dll
2008-12-03 19:05 - 2008-12-03 19:05 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2008-12-03 19:05 - 2008-12-03 19:05 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2021-07-26 14:00 - 2010-12-20 17:15 - 000015360 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\AMT_COM_InterfaceLib.dll
2021-07-26 14:00 - 2010-12-20 16:50 - 000471040 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\AMT_SW_GUI.dll
2021-07-26 14:00 - 2010-12-20 16:45 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2019-01-28 14:16 - 2010-03-05 01:01 - 000392704 _____ (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\KBDLMA8A.dll
2019-01-28 14:16 - 2010-03-10 01:01 - 000078336 _____ (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\KBLGMA8A.DLL
2019-01-28 14:16 - 2010-03-05 01:01 - 000751616 _____ (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\KBUIMA8A.DLL

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/en-xl/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-10-20] (McAfee, LLC -> McAfee, LLC)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-10-20] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\m\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 46.40.72.9 - 46.40.72.27
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: HuaweiHiSuiteService64.exe => 2
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
MSCONFIG\startupreg: snpstd3 => C:\Windows\vsnpstd3.exe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{46963181-BA0E-4B2F-94D4-FDB31FA4BD12}C:\program files (x86)\comodo\dragon\dragon.exe] => (Block) C:\program files (x86)\comodo\dragon\dragon.exe (Comodo Security Solutions -> Comodo)
FirewallRules: [UDP Query User{2712946F-C2C0-4FC7-94AC-9EA705B1399F}C:\program files (x86)\comodo\dragon\dragon.exe] => (Block) C:\program files (x86)\comodo\dragon\dragon.exe (Comodo Security Solutions -> Comodo)
FirewallRules: [TCP Query User{C5A55925-A26A-41D7-BBF2-C9B8B269AAB7}C:\users\user\downloads\anydesk.exe] => (Allow) C:\users\user\downloads\anydesk.exe => No File
FirewallRules: [UDP Query User{58C48D0F-E73C-433A-8452-6D92B472722B}C:\users\user\downloads\anydesk.exe] => (Allow) C:\users\user\downloads\anydesk.exe => No File
FirewallRules: [TCP Query User{7831BD17-11B8-4C3F-B1B0-93F4FAB1F350}C:\users\m\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\m\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{4345B2C7-2AA2-4EA1-9C6D-5029187B3F97}C:\users\m\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\m\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{FB5226D7-0CFC-4ECD-A2F8-23CF0BC54794}] => (Allow) C:\Program Files\BitComet\BitComet.exe (Xing Wang -> www.BitComet.com)
FirewallRules: [{85F043AC-E8A2-489C-A9AD-73B77DFB4015}] => (Allow) C:\Program Files\BitComet\BitComet.exe (Xing Wang -> www.BitComet.com)
FirewallRules: [{5699967A-7848-464E-B2AD-A3AF32F4F052}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{AC8B4037-CF63-4285-B449-BF434BF1DCB9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7D1604D8-0776-4F1F-9549-45C401EEB7A4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BFB23C1B-4936-4AED-8175-F757E5AF36C4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{24002E7F-9D4F-4AA4-A95D-5CCAA0EC8D5B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{47562BA6-10EE-4584-8257-58E76E629977}] => (Allow) H:\LetsView\LetsView.exe => No File
FirewallRules: [{EEB53487-5539-4AAD-80B2-0CBA0368DDC2}] => (Allow) H:\LetsView\LetsView.exe => No File
FirewallRules: [{471C995D-4DB7-4349-90BF-756605FB7475}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D74B6038-E1EC-4CDC-87C2-775CC0A87ACE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{66E2D4EF-C6D5-448E-98B0-7152BF0FF3FD}] => (Allow) C:\Users\user\Downloads\4ukey-for-android.exe => No File
FirewallRules: [{FCAFB221-9508-4FB0-946B-D10F8A26A004}] => (Allow) C:\Users\user\Downloads\4ukey-for-android.exe => No File
FirewallRules: [{49C43266-A47C-4B5B-85C8-1546A56C3ACE}] => (Allow) C:\Program Files (x86)\iMobie\DroidKit\xldownload\download\MiniThunderPlatform.exe => No File
FirewallRules: [{F1608F24-AD3B-4094-96CE-74782076196F}] => (Allow) C:\Program Files (x86)\iMobie\DroidKit\xldownload\download\MiniThunderPlatform.exe => No File
FirewallRules: [{5E86DB47-174D-4B98-8CA6-C096AA7F573E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

30-10-2021 10:16:36 Windows Update
04-11-2021 08:22:31 Windows Update
05-11-2021 14:46:32 Revo Uninstaller's restore point - adaware antivirus
05-11-2021 14:47:32 AA11

==================== Faulty Device Manager Devices ============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/05/2021 03:42:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/05/2021 03:42:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/05/2021 03:32:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/05/2021 03:32:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/05/2021 03:04:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/05/2021 03:04:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/05/2021 02:55:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/05/2021 02:55:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (11/05/2021 04:07:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (11/05/2021 03:43:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/05/2021 03:38:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/05/2021 03:36:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Wondershare Driver Install Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (11/05/2021 03:36:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Wondershare Driver Install Service help service failed to start due to the following error: 
The system cannot find the file specified.

Error: (11/05/2021 03:36:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Wondershare WSID help service failed to start due to the following error: 
The system cannot find the file specified.

Error: (11/05/2021 03:27:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/05/2021 03:27:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Windows Defender:
================
Date: 2021-04-28 08:14:34.908
Description: 
Windows Defender scan has been stopped before completion.
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2021-06-30 08:19:44.606
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.343.25.0
Previous Signature Version:1.341.1435.0
Update Source:User
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:1.1.18300.4
Previous Engine Version:1.1.18200.4
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

Date: 2021-06-30 08:19:44.606
Description: 
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.18300.4
Previous Engine Version:1.1.18200.4
Update Source:User
Error Code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

Date: 2021-06-04 08:27:51.140
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.341.8.0
Previous Signature Version:1.339.1767.0
Update Source:User
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:1.1.18200.4
Previous Engine Version:1.1.18100.6
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

Date: 2021-06-04 08:27:51.097
Description: 
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.18200.4
Previous Engine Version:1.1.18100.6
Update Source:User
Error Code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

Date: 2021-05-24 11:27:49.941
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified. 
Signature version:0.0.0.0
Engine version:0.0.0.0

==================== Memory info =========================== 

BIOS: Dell Inc. A24 07/02/2018
Motherboard: Dell Inc. 06D7TR
Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 42%
Total physical RAM: 8073.06 MB
Available physical RAM: 4629.12 MB
Total Virtual: 16144.26 MB
Available Virtual: 11189.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:99.8 GB) (Free:27.71 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:496.37 GB) (Free:283.04 GB) NTFS
Drive f: (HiSuite) (CDROM) (Total:0 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:14.65 GB) (Free:13.75 GB) NTFS
Drive h: () (Removable) (Total:7.46 GB) (Free:2.89 GB) FAT32
Drive i: () (Removable) (Total:7.48 GB) (Free:6.49 GB) FAT32
Drive z: (New Volume) (Fixed) (Total:232.88 GB) (Free:232.72 GB) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 31FAAEF3)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: D122D122)
Partition 1: (Active) - (Size=99.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=496.4 GB) - (Type=0F Extended)

==========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 0585BB0A)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)

==========================================================
Disk: 3 (Size: 7.5 GB) (Disk ID: 08510FF5)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)

==========================================================
Disk: 4 (Protective MBR) (Size: 14.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Линк към коментара
Сподели в други сайтове

Фикс с Farbar Recovery Scan Tool

 

  • Щракнете с десния бутон върху иконата FRST и изберете Изпълнете като администратор
  • Маркирайте  информацията от карето по долу , след което натиснете клавишите Ctrl + C едновременно и текстът ще бъде копиран
  • Няма нужда да поставяте информацията , FRST ще я направи вместо вас.
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\...\MountPoints2: {0a81dba5-27a3-11ea-a847-001966873225} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: G - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: {0a81dba5-27a3-11ea-a847-001966873225} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: {47ff949c-0a92-11ea-a190-001966873225} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: {8577a3fe-b396-11e9-aa0e-001966873225} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: {e039427d-ec0a-11e9-a6c5-001966873225} - G:\HiSuiteDownLoader.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S2 DFWSIDService; C:\Program Files (x86)\Wondershare\drfone\WsidService.exe [X]
S2 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Unlock\ElevationService.exe [X]
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone\Addins\SocialApps\DriverInstall.exe [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
FirewallRules: [{47562BA6-10EE-4584-8257-58E76E629977}] => (Allow) H:\LetsView\LetsView.exe => No File
FirewallRules: [{EEB53487-5539-4AAD-80B2-0CBA0368DDC2}] => (Allow) H:\LetsView\LetsView.exe => No File
FirewallRules: [{66E2D4EF-C6D5-448E-98B0-7152BF0FF3FD}] => (Allow) C:\Users\user\Downloads\4ukey-for-android.exe => No File
FirewallRules: [{FCAFB221-9508-4FB0-946B-D10F8A26A004}] => (Allow) C:\Users\user\Downloads\4ukey-for-android.exe => No File
cmd: ipconfig /flushdns
EmptyTemp:
End::

ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

Следните директории се изпразват:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Натиснете бутона Fix само веднъж и изчакайте.


Забележка:    Не е необходимо да поставяте скрипта в FRST .
Рестартирайте компютъра, ако бъдете подканени.
Когато поправката е завършена, FRST ще генерира дневник на същото място, от което е стартиран (Fixlog.txt)
Моля, копирайте и поставете съдържанието му във вашия отговор.

След това:

  • Копирайте/поставете следното в полето Search:
SearchAll: Adobe Flash Player;swMSM;Bitdefender;adaware
  • Щракнете върху бутона Search Files
  • Когато приключите, щракнете върху OK и на вашия работен плот ще се отвори документ Search.txt
  • Моля, копирайте и поставете съдържанието му във вашия отговор.

Забележка:  Ако файла е много голям и не може да се публикува във форума , архивирайте и качете отчета на външен сървър (например File Dropper , DOX.bg   и включете връзката за изтегляне във вашия следващ отговор.

Линк към коментара
Сподели в други сайтове

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-11-2021
Ran by m (06-11-2021 12:58:25) Run:1
Running from C:\Users\m\Desktop
Loaded Profiles: m & user & UpdatusUser
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\...\MountPoints2: {0a81dba5-27a3-11ea-a847-001966873225} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: G - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: {0a81dba5-27a3-11ea-a847-001966873225} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: {47ff949c-0a92-11ea-a190-001966873225} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: {8577a3fe-b396-11e9-aa0e-001966873225} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: {e039427d-ec0a-11e9-a6c5-001966873225} - G:\HiSuiteDownLoader.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S2 DFWSIDService; C:\Program Files (x86)\Wondershare\drfone\WsidService.exe [X]
S2 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Unlock\ElevationService.exe [X]
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone\Addins\SocialApps\DriverInstall.exe [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
FirewallRules: [{47562BA6-10EE-4584-8257-58E76E629977}] => (Allow) H:\LetsView\LetsView.exe => No File
FirewallRules: [{EEB53487-5539-4AAD-80B2-0CBA0368DDC2}] => (Allow) H:\LetsView\LetsView.exe => No File
FirewallRules: [{66E2D4EF-C6D5-448E-98B0-7152BF0FF3FD}] => (Allow) C:\Users\user\Downloads\4ukey-for-android.exe => No File
FirewallRules: [{FCAFB221-9508-4FB0-946B-D10F8A26A004}] => (Allow) C:\Users\user\Downloads\4ukey-for-android.exe => No File
cmd: ipconfig /flushdns
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81dba5-27a3-11ea-a847-001966873225} => removed successfully
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G => removed successfully
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81dba5-27a3-11ea-a847-001966873225} => removed successfully
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47ff949c-0a92-11ea-a190-001966873225} => removed successfully
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8577a3fe-b396-11e9-aa0e-001966873225} => removed successfully
HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e039427d-ec0a-11e9-a6c5-001966873225} => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\System\CurrentControlSet\Services\DFWSIDService => removed successfully
DFWSIDService => service removed successfully
HKLM\System\CurrentControlSet\Services\ElevationService => removed successfully
ElevationService => service removed successfully
HKLM\System\CurrentControlSet\Services\WsDrvInst => removed successfully
WsDrvInst => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{47562BA6-10EE-4584-8257-58E76E629977}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EEB53487-5539-4AAD-80B2-0CBA0368DDC2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66E2D4EF-C6D5-448E-98B0-7152BF0FF3FD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FCAFB221-9508-4FB0-946B-D10F8A26A004}" => removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 52430048 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 247157766 B
Edge => 0 B
Chrome => 91712262 B
Firefox => 0 B
Opera => 20301692 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 416719104 B
LocalService => 416719104 B
NetworkService => 416735234 B
m => 1387897132 B
user => 1714004016 B
UpdatusUser.m-PC => 1714004016 B

RecycleBin => 44612997 B
EmptyTemp: => 6.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:00:53 ====

Farbar Recovery Scan Tool (x64) Version: 06-11-2021
Ran by m (06-11-2021 13:05:45)
Running from C:\Users\m\Desktop
Boot Mode: Normal

================== Search Files: "SearchAll: Adobe Flash Player;swMSM;Bitdefender;adaware" =============

File:
========

folder:
========
2018-09-24 11:16 - 2018-09-24 11:16 _____ C:\Users\user\AppData\Roaming\adaware
2018-09-24 11:16 - 2018-09-24 11:16 _____ C:\Users\user\AppData\Roaming\adaware\adaware antivirus
2018-09-24 11:16 - 2018-09-24 11:16 _____ C:\Users\user\AppData\Local\AdAwareDesktop
2021-09-01 14:43 - 2021-09-01 14:43 ____C C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_AdAwareDesktop.e_64cdf6ce65aa46f419f283aecfcd52406658d93_23b4d56b
2018-09-12 14:55 - 2018-09-12 14:55 _____ C:\Users\m\AppData\Local\AdAwareDesktop
2018-09-12 15:20 - 2018-09-12 15:20 _____ C:\ProgramData\BitDefender
2019-04-11 07:16 - 2019-04-11 07:16 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_084d916d
2019-04-11 07:20 - 2019-04-11 07:20 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_088ad305
2019-04-11 07:24 - 2019-04-11 07:24 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_088ebbf3
2019-04-09 07:14 - 2019-04-09 07:14 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_08c196fb
2019-04-05 07:11 - 2019-04-05 07:11 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0b95a2a3
2019-04-04 06:58 - 2019-04-04 06:58 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0ba98e12
2019-04-08 17:47 - 2019-04-08 17:47 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bb98d18
2019-04-03 12:37 - 2019-04-03 12:37 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bc99d93
2019-04-12 07:12 - 2019-04-12 07:12 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bcd9fb5
2019-04-10 10:58 - 2019-04-10 10:58 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bd19286
2019-04-08 07:29 - 2019-04-08 07:29 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0be590d1

Registry:
========

===================== Search result for "Adobe Flash Player" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
""="Adobe Flash Player"


===================== Search result for "swMSM" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C43C21609E58D74B9C5F017D78D7262]
"ProductName"="swMSM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C43C21609E58D74B9C5F017D78D7262\SourceList]
"PackageName"="swMSM.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C43C21609E58D74B9C5F017D78D7262\InstallProperties]
"DisplayName"="swMSM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}]
"DisplayName"="swMSM"


===================== Search result for "Bitdefender" ==========


===================== Search result for "adaware" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\adaware]

[HKEY_LOCAL_MACHINE\SOFTWARE\adaware\adaware antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\AdAwareService.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\adaware\adaware antivirus\Antimalware Engine\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\adaware\adaware antivirus\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\adaware\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\adaware\adaware antivirus\AdAwareProxyEngine\1.0.0.8\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\adaware\adaware antivirus\AdAwareProxyEngine\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\adaware\adaware antivirus\Online Threats Engine\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\adaware\adaware antivirus\Antispam Engine\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\adaware\adaware antivirus\adaware antivirus\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\adaware\adaware antivirus\AVC Engine\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.5.961.11619\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.6.1005.11662\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.7.1055.0\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.60.0\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.129.0\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\adaware\adaware antivirus\Antimalware Engine\3.1.261.0\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.134.0\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdAwareService.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\adaware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\adaware\adaware antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\adaware\adaware antivirus]
"InstallerPath"="C:\Users\m\AppData\Local\Temp\17220858-ac9c-4fd2-9cb3-bb2586c93ff2\AdAwareWebInstaller.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdAwareService.exe]

[HKEY_USERS\S-1-5-21-3677490310-1812953499-2719145278-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\m\Downloads\Adaware_Installer (1).exe"="1"


====== End of Search ======

Линк към коментара
Сподели в други сайтове

Много добре..!Как се държи тази антика..?  Живна ли малко...? :) 

п.п. малко по- късно ще напиша скрипт за да премахнем всички остатъци в регистрите ..че сега съм зает ..!  :)

Линк към коментара
Сподели в други сайтове

да,усеща се разликата.Остана само проблема с клавиатурата.Сложих друга да пробвам ,при нея обаче само цифрите 5 и 6 могат да се изписват,всички други не могат да се изписват и съответните им знаци при комбиниране с шифт.На първата клавиатура с цифрите няма проблем ,а само остана при натискане на "q" се визуализира функцията на комбинацията CTRL+B ,няма смисъл да изброявам останалите 7-8 разминавания.

Линк към коментара
Сподели в други сайтове

Фикс с Farbar Recovery Scan Tool

 

  • Щракнете с десния бутон върху иконата FRST и изберете Изпълнете като администратор
  • Маркирайте  информацията от карето по долу , след което натиснете клавишите Ctrl + C едновременно и текстът ще бъде копиран
  • Няма нужда да поставяте информацията , FRST ще я направи вместо вас.
Start::
CreateRestorePoint:
CloseProcesses:

C:\Users\user\AppData\Roaming\adaware
C:\Users\user\AppData\Roaming\adaware\adaware antivirus
C:\Users\user\AppData\Local\AdAwareDesktop
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_AdAwareDesktop.e_64cdf6ce65aa46f419f283aecfcd52406658d93_23b4d56b
C:\Users\m\AppData\Local\AdAwareDesktop
C:\ProgramData\BitDefender
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_084d916d
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_088ad305
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_088ebbf3
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_08c196fb
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0b95a2a3
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0ba98e12
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bb98d18
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bc99d93
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bcd9fb5
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bd19286
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0be590d1
C:\Program Files\adaware\adaware antivirus\Antimalware Engine
C:\Program Files\adaware\adaware antivirus
C:\Program Files\adaware
C:\Users\m\Downloads\Adaware_Installer (1).exe

StartRegedit:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C43C21609E58D74B9C5F017D78D7262]
"ProductName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C43C21609E58D74B9C5F017D78D7262\SourceList]
"PackageName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C43C21609E58D74B9C5F017D78D7262\InstallProperties]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\adaware]
[-HKEY_LOCAL_MACHINE\SOFTWARE\adaware\adaware antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\AdAwareService.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdAwareService.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\adaware]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\adaware\adaware antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdAwareService.exe]
[HKEY_USERS\S-1-5-21-3677490310-1812953499-2719145278-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\m\Downloads\Adaware_Installer (1).exe"=-
EndRegedit:

EmptyTemp:
End::

 

ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

Следните директории се изпразват:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Натиснете бутона Fix само веднъж и изчакайте.


Забележка:    Не е необходимо да поставяте скрипта в FRST .
Рестартирайте компютъра, ако бъдете подканени.
Когато поправката е завършена, FRST ще генерира дневник на същото място, от което е стартиран (Fixlog.txt)
Моля, копирайте и поставете съдържанието му във вашия отговор.

Линк към коментара
Сподели в други сайтове

ето и последния лог

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-11-2021
Ran by m (07-11-2021 08:25:57) Run:2
Running from C:\Users\m\Desktop
Loaded Profiles: m & user & UpdatusUser
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Users\user\AppData\Roaming\adaware
C:\Users\user\AppData\Roaming\adaware\adaware antivirus
C:\Users\user\AppData\Local\AdAwareDesktop
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_AdAwareDesktop.e_64cdf6ce65aa46f419f283aecfcd52406658d93_23b4d56b
C:\Users\m\AppData\Local\AdAwareDesktop
C:\ProgramData\BitDefender
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_084d916d
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_088ad305
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_088ebbf3
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_08c196fb
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0b95a2a3
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0ba98e12
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bb98d18
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bc99d93
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bcd9fb5
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bd19286
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0be590d1
C:\Program Files\adaware\adaware antivirus\Antimalware Engine
C:\Program Files\adaware\adaware antivirus
C:\Program Files\adaware
C:\Users\m\Downloads\Adaware_Installer (1).exe
StartRegedit:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C43C21609E58D74B9C5F017D78D7262]
"ProductName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C43C21609E58D74B9C5F017D78D7262\SourceList]
"PackageName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C43C21609E58D74B9C5F017D78D7262\InstallProperties]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\adaware]
[-HKEY_LOCAL_MACHINE\SOFTWARE\adaware\adaware antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\AdAwareService.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdAwareService.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\adaware]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\adaware\adaware antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdAwareService.exe]
[HKEY_USERS\S-1-5-21-3677490310-1812953499-2719145278-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\m\Downloads\Adaware_Installer (1).exe"=-
EndRegedit:
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\user\AppData\Roaming\adaware => moved successfully
"C:\Users\user\AppData\Roaming\adaware\adaware antivirus" => not found
C:\Users\user\AppData\Local\AdAwareDesktop => moved successfully
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_AdAwareDesktop.e_64cdf6ce65aa46f419f283aecfcd52406658d93_23b4d56b => moved successfully
C:\Users\m\AppData\Local\AdAwareDesktop => moved successfully
C:\ProgramData\BitDefender => moved successfully
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_084d916d => moved successfully
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_088ad305 => moved successfully
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_088ebbf3 => moved successfully
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_08c196fb => moved successfully
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0b95a2a3 => moved successfully
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0ba98e12 => moved successfully
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bb98d18 => moved successfully
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bc99d93 => moved successfully
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bcd9fb5 => moved successfully
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bd19286 => moved successfully
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0be590d1 => moved successfully
"C:\Program Files\adaware\adaware antivirus\Antimalware Engine" => not found
"C:\Program Files\adaware\adaware antivirus" => not found
"C:\Program Files\adaware" => not found
"C:\Users\m\Downloads\Adaware_Installer (1).exe" => not found
Registry ====> The operation completed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5000072 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 78291140 B
Edge => 0 B
Chrome => 37800208 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 256 B
LocalService => 256 B
NetworkService => 256 B
m => 32520 B
user => 1199279 B
UpdatusUser.m-PC => 1199279 B

RecycleBin => 13344533 B
EmptyTemp: => 130.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:26:22 ====

Линк към коментара
Сподели в други сайтове

Последни контролни проверки:

 

Сканиране с Malwarebytes Anti-Malware (MBAM)

  • Ако вече имате инсталиран Malwarebytes, отворете Malwarebytes и кликнете върху бутона Сканиране. Той автоматично ще провери за актуализации и ще стартира сканиране на заплахи.
  • Ако все още нямате инсталиран Malwarebytes, моля, изтеглете го от тук и го инсталирайте..... !
  • След като инсталирате, отворете Malwarebytes и изберете Сканиране и го оставете да работи....!
  • След като сканирането приключи, уверете се, че сте поставили под карантина на всички открити обекти
  • Ако не са открити никакви заплахи, щракнете върху падащото меню Запазване на резултатите, след това бутона Експортиране в TXT и запазете файла като текстов файл на работния плот или на друго място, което можете да намерите и прикачите  този дневник при следващия си отговор.
  • Ако е имало засечени заплахи, след като карантината приключи, щракнете върху бутона Преглед на отчета, След това щракнете върху падащото меню Експортиране, след това бутона Експортиране в TXT и запазете файла като текстов файл на вашия работен плот или друго място, което можете да намерите и Прикачете този дневник към следващия си отговор.
  • Ако компютърът се рестартира на етап карантиниране, можете да получите достъп до регистрационните файлове от историята на откриване, а след това раздела История. Маркирайте най-новото сканиране и щракнете двукратно, за да го отворите. След това щракнете върху падащото меню Експортиране, след това върху бутона Експортиране в TXT и запазете файла като текстов файл на вашия работен плот или на друго място, което можете да намерите и прикачите към този дневник при следващия си отговор.

 

Моля, изтеглете AdwCleaner от Malwarebytes и запазете файла на вашия работен плот.

  •     Кликнете с десния бутон върху програмата и изберете Run as Administrator (Стартиране като администратор) , за да стартирате инструмента.
  •     Приемете Условията за ползване (Terms of use).
  •     Изчакайте, докато базата данни се актуализира.
  •     Кликнете върху Сканиране сега (Scan Now).
  •     Когато приключите, кликнете върху Почистване и ремонт (Clean & Repair).
  •     Вашият компютър трябва да се рестартира сега, ако са намерени елементи.
  •     След рестартиране ще се отвори лог файл (AdwCleaner.txt). Прикачете или копирайте съдържанието му в следващия си отговор.

 

 

Microsoft Safety Scanner

  • Microsoft Safety Scanner е безплатен самостоятелен скенер за вируси на Microsoft, който може да се използва за сканиране и премахване на зловреден или потенциално нежелан софтуер от системата.
  •  Изтеглете инструмента от тази връзка на Microsoft:

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

  • Моля, уведомете ме за резултатите от това сканиране.
  • Дневникът се казва MSERT.log
  • Регистрационният файл ще бъде на% SYSTEMROOT% debug msert.log, който в повечето случаи е C:\Windows\debug\msert.log
  • Моля, прикачете този дневник със следващия си отговор.

 

 

Линк към коментара
Сподели в други сайтове

Абсолютно чиста система..! Няма индикации за активен зловреден софтуер на този компютър..! :) 

 

Поддръжката на Windows 7 приключи на 14 януари 2020 г...!!!

Информация за края на поддръжката на Windows 7 – Microsoft

Това означава че аз лично не мога да ви гарантирам чистотата от зловреден софтуер на вашата система. Без актуализации на софтуера и защитата, тя ще бъде изложен на по-голям риск от вируси и злонамерен софтуер.

 

За да деинсталирате FRST и да премахнете всички негови файлове, моля, направете следното ...:

  • Преименувайте FRST.exe на Uninstall.exe
  • Щракнете двукратно върху Uninstall.exe  за да го стартирате

Компютърът ви ще се рестартира и  ще премахне FRST и всички негови файлове.

 

KpRm 
 
Изтеглете  KpRm от kernel-panik и го запишете на вашия работен плот. 

  • Щракнете с десния бутон върху kprm_ (версия) .exe и изберете Изпълни като администратор. 
  • Когато инструментът се отвори, уверете се, че всички квадратчета са отметнати и изберете Изпълни ( Run ).

image.png.ae380ba8b0c6aa27fc373965f56ef973.png

image.png.f90aaeac26b9e18c5ce5f79e34f88914.png

  • След като приключите, щракнете върху OK. 
  • В Notepad ще се отвори журнал, озаглавен kprm- (date) .txt
  • Моля, копирайте и поставете съдържанието му в следващия си отговор.
Линк към коментара
Сподели в други сайтове

ето и последния лог

# Run at 8.11.2021 'г.' 14:59:01 'ч.'
# KpRm (Kernel-panik) version 2.9.2
# Website https://kernel-panik.me/tool/kprm/
# Run by m from C:\Users\m\Desktop
# Computer Name: M-PC
# OS: Windows 7 X64 (7601) Service Pack 1
# Number of passes: 1

- Checked options -

    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines after 7 days

- Create Registry Backup -

   ~ [OK] Hive C:\Windows\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\m\NTUSER.dat backed up

     [OK] Registry Backup: C:\KPRM\backup\2021-11-08-14-59-01

- Delete Tools -


  ## AdwCleaner
     [OK] C:\Users\m\Desktop\adwcleaner_8.3.0.exe deleted

  ## Malwarebytes (log)
     [OK] C:\Users\m\Desktop\Malwarebytes.txt deleted

  ## SecurityCheck
     [OK] C:\Users\m\Desktop\SecurityCheck.exe deleted

  ## Systemlook
     [OK] C:\Users\m\Desktop\SystemLook_x64.exe deleted

- Other Lines -


  ## Quarantines that will be deleted in 7 days (2021/11/15)
    ~ C:\AdwCleaner (AdwCleaner)
    ~ C:\EEK (Emisoft Emergency Kit)

- Restore System Settings -

     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files

- Restore UAC -

     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

   ~ [OK] RP named Restore Point Created by FRST created at 11/06/2021 10:58:32 deleted
   ~ [OK] RP named Restore Point Created by FRST created at 11/07/2021 06:26:00 deleted
     [OK] All system restore points have been successfully deleted

- Create Restore Point -

     [OK] System Restore Point created

- Display System Restore Point -

   ~ [I] RP named KpRm created at 11/08/2021 12:59:19

-- KPRM finished in 50.71s --

 

Благодаря отново за свършената работа.

Линк към коментара
Сподели в други сайтове

на 8.11.2021 г. в 15:01, miroslav24 написа:

Благодаря отново за свършената работа.

Благодаря..!  Бъдете здрав и безопасно сърфиране ..! :) 

Линк към коментара
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.

 Сподели

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване