Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Всички файлове на лаптопа не се отварят и завършват с .uyro


Препоръчан отговор

Внучката си игра с лаптопа и сега всичко в него е криптирано: Видеа,снимки,RAR архиви,текстови файлове...абсолютно всичко завършва  .uyro  .  Пример видео:  На сняг 2022 г.mp4.uyro    , това е снимка:  IMG_20220713_134440.jpg.uyro  Отваря ми се единствено този текстов файл:

Spoiler

ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-5UcwRdS3ED
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0609djfsieEl4sXhMvRPZhoPHYge71tRuKpsp

Защитата на уиндоус уведомява,че има работещ вирус в момента.Питането е следното.Всички файлове в този лаптоп си ги имам запазени на външен хард диск.Дали ако го включа за да си подменя моите файлове,няма да ми ги криптира на външния хард диск? Мога да преинсталирам системата,която е уиндоус 10.Дали това не е най-сигурния вариант?

Линк към коментара
Сподели в други сайтове

Нова версия на STOP DJVU. Добре, че имаш бекъп, защото за старите версии имаше декриптор, но той не работи за новите варианти:

https://www.emsisoft.com/en/ransomware-decryption/stop-djvu/

Цитат

New variant reported with .uyro (V0609) extension.

New variant reported with .uyit (V0611) extension.

Хубаво е преди да включваш външни дискове и компютри по мрежата и каквото и да е, е да си сигурен, че системата в момента е чиста. После ще си решиш дали да преинсталираш или не.

Обикновено крипторите се самоизтриват като си свършат работата за да не се докопат експертите до декриптиращите ключове, но заразата често идва с други гадини и затова е добре да се провери системата.

1. Ако искаш дай лог файлове от FRST:

  • Моля изтеглете icon1337953436.pngFarbar Recovery Scan Tool (според версията на Windows изберете 32 битовата или 64 битовата версия) и го запазете на десктопа.
  • Стартирайте файла FRST.exe (или FRST64.exe)
  • Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
  • Натиснете бутона SCAN.png.bc1155e345cde5ebe349fcefa0684fbd.png.
  • Изчакайте търпеливо проверката да приключи.
  • Ще се създадат два лог файла с името - FRST.txt и Addition.txt на десктопа.
  • Прикачете съдържанието на файла FRST.txt и на файла Addition.txt в коментара си (погледнете опцията Прикачване на файлове, когато публикувате мнение).

2. Добре е да направиш и една проверка с KVRT:

https://www.kaspersky.com/downloads/free-virus-removal-tool

Преди да натиснеш Start Scan избери Change Parameters и сложа отметки пред System Drive.

Линк към коментара
Сподели в други сайтове

FRST:

Spoiler

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-11-2022
Ran by Lenovo (administrator) on DESKTOP-TQP3P39 (LENOVO 81Y4) (04-12-2022 16:16:48)
Running from C:\Users\Lenovo\Downloads
Loaded Profiles: Lenovo
Platform: Microsoft Windows 10 Pro Version 22H2 19045.2251 (X64) Language: Български (България)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(10306 -> ) [File not signed] C:\Windows\rss\csrss.exe
(C:\Windows\rss\csrss.exe ->) () [File not signed] C:\Users\Lenovo\AppData\Local\Temp\csrss\934057bb263593087d4cce4817adb057.exe
(C:\Windows\rss\csrss.exe ->) () [File not signed] C:\Users\Lenovo\AppData\Local\Temp\csrss\injector\injector.exe
(cmd.exe ->) (Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\Lenovo\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxEM.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~2.INF\DAX3API.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_eea2c15eb4860b4b\LenovoUtilityService.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_eea2c15eb4860b4b\FnHotkeyUtility.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <35>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Node.js Foundation -> Node.js) C:\Users\Lenovo\AppData\Roaming\Java\jre8\bin\java.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e6980897e3126266\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e6980897e3126266\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_c98d5e0dfc88ac2f\RstMwService.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_eea2c15eb4860b4b\LenovoUtilityService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_5adc6075318430cf\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1000736 2019-10-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637528 2012-10-09] (Canon Inc. -> CANON INC.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-589266725-163046098-2985141653-1001\...\Run: [MicrosoftEdgeAutoLaunch_5EF70F99B4529735F3564FFE246DB961] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3892136 2022-11-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-589266725-163046098-2985141653-1001\...\Run: [softx64.exe] => C:\Users\Lenovo\AppData\Local\Temp\1000009001\softx64.exe (No File) <==== ATTENTION
HKU\S-1-5-21-589266725-163046098-2985141653-1001\...\Run: [linda5.exe] => C:\Users\Lenovo\AppData\Local\Temp\1000001001\linda5.exe (No File) <==== ATTENTION
HKU\S-1-5-21-589266725-163046098-2985141653-1001\...\Run: [doza.exe] => C:\Users\Lenovo\AppData\Local\Temp\1000002001\doza.exe (No File) <==== ATTENTION
HKU\S-1-5-21-589266725-163046098-2985141653-1001\...\Run: [anon.exe] => C:\Users\Lenovo\AppData\Local\Temp\1000003001\anon.exe (No File) <==== ATTENTION
HKU\S-1-5-21-589266725-163046098-2985141653-1001\...\Run: [SysHelper] => "C:\Users\Lenovo\AppData\Local\01452eb3-bcf0-4a09-af08-c8a0bd38b550\3C44.exe" --AutoStart (No File) <==== ATTENTION
HKU\S-1-5-21-589266725-163046098-2985141653-1001\...\Run: [Lege.exe] => C:\Users\Lenovo\AppData\Local\Temp\1000002001\Lege.exe (No File) <==== ATTENTION
HKU\S-1-5-21-589266725-163046098-2985141653-1001\...\Run: [mfc40] => wscript.exe "C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows NT\mfc40.js" (No File)
HKLM\...\Windows x64\Print Processors\Canon MG3100 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAR.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3100 series: C:\Windows\system32\CNMLMAR.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3100 series XPS: C:\Windows\system32\CNMXLMAR.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\107.0.5304.123\Installer\chrmstp.exe [2022-11-30] (Google LLC -> Google LLC)
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0386943F-D4BF-4237-BCDD-7A199854799F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {066F3570-49E2-4542-A879-F61566C247D5} - System32\Tasks\TinyTask => C:\Users\Default\Links\plugins.js (No File) <==== ATTENTION
Task: {0FFF2E9B-03B0-41F6-AF8A-8AE08F5017CF} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-589266725-163046098-2985141653-1001 => C:\Users\Lenovo\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [89096 2022-10-19] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {1312FE3E-EC2A-4015-8068-9EF670ADEFBC} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {357993EC-A886-4CB2-BD44-D819F3489EBB} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe [4378152 2022-12-04] (10306 -> ) [File not signed] <==== ATTENTION
Task: {3D0E0248-9FC1-4358-B4CB-10D00F0F451A} - System32\Tasks\GoogleUpdateTaskMachineCore{DFA13D16-2BC0-4098-97A5-821DF9D5351B} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-08-31] (Google LLC -> Google LLC)
Task: {3F2FDA09-8F28-401E-9293-971E417D3211} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8576000 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {40D25B0E-7B2C-4AD2-A3B5-7065C4A9BC9F} - System32\Tasks\Microsoft\Windows\Clip\Sazlm => C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Users\Lenovo\AppData\Local\EntityTexts\MioracionMail\Saksoft_nscfg.dll /U /nologo
Task: {5CAD3CE0-CDAB-4260-AD84-215AF996F744} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5E11AB69-D6BF-4192-853D-34D662AD9330} - System32\Tasks\gntuud.exe => C:\Users\Lenovo\AppData\Local\Temp\ecaac49691\gntuud.exe (No File) <==== ATTENTION
Task: {6405A661-8129-498F-AA44-6766B74F4236} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2022-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {77E255FF-F2A7-46F7-A253-F873C551F0EA} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2022-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {7BED9A98-6723-4C6C-B1A1-297F40D7BE0D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7F0E6088-9467-425A-B505-38DCE817651D} - System32\Tasks\KHrSLiwgubkDm2 => C:\Windows\system32\wscript.exe "C:\ProgramData\toJoOaCasrkHDLVB\YxYpvMV.wsf" <==== ATTENTION
Task: {A5981F27-963D-43D0-A662-B946E5FDF611} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [66936 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {A83878DB-40C7-45D1-AAED-1AC3DFF6E8DD} - System32\Tasks\ThPcltKqrSbKdqUsLXA2 => rundll32 "C:\Program Files (x86)\BHnEOumqQNxwC\IGjjEUR.dll",#1 <==== ATTENTION
Task: {C332567E-B3F9-44EE-A4DA-635A74FA26BB} - System32\Tasks\Azure-Update-Task => C:\Users\Lenovo\AppData\Roaming\Microsoft\Network\mstsca.exe (No File) <==== ATTENTION
Task: {C4B7F923-E1EE-4AC1-A923-935B278A86CE} - System32\Tasks\PwWEMgFlvPzjkD => rundll32 "C:\Program Files (x86)\wcBHSMtwAxoU2\dedDBIzHMMfjR.dll",#1 <==== ATTENTION
Task: {CD37BE0B-225E-4065-9C05-8A061F420E1E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154376 2022-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {D2822267-1427-4F03-8F13-ED56BBA21E5A} - System32\Tasks\HELPXygtJRSAxDU2 => rundll32 "C:\Program Files (x86)\MqnvxdqkU\eDIHMj.dll",#1 <==== ATTENTION
Task: {E47F237A-A0CA-42E1-AF3A-F871684A0022} - System32\Tasks\GoogleUpdateTaskMachineUA{FE4EC177-9825-4562-8F92-F51B7AB97E86} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-08-31] (Google LLC -> Google LLC)
Task: {E6B1E86E-CEEF-4215-AD36-26CA103A8FFC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154376 2022-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {E828EA22-575B-4EF9-A689-70578CF6346B} - System32\Tasks\fsScmaedPutWjGGAu2 => rundll32 "C:\Program Files (x86)\qEEOQNqyZQNOGAPVwcR\zCdMEPI.dll",#1 <==== ATTENTION
Task: {FEA33C88-16A5-4982-B150-E27CFDEBDC08} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8576000 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [{58B69C5E-32C4-48F0-92D4-28C5832E31D8}] => hxxp://34.80.59.191/win.pac <==== ATTENTION
AutoConfigURL: [S-1-5-21-589266725-163046098-2985141653-1001] => hxxp://34.80.59.191/win.pac <==== ATTENTION
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{047e66c6-bf97-44e7-8985-eb6d86a2a217}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0hxxp://34.80.59.191/win.pac <==== ATTENTION

Edge: 
=======
Edge Profile: C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Default [2022-12-04]
Edge Extension: (T-Сashback — кэшбэк-сервис) - C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odbmjgikedenicicookngdckhkjbebpd [2022-12-04]
Edge HKLM-x32\...\Edge\Extension: [odbmjgikedenicicookngdckhkjbebpd]

FireFox:
========
FF DefaultProfile: vtnldg50.default
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\2qrgp3fv.default-release-1-1661029269790 [2022-12-04]
FF Homepage: Mozilla\Firefox\Profiles\2qrgp3fv.default-release-1-1661029269790 -> hxxps://find-it.pro/?utm_source=distr_m
FF Notifications: Mozilla\Firefox\Profiles\2qrgp3fv.default-release-1-1661029269790 -> hxxps://mail-notification.info; hxxps://zarabotok-online.xyz; hxxps://supertopfreegames.com; hxxps://best-loan-info.com; hxxps://ccleaner-download.xyz; hxxps://pinghauz.xyz; hxxps://s-tracking.xyz; hxxps://mnthor.xyz
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\2qrgp3fv.default-release-1-1661029269790\searchplugins\cdnsearch.xml [2022-12-04]
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\vtnldg50.default [2022-12-04]
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\vtnldg50.default\searchplugins\cdnsearch.xml [2022-12-04]
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\okepyaxx.default-release [2022-12-04]
FF Homepage: Mozilla\Firefox\Profiles\okepyaxx.default-release -> www.google.bg
FF Notifications: Mozilla\Firefox\Profiles\okepyaxx.default-release -> hxxps://mail-notification.info; hxxps://zarabotok-online.xyz; hxxps://supertopfreegames.com; hxxps://best-loan-info.com; hxxps://ccleaner-download.xyz; hxxps://pinghauz.xyz; hxxps://s-tracking.xyz; hxxps://mnthor.xyz
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\okepyaxx.default-release\searchplugins\cdnsearch.xml [2022-12-04]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\browser\features\{469DEDC5-791B-41B7-99CA-EB25B08298D1}.xpi [2022-12-04] [not signed]
FF Extension: (Google Slides Offline) - C:\Program Files\Mozilla Firefox\browser\features\{9E4089DD-BC9D-4FF0-88B6-7CA5D03DF300}.xpi [2022-12-04] [not signed]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default [2022-12-04]
CHR Notifications: Default -> hxxps://best-loan-info.com; hxxps://ccleaner-download.xyz; hxxps://mail-notification.info; hxxps://mnthor.xyz; hxxps://pinghauz.xyz; hxxps://s-tracking.xyz; hxxps://supertopfreegames.com; hxxps://www.kaldata.com; hxxps://zarabotok-online.xyz
CHR HomePage: Default -> hxxps://find-it.pro/?utm_source=distr_m
CHR StartupUrls: Default -> "hxxps://find-it.pro/?utm_source=distr_m"
CHR DefaultSearchURL: Default -> hxxp://search-cdn.net/fip/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> cdn
CHR DefaultSuggestURL: Default -> hxxps://www.google.ru/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&q={searchTerms}
CHR Extension: (YoutubeDownloader) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcdbodapcbfckbfpmgeldfkkgjknceo [2022-12-04] [UpdateUrl:hxxps://clients54.google.com/service/update2/crx] <==== ATTENTION
CHR Extension: (Google Документи офлайн) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-12-04]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-31]
CHR Extension: (Google Translate) - C:\Program Files\aieoplapobidheellikiicjfpamacpfd [2022-12-04]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3779840 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3547904 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12515768 2022-11-16] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe [1928648 2020-05-19] (Dolby Laboratories, Inc. -> Dolby Laboratories)
S3 FMAPOService; C:\Windows\System32\FMService64.exe [390400 2020-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 LenovoFnAndFunctionKeys; C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_eea2c15eb4860b4b\LenovoUtilityService.exe [241904 2022-08-11] (Lenovo -> Lenovo(beijing) Limited)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224216 2022-11-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\Windows\System32\Samsung\EasySetup\ss_conn_launcher.exe [182392 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe [3191272 2022-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe [133544 2022-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_5adc6075318430cf\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_5adc6075318430cf\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S4 VBoxGuest; VBoxGuest [X]
S4 VBoxMouse; VBoxMouse [X]
S4 VBoxService; VBoxService [X]
S4 VBoxSF; VBoxSF [X]
S4 VBoxVideo; VBoxVideo [X]
S4 VBoxWddm; VBoxWddm [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 aiydctei; C:\Windows\system32\drivers\aiydctei.sys [52488 2022-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 MpKsl64a8b0fb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3B47397A-7465-4462-8A89-CF82841AB8B2}\MpKslDrv.sys [214280 2022-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsla8649a66; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CCB76F8B-21C7-4D32-B745-0C54E390AD93}\MpKslDrv.sys [214280 2022-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [43640 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
U0 TaskKill; C:\Users\Lenovo\AppData\Local\Temp\Иисус.sys [36208 2022-12-04] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com) <==== ATTENTION
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2021-02-23] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 usbscan; C:\Windows\system32\DRIVERS\usbscan.sys [49152 2020-11-19] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49616 2022-11-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [469288 2022-11-12] (Microsoft Windows -> Microsoft Corporation)
S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [82944 2012-12-13] (Microsoft Windows Hardware Compatibility Publisher -> MBB)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [95520 2022-11-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-04 16:18 - 2022-12-04 16:18 - 049135616 _____ C:\Users\Lenovo\Downloads\Непотвърдено 357256.crdownload
2022-12-04 16:16 - 2022-12-04 16:17 - 000024505 _____ C:\Users\Lenovo\Downloads\FRST.txt
2022-12-04 16:16 - 2022-12-04 16:17 - 000000000 ____D C:\FRST
2022-12-04 16:15 - 2022-12-04 16:15 - 002375680 _____ (Farbar) C:\Users\Lenovo\Downloads\Непотвърдено 672066.crdownload
2022-12-04 16:15 - 2022-12-04 16:15 - 002375680 _____ (Farbar) C:\Users\Lenovo\Downloads\FRST64.exe
2022-12-04 16:12 - 2022-12-04 16:12 - 000000228 _____ C:\Users\Lenovo\Desktop\windows 10.txt
2022-12-04 15:54 - 2022-12-04 15:54 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Java
2022-12-04 15:13 - 2022-12-04 15:13 - 000011158 __RSH C:\ProgramData\ntuser.pol
2022-12-04 15:13 - 2022-12-04 15:13 - 000003356 _____ C:\Windows\system32\Tasks\PwWEMgFlvPzjkD
2022-12-04 15:13 - 2022-12-04 15:13 - 000003044 _____ C:\Windows\system32\Tasks\KHrSLiwgubkDm2
2022-12-04 15:13 - 2022-12-04 15:13 - 000003034 _____ C:\Windows\system32\Tasks\fsScmaedPutWjGGAu2
2022-12-04 15:13 - 2022-12-04 15:13 - 000003026 _____ C:\Windows\system32\Tasks\ThPcltKqrSbKdqUsLXA2
2022-12-04 15:13 - 2022-12-04 15:13 - 000003008 _____ C:\Windows\system32\Tasks\HELPXygtJRSAxDU2
2022-12-04 15:13 - 2022-12-04 15:13 - 000000000 ____D C:\ProgramData\toJoOaCasrkHDLVB
2022-12-04 15:13 - 2022-12-04 15:13 - 000000000 ____D C:\Program Files (x86)\wcBHSMtwAxoU2
2022-12-04 15:13 - 2022-12-04 15:13 - 000000000 ____D C:\Program Files (x86)\SmxCdYxMLBUn
2022-12-04 15:13 - 2022-12-04 15:13 - 000000000 ____D C:\Program Files (x86)\qEEOQNqyZQNOGAPVwcR
2022-12-04 15:13 - 2022-12-04 15:13 - 000000000 ____D C:\Program Files (x86)\MqnvxdqkU
2022-12-04 15:13 - 2022-12-04 15:13 - 000000000 ____D C:\Program Files (x86)\BHnEOumqQNxwC
2022-12-04 15:11 - 2022-12-04 15:16 - 005716302 _____ C:\Users\Lenovo\Documents\sgNslHzHyD_vIxEceTAX0zc0.exe.uyro
2022-12-04 15:00 - 2022-12-04 15:06 - 000002159 _____ C:\Users\Lenovo\Documents\gps-server.net вход.txt 1.rtf.uyro
2022-12-04 14:57 - 2022-12-04 14:57 - 000000409 _____ C:\Users\Lenovo\Documents\gps-server.net вход.txt 1.txt
2022-12-04 10:11 - 2022-12-04 10:16 - 005716302 _____ C:\Users\Lenovo\Documents\r0d8ZEeats83QIlCP15drYVX.exe.uyro
2022-12-04 09:48 - 2022-12-04 09:51 - 005716302 _____ C:\Users\Lenovo\Documents\9mvt4K8Up90OUfnMTwjJkkAn.exe.uyro
2022-12-04 09:16 - 2022-12-04 15:12 - 000000000 ____D C:\Program Files\aieoplapobidheellikiicjfpamacpfd
2022-12-04 09:16 - 2022-12-04 09:16 - 005716302 _____ C:\Users\Lenovo\Documents\_QXfq31iEsazaYtwnNpTuK4j.uyro
2022-12-04 09:02 - 2022-12-04 09:46 - 000000000 ____D C:\Users\Lenovo\Desktop\линкове
2022-12-04 09:01 - 2022-12-04 10:01 - 000000000 ____D C:\Users\Lenovo\Desktop\Стари данни  от „Firefox“
2022-12-04 08:18 - 2022-11-25 17:35 - 000000337 _____ C:\Users\Lenovo\AppData\Roaming\153fc053-e88e-44d0-9e5d-d971c7e53214
2022-12-04 08:18 - 2022-11-25 17:35 - 000000335 _____ C:\Users\Lenovo\AppData\Roaming\9b01dc3f-8b61-4e46-9426-7965538c2126
2022-12-04 08:18 - 2022-11-25 17:29 - 000000337 _____ C:\Users\Lenovo\AppData\Roaming\267b92dc-dc21-4f74-a6e5-a3b925e9e5a8
2022-12-04 08:18 - 2022-11-20 13:23 - 000000335 _____ C:\Users\Lenovo\AppData\Roaming\48f7ed8b-4181-48ad-ba12-7b7fe6d3585a
2022-12-04 08:18 - 2022-11-17 15:18 - 000008259 _____ C:\Users\Lenovo\AppData\Roaming\cb372d39-9c9a-4f13-b183-a910247e6465
2022-12-04 08:18 - 2022-11-06 08:00 - 000016289 _____ C:\Users\Lenovo\AppData\Roaming\c5be1d6d-767c-4265-9ea7-862913e41ca5
2022-12-04 08:18 - 2022-08-20 22:59 - 000000000 _____ C:\Users\Lenovo\AppData\Roaming\484fe4f2-9bad-42aa-a197-dd9fbb41bc60
2022-12-04 08:18 - 2022-08-10 16:46 - 000000000 _____ C:\Users\Lenovo\AppData\Roaming\a1454159-1092-4ce3-ac25-571ff4f4f6d3
2022-12-04 08:18 - 2022-05-10 17:42 - 000063084 _____ C:\Users\Lenovo\AppData\Roaming\4aa565c9-2d32-4142-89e6-cfa648dbc2e3
2022-12-04 08:18 - 2022-05-10 17:42 - 000000280 _____ C:\Users\Lenovo\AppData\Roaming\4668bf8d-2987-424f-abc3-de43c5977374
2022-12-04 08:18 - 2022-04-22 17:33 - 000053725 _____ C:\Users\Lenovo\AppData\Roaming\73b074e5-ec85-46e9-9a2b-cc17f87cb433
2022-12-04 08:18 - 2022-04-22 17:33 - 000000293 _____ C:\Users\Lenovo\AppData\Roaming\a9ece743-5171-48cb-90d7-0e125954121b
2022-12-04 08:18 - 2022-01-21 07:50 - 000105379 _____ C:\Users\Lenovo\AppData\Roaming\4982092e-47c1-4c26-a06a-ba1eb5d50bd4
2022-12-04 08:18 - 2022-01-09 22:41 - 000000016 _____ C:\Users\Lenovo\AppData\Roaming\a86fbd45-63d2-4a11-ab4b-924690112fe6
2022-12-04 08:18 - 2021-10-29 21:44 - 000021466 _____ C:\Users\Lenovo\AppData\Roaming\b85f1377-feeb-462a-ad35-6d8e7c47fe86
2022-12-04 08:18 - 2021-08-31 19:24 - 000000016 _____ C:\Users\Lenovo\AppData\Roaming\0c0a07ce-3d36-42f8-b12a-c8db42595cac
2022-12-04 08:17 - 2022-12-04 16:16 - 000003274 _____ C:\Windows\system32\Tasks\csrss
2022-12-04 08:17 - 2022-12-04 15:22 - 000000000 __SHD C:\ProgramData\github
2022-12-04 08:17 - 2022-12-04 15:12 - 000000000 ___HD C:\Windows\rss
2022-12-04 08:17 - 2022-12-04 15:12 - 000000000 ___HD C:\ProgramData\DNTException
2022-12-04 08:17 - 2022-11-25 17:35 - 000000337 _____ C:\Users\Lenovo\AppData\Roaming\9718f58a-654f-49a4-aacc-3f684fe03e07
2022-12-04 08:17 - 2022-11-25 17:35 - 000000337 _____ C:\Users\Lenovo\AppData\Roaming\4f9506c0-d127-4ea2-817d-fe32e24e6bc6
2022-12-04 08:17 - 2022-11-25 17:35 - 000000335 _____ C:\Users\Lenovo\AppData\Roaming\c74f439b-1813-4c53-9a09-1f626afcb260
2022-12-04 08:17 - 2022-11-25 17:35 - 000000335 _____ C:\Users\Lenovo\AppData\Roaming\88f272cc-cde9-4c17-8023-d3623d681b9a
2022-12-04 08:17 - 2022-11-25 17:29 - 000000337 _____ C:\Users\Lenovo\AppData\Roaming\7e838190-6f28-47de-a2b7-b3d27da009e6
2022-12-04 08:17 - 2022-11-25 17:29 - 000000337 _____ C:\Users\Lenovo\AppData\Roaming\780791ae-90aa-4cf0-9563-d0a2ea0d8c65
2022-12-04 08:17 - 2022-11-20 13:23 - 000000335 _____ C:\Users\Lenovo\AppData\Roaming\7f40593a-bef7-4436-98fc-88ce448b09bc
2022-12-04 08:17 - 2022-11-20 13:23 - 000000335 _____ C:\Users\Lenovo\AppData\Roaming\764aa004-468d-4a8b-8b33-09528f9a7171
2022-12-04 08:17 - 2022-11-17 15:18 - 000008259 _____ C:\Users\Lenovo\AppData\Roaming\e682b467-bdf3-45dc-a302-53418dd1a829
2022-12-04 08:17 - 2022-11-17 15:18 - 000008259 _____ C:\Users\Lenovo\AppData\Roaming\1016f642-18df-41d4-ad2d-92b51b16363c
2022-12-04 08:17 - 2022-11-06 08:00 - 000016289 _____ C:\Users\Lenovo\AppData\Roaming\c4f7e723-f15a-4873-a6cf-af3727cc40d4
2022-12-04 08:17 - 2022-11-06 08:00 - 000016289 _____ C:\Users\Lenovo\AppData\Roaming\6f2278fa-1e4a-4e5b-aa4d-513eeb8f7ad2
2022-12-04 08:17 - 2022-08-20 22:59 - 000000000 _____ C:\Users\Lenovo\AppData\Roaming\54681132-2e00-4ca9-b146-fc9b88bc9564
2022-12-04 08:17 - 2022-08-20 22:59 - 000000000 _____ C:\Users\Lenovo\AppData\Roaming\4d4a96f8-74c5-4068-9179-67f736002e9f
2022-12-04 08:17 - 2022-08-10 16:46 - 000000000 _____ C:\Users\Lenovo\AppData\Roaming\f5d9f8de-e001-4fc4-9ad2-8addc7c3c2b0
2022-12-04 08:17 - 2022-08-10 16:46 - 000000000 _____ C:\Users\Lenovo\AppData\Roaming\bb917342-4edb-4b15-b2c5-766568a62d27
2022-12-04 08:17 - 2022-05-10 17:42 - 000063084 _____ C:\Users\Lenovo\AppData\Roaming\9e8d328e-a1ec-490d-994a-20935fa52002
2022-12-04 08:17 - 2022-05-10 17:42 - 000063084 _____ C:\Users\Lenovo\AppData\Roaming\77fc39b3-21b7-49ed-8c91-d7bcfaba5ff4
2022-12-04 08:17 - 2022-05-10 17:42 - 000000280 _____ C:\Users\Lenovo\AppData\Roaming\e3fe2c98-e465-4d19-955b-0387524ddd05
2022-12-04 08:17 - 2022-05-10 17:42 - 000000280 _____ C:\Users\Lenovo\AppData\Roaming\12869057-e0e9-44cd-b08a-114905264dc1
2022-12-04 08:17 - 2022-04-22 17:33 - 000053725 _____ C:\Users\Lenovo\AppData\Roaming\ebbd6c58-f366-418c-a9c0-e9a69fca7b4d
2022-12-04 08:17 - 2022-04-22 17:33 - 000053725 _____ C:\Users\Lenovo\AppData\Roaming\e68d6ded-783d-4496-9dcb-9177d3bbd1cb
2022-12-04 08:17 - 2022-04-22 17:33 - 000000293 _____ C:\Users\Lenovo\AppData\Roaming\f7dc8b2b-6ba7-484e-bf98-5b1e588ef27d
2022-12-04 08:17 - 2022-04-22 17:33 - 000000293 _____ C:\Users\Lenovo\AppData\Roaming\09483473-e603-4bc7-a32b-4a8db751967b
2022-12-04 08:17 - 2022-01-21 07:50 - 000105379 _____ C:\Users\Lenovo\AppData\Roaming\28c17e93-ed5a-4684-b8c3-ddfd2eec1d92
2022-12-04 08:17 - 2022-01-21 07:50 - 000105379 _____ C:\Users\Lenovo\AppData\Roaming\0df435bc-4812-467e-9214-bf66d9cc4053
2022-12-04 08:17 - 2022-01-09 22:41 - 000000016 _____ C:\Users\Lenovo\AppData\Roaming\94374585-f0a0-4358-977a-2512d8c4cce0
2022-12-04 08:17 - 2022-01-09 22:41 - 000000016 _____ C:\Users\Lenovo\AppData\Roaming\6443f552-f262-4142-a287-2d67ddbd4477
2022-12-04 08:17 - 2021-10-29 21:44 - 000021466 _____ C:\Users\Lenovo\AppData\Roaming\902321d1-0f64-4431-b905-f7f06cf5497b
2022-12-04 08:17 - 2021-10-29 21:44 - 000021466 _____ C:\Users\Lenovo\AppData\Roaming\1b29a5ff-b068-4577-b83c-5e98ba9843e0
2022-12-04 08:17 - 2021-08-31 19:24 - 000000016 _____ C:\Users\Lenovo\AppData\Roaming\9545c70e-3ea0-48a4-a098-c6d3017dd006
2022-12-04 08:17 - 2021-08-31 19:24 - 000000016 _____ C:\Users\Lenovo\AppData\Roaming\33445f3d-78dc-4277-ba87-422ed8802181
2022-12-04 08:16 - 2022-12-04 08:21 - 005716302 _____ C:\Users\Lenovo\Documents\9TNxzTnxV_DPAx31L3E6q6Ql.exe.uyro
2022-12-04 04:51 - 2022-12-04 04:51 - 005716302 _____ C:\Users\Lenovo\Documents\ITW6vWThzhpAB919kxWbM4UW.exe.uyro
2022-12-04 04:51 - 2022-12-04 04:51 - 000000891 _____ C:\Users\Lenovo\Desktop\KMPlayer 64X.lnk
2022-12-04 04:51 - 2022-12-04 04:51 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KMPlayer 64X
2022-12-04 04:46 - 2022-12-04 04:51 - 000488310 _____ C:\Users\Lenovo\Downloads\waterfall-6237479_1280.jpg.uyro
2022-12-04 01:17 - 2022-12-04 08:18 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\a091ec0a6e2227
2022-12-03 22:10 - 2022-12-03 22:11 - 000338482 _____ C:\Users\Lenovo\Downloads\hollyhock-7410355_1280.jpg.uyro
2022-12-03 22:09 - 2022-12-03 22:11 - 000465817 _____ C:\Users\Lenovo\Downloads\desert-7500086_1280.jpg.uyro
2022-12-03 22:08 - 2022-12-03 22:11 - 000318267 _____ C:\Users\Lenovo\Downloads\beach-666122_1280.jpg.uyro
2022-12-03 22:06 - 2022-12-03 22:06 - 000001115 _____ C:\Users\Lenovo\_readme.txt
2022-12-03 21:57 - 2022-12-04 15:21 - 000000000 ___HD C:\Users\Lenovo\AppData\Local\cache
2022-12-03 21:56 - 2022-12-04 15:07 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\NCH Software
2022-12-03 21:55 - 2022-12-04 08:18 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\f49dfc5e4e2508
2022-12-03 21:55 - 2022-12-04 08:17 - 000003622 _____ C:\Windows\system32\Tasks\Azure-Update-Task
2022-12-03 21:55 - 2022-12-03 21:55 - 000000555 _____ C:\Users\Lenovo\AppData\Local\bowsakkdestx.txt
2022-12-03 21:55 - 2022-12-03 21:55 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\B283188499937572
2022-12-03 21:55 - 2022-12-03 21:55 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\56a1c3d463f381
2022-12-03 21:55 - 2022-12-03 21:55 - 000000000 ____D C:\Users\Lenovo\AppData\Local\4be453ca-a897-45e9-b45d-41c3df035795
2022-12-03 21:55 - 2022-12-03 21:55 - 000000000 ____D C:\SystemID
2022-12-03 21:54 - 2022-12-04 15:21 - 000000000 ____D C:\Users\Lenovo\AppData\Local\01452eb3-bcf0-4a09-af08-c8a0bd38b550
2022-12-03 21:54 - 2022-12-04 15:21 - 000000000 ____D C:\Program Files (x86)\PowerControl
2022-12-03 21:54 - 2022-12-04 15:12 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\{326b2940-29e7-11eb-8b86-806e6f6e6963}
2022-12-03 21:54 - 2022-12-04 15:12 - 000000000 ____D C:\Program Files (x86)\PrintFolders
2022-12-03 21:54 - 2022-12-03 21:55 - 000684984 _____ (Mozilla Foundation) C:\Users\Lenovo\AppData\LocalLow\freebl3.dll
2022-12-03 21:54 - 2022-12-03 21:55 - 000627128 _____ (Mozilla Foundation) C:\Users\Lenovo\AppData\LocalLow\mozglue.dll
2022-12-03 21:54 - 2022-12-03 21:55 - 000254392 _____ (Mozilla Foundation) C:\Users\Lenovo\AppData\LocalLow\softokn3.dll
2022-12-03 21:54 - 2022-12-03 21:54 - 000003600 _____ C:\Windows\system32\Tasks\gntuud.exe
2022-12-03 21:54 - 2022-12-03 21:54 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\sNNXzFjaM0w
2022-12-03 21:54 - 2022-12-03 21:54 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\ch6jM3G501
2022-12-03 21:54 - 2022-12-03 21:54 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\3om9MROA
2022-12-03 21:54 - 2022-12-03 21:54 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Yandex
2022-12-03 21:54 - 2022-12-03 21:46 - 000006261 _____ C:\Users\Lenovo\AppData\LocalLow\l9IycQIRyITc
2022-12-03 21:53 - 2022-12-03 22:07 - 005366626 _____ C:\Users\Lenovo\Downloads\Setup(1).zip.uyro
2022-12-03 21:52 - 2022-12-03 22:07 - 005366626 _____ C:\Users\Lenovo\Downloads\Setup.zip.uyro
2022-12-03 21:41 - 2022-12-03 22:07 - 000071303 _____ C:\Users\Lenovo\Downloads\Спросите.медсестру.2021.(08.серии.от.08).WEB-HD.1080p.H264.AC3-BULGAR.torrent.uyro
2022-12-03 21:34 - 2022-12-03 22:07 - 000397032 _____ C:\Users\Lenovo\Downloads\mountains-7514515_1280.jpg.uyro
2022-12-03 21:34 - 2022-12-03 22:07 - 000327545 _____ C:\Users\Lenovo\Downloads\spain-7485637_1280.jpg.uyro
2022-12-03 21:14 - 2022-12-03 22:07 - 000034061 _____ C:\Users\Lenovo\Downloads\tidal.wave.2009.dvdrip.xvid.ac3-vision(subsunacs.net).zip.uyro
2022-12-03 21:08 - 2022-12-03 22:07 - 000270260 _____ C:\Users\Lenovo\Downloads\dessert-7291251_1280.jpg.uyro
2022-12-03 21:04 - 2022-12-03 22:07 - 000594277 _____ C:\Users\Lenovo\Downloads\bastei-3014467_1280.jpg.uyro
2022-12-03 20:38 - 2022-12-03 22:07 - 000727396 _____ C:\Users\Lenovo\Downloads\castle-wall-7434571_1280.jpg.uyro
2022-12-03 20:36 - 2022-12-03 22:07 - 000182535 _____ C:\Users\Lenovo\Downloads\seagull-7318676_1280.jpg.uyro
2022-12-03 19:48 - 2022-12-03 22:07 - 000485679 _____ C:\Users\Lenovo\Downloads\lake-3918137_1280.jpg.uyro
2022-12-03 19:44 - 2022-12-03 22:07 - 000471025 _____ C:\Users\Lenovo\Downloads\mountains-5544365_1280.jpg.uyro
2022-12-03 19:42 - 2022-12-03 22:07 - 000645977 _____ C:\Users\Lenovo\Downloads\mountains-6980701_1280.jpg.uyro
2022-12-03 19:30 - 2022-12-03 22:07 - 000014752 _____ C:\Users\Lenovo\Downloads\Tidal.Wave.2009.ROK.DVDRip.XviD-LB.torrent.uyro
2022-12-03 19:29 - 2022-12-03 22:07 - 000042703 _____ C:\Users\Lenovo\Downloads\Tidal.Wave.2009.480p.BRRip.XviD.AC3-AsA.torrent.uyro
2022-12-03 18:20 - 2022-12-03 22:07 - 000326538 _____ C:\Users\Lenovo\Downloads\purple-loosestrife-7365933_1280.jpg.uyro
2022-12-03 12:43 - 2022-12-03 22:07 - 000303001 _____ C:\Users\Lenovo\Downloads\burger-3962996_1280(1).jpg.uyro
2022-12-03 12:41 - 2022-12-03 22:07 - 000303001 _____ C:\Users\Lenovo\Downloads\burger-3962996_1280.jpg.uyro
2022-12-03 12:40 - 2022-12-03 22:07 - 000375426 _____ C:\Users\Lenovo\Downloads\forest-2165911_1280.jpg.uyro
2022-12-03 10:29 - 2022-12-03 22:07 - 000377759 _____ C:\Users\Lenovo\Downloads\neist-point-540119_1280.jpg.uyro
2022-12-03 10:22 - 2022-12-03 22:07 - 000430814 _____ C:\Users\Lenovo\Downloads\waterfall-7483585_1280.jpg.uyro
2022-12-03 10:22 - 2022-12-03 22:07 - 000251353 _____ C:\Users\Lenovo\Downloads\boat-7487470_1280.jpg.uyro
2022-12-03 10:19 - 2022-12-03 22:07 - 000496636 _____ C:\Users\Lenovo\Downloads\iceland-1768744_1280.jpg.uyro
2022-12-03 07:25 - 2022-12-03 22:07 - 000333147 _____ C:\Users\Lenovo\Downloads\bird-7367534_1280.jpg.uyro
2022-12-03 03:46 - 2022-12-03 22:07 - 000216403 _____ C:\Users\Lenovo\Downloads\ducks-7489327_1280.jpg.uyro
2022-12-02 21:00 - 2022-12-03 22:07 - 000383652 _____ C:\Users\Lenovo\Downloads\water-3161063_1280.jpg.uyro
2022-12-02 20:59 - 2022-12-03 22:07 - 000262228 _____ C:\Users\Lenovo\Downloads\sea-7336542_1280.jpg.uyro
2022-12-02 07:55 - 2022-12-03 22:07 - 000124544 _____ C:\Users\Lenovo\Downloads\indian-palm-squirrel-6693577_1280.jpg.uyro
2022-12-01 22:03 - 2022-12-03 22:07 - 000244670 _____ C:\Users\Lenovo\Downloads\menhir-7118382_1280.jpg.uyro
2022-11-30 22:06 - 2022-12-03 22:07 - 000260722 _____ C:\Users\Lenovo\Downloads\seals-6627197_1280.jpg.uyro
2022-11-30 22:02 - 2022-12-03 22:07 - 000398573 _____ C:\Users\Lenovo\Downloads\coast-7504338_1280.jpg.uyro
2022-11-30 22:01 - 2022-12-03 22:07 - 000218699 _____ C:\Users\Lenovo\Downloads\great-cormorant-7109945_1280.jpg.uyro
2022-11-30 21:06 - 2022-12-03 22:07 - 000304403 _____ C:\Users\Lenovo\Downloads\mallard-7429216_1280.jpg.uyro
2022-11-30 20:59 - 2022-12-03 22:07 - 000236832 _____ C:\Users\Lenovo\Downloads\red-fox-6853907_1280.jpg.uyro
2022-11-30 20:35 - 2022-12-03 22:07 - 000449584 _____ C:\Users\Lenovo\Downloads\bow-lake-5854210_1280.jpg.uyro
2022-11-30 20:34 - 2022-12-03 22:07 - 000794690 _____ C:\Users\Lenovo\Downloads\rainforest-3119822_1280.jpg.uyro
2022-11-30 08:36 - 2022-12-03 22:07 - 000509613 _____ C:\Users\Lenovo\Downloads\woman-3049571_1280.jpg.uyro
2022-11-30 08:30 - 2022-12-03 22:07 - 000375930 _____ C:\Users\Lenovo\Downloads\sheep-7503449_1280.jpg.uyro
2022-11-30 08:06 - 2022-12-03 22:07 - 000465251 _____ C:\Users\Lenovo\Downloads\great-wall-3675637_1280.jpg.uyro
2022-11-30 08:03 - 2022-12-03 22:07 - 000253280 _____ C:\Users\Lenovo\Downloads\daylily-3495722_1280.jpg.uyro
2022-11-30 08:00 - 2022-12-03 22:07 - 000520321 _____ C:\Users\Lenovo\Downloads\nutria-7434726_1280.jpg.uyro
2022-11-29 22:24 - 2022-12-03 22:07 - 000164992 _____ C:\Users\Lenovo\Downloads\dent-blanche-7492786_1280.jpg.uyro
2022-11-29 22:19 - 2022-12-03 22:07 - 000534028 _____ C:\Users\Lenovo\Downloads\water-art-7514685_1280.jpg.uyro
2022-11-29 22:18 - 2022-12-03 22:07 - 000134877 _____ C:\Users\Lenovo\Downloads\dolphin-203875_1280.jpg.uyro
2022-11-29 22:14 - 2022-12-03 22:07 - 000300365 _____ C:\Users\Lenovo\Downloads\landscape-7373212_1280.jpg.uyro
2022-11-29 22:12 - 2022-12-03 22:07 - 000293319 _____ C:\Users\Lenovo\Downloads\tre-cime-di-lavaredo-7224478_1280.jpg.uyro
2022-11-28 19:22 - 2022-12-03 22:07 - 000380658 _____ C:\Users\Lenovo\Downloads\monkey-7431882_1280(1).jpg.uyro
2022-11-27 15:50 - 2022-12-03 22:07 - 000380658 _____ C:\Users\Lenovo\Downloads\monkey-7431882_1280.jpg.uyro
2022-11-27 15:12 - 2022-12-03 22:07 - 000282148 _____ C:\Users\Lenovo\Downloads\mountains-3959204_1280.jpg.uyro
2022-11-27 14:46 - 2022-12-03 22:07 - 000504779 _____ C:\Users\Lenovo\Downloads\combourg-castle-7443593_1280.jpg.uyro
2022-11-27 14:44 - 2022-12-03 22:07 - 000439558 _____ C:\Users\Lenovo\Downloads\otter-7307280_1280.jpg.uyro
2022-11-27 14:06 - 2022-12-03 22:07 - 000173422 _____ C:\Users\Lenovo\Downloads\white-tailed-eagle-7443856_1280.jpg.uyro
2022-11-27 12:38 - 2022-12-03 22:07 - 000171017 _____ C:\Users\Lenovo\Downloads\dew-drops-7505011_1280.jpg.uyro
2022-11-20 15:13 - 2022-11-20 15:13 - 000000643 _____ C:\Users\Lenovo\Desktop\KMPlayer.lnk
2022-11-12 18:31 - 2022-11-12 18:31 - 000000000 ____D C:\ProgramData\Apple Inc
2022-11-12 18:31 - 2022-11-12 18:31 - 000000000 ____D C:\Program Files\iPod
2022-11-12 15:16 - 2022-11-12 15:16 - 000000000 ___HD C:\$WinREAgent
2022-11-09 08:09 - 2022-11-09 08:09 - 000688128 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2022-11-09 08:09 - 2022-11-09 08:09 - 000073216 _____ C:\Windows\system32\nettraceex.dll
2022-11-09 08:09 - 2022-11-09 08:09 - 000012253 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-11-09 08:08 - 2022-11-09 08:08 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-04 16:13 - 2022-10-12 20:35 - 000000000 ____D C:\Users\Lenovo\Desktop\Toyota Lexus kay programator
2022-12-04 16:05 - 2021-08-31 14:35 - 000000000 ____D C:\Program Files (x86)\Google
2022-12-04 16:05 - 2020-11-18 23:44 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-12-04 16:04 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-12-04 16:00 - 2021-09-22 13:15 - 000000000 ____D C:\Users\Lenovo\AppData\Local\CrashDumps
2022-12-04 15:54 - 2021-08-31 14:41 - 000000000 ___HD C:\ProgramData\Intel
2022-12-04 15:27 - 2021-08-31 14:37 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\Mozilla
2022-12-04 15:26 - 2022-09-24 15:58 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-12-04 15:25 - 2021-08-31 14:30 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2022-12-04 15:25 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2022-12-04 15:24 - 2022-10-26 13:17 - 000001034 _____ C:\Users\Public\Desktop\Tux Paint.lnk
2022-12-04 15:20 - 2022-10-29 07:37 - 000008192 ___SH C:\DumpStack.log.tmp
2022-12-04 15:20 - 2021-09-22 11:45 - 000000000 ____D C:\ProgramData\NVIDIA
2022-12-04 15:20 - 2021-08-31 14:41 - 000000000 __SHD C:\Users\Lenovo\IntelGraphicsProfiles
2022-12-04 15:20 - 2021-08-31 14:34 - 000000000 ____D C:\Intel
2022-12-04 15:20 - 2020-11-19 01:44 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-12-04 15:20 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState
2022-12-04 15:20 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2022-12-04 15:17 - 2022-02-09 00:05 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-12-04 15:11 - 2022-10-26 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tux Paint
2022-12-04 15:11 - 2022-10-26 13:17 - 000000000 ____D C:\Program Files\TuxPaint
2022-12-04 15:11 - 2022-07-16 08:36 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo
2022-12-04 15:11 - 2022-07-16 08:36 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2022-12-04 15:11 - 2022-05-28 11:54 - 000000000 ____D C:\Program Files (x86)\Teltonika
2022-12-04 15:11 - 2021-08-31 19:24 - 000000000 ____D C:\Users\Lenovo
2022-12-04 15:11 - 2021-08-31 14:31 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\uTorrent
2022-12-04 15:11 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2022-12-04 15:08 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-12-04 15:07 - 2021-08-31 14:35 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Google
2022-12-04 15:07 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\registration
2022-12-04 05:04 - 2022-10-07 18:36 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\uTorrent
2022-12-04 05:03 - 2021-08-31 14:41 - 000000000 ____D C:\Users\Lenovo\AppData\Local\BitTorrentHelper
2022-12-04 04:51 - 2021-08-31 14:31 - 000000000 ____D C:\Program Files\KMPlayer 64X
2022-12-03 22:07 - 2022-10-04 12:25 - 000001285 _____ C:\Users\Lenovo\Documents\Данни телефони от моя телефон.txt.uyro
2022-12-03 22:07 - 2022-08-06 18:24 - 000035367 _____ C:\Users\Lenovo\Downloads\kill_me_heal_me_15-16(subsunacs.net).rar.uyro
2022-12-03 22:07 - 2022-06-23 07:23 - 000000409 _____ C:\Users\Lenovo\Documents\gps-server.net вход.txt.uyro
2022-12-03 22:07 - 2022-06-22 18:46 - 000000406 _____ C:\Users\Lenovo\Documents\mobile.bg- вход.txt.uyro
2022-12-03 22:07 - 2022-05-31 22:24 - 000000000 ____D C:\Users\Lenovo\Desktop\Руски филми
2022-12-03 22:07 - 2022-05-28 13:02 - 020266318 _____ C:\Users\Lenovo\Desktop\Teltonika.Configurator_1.7.22_B.3.27_R.21.exe.uyro
2022-12-03 22:07 - 2022-05-28 11:57 - 018709829 _____ C:\Users\Lenovo\Documents\Teltonika.Configurator_1.7.22_B.3.27_R.21.zip.uyro
2022-12-03 22:07 - 2022-05-28 11:54 - 000000000 ____D C:\Users\Lenovo\Documents\Presets
2022-12-03 22:07 - 2022-05-24 10:19 - 000000425 _____ C:\Users\Lenovo\Documents\Akaunt teltonika поръчка sinetik.txt.uyro
2022-12-03 22:07 - 2022-04-28 18:07 - 000000431 _____ C:\Users\Lenovo\Documents\Акаунт поръчка телтоника.txt.uyro
2022-12-03 22:07 - 2022-04-20 21:46 - 000000350 _____ C:\Users\Lenovo\Documents\Вход za Emag [email protected]
2022-12-03 22:07 - 2022-03-27 13:07 - 000000000 ____D C:\Users\Lenovo\Documents\Сертификат за ваксинация Иван
2022-12-03 22:07 - 2022-03-27 13:04 - 000000000 ____D C:\Users\Lenovo\Documents\GPS-си настройки
2022-12-03 22:07 - 2022-01-27 22:35 - 000000000 ____D C:\KMPlayer
2022-12-03 22:07 - 2022-01-13 11:38 - 000000475 _____ C:\Users\Lenovo\Documents\jobs.bg- aкаунт.txt.uyro
2022-12-03 22:07 - 2021-12-15 10:25 - 000000000 ____D C:\Users\Lenovo\Documents\2021_12_15
2022-12-03 22:07 - 2021-12-08 17:57 - 000000000 ____D C:\Users\Lenovo\Desktop\GPS-си настройки
2022-12-03 22:07 - 2021-10-23 19:56 - 000007495 _____ C:\Users\Lenovo\Downloads\YTD Youtube Downloader 6.12.11 + Crack {B4tman}.torrent.uyro
2022-12-03 22:07 - 2021-09-18 15:43 - 000000866 _____ C:\Users\Lenovo\Documents\AКАУНT ТВ БОКС и ЕЛЕМЕНТАЛ.txt.uyro
2022-12-03 22:07 - 2021-09-18 15:41 - 000000418 _____ C:\Users\Lenovo\Documents\Адаш,Юри-пароли WIFI.txt.uyro
2022-12-03 22:07 - 2021-09-18 15:09 - 000000000 ____D C:\Users\Lenovo\Desktop\MP3 musica
2022-12-03 22:07 - 2021-09-17 14:35 - 000000000 ____D C:\Users\Lenovo\Documents\Програми от стария лаптоп
2022-12-03 22:07 - 2021-09-17 12:06 - 019070802 _____ C:\Users\Lenovo\Downloads\youtube_downloader_hd.exe.uyro
2022-12-03 22:07 - 2021-09-16 14:35 - 002060152 _____ C:\Users\Lenovo\Downloads\SubtitleWorkshop_6.0b_131121_installer.exe.uyro
2022-12-03 22:07 - 2021-09-15 20:42 - 000165414 _____ C:\Users\Lenovo\Downloads\dgc.pdf.uyro
2022-12-03 22:07 - 2021-08-31 14:37 - 056958038 _____ C:\Users\Lenovo\Downloads\Firefox_Setup_85.0.1.exe.uyro
2022-12-03 22:07 - 2021-08-31 14:35 - 001342630 _____ C:\Users\Lenovo\Downloads\ChromeSetup.exe.uyro
2022-12-03 22:06 - 2022-07-20 07:34 - 000000000 ____D C:\BIOS
2022-12-03 22:06 - 2021-08-31 19:24 - 000000000 ____D C:\Users\Lenovo\AppData\Local\VirtualStore
2022-11-30 07:38 - 2021-08-31 14:36 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-11-30 07:37 - 2020-11-19 01:47 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-11-30 07:37 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2022-11-21 21:37 - 2021-09-02 13:27 - 000000000 ____D C:\Users\Lenovo\AppData\Local\D3DSCache
2022-11-20 19:02 - 2021-09-20 15:35 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-11-16 21:34 - 2021-08-31 14:49 - 000000000 ____D C:\Program Files\Microsoft Office
2022-11-12 17:47 - 2021-08-31 14:39 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-11-12 15:18 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2022-11-12 04:07 - 2022-03-20 11:27 - 000003646 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-11-12 04:07 - 2022-03-20 11:27 - 000003522 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-11-12 03:50 - 2020-11-19 01:44 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-11-09 16:04 - 2020-11-18 23:44 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2022-11-09 16:03 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-11-09 16:03 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\UNP
2022-11-09 16:03 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-11-09 16:03 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-11-09 16:03 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2022-11-09 16:03 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2022-11-09 16:03 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2022-11-09 16:03 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2022-11-09 08:08 - 2020-11-19 01:46 - 003014656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2022-11-09 08:05 - 2021-08-31 14:38 - 000000000 ____D C:\Windows\system32\MRT
2022-11-09 08:04 - 2021-08-31 14:38 - 146960040 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-11-08 08:20 - 2021-09-17 12:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader HD
2022-11-08 08:20 - 2021-09-17 12:07 - 000000000 ____D C:\Program Files (x86)\Youtube Downloader HD

==================== Files in the root of some directories ========

2022-12-04 08:17 - 2022-04-22 17:33 - 000000293 _____ () C:\Users\Lenovo\AppData\Roaming\09483473-e603-4bc7-a32b-4a8db751967b
2022-12-04 08:18 - 2021-08-31 19:24 - 000000016 _____ () C:\Users\Lenovo\AppData\Roaming\0c0a07ce-3d36-42f8-b12a-c8db42595cac
2022-12-04 08:17 - 2022-01-21 07:50 - 000105379 _____ () C:\Users\Lenovo\AppData\Roaming\0df435bc-4812-467e-9214-bf66d9cc4053
2022-12-04 08:17 - 2022-11-17 15:18 - 000008259 _____ () C:\Users\Lenovo\AppData\Roaming\1016f642-18df-41d4-ad2d-92b51b16363c
2022-12-04 08:17 - 2022-05-10 17:42 - 000000280 _____ () C:\Users\Lenovo\AppData\Roaming\12869057-e0e9-44cd-b08a-114905264dc1
2022-12-04 08:18 - 2022-11-25 17:35 - 000000337 _____ () C:\Users\Lenovo\AppData\Roaming\153fc053-e88e-44d0-9e5d-d971c7e53214
2022-12-04 08:17 - 2021-10-29 21:44 - 000021466 _____ () C:\Users\Lenovo\AppData\Roaming\1b29a5ff-b068-4577-b83c-5e98ba9843e0
2022-12-04 08:18 - 2022-11-25 17:29 - 000000337 _____ () C:\Users\Lenovo\AppData\Roaming\267b92dc-dc21-4f74-a6e5-a3b925e9e5a8
2022-12-04 08:17 - 2022-01-21 07:50 - 000105379 _____ () C:\Users\Lenovo\AppData\Roaming\28c17e93-ed5a-4684-b8c3-ddfd2eec1d92
2022-12-04 08:17 - 2021-08-31 19:24 - 000000016 _____ () C:\Users\Lenovo\AppData\Roaming\33445f3d-78dc-4277-ba87-422ed8802181
2022-12-04 08:18 - 2022-05-10 17:42 - 000000280 _____ () C:\Users\Lenovo\AppData\Roaming\4668bf8d-2987-424f-abc3-de43c5977374
2022-12-04 08:18 - 2022-08-20 22:59 - 000000000 _____ () C:\Users\Lenovo\AppData\Roaming\484fe4f2-9bad-42aa-a197-dd9fbb41bc60
2022-12-04 08:18 - 2022-11-20 13:23 - 000000335 _____ () C:\Users\Lenovo\AppData\Roaming\48f7ed8b-4181-48ad-ba12-7b7fe6d3585a
2022-12-04 08:18 - 2022-01-21 07:50 - 000105379 _____ () C:\Users\Lenovo\AppData\Roaming\4982092e-47c1-4c26-a06a-ba1eb5d50bd4
2022-12-04 08:18 - 2022-05-10 17:42 - 000063084 _____ () C:\Users\Lenovo\AppData\Roaming\4aa565c9-2d32-4142-89e6-cfa648dbc2e3
2022-12-04 08:17 - 2022-08-20 22:59 - 000000000 _____ () C:\Users\Lenovo\AppData\Roaming\4d4a96f8-74c5-4068-9179-67f736002e9f
2022-12-04 08:17 - 2022-11-25 17:35 - 000000337 _____ () C:\Users\Lenovo\AppData\Roaming\4f9506c0-d127-4ea2-817d-fe32e24e6bc6
2022-12-04 08:17 - 2022-08-20 22:59 - 000000000 _____ () C:\Users\Lenovo\AppData\Roaming\54681132-2e00-4ca9-b146-fc9b88bc9564
2022-12-04 08:17 - 2022-01-09 22:41 - 000000016 _____ () C:\Users\Lenovo\AppData\Roaming\6443f552-f262-4142-a287-2d67ddbd4477
2022-12-04 08:17 - 2022-11-06 08:00 - 000016289 _____ () C:\Users\Lenovo\AppData\Roaming\6f2278fa-1e4a-4e5b-aa4d-513eeb8f7ad2
2022-12-04 08:18 - 2022-04-22 17:33 - 000053725 _____ () C:\Users\Lenovo\AppData\Roaming\73b074e5-ec85-46e9-9a2b-cc17f87cb433
2022-12-04 08:17 - 2022-11-20 13:23 - 000000335 _____ () C:\Users\Lenovo\AppData\Roaming\764aa004-468d-4a8b-8b33-09528f9a7171
2022-12-04 08:17 - 2022-05-10 17:42 - 000063084 _____ () C:\Users\Lenovo\AppData\Roaming\77fc39b3-21b7-49ed-8c91-d7bcfaba5ff4
2022-12-04 08:17 - 2022-11-25 17:29 - 000000337 _____ () C:\Users\Lenovo\AppData\Roaming\780791ae-90aa-4cf0-9563-d0a2ea0d8c65
2022-12-04 08:17 - 2022-11-25 17:29 - 000000337 _____ () C:\Users\Lenovo\AppData\Roaming\7e838190-6f28-47de-a2b7-b3d27da009e6
2022-12-04 08:17 - 2022-11-20 13:23 - 000000335 _____ () C:\Users\Lenovo\AppData\Roaming\7f40593a-bef7-4436-98fc-88ce448b09bc
2022-12-04 08:17 - 2022-11-25 17:35 - 000000335 _____ () C:\Users\Lenovo\AppData\Roaming\88f272cc-cde9-4c17-8023-d3623d681b9a
2022-12-04 08:17 - 2021-10-29 21:44 - 000021466 _____ () C:\Users\Lenovo\AppData\Roaming\902321d1-0f64-4431-b905-f7f06cf5497b
2022-12-04 08:17 - 2022-01-09 22:41 - 000000016 _____ () C:\Users\Lenovo\AppData\Roaming\94374585-f0a0-4358-977a-2512d8c4cce0
2022-12-04 08:17 - 2021-08-31 19:24 - 000000016 _____ () C:\Users\Lenovo\AppData\Roaming\9545c70e-3ea0-48a4-a098-c6d3017dd006
2022-12-04 08:17 - 2022-11-25 17:35 - 000000337 _____ () C:\Users\Lenovo\AppData\Roaming\9718f58a-654f-49a4-aacc-3f684fe03e07
2022-12-04 08:18 - 2022-11-25 17:35 - 000000335 _____ () C:\Users\Lenovo\AppData\Roaming\9b01dc3f-8b61-4e46-9426-7965538c2126
2022-12-04 08:17 - 2022-05-10 17:42 - 000063084 _____ () C:\Users\Lenovo\AppData\Roaming\9e8d328e-a1ec-490d-994a-20935fa52002
2022-12-04 08:18 - 2022-08-10 16:46 - 000000000 _____ () C:\Users\Lenovo\AppData\Roaming\a1454159-1092-4ce3-ac25-571ff4f4f6d3
2022-12-04 08:18 - 2022-01-09 22:41 - 000000016 _____ () C:\Users\Lenovo\AppData\Roaming\a86fbd45-63d2-4a11-ab4b-924690112fe6
2022-12-04 08:18 - 2022-04-22 17:33 - 000000293 _____ () C:\Users\Lenovo\AppData\Roaming\a9ece743-5171-48cb-90d7-0e125954121b
2022-12-04 08:18 - 2021-10-29 21:44 - 000021466 _____ () C:\Users\Lenovo\AppData\Roaming\b85f1377-feeb-462a-ad35-6d8e7c47fe86
2022-12-04 08:17 - 2022-08-10 16:46 - 000000000 _____ () C:\Users\Lenovo\AppData\Roaming\bb917342-4edb-4b15-b2c5-766568a62d27
2022-12-04 08:17 - 2022-11-06 08:00 - 000016289 _____ () C:\Users\Lenovo\AppData\Roaming\c4f7e723-f15a-4873-a6cf-af3727cc40d4
2022-12-04 08:18 - 2022-11-06 08:00 - 000016289 _____ () C:\Users\Lenovo\AppData\Roaming\c5be1d6d-767c-4265-9ea7-862913e41ca5
2022-12-04 08:17 - 2022-11-25 17:35 - 000000335 _____ () C:\Users\Lenovo\AppData\Roaming\c74f439b-1813-4c53-9a09-1f626afcb260
2022-12-04 08:18 - 2022-11-17 15:18 - 000008259 _____ () C:\Users\Lenovo\AppData\Roaming\cb372d39-9c9a-4f13-b183-a910247e6465
2022-12-04 08:17 - 2022-05-10 17:42 - 000000280 _____ () C:\Users\Lenovo\AppData\Roaming\e3fe2c98-e465-4d19-955b-0387524ddd05
2022-12-04 08:17 - 2022-11-17 15:18 - 000008259 _____ () C:\Users\Lenovo\AppData\Roaming\e682b467-bdf3-45dc-a302-53418dd1a829
2022-12-04 08:17 - 2022-04-22 17:33 - 000053725 _____ () C:\Users\Lenovo\AppData\Roaming\e68d6ded-783d-4496-9dcb-9177d3bbd1cb
2022-12-04 08:17 - 2022-04-22 17:33 - 000053725 _____ () C:\Users\Lenovo\AppData\Roaming\ebbd6c58-f366-418c-a9c0-e9a69fca7b4d
2022-12-04 08:17 - 2022-08-10 16:46 - 000000000 _____ () C:\Users\Lenovo\AppData\Roaming\f5d9f8de-e001-4fc4-9ad2-8addc7c3c2b0
2022-12-04 08:17 - 2022-04-22 17:33 - 000000293 _____ () C:\Users\Lenovo\AppData\Roaming\f7dc8b2b-6ba7-484e-bf98-5b1e588ef27d
2022-10-12 07:12 - 2022-10-12 07:12 - 000359424 ____N () C:\Users\Lenovo\AppData\Roaming\fbvgfjr
2022-12-03 21:55 - 2022-12-03 21:55 - 000000555 _____ () C:\Users\Lenovo\AppData\Local\bowsakkdestx.txt
2022-11-20 15:24 - 2022-11-20 15:24 - 000000000 _____ () C:\Users\Lenovo\AppData\Local\oobelibMkey.log
2021-09-12 21:16 - 2021-09-12 21:16 - 000000017 _____ () C:\Users\Lenovo\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition:

Spoiler

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2022
Ran by Lenovo (04-12-2022 16:18:43)
Running from C:\Users\Lenovo\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.2251 (X64) (2021-08-31 17:23:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-589266725-163046098-2985141653-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-589266725-163046098-2985141653-503 - Limited - Disabled)
Guest (S-1-5-21-589266725-163046098-2985141653-501 - Limited - Disabled)
Lenovo (S-1-5-21-589266725-163046098-2985141653-1001 - Administrator - Enabled) => C:\Users\Lenovo
WDAGUtilityAccount (S-1-5-21-589266725-163046098-2985141653-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-589266725-163046098-2985141653-1001\...\uTorrent) (Version: 3.5.5.46074 - BitTorrent Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version:  - Adobe)
Adobe Premiere Pro 2022 (HKLM-x32\...\PPRO_22_1_2) (Version: 22.1.2 - Adobe Inc.)
Adobe Premiere Pro CC 2018 (HKLM-x32\...\PPRO_12_0_1) (Version: 12.0.1 - Adobe Systems Incorporated)
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Free Chess version 2.1.1 (HKLM-x32\...\FreeChess_is1) (Version: 2.1.1 - Jorge Pardo Serrano)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 107.0.5304.123 - Google LLC)
Instagiffer version 1.56 (HKLM-x32\...\{13DEF8F8-5280-4555-95A4-E815C3F9540F}_is1) (Version: 1.56 - Justin Todd)
iPod Support (HKLM\...\{DEC0F5DF-216B-4D66-B3DD-B1BDDC7A5BF8}) (Version: 12.11.3.7 - Apple Inc.)
K-Lite Codec Pack 5.8.3 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.8.3 - )
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.71 - PandoraTV)
KMPlayer 64X (remove only) (HKLM\...\KMPlayer 64X) (Version: 2022.11.25.17 - PandoraTV)
Lenovo Service Bridge (HKU\S-1-5-21-589266725-163046098-2985141653-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.13 - Lenovo)
Microsoft .NET 5.0.17 - Windows Server Hosting (HKLM-x32\...\{db328289-4bda-460e-be99-ddbe254f9c42}) (Version: 5.0.17.22215 - Microsoft Corporation)
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 5.0.17 (x86) (HKLM-x32\...\{54DE7EA9-E391-4BD2-A373-3A72A18EBDB5}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.5 (x64) (HKLM\...\{F3B3A61B-DC16-429A-A260-DBAFE66741A9}) (Version: 48.23.40665 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x86) (HKLM-x32\...\{AF01038B-6523-4EA7-9D9E-4F1E2927D88B}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.5 (x64) (HKLM\...\{3E6CCD41-6B96-47BD-8E1E-D7B593CEE976}) (Version: 48.23.40665 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM-x32\...\{a699b48e-5748-4980-ad92-0b61b1d9d718}) (Version: 5.0.17.31213 - Microsoft Corporation)
Microsoft .NET Runtime - 5.0.17 (x86) (HKLM-x32\...\{2dd73f73-784c-4c71-9495-fd11cd6eddf6}) (Version: 5.0.17.31213 - Microsoft Corporation)
Microsoft .NET Runtime - 5.0.17 (x86) (HKLM-x32\...\{59650A2A-3839-46EC-9D9C-6B3B1C743C55}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.5 (x64) (HKLM\...\{089A177D-98AE-4195-A115-D3C45613B875}) (Version: 48.23.40665 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.5 (x64) (HKLM-x32\...\{20645d8e-11cd-4c42-b936-87f07a6f18be}) (Version: 6.0.5.31213 - Microsoft Corporation)
Microsoft ASP.NET Core 5.0.17 - Shared Framework (x64) (HKLM-x32\...\{e3da8d0c-a835-4acd-82dc-e5271a74c29c}) (Version: 5.0.17.22215 - Microsoft Corporation)
Microsoft ASP.NET Core 5.0.17 - Shared Framework (x86) (HKLM-x32\...\{df6af485-2321-46de-a0f8-b81bd59cd6f2}) (Version: 5.0.17.22215 - Microsoft Corporation)
Microsoft ASP.NET Core 5.0.17 Hosting Bundle Options (HKLM-x32\...\{AD3B0E77-AF39-37D8-BEFF-DA5113C8FD4F}) (Version: 5.0.17.22215 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 5.0.17 Shared Framework (x64) (HKLM\...\{C1FF10EF-6BCB-3B08-AE1A-0D237C9F9F30}) (Version: 5.0.17.22215 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 5.0.17 Shared Framework (x86) (HKLM-x32\...\{6A095B1E-4950-3F81-9E38-C0781147C932}) (Version: 5.0.17.22215 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.62 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - bg-bg (HKLM\...\ProPlus2019Retail - bg-bg) (Version: 16.0.15726.20202 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{80F1AF52-7AC0-42A3-9AF0-689BFB271D1D}) (Version: 3.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.50727.4053 False (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x64 8.0.50727.42 False (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x64 8.0.51011 False (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x64 8.0.56336 False (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x64 8.0.57102 False (HKLM\...\{f0cbd694-71ce-4391-9690-5da93b2f0445}) (Version: 8.0.57102 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x64 8.0.58298 False (HKLM\...\{f45b48a7-f616-4211-b927-17cab6a96613}) (Version: 8.0.58298 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x64 8.0.59192 False (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.4053 False (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.57103 False (HKLM-x32\...\{d8fea624-4f2c-432d-9a54-6eee9cd1a77e}) (Version: 8.0.57103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 False (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.0 False (HKLM\...\{D04659D1-EB2D-3DE5-A833-837A623CCCF7}) (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 False (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 False (HKLM\...\{D93AC9C8-B6CF-391E-BD2F-48AF4727476C}) (Version: 9.0.30411 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 False (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.0 False (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 False (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 False (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 False (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148.0 False (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.5570 False (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False (HKLM-x32\...\{DCB46B42-723F-350E-B18A-449BC6C21636}) (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.0 False (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148.0 False (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.30319 False (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 False (HKLM-x32\...\{35459b22-19a6-44ec-8d34-27eb3131acac}) (Version: 11.0.51106.1 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 False Eng (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 False (HKLM-x32\...\{dde2682b-961a-41ea-8d44-6005991b7947}) (Version: 11.0.60610.1 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 False Eng (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 False Eng (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False (HKLM-x32\...\{615bc16d-60f5-482e-91b3-b51d8130963b}) (Version: 11.0.51106.1 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False Eng (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 False (HKLM-x32\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 False Eng (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 False Eng (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 False (HKLM\...\{3C28BFD4-90C7-3138-87EF-418DC16E9598}) (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 False (HKLM\...\{764384C5-BCA9-307C-9AAC-FD443662686A}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 False (HKLM\...\{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}) (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 False (HKLM\...\{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 False (HKLM-x32\...\{6C772996-BFF3-3C8C-860B-B3D48FF05D65}) (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 False (HKLM-x32\...\{3D6AD258-61EA-35F5-812C-B7A02152996E}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 False (HKLM-x32\...\{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}) (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 False (HKLM-x32\...\{E7D4E834-93EB-351F-B8FB-82CDAE623003}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 False (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 False Eng (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 False (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 False Eng (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 False (HKLM-x32\...\{c6870a89-ef30-4f22-bbd1-49cd2516bc56}) (Version: 12.0.40649.5 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 False Eng (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 False (HKLM-x32\...\{0513c9cf-7191-45a7-ace9-ecdad03c93a4}) (Version: 12.0.40660.0 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 False Eng (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{49e969a1-2990-464d-92b5-25f6f34573c6}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 False Eng (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 False (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 False Eng (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 False (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 False Eng (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 False (HKLM-x32\...\{78142960-066b-4581-b984-0bdcf560c4be}) (Version: 12.0.40649.5 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 False Eng (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 False (HKLM-x32\...\{10dc8dbf-d3d7-4e23-be07-120fe5c66b78}) (Version: 12.0.40660.0 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 False Eng (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{d2c8df0e-f15d-4426-9e51-f13f329f9cb4}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 False Eng (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 False (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40649 False (HKLM\...\{20C1086D-C843-36B1-B678-990089D1BD44}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 False (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 False (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40649 False (HKLM\...\{ABB19BB4-838D-3082-BDA4-87C6604181A2}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 False (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 False (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40649 False (HKLM-x32\...\{A8589745-51BC-3963-B4E9-201CF8693538}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 False (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 False (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40649 False (HKLM-x32\...\{DEA7F8E3-B7B9-3C3C-945B-7F8CE9041748}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 False (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.23.27820 (HKLM\...\{9CA7111B-263D-45DE-B898-61FAD30B3237}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.23.27820 (HKLM\...\{A94EC1B2-932B-49D7-8AF2-4FBD29FF314B}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 bg) (HKLM\...\Mozilla Firefox 103.0.2 (x64 bg)) (Version: 103.0.2 - Mozilla)
NVIDIA Graphics Driver 462.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 462.30 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
PrintFolders 3.99 (HKLM-x32\...\{3C248D7A-78F2-476F-86FF-96B2EA108543}}_is1) (Version: 3.99 - )
Subtitle Workshop 6.0b (HKLM-x32\...\SubtitleWorkshop) (Version:  - )
Teltonika COM Driver (HKLM-x32\...\{C496FFF3-0F59-4BA2-9065-7A1086593492}) (Version: 1.0.1250.0 - Teltonika)
Teltonika COM_Driver 1.12.50.0 (HKLM-x32\...\Teltonika_COM_Driver) (Version: 1.12.50.0 - )
Tux Paint 0.9.28 (HKLM\...\Tux Paint_is1) (Version: 0.9.28 - New Breed Software)
WinRAR 5.71 (64-битова версия) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Youtube Downloader HD v. 4.4.2 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)
YoutubeDownloader (HKLM-x32\...\F11D1AFA-0CA7-4F9D-835C-03A949673B8B) (Version: 2.0.0.2219 - )
Zoner Photo Studio 15 (HKLM\...\ZonerPhotoStudio15_EN_is1) (Version: 15.0.1.7 - ZONER software)

Packages:
=========
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2022-12-04] (Canon Inc.)
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20602.609.0_x64__rz1tebttyb220 [2022-12-04] (Dolby Laboratories)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt [2022-08-20] (INTEL CORP) [Startup Task]
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa [2022-11-12] (Apple Inc.) [Startup Task]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.1050.0_x64__8wekyb3d8bbwe [2022-12-04] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-12-04] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.7.199.0_x64__dt26b99r8h8gj [2022-12-04] (Realtek Semiconductor Corp)
SpongeBob: Krusty Cook-Off -> C:\Program Files\WindowsApps\TiltingPoint.SpongeBobKrustyCook-Off_1.26.234.0_x64__85kh3h6wfjavg [2022-08-20] (Tilting Point)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0 [2022-08-20] (Spotify AB) [Startup Task]
TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2022-12-04] (Bytedance Pte. Ltd.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-589266725-163046098-2985141653-1001_Classes\CLSID\{BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B}\InprocServer32 -> C:\Program Files\Zoner\Photo Studio 15\Program64\SHELLEXT.DLL (ZONER software, a.s. -> ZONER software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_5adc6075318430cf\nvshext.dll [2021-08-31] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-589266725-163046098-2985141653-1001: [ZONERMenu] -> {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} => C:\Program Files\Zoner\Photo Studio 15\Program64\SHELLEXT.DLL [2013-06-07] (ZONER software, a.s. -> ZONER software)
ContextMenuHandlers2_S-1-5-21-589266725-163046098-2985141653-1001: [ZONERMenu] -> {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} => C:\Program Files\Zoner\Photo Studio 15\Program64\SHELLEXT.DLL [2013-06-07] (ZONER software, a.s. -> ZONER software)
ContextMenuHandlers4_S-1-5-21-589266725-163046098-2985141653-1001: [ZONERMenu] -> {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} => C:\Program Files\Zoner\Photo Studio 15\Program64\SHELLEXT.DLL [2013-06-07] (ZONER software, a.s. -> ZONER software)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [205824 2009-05-29] () [File not signed]
HKLM\...\Drivers32: [VIDC.YV12] => C:\Windows\SysWOW64\yv12vfw.dll [217088 2004-01-25] (www.helixcommunity.org) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [151552 2010-01-17] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [839680 2008-09-24] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [85504 2010-03-14] () [File not signed]
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Lenovo\Music\Изтеглени файлове - Пряк път.lnk -> C:\Users\Lenovo\Downloads () <==== Cyrillic
Shortcut: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Какво е новото в последната версия.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () <==== Cyrillic
Shortcut: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Помощен файл на WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () <==== Cyrillic
Shortcut: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ръководство за конзолната версия на RAR.lnk -> C:\Program Files\WinRAR\Rar.txt () <==== Cyrillic
Shortcut: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\SendTo\Прехвърляне на файлове с Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype за бизнеса.lnk -> C:\Program Files\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation) <==== Cyrillic
ShortcutWithArgument: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\SendTo\Получател на факса.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo <==== Cyrillic

==================== Loaded Modules (Whitelisted) =============

0000-00-00 00:00 - 0000-00-00 00:00 - 000000000 _____ () <==== ATTENTION [zero byte? (Error=123)] \\?\C:\Users\Lenovo\AppData\Roaming\Java\jre8\bin\java.exe:jll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\aiydctei.sys:changelist [296]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-589266725-163046098-2985141653-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:NewsFeed
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2022-12-04 15:12 - 000000000 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-589266725-163046098-2985141653-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: ClickToRunSvc => 2
MSCONFIG\Services: edgeupdate => 2
MSCONFIG\Services: edgeupdatem => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: PhoneSvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: wisvc => 3
MSCONFIG\Services: WpcMonSvc => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxGipSvc => 3
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "CanonSolutionMenuEx"
HKU\S-1-5-21-589266725-163046098-2985141653-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_5EF70F99B4529735F3564FFE246DB961"
HKU\S-1-5-21-589266725-163046098-2985141653-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{65235DCE-C681-46B5-9164-AB0399AE716B}] => (Allow) C:\Users\Lenovo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{9ADC1BC6-3552-4032-83E1-43BC8E255C48}] => (Allow) C:\Users\Lenovo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{A72F68AE-F47F-4C81-95F5-3AE39078337C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4A726146-B223-490E-BFCC-82D400783DF2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{97B5ED06-8A6B-45B8-9B90-CB2B8A2E6534}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{356DA057-4935-484A-84D4-ACC774113827}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{89AA5E5A-A3C1-43D1-8396-D2DB981A430C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E564539E-8B43-4434-99D1-2942B43251D1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E1B10759-BA39-4BD2-9336-DC20A09632BA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E6F789CE-F9E5-4215-B44C-1A634E5124C1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D6BC0504-B041-49E9-87B7-866DEF9C796F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A9A0A195-4F71-4951-9BA0-F94944B7AE2B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{43E2D66D-C46B-4A8A-A757-DFEA2479E90C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9EBEAD5F-8AEA-47B9-9C45-24449A1FDF6E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{07B3D723-3BA8-4112-A046-C5268919777E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{715B0D67-9299-470C-BCED-279BD4AE5330}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9B8ADB80-FBEE-4B12-8C52-C81925284ECD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [TCP Query User{10A3C7A7-61C5-442B-822A-D3B48BB1DF05}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{60EA224D-077E-41AA-8D7E-AD24B4E1598F}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{701A7F91-5886-4B65-93C1-4E455EC5B115}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{781DA53A-7D04-4020-89E5-0DD5AA246ADD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A38170A3-1A6D-4372-8456-6C620038AFA9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2287323B-1051-4100-ABB2-E4446A37CCA5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0C12DDDF-39AC-4E6E-B761-BE6FB2FA4CA1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{586311FA-61A9-466B-B638-4D918AC2AA72}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3A1FAE6B-1D7E-402A-AFE1-9CBC19E13912}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2D86D973-F98E-43FC-9970-026D162BEA48}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0B43D8AD-3872-4C46-907E-E337BDEB0F64}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{79F383C0-B489-46E5-B1B2-1083AF25A6ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B3DD2445-EB52-4789-BC0F-351657D5AF0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B9F16372-06F1-4193-93CD-DEA7A67F9328}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2207F9A8-EBC8-4829-865A-0A0B9D25F0B6}] => (Allow) C:\Windows\rss\csrss.exe (10306 -> ) [File not signed]
FirewallRules: [{838583CD-69EE-4944-B714-3A0627A50D28}] => (Allow) C:\Windows\rss\csrss.exe (10306 -> ) [File not signed]
FirewallRules: [{41CF1D7C-E55A-438B-843D-B93E5725FC0B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

04-12-2022 08:46:26 {19816A50-8022-48F8-9797-4020483ABBFF}
04-12-2022 10:26:50 Chrome Cleanup Tool
04-12-2022 15:06:24 Операция за възстановяване

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/04/2022 04:00:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Име на приложение с грешки: SystemSettingsBroker.exe, версия: 10.0.19041.746, времево клеймо: 0x230d5cd6
Име на модул с грешки: ucrtbase.dll, версия: 10.0.19041.789, времево клеймо: 0x2bd748bf
Код на изключение: 0xc0000409
Отместване на грешка: 0x000000000007286e
ИД на процес на грешка: 0x1810
Начален час на приложението с грешки: 0x01d907e74e5c267c
Път на приложението с грешки: C:\Windows\System32\SystemSettingsBroker.exe
Път на модула с грешки: C:\Windows\System32\ucrtbase.dll
ИД на доклад: f5a41382-aa3a-4882-9a72-12c43675e6b1
Пълно име на пакета с грешка: 
ИД на свързаното с пакета с грешка приложение:

Error: (12/04/2022 03:22:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/04/2022 03:21:37 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (12/04/2022 03:20:13 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (12/04/2022 03:17:40 PM) (Source: Firefox Default Browser Agent) (EventID: 1155) (User: )
Description: Event-ID 1155

Error: (12/04/2022 03:13:42 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/04/2022 03:13:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (12/04/2022 03:12:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Име на приложение с грешки: gcleaner.exe, версия: 88.0.0.0, времево клеймо: 0x63508c9f
Име на модул с грешки: gcleaner.exe, версия: 88.0.0.0, времево клеймо: 0x63508c9f
Код на изключение: 0xc0000005
Отместване на грешка: 0x00007f19
ИД на процес на грешка: 0x318c
Начален час на приложението с грешки: 0x01d907e2184dec4c
Път на приложението с грешки: C:\Users\Lenovo\AppData\Local\Temp\tp5drkcj.zsg\gcleaner.exe
Път на модула с грешки: C:\Users\Lenovo\AppData\Local\Temp\tp5drkcj.zsg\gcleaner.exe
ИД на доклад: 5cd51b4e-763b-40ea-afe6-2f3112b05060
Пълно име на пакета с грешка: 
ИД на свързаното с пакета с грешка приложение:


System errors:
=============
Error: (12/04/2022 03:50:51 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-TQP3P39)
Description: DCOM got error "1068" attempting to start the service cdpsvc with arguments "Unavailable" in order to run the server:
{37998346-3765-45B1-8C66-AA88CA6B20B8}

Error: (12/04/2022 03:50:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Услуга Connected Devices Platform Service зависи от услуга Network Connection Broker, която не може да бъде стартирана поради следната грешка: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (12/04/2022 03:36:19 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-TQP3P39)
Description: DCOM got error "1068" attempting to start the service cdpsvc with arguments "Unavailable" in order to run the server:
{37998346-3765-45B1-8C66-AA88CA6B20B8}

Error: (12/04/2022 03:36:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Услуга Connected Devices Platform Service зависи от услуга Network Connection Broker, която не може да бъде стартирана поради следната грешка: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (12/04/2022 03:22:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Услуга Connected Devices Platform Service зависи от услуга Network Connection Broker, която не може да бъде стартирана поради следната грешка: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (12/04/2022 03:20:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Услуга luafv не може да бъде стартирана поради следната грешка: 
This driver has been blocked from loading

Error: (12/04/2022 03:20:43 PM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY)
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (12/04/2022 03:13:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Услуга Connected Devices Platform Service зависи от услуга Network Connection Broker, която не може да бъде стартирана поради следната грешка: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Windows Defender:
================
Date: 2022-12-04 16:18:41
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/RedLine.LD!MTB&threatid=2147835919&enterprise=0
Name: Trojan:Win32/RedLine.LD!MTB
Severity: Много високо
Category: Троянски кон
Path: file:_C:\Users\Lenovo\AppData\Roaming\fbvgfjr
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\Lenovo\Downloads\FRST64.exe
Security intelligence Version: AV: 1.379.1408.0, AS: 1.379.1408.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.19800.4, NIS: 0.0.0.0

Date: 2022-12-04 15:31:54
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre&threatid=2147724510&enterprise=0
Name: Trojan:Win32/Tiggre
Severity: Много високо
Category: Троянски кон
Path: file:_C:\Windows\system32\MW9SFPK7JY.tmp; service:_AppServiceq
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.379.1408.0, AS: 1.379.1408.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.19800.4, NIS: 0.0.0.0

Date: 2022-12-04 15:30:13
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/SmokeLoader.FT!MTB&threatid=2147835070&enterprise=0
Name: Trojan:Win32/SmokeLoader.FT!MTB
Severity: Много високо
Category: Троянски кон
Path: file:_C:\Users\Lenovo\AppData\Roaming\fbvgfjr
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.379.1390.0, AS: 1.379.1390.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.19800.4, NIS: 0.0.0.0

Date: 2022-12-04 15:30:13
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/SmokeLoader.FT!MTB&threatid=2147835070&enterprise=0
Name: Trojan:Win32/SmokeLoader.FT!MTB
Severity: Много високо
Category: Троянски кон
Path: file:_C:\Users\Lenovo\AppData\Roaming\fbvgfjr; file:_C:\Windows\System32\Tasks\Firefox Default Browser Agent FEE588DB6C46653B->(UTF-16LE); regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5B8D3BC-162E-47BA-A838-5485697BE5A5}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Firefox Default Browser Agent FEE588DB6C46653B; taskscheduler:_C:\Windows\System32\Tasks\Firefox Default Browser Agent FEE588DB6C46653B
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.379.1390.0, AS: 1.379.1390.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.19800.4, NIS: 0.0.0.0

Date: 2022-12-04 15:30:02
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/SmokeLoader.FT!MTB&threatid=2147835070&enterprise=0
Name: Trojan:Win32/SmokeLoader.FT!MTB
Severity: Много високо
Category: Троянски кон
Path: file:_C:\Users\Lenovo\AppData\Roaming\fbvgfjr
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.379.1390.0, AS: 1.379.1390.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.19800.4, NIS: 0.0.0.0
Event[0]:

Date: 2022-12-04 15:12:26
Description: 
Microsoft Defender Antivirus engine has been terminated due to an unexpected error.
Failure Type: Crash
Exception code: 0xc0000008
Resource: 

Date: 2022-12-04 15:12:14
Description: 
Microsoft Defender Antivirus engine has been terminated due to an unexpected error.
Failure Type: Crash
Exception code: 0xc0000008
Resource: 

CodeIntegrity:
===============
Date: 2022-12-04 16:04:44
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-12-04 15:33:32
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e6980897e3126266\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-12-04 15:12:28
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2022-12-04 10:28:09
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume2\Program Files\Mozilla Firefox\mozavcodec.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

BIOS: LENOVO EGCN36WW 02/14/2022
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i5-10300H CPU @ 2.50GHz
Percentage of memory in use: 28%
Total physical RAM: 16251.79 MB
Available physical RAM: 11540.98 MB
Total Virtual: 18683.79 MB
Available Virtual: 12859.85 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:150 GB) (Free:56.06 GB) (Model: KBG40ZNT512G TOSHIBA MEMORY) NTFS
Drive d: () (Fixed) (Total:325.96 GB) (Free:59.44 GB) (Model: KBG40ZNT512G TOSHIBA MEMORY) NTFS

\\?\Volume{d9fa2484-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.97 GB) (Free:0.95 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=1000 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=326 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Сега ще изтегля KVRT.После STOP Djvu decryptor да пробвам и с него.

Линк към коментара
Сподели в други сайтове

Привет,

Системата е сериозно заразена. Ще напипа скрипт, но ще отнеме време. Засега задръжте със сканирането с KVRT и с дексриптора.

Хич не си и помисляйте да свързвате в момента външния диск. :)

След малко ще пиша пак.

Поздрави!

Линк към коментара
Сподели в други сайтове

преди 4 минути, B-boy/StyLe/ написа:

Засега задръжте със сканирането с KVRT

Сканира вече 20 минути,като има още толкова време до края.Засега има открити 36 обекта.

Линк към коментара
Сподели в други сайтове

Не трий нищо с него засега, че може да попречи на скрипта. Ако трябва след това ще го пуснеш пак.

Заразата явно е почнала снощи в 22:07.

Линк към коментара
Сподели в други сайтове

Завърши сканирането с 36 обекта.Не съм предприел нищо,само изкопирах имената:

Spoiler

Trojan.Multi.ProxyChanger.gen
System Memory
Trojan program
--------------------------------------------------------
HEUR:Trojan.MSIL.Kryptik.gen
C:\Users\Lenovo\AppData\Local\EntityTexts\MioracionMail\Saksoft_nscfg.dll
Trojan program
    MD5:  56E0E4C1718EB9ECDD957D60B9368C24
    SHA256:  4E7264CA50600306E05B2219E202107D49282F7B7AC7F5E247D855084907D2A2
--------------------------------------------------------
UDS:DangerousObject.Multi.Generic
C:\Windows\rss\csrss.exe
High risk
    MD5:  4013915F7DC908141FBC12FE5A16360E
    SHA256:  E38B0AEEAE4404B89A126FF0E95C5D4424A3361538F97A5ABEC648A8A0064E2A
--------------------------------------------------------
HEUR:Trojan-Downloader.Script.Generic
C:\ProgramData\toJoOaCasrkHDLVB\YxYpvMV.wsf
Trojan program
    MD5:  CAB3605F2517FDE35CD5F46755CEF06C
    SHA256:  B9CD339C79D26E2A77D90DF18994AA6D370883D493B900D145BE39F82B34BBF1
--------------------------------------------------------
not-a-virus:HEUR:AdWare.Win32.Convagent.gen
C:\Program Files (x86)\BHnEOumqQNxwC\IGjjEUR.dll
Advertising software
    MD5:  8BEADE3CE8953A09AB4F4FA1206C2672
    SHA256:  B92FF444E036C41E7117FF06FE44021171C1310AA76FF16A469E08827D1BB5AA
--------------------------------------------------------
not-a-virus:HEUR:AdWare.Win32.Neoreklami.gen
C:\Program Files (x86)\wcBHSMtwAxoU2\dedDBIzHMMfjR.dll
Advertising software
    MD5:  525A13996102E526186F98A6176FBED7
    SHA256:  7201426B077025A38FF95764580EB3168B408B095F3D343959DEA9F33B6E4578
--------------------------------------------------------
not-a-virus:HEUR:AdWare.Win32.Neoreklami.pef
C:\Program Files (x86)\MqnvxdqkU\eDIHMj.dll
Advertising software
    MD5:  D23706CBBC4F873BF7BB61E1936FE745
    SHA256:  DCD72CF3332301564197E3CF3CEAA958967FC12951C610473CDE1CEDBB6201DC
--------------------------------------------------------
not-a-virus:HEUR:AdWare.Win32.Convagent.gen
C:\Program Files (x86)\qEEOQNqyZQNOGAPVwcR\zCdMEPI.dll
Advertising software
    MD5:  A031D0C1DB5594075CD305E133060BDD
    SHA256:  8BB0FAB9AF65C23E3B7C37B686076495AB4B14656A549F36A7AB3227A9B5426E
--------------------------------------------------------
HEUR:Trojan.Multi.Runner.l
C:\Windows\System32\Tasks\Microsoft\Windows\Clip\Sazlm
Trojan program
    MD5:  79446F6791FD649D40EB29A9B73BBBCC
    SHA256:  5F763E9419CCFC214F94DB5D6213778F2F47F6076D10F2BAF1F15BDF1719D751
--------------------------------------------------------
HEUR:Trojan.Multi.Glupteba.gen
C:\Windows\System32\Tasks\csrss
Trojan program
    MD5:  C4C9506EDE75777D8AC20E5DD180109F
    SHA256:  5EC26FC1D99727636866BFB52AFC4AD4270F8AC6445786A12ADFD914AECAFFCC
--------------------------------------------------------
Trojan.Win32.Glupteba.xaiaav
C:\Users\Lenovo\AppData\Local\Temp\csrss\injector\injector.exe
Trojan program
    MD5:  D98E33B66343E7C96158444127A117F6
    SHA256:  5DE4E2B07A26102FE527606CE5DA1D5A4B938967C9D380A3C5FE86E2E34AAAF1
--------------------------------------------------------
UDS:DangerousObject.Multi.Generic
C:\Users\Lenovo\AppData\Local\Temp\csrss\934057bb263593087d4cce4817adb057.exe
High risk
    MD5:  934057BB263593087D4CCE4817ADB057
    SHA256:  F9A22DD4BE76328EF18602F458D7B95574506580AB9B35AC17D904BC7FC1DA05
--------------------------------------------------------
HEUR:Trojan.Script.FBStealer.gen
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\background.js
Trojan program
    MD5:  E98A4C8B1209C5865326BA1BE94F3F0A
    SHA256:  7FF92C871F0B976391B647407CE96FC0571CDBF184FB5B988421EAAAC88A3290
--------------------------------------------------------
not-a-virus:HEUR:AdWare.Script.Generic
C:\Program Files\Mozilla Firefox\browser\features\{9E4089DD-BC9D-4FF0-88B6-7CA5D03DF300}.xpi
Advertising software
    MD5:  9DD255FC70656686B3DAF91C1D8076AA
    SHA256:  F294D188321039251E847C3EF08AF8114CBAE8D110C78CE0909F50DB5E89C272
--------------------------------------------------------
not-a-virus:HEUR:AdWare.Script.Generic
C:\Program Files\Mozilla Firefox\browser\features\{469DEDC5-791B-41B7-99CA-EB25B08298D1}.xpi
Advertising software
    MD5:  7DF3A88DB68EF9B848B0E60A48254898
    SHA256:  66EA7FC48C1F0339B7A2CB19FF07714D9F4363031959FBA62221508488CB66A8
--------------------------------------------------------
not-a-virus:HEUR:AdWare.Win32.Convagent.gen
C:\Program Files (x86)\SmxCdYxMLBUn\ObYsVWD.dll
Advertising software
    MD5:  29336F63E6FCE59EF5CEBD34980579A1
    SHA256:  884498657D6DB89842246608A5DD2F5A08954917652707A887E2FB088921A124
--------------------------------------------------------
not-a-virus:HEUR:AdWare.Script.Generic
C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcdbodapcbfckbfpmgeldfkkgjknceo\1.2.0_0\_locales\en_BS\messages.json
Advertising software
    MD5:  69B3B4B947ACDB2E0D0BAD308B29F9C5
    SHA256:  621B5817CF9B8D052B9D1B3561E796AB64088D2A36CEB403E76B9DE6623BC226
--------------------------------------------------------
Trojan-Banker.JS.Proxy.br
C:\Users\Lenovo\AppData\Local\Mozilla\Firefox\Profiles\2qrgp3fv.default-release-1-1661029269790\cache2\entries\D9412657E10FF695BD95C021BB3D4E5D144333A4
Trojan program
    MD5:  9B496803EB655465CEAE8D3E308571E5
    SHA256:  7BCD87735762F6B76945215CB9DC51792C8204405F7F5C4806A1958262089737
--------------------------------------------------------
Trojan-Banker.JS.Proxy.br
C:\Users\Lenovo\AppData\Local\Mozilla\Firefox\Profiles\agdu5lnh.default-release-1-1670140868971\cache2\entries\D9412657E10FF695BD95C021BB3D4E5D144333A4
Trojan program
    MD5:  ED23B15EFD71C269A1C97B171884F4F7
    SHA256:  4C7C7D2DFC44960AA9B0E005EE02FF76E612176CCC403AE9B0F8EE2AE594483B
--------------------------------------------------------
UDS:Trojan.Win32.Denes.gen
C:\Users\Lenovo\AppData\Local\Temp\cBREqUSjaCSjxMXZAz\kZQAiF
Trojan program
    MD5:  27CD6FE1AB0C206C71062B6277AF5B26
    SHA256:  2AD0221FB766A7E62114963437555AAA6FCBEBCCFA79253D5F6E0706CA955D84
--------------------------------------------------------
HEUR:Exploit.Win32.MS17-010.gen
C:\Users\Lenovo\AppData\Local\Temp\csrss\6e08d39fe99ad508d7e0c7aed19ececd.exe
Trojan program
    MD5:  6E08D39FE99AD508D7E0C7AED19ECECD
    SHA256:  F294BDB12EAA6CD891F2D5D11BC7505AF12C4F141C5D21AA3681BB7C64390AF8
--------------------------------------------------------
not-a-virus:RiskTool.Win32.Miner.gil
C:\Users\Lenovo\AppData\Local\Temp\AMSnHkdjZsthywcUaA\zzVJcq
Legal software that can be used by criminals to damage your computer or personal data
    MD5:  8D7DB88F1FB9C7308F7368AE65E3F0EF
    SHA256:  5F81F8EE08A7460A3ABD3AED1DA137F2824BBDF804951477546A96300BD1E31F
--------------------------------------------------------
not-a-virus:RiskTool.Win32.Miner.gil
C:\Users\Lenovo\AppData\Local\Temp\DaiZsJDyhWbLcsbqzT\AECTHo
Legal software that can be used by criminals to damage your computer or personal data
    MD5:  8D7DB88F1FB9C7308F7368AE65E3F0EF
    SHA256:  5F81F8EE08A7460A3ABD3AED1DA137F2824BBDF804951477546A96300BD1E31F
--------------------------------------------------------
VHO:Trojan.Win32.Convagent.gen
C:\Users\Lenovo\AppData\Local\Temp\csrss\674c22f4e7903051b9cf4c8700d0f49b.exe
Trojan program
    MD5:  674C22F4E7903051B9CF4C8700D0F49B
    SHA256:  A558A8715B63EBCD3EE5737DFA40E87844D1A59E5E7A4D869F9E6894E132EED6
--------------------------------------------------------
VHO:Trojan.Win32.Convagent.gen
C:\Users\Lenovo\AppData\Local\Temp\csrss\f0de926e1cfc0c209d8f8a555ba8affc.exe
Trojan program
    MD5:  F0DE926E1CFC0C209D8F8A555BA8AFFC
    SHA256:  DE930E441F6196DAD52422B41AA928AB90BF40E0264930A593AB41C652E21AF8
--------------------------------------------------------
Trojan.Win64.Glupteba.abs
C:\Users\Lenovo\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
Trojan program
    MD5:  09031A062610D77D685C9934318B4170
    SHA256:  778BD69AF403DF3C4E074C31B3850D71BF0E64524BEA4272A802CA9520B379DD
--------------------------------------------------------
HEUR:Trojan-Spy.MSIL.Stealer.gen
C:\Users\Lenovo\AppData\Local\Temp\QHAwKbDRQydtQVdxmJ\CApxRR
Trojan program
    MD5:  BBC31B0E9CE22E0C11B30F4E5A036850
    SHA256:  BE3040720EFD4B56BAEE6D348A63096D90248C13FD67B7E8ED322F404FD2B4A0
--------------------------------------------------------
UDS:Trojan.Win32.Fabookie.aui
C:\Users\Lenovo\AppData\Local\Temp\kfa5sx10.zog\pb1117.exe
Trojan program
    MD5:  C5FE50AE4ED54389E42DF97AB08D8DB1
    SHA256:  EAA32081425D510178E34C65235147EC9192C05B41BBD4078A9C2CE28484F44B
--------------------------------------------------------
UDS:Trojan.Win32.Denes.gen
C:\Users\Lenovo\AppData\Local\Temp\NMEQACsiPhbGgLDaCQ\NlqXcP
Trojan program
    MD5:  A6CDAC925CF77F4FFBCAEF7C896FA824
    SHA256:  D4BBB164BC7C024848E5F63EBDDCB62A51505CEDC4F23F6D53E89EC15D25F3BA
--------------------------------------------------------
not-a-virus:RiskTool.Win32.Miner.gil
C:\Users\Lenovo\AppData\Local\Temp\QNCNUuWMKEHooFXpIY\AzrvdD
Legal software that can be used by criminals to damage your computer or personal data
    MD5:  8D7DB88F1FB9C7308F7368AE65E3F0EF
    SHA256:  5F81F8EE08A7460A3ABD3AED1DA137F2824BBDF804951477546A96300BD1E31F
--------------------------------------------------------
UDS:Trojan.Win32.Denes.gen
C:\Users\Lenovo\AppData\Local\Temp\uWScKhtCpfsJOLrSXz\yjLVtF
Trojan program
    MD5:  4BA677E1FC3D902899C36D912AABD7CC
    SHA256:  FFBCF404D411ACCBE1E30EBEE40F8450139FDDAD485801DB89018DF202FB5912
--------------------------------------------------------
not-a-virus:RiskTool.Win32.Miner.gil
C:\Users\Lenovo\AppData\Local\Temp\tLRrLTMtEXfmkEuXSq\TLZrOB
Legal software that can be used by criminals to damage your computer or personal data
    MD5:  8D7DB88F1FB9C7308F7368AE65E3F0EF
    SHA256:  5F81F8EE08A7460A3ABD3AED1DA137F2824BBDF804951477546A96300BD1E31F
--------------------------------------------------------
not-a-virus:RiskTool.Win32.Miner.gil
C:\Users\Lenovo\AppData\Local\Temp\ViZQlrUgzcBxipcmmU\ARELJy
Legal software that can be used by criminals to damage your computer or personal data
    MD5:  8D7DB88F1FB9C7308F7368AE65E3F0EF
    SHA256:  5F81F8EE08A7460A3ABD3AED1DA137F2824BBDF804951477546A96300BD1E31F
--------------------------------------------------------
UDS:Trojan.Win32.Denes.gen
C:\Users\Lenovo\AppData\Local\Temp\yElxfyvvPmNfKCnmXf\pqIGLx
Trojan program
    MD5:  27CD6FE1AB0C206C71062B6277AF5B26
    SHA256:  2AD0221FB766A7E62114963437555AAA6FCBEBCCFA79253D5F6E0706CA955D84
--------------------------------------------------------
Trojan.Win32.Denes.eyz
C:\Users\Lenovo\AppData\Local\Temp\XhwFYzSDtFeUGnMMOd\TMPuqK
Trojan program
    MD5:  4D684F798433127F6D0E51FBE5E49250
    SHA256:  6E0A0E23457C49B614899050506DED0666EB18FBB5CC53D2A272837F5081E53F
--------------------------------------------------------
HEUR:Backdoor.MSIL.Androm.gen
C:\Users\Lenovo\AppData\Roaming\ch6jM3G501\1IwHn.exe

 

Линк към коментара
Сподели в други сайтове

Привет,

Добре, премахнете избраните обекти.

Предполагам ще ви поиска рестарт. Съгласете се.

След това направете следното:

 

Изтеглете fixlist.txt и го запазете в папката, където сте свалили FRST64.exe.

Стартирайте FRST64.exe и натиснете бутона Fix веднъж!

Ако ви поиска рестарт съгласете се.

Публикувайте лог файла - Fixlog.txt, който ще се създаде след работата на програмата.

Забележка: Като приключим ще изтрием карантинната папка на FRST - C:\FRST\Quarantine, но можете да я изтриете и след скрипта ако искате и да пуснете пълна проверка с Windows Defender на дял C:\ и да видите дали ще намери нещо.

Изберете Custom Scan и посочете папка C:\ както е описано тук:

https://www.bleepingcomputer.com/tutorials/how-to-use-windows-defender-to-scan-a-folder-for-malware/

Поздрави!

 

Линк към коментара
Сподели в други сайтове

Стартирах FRST64.exe и натиснах бутона Fix ,рестартирах и ето го лога:

Spoiler

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-12-2022
Ran by Lenovo (04-12-2022 17:34:32) Run:1
Running from C:\Users\Lenovo\Desktop\FRST64.exe
Loaded Profiles: Lenovo
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
(10306 -> ) [File not signed] C:\Windows\rss\csrss.exe
(C:\Windows\rss\csrss.exe ->) () [File not signed] C:\Users\Lenovo\AppData\Local\Temp\csrss\934057bb263593087d4cce4817adb057.exe
(C:\Windows\rss\csrss.exe ->) () [File not signed] C:\Users\Lenovo\AppData\Local\Temp\csrss\injector\injector.exe
C:\Windows\rss
C:\Users\Lenovo\AppData\Local\Temp\csrss
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-589266725-163046098-2985141653-1001\...\Run: [softx64.exe] => C:\Users\Lenovo\AppData\Local\Temp\1000009001\softx64.exe (No File) <==== ATTENTION
HKU\S-1-5-21-589266725-163046098-2985141653-1001\...\Run: [linda5.exe] => C:\Users\Lenovo\AppData\Local\Temp\1000001001\linda5.exe (No File) <==== ATTENTION
HKU\S-1-5-21-589266725-163046098-2985141653-1001\...\Run: [doza.exe] => C:\Users\Lenovo\AppData\Local\Temp\1000002001\doza.exe (No File) <==== ATTENTION
HKU\S-1-5-21-589266725-163046098-2985141653-1001\...\Run: [anon.exe] => C:\Users\Lenovo\AppData\Local\Temp\1000003001\anon.exe (No File) <==== ATTENTION
HKU\S-1-5-21-589266725-163046098-2985141653-1001\...\Run: [SysHelper] => "C:\Users\Lenovo\AppData\Local\01452eb3-bcf0-4a09-af08-c8a0bd38b550\3C44.exe" --AutoStart (No File) <==== ATTENTION
HKU\S-1-5-21-589266725-163046098-2985141653-1001\...\Run: [Lege.exe] => C:\Users\Lenovo\AppData\Local\Temp\1000002001\Lege.exe (No File) <==== ATTENTION
HKU\S-1-5-21-589266725-163046098-2985141653-1001\...\Run: [mfc40] => wscript.exe "C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows NT\mfc40.js" (No File)
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION 
Task: {066F3570-49E2-4542-A879-F61566C247D5} - System32\Tasks\TinyTask => C:\Users\Default\Links\plugins.js (No File) <==== ATTENTION
Task: {357993EC-A886-4CB2-BD44-D819F3489EBB} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe [4378152 2022-12-04] (10306 -> ) [File not signed] <==== ATTENTION
Task: {5E11AB69-D6BF-4192-853D-34D662AD9330} - System32\Tasks\gntuud.exe => C:\Users\Lenovo\AppData\Local\Temp\ecaac49691\gntuud.exe (No File) <==== ATTENTION
Task: {7F0E6088-9467-425A-B505-38DCE817651D} - System32\Tasks\KHrSLiwgubkDm2 => C:\Windows\system32\wscript.exe "C:\ProgramData\toJoOaCasrkHDLVB\YxYpvMV.wsf" <==== ATTENTION
C:\ProgramData\toJoOaCasrkHDLVB
Task: {A83878DB-40C7-45D1-AAED-1AC3DFF6E8DD} - System32\Tasks\ThPcltKqrSbKdqUsLXA2 => rundll32 "C:\Program Files (x86)\BHnEOumqQNxwC\IGjjEUR.dll",#1 <==== ATTENTION
C:\Program Files (x86)\BHnEOumqQNxwC
Task: {C332567E-B3F9-44EE-A4DA-635A74FA26BB} - System32\Tasks\Azure-Update-Task => C:\Users\Lenovo\AppData\Roaming\Microsoft\Network\mstsca.exe (No File) <==== ATTENTION
Task: {C4B7F923-E1EE-4AC1-A923-935B278A86CE} - System32\Tasks\PwWEMgFlvPzjkD => rundll32 "C:\Program Files (x86)\wcBHSMtwAxoU2\dedDBIzHMMfjR.dll",#1 <==== ATTENTION
C:\Program Files (x86)\wcBHSMtwAxoU2
Task: {D2822267-1427-4F03-8F13-ED56BBA21E5A} - System32\Tasks\HELPXygtJRSAxDU2 => rundll32 "C:\Program Files (x86)\MqnvxdqkU\eDIHMj.dll",#1 <==== ATTENTION
C:\Program Files (x86)\MqnvxdqkU
Task: {E828EA22-575B-4EF9-A689-70578CF6346B} - System32\Tasks\fsScmaedPutWjGGAu2 => rundll32 "C:\Program Files (x86)\qEEOQNqyZQNOGAPVwcR\zCdMEPI.dll",#1 <==== ATTENTION
C:\Program Files (x86)\qEEOQNqyZQNOGAPVwcR
VirusTotal: C:\Users\Lenovo\AppData\Local\EntityTexts\MioracionMail\Saksoft_nscfg.dll
VirusTotal: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe
AutoConfigURL: [{58B69C5E-32C4-48F0-92D4-28C5832E31D8}] => hxxp://34.80.59.191/win.pac <==== ATTENTION
AutoConfigURL: [S-1-5-21-589266725-163046098-2985141653-1001] => hxxp://34.80.59.191/win.pac <==== ATTENTION
ManualProxies: 0hxxp://34.80.59.191/win.pac <==== ATTENTION
FF Homepage: Mozilla\Firefox\Profiles\2qrgp3fv.default-release-1-1661029269790 -> hxxps://find-it.pro/?utm_source=distr_m
FF Notifications: Mozilla\Firefox\Profiles\2qrgp3fv.default-release-1-1661029269790 -> hxxps://mail-notification.info; hxxps://zarabotok-online.xyz; hxxps://supertopfreegames.com; hxxps://best-loan-info.com; hxxps://ccleaner-download.xyz; hxxps://pinghauz.xyz; hxxps://s-tracking.xyz; hxxps://mnthor.xyz
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\2qrgp3fv.default-release-1-1661029269790\searchplugins\cdnsearch.xml [2022-12-04]
FF Notifications: Mozilla\Firefox\Profiles\okepyaxx.default-release -> hxxps://mail-notification.info; hxxps://zarabotok-online.xyz; hxxps://supertopfreegames.com; hxxps://best-loan-info.com; hxxps://ccleaner-download.xyz; hxxps://pinghauz.xyz; hxxps://s-tracking.xyz; hxxps://mnthor.xyz
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\okepyaxx.default-release\searchplugins\cdnsearch.xml [2022-12-04]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\browser\features\{469DEDC5-791B-41B7-99CA-EB25B08298D1}.xpi [2022-12-04] [not signed]
FF Extension: (Google Slides Offline) - C:\Program Files\Mozilla Firefox\browser\features\{9E4089DD-BC9D-4FF0-88B6-7CA5D03DF300}.xpi [2022-12-04] [not signed]
CHR Notifications: Default -> hxxps://best-loan-info.com; hxxps://ccleaner-download.xyz; hxxps://mail-notification.info; hxxps://mnthor.xyz; hxxps://pinghauz.xyz; hxxps://s-tracking.xyz; hxxps://supertopfreegames.com; hxxps://www.kaldata.com; hxxps://zarabotok-online.xyz
CHR HomePage: Default -> hxxps://find-it.pro/?utm_source=distr_m
CHR StartupUrls: Default -> "hxxps://find-it.pro/?utm_source=distr_m"
CHR DefaultSearchURL: Default -> hxxp://search-cdn.net/fip/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> cdn
CHR DefaultSuggestURL: Default -> hxxps://www.google.ru/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&q={searchTerms}
CHR Extension: (YoutubeDownloader) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcdbodapcbfckbfpmgeldfkkgjknceo [2022-12-04] [UpdateUrl:hxxps://clients54.google.com/service/update2/crx] <==== ATTENTION
C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcdbodapcbfckbfpmgeldfkkgjknceo
S4 VBoxGuest; VBoxGuest [X]
S4 VBoxMouse; VBoxMouse [X]
S4 VBoxService; VBoxService [X]
S4 VBoxSF; VBoxSF [X]
S4 VBoxVideo; VBoxVideo [X]
S4 VBoxWddm; VBoxWddm [X]
VirusTotal: C:\Windows\system32\drivers\aiydctei.sys
S1 aiydctei; C:\Windows\system32\drivers\aiydctei.sys [52488 2022-12-04] (Microsoft Windows -> Microsoft Corporation)
C:\Windows\system32\drivers\aiydctei.sys
U0 TaskKill; C:\Users\Lenovo\AppData\Local\Temp\Иисус.sys [36208 2022-12-04] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com) <==== ATTENTION
C:\Users\Lenovo\AppData\Local\Temp\Иисус.sys
2022-12-04 15:13 - 2022-12-04 15:13 - 000003356 _____ C:\Windows\system32\Tasks\PwWEMgFlvPzjkD
2022-12-04 15:13 - 2022-12-04 15:13 - 000003044 _____ C:\Windows\system32\Tasks\KHrSLiwgubkDm2
2022-12-04 15:13 - 2022-12-04 15:13 - 000003034 _____ C:\Windows\system32\Tasks\fsScmaedPutWjGGAu2
2022-12-04 15:13 - 2022-12-04 15:13 - 000003026 _____ C:\Windows\system32\Tasks\ThPcltKqrSbKdqUsLXA2
2022-12-04 15:13 - 2022-12-04 15:13 - 000003008 _____ C:\Windows\system32\Tasks\HELPXygtJRSAxDU2
2022-12-04 15:13 - 2022-12-04 15:13 - 000000000 ____D C:\ProgramData\toJoOaCasrkHDLVB
2022-12-04 15:13 - 2022-12-04 15:13 - 000000000 ____D C:\Program Files (x86)\wcBHSMtwAxoU2
2022-12-04 15:13 - 2022-12-04 15:13 - 000000000 ____D C:\Program Files (x86)\SmxCdYxMLBUn
2022-12-04 15:13 - 2022-12-04 15:13 - 000000000 ____D C:\Program Files (x86)\qEEOQNqyZQNOGAPVwcR
2022-12-04 15:13 - 2022-12-04 15:13 - 000000000 ____D C:\Program Files (x86)\MqnvxdqkU
2022-12-04 15:13 - 2022-12-04 15:13 - 000000000 ____D C:\Program Files (x86)\BHnEOumqQNxwC
2022-12-04 15:11 - 2022-12-04 15:16 - 005716302 _____ C:\Users\Lenovo\Documents\sgNslHzHyD_vIxEceTAX0zc0.exe.uyro
2022-12-04 10:11 - 2022-12-04 10:16 - 005716302 _____ C:\Users\Lenovo\Documents\r0d8ZEeats83QIlCP15drYVX.exe.uyro
2022-12-04 09:48 - 2022-12-04 09:51 - 005716302 _____ C:\Users\Lenovo\Documents\9mvt4K8Up90OUfnMTwjJkkAn.exe.uyro
2022-12-04 09:16 - 2022-12-04 15:12 - 000000000 ____D C:\Program Files\aieoplapobidheellikiicjfpamacpfd
2022-12-04 09:16 - 2022-12-04 09:16 - 005716302 _____ C:\Users\Lenovo\Documents\_QXfq31iEsazaYtwnNpTuK4j.uyro
2022-12-04 08:18 - 2022-11-25 17:35 - 000000337 _____ C:\Users\Lenovo\AppData\Roaming\153fc053-e88e-44d0-9e5d-d971c7e53214
2022-12-04 08:18 - 2022-11-25 17:35 - 000000335 _____ C:\Users\Lenovo\AppData\Roaming\9b01dc3f-8b61-4e46-9426-7965538c2126
2022-12-04 08:18 - 2022-11-25 17:29 - 000000337 _____ C:\Users\Lenovo\AppData\Roaming\267b92dc-dc21-4f74-a6e5-a3b925e9e5a8
2022-12-04 08:18 - 2022-11-20 13:23 - 000000335 _____ C:\Users\Lenovo\AppData\Roaming\48f7ed8b-4181-48ad-ba12-7b7fe6d3585a
2022-12-04 08:18 - 2022-11-17 15:18 - 000008259 _____ C:\Users\Lenovo\AppData\Roaming\cb372d39-9c9a-4f13-b183-a910247e6465
2022-12-04 08:18 - 2022-11-06 08:00 - 000016289 _____ C:\Users\Lenovo\AppData\Roaming\c5be1d6d-767c-4265-9ea7-862913e41ca5
2022-12-04 08:18 - 2022-08-20 22:59 - 000000000 _____ C:\Users\Lenovo\AppData\Roaming\484fe4f2-9bad-42aa-a197-dd9fbb41bc60
2022-12-04 08:18 - 2022-08-10 16:46 - 000000000 _____ C:\Users\Lenovo\AppData\Roaming\a1454159-1092-4ce3-ac25-571ff4f4f6d3
2022-12-04 08:18 - 2022-05-10 17:42 - 000063084 _____ C:\Users\Lenovo\AppData\Roaming\4aa565c9-2d32-4142-89e6-cfa648dbc2e3
2022-12-04 08:18 - 2022-05-10 17:42 - 000000280 _____ C:\Users\Lenovo\AppData\Roaming\4668bf8d-2987-424f-abc3-de43c5977374
2022-12-04 08:18 - 2022-04-22 17:33 - 000053725 _____ C:\Users\Lenovo\AppData\Roaming\73b074e5-ec85-46e9-9a2b-cc17f87cb433
2022-12-04 08:18 - 2022-04-22 17:33 - 000000293 _____ C:\Users\Lenovo\AppData\Roaming\a9ece743-5171-48cb-90d7-0e125954121b
2022-12-04 08:18 - 2022-01-21 07:50 - 000105379 _____ C:\Users\Lenovo\AppData\Roaming\4982092e-47c1-4c26-a06a-ba1eb5d50bd4
2022-12-04 08:18 - 2022-01-09 22:41 - 000000016 _____ C:\Users\Lenovo\AppData\Roaming\a86fbd45-63d2-4a11-ab4b-924690112fe6
2022-12-04 08:18 - 2021-10-29 21:44 - 000021466 _____ C:\Users\Lenovo\AppData\Roaming\b85f1377-feeb-462a-ad35-6d8e7c47fe86
2022-12-04 08:18 - 2021-08-31 19:24 - 000000016 _____ C:\Users\Lenovo\AppData\Roaming\0c0a07ce-3d36-42f8-b12a-c8db42595cac
2022-12-04 08:17 - 2022-12-04 16:16 - 000003274 _____ C:\Windows\system32\Tasks\csrss
2022-12-04 08:17 - 2022-12-04 15:22 - 000000000 __SHD C:\ProgramData\github
2022-12-04 08:17 - 2022-12-04 15:12 - 000000000 ___HD C:\Windows\rss
2022-12-04 08:17 - 2022-12-04 15:12 - 000000000 ___HD C:\ProgramData\DNTException
2022-12-04 08:17 - 2022-11-25 17:35 - 000000337 _____ C:\Users\Lenovo\AppData\Roaming\9718f58a-654f-49a4-aacc-3f684fe03e07
2022-12-04 08:17 - 2022-11-25 17:35 - 000000337 _____ C:\Users\Lenovo\AppData\Roaming\4f9506c0-d127-4ea2-817d-fe32e24e6bc6
2022-12-04 08:17 - 2022-11-25 17:35 - 000000335 _____ C:\Users\Lenovo\AppData\Roaming\c74f439b-1813-4c53-9a09-1f626afcb260
2022-12-04 08:17 - 2022-11-25 17:35 - 000000335 _____ C:\Users\Lenovo\AppData\Roaming\88f272cc-cde9-4c17-8023-d3623d681b9a
2022-12-04 08:17 - 2022-11-25 17:29 - 000000337 _____ C:\Users\Lenovo\AppData\Roaming\7e838190-6f28-47de-a2b7-b3d27da009e6
2022-12-04 08:17 - 2022-11-25 17:29 - 000000337 _____ C:\Users\Lenovo\AppData\Roaming\780791ae-90aa-4cf0-9563-d0a2ea0d8c65
2022-12-04 08:17 - 2022-11-20 13:23 - 000000335 _____ C:\Users\Lenovo\AppData\Roaming\7f40593a-bef7-4436-98fc-88ce448b09bc
2022-12-04 08:17 - 2022-11-20 13:23 - 000000335 _____ C:\Users\Lenovo\AppData\Roaming\764aa004-468d-4a8b-8b33-09528f9a7171
2022-12-04 08:17 - 2022-11-17 15:18 - 000008259 _____ C:\Users\Lenovo\AppData\Roaming\e682b467-bdf3-45dc-a302-53418dd1a829
2022-12-04 08:17 - 2022-11-17 15:18 - 000008259 _____ C:\Users\Lenovo\AppData\Roaming\1016f642-18df-41d4-ad2d-92b51b16363c
2022-12-04 08:17 - 2022-11-06 08:00 - 000016289 _____ C:\Users\Lenovo\AppData\Roaming\c4f7e723-f15a-4873-a6cf-af3727cc40d4
2022-12-04 08:17 - 2022-11-06 08:00 - 000016289 _____ C:\Users\Lenovo\AppData\Roaming\6f2278fa-1e4a-4e5b-aa4d-513eeb8f7ad2
2022-12-04 08:17 - 2022-08-20 22:59 - 000000000 _____ C:\Users\Lenovo\AppData\Roaming\54681132-2e00-4ca9-b146-fc9b88bc9564
2022-12-04 08:17 - 2022-08-20 22:59 - 000000000 _____ C:\Users\Lenovo\AppData\Roaming\4d4a96f8-74c5-4068-9179-67f736002e9f
2022-12-04 08:17 - 2022-08-10 16:46 - 000000000 _____ C:\Users\Lenovo\AppData\Roaming\f5d9f8de-e001-4fc4-9ad2-8addc7c3c2b0
2022-12-04 08:17 - 2022-08-10 16:46 - 000000000 _____ C:\Users\Lenovo\AppData\Roaming\bb917342-4edb-4b15-b2c5-766568a62d27
2022-12-04 08:17 - 2022-05-10 17:42 - 000063084 _____ C:\Users\Lenovo\AppData\Roaming\9e8d328e-a1ec-490d-994a-20935fa52002
2022-12-04 08:17 - 2022-05-10 17:42 - 000063084 _____ C:\Users\Lenovo\AppData\Roaming\77fc39b3-21b7-49ed-8c91-d7bcfaba5ff4
2022-12-04 08:17 - 2022-05-10 17:42 - 000000280 _____ C:\Users\Lenovo\AppData\Roaming\e3fe2c98-e465-4d19-955b-0387524ddd05
2022-12-04 08:17 - 2022-05-10 17:42 - 000000280 _____ C:\Users\Lenovo\AppData\Roaming\12869057-e0e9-44cd-b08a-114905264dc1
2022-12-04 08:17 - 2022-04-22 17:33 - 000053725 _____ C:\Users\Lenovo\AppData\Roaming\ebbd6c58-f366-418c-a9c0-e9a69fca7b4d
2022-12-04 08:17 - 2022-04-22 17:33 - 000053725 _____ C:\Users\Lenovo\AppData\Roaming\e68d6ded-783d-4496-9dcb-9177d3bbd1cb
2022-12-04 08:17 - 2022-04-22 17:33 - 000000293 _____ C:\Users\Lenovo\AppData\Roaming\f7dc8b2b-6ba7-484e-bf98-5b1e588ef27d
2022-12-04 08:17 - 2022-04-22 17:33 - 000000293 _____ C:\Users\Lenovo\AppData\Roaming\09483473-e603-4bc7-a32b-4a8db751967b
2022-12-04 08:17 - 2022-01-21 07:50 - 000105379 _____ C:\Users\Lenovo\AppData\Roaming\28c17e93-ed5a-4684-b8c3-ddfd2eec1d92
2022-12-04 08:17 - 2022-01-21 07:50 - 000105379 _____ C:\Users\Lenovo\AppData\Roaming\0df435bc-4812-467e-9214-bf66d9cc4053
2022-12-04 08:17 - 2022-01-09 22:41 - 000000016 _____ C:\Users\Lenovo\AppData\Roaming\94374585-f0a0-4358-977a-2512d8c4cce0
2022-12-04 08:17 - 2022-01-09 22:41 - 000000016 _____ C:\Users\Lenovo\AppData\Roaming\6443f552-f262-4142-a287-2d67ddbd4477
2022-12-04 08:17 - 2021-10-29 21:44 - 000021466 _____ C:\Users\Lenovo\AppData\Roaming\902321d1-0f64-4431-b905-f7f06cf5497b
2022-12-04 08:17 - 2021-10-29 21:44 - 000021466 _____ C:\Users\Lenovo\AppData\Roaming\1b29a5ff-b068-4577-b83c-5e98ba9843e0
2022-12-04 08:17 - 2021-08-31 19:24 - 000000016 _____ C:\Users\Lenovo\AppData\Roaming\9545c70e-3ea0-48a4-a098-c6d3017dd006
2022-12-04 08:17 - 2021-08-31 19:24 - 000000016 _____ C:\Users\Lenovo\AppData\Roaming\33445f3d-78dc-4277-ba87-422ed8802181
2022-12-04 08:16 - 2022-12-04 08:21 - 005716302 _____ C:\Users\Lenovo\Documents\9TNxzTnxV_DPAx31L3E6q6Ql.exe.uyro
2022-12-04 04:51 - 2022-12-04 04:51 - 005716302 _____ C:\Users\Lenovo\Documents\ITW6vWThzhpAB919kxWbM4UW.exe.uyro
2022-12-04 01:17 - 2022-12-04 08:18 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\a091ec0a6e2227
2022-12-03 21:55 - 2022-12-04 08:18 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\f49dfc5e4e2508
2022-12-03 21:55 - 2022-12-03 21:55 - 000000555 _____ C:\Users\Lenovo\AppData\Local\bowsakkdestx.txt
2022-12-03 21:55 - 2022-12-03 21:55 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\B283188499937572
2022-12-03 21:55 - 2022-12-03 21:55 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\56a1c3d463f381
2022-12-03 21:55 - 2022-12-03 21:55 - 000000000 ____D C:\Users\Lenovo\AppData\Local\4be453ca-a897-45e9-b45d-41c3df035795
2022-12-03 21:55 - 2022-12-03 21:55 - 000000000 ____D C:\SystemID
2022-12-03 21:54 - 2022-12-04 15:21 - 000000000 ____D C:\Users\Lenovo\AppData\Local\01452eb3-bcf0-4a09-af08-c8a0bd38b550
2022-12-03 21:54 - 2022-12-04 15:21 - 000000000 ____D C:\Program Files (x86)\PowerControl
2022-12-03 21:54 - 2022-12-04 15:12 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\{326b2940-29e7-11eb-8b86-806e6f6e6963}
2022-12-03 21:54 - 2022-12-04 15:12 - 000000000 ____D C:\Program Files (x86)\PrintFolders
2022-12-03 21:54 - 2022-12-03 21:55 - 000684984 _____ (Mozilla Foundation) C:\Users\Lenovo\AppData\LocalLow\freebl3.dll
2022-12-03 21:54 - 2022-12-03 21:55 - 000627128 _____ (Mozilla Foundation) C:\Users\Lenovo\AppData\LocalLow\mozglue.dll
2022-12-03 21:54 - 2022-12-03 21:55 - 000254392 _____ (Mozilla Foundation) C:\Users\Lenovo\AppData\LocalLow\softokn3.dll
2022-12-03 21:54 - 2022-12-03 21:54 - 000003600 _____ C:\Windows\system32\Tasks\gntuud.exe
2022-12-03 21:54 - 2022-12-03 21:54 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\sNNXzFjaM0w
2022-12-03 21:54 - 2022-12-03 21:54 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\ch6jM3G501
2022-12-03 21:54 - 2022-12-03 21:54 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\3om9MROA
2022-12-03 21:54 - 2022-12-03 21:54 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Yandex
2022-12-03 21:54 - 2022-12-03 21:46 - 000006261 _____ C:\Users\Lenovo\AppData\LocalLow\l9IycQIRyITc
2022-12-04 08:17 - 2022-04-22 17:33 - 000000293 _____ () C:\Users\Lenovo\AppData\Roaming\09483473-e603-4bc7-a32b-4a8db751967b
2022-12-04 08:18 - 2021-08-31 19:24 - 000000016 _____ () C:\Users\Lenovo\AppData\Roaming\0c0a07ce-3d36-42f8-b12a-c8db42595cac
2022-12-04 08:17 - 2022-01-21 07:50 - 000105379 _____ () C:\Users\Lenovo\AppData\Roaming\0df435bc-4812-467e-9214-bf66d9cc4053
2022-12-04 08:17 - 2022-11-17 15:18 - 000008259 _____ () C:\Users\Lenovo\AppData\Roaming\1016f642-18df-41d4-ad2d-92b51b16363c
2022-12-04 08:17 - 2022-05-10 17:42 - 000000280 _____ () C:\Users\Lenovo\AppData\Roaming\12869057-e0e9-44cd-b08a-114905264dc1
2022-12-04 08:18 - 2022-11-25 17:35 - 000000337 _____ () C:\Users\Lenovo\AppData\Roaming\153fc053-e88e-44d0-9e5d-d971c7e53214
2022-12-04 08:17 - 2021-10-29 21:44 - 000021466 _____ () C:\Users\Lenovo\AppData\Roaming\1b29a5ff-b068-4577-b83c-5e98ba9843e0
2022-12-04 08:18 - 2022-11-25 17:29 - 000000337 _____ () C:\Users\Lenovo\AppData\Roaming\267b92dc-dc21-4f74-a6e5-a3b925e9e5a8
2022-12-04 08:17 - 2022-01-21 07:50 - 000105379 _____ () C:\Users\Lenovo\AppData\Roaming\28c17e93-ed5a-4684-b8c3-ddfd2eec1d92
2022-12-04 08:17 - 2021-08-31 19:24 - 000000016 _____ () C:\Users\Lenovo\AppData\Roaming\33445f3d-78dc-4277-ba87-422ed8802181
2022-12-04 08:18 - 2022-05-10 17:42 - 000000280 _____ () C:\Users\Lenovo\AppData\Roaming\4668bf8d-2987-424f-abc3-de43c5977374
2022-12-04 08:18 - 2022-08-20 22:59 - 000000000 _____ () C:\Users\Lenovo\AppData\Roaming\484fe4f2-9bad-42aa-a197-dd9fbb41bc60
2022-12-04 08:18 - 2022-11-20 13:23 - 000000335 _____ () C:\Users\Lenovo\AppData\Roaming\48f7ed8b-4181-48ad-ba12-7b7fe6d3585a
2022-12-04 08:18 - 2022-01-21 07:50 - 000105379 _____ () C:\Users\Lenovo\AppData\Roaming\4982092e-47c1-4c26-a06a-ba1eb5d50bd4
2022-12-04 08:18 - 2022-05-10 17:42 - 000063084 _____ () C:\Users\Lenovo\AppData\Roaming\4aa565c9-2d32-4142-89e6-cfa648dbc2e3
2022-12-04 08:17 - 2022-08-20 22:59 - 000000000 _____ () C:\Users\Lenovo\AppData\Roaming\4d4a96f8-74c5-4068-9179-67f736002e9f
2022-12-04 08:17 - 2022-11-25 17:35 - 000000337 _____ () C:\Users\Lenovo\AppData\Roaming\4f9506c0-d127-4ea2-817d-fe32e24e6bc6
2022-12-04 08:17 - 2022-08-20 22:59 - 000000000 _____ () C:\Users\Lenovo\AppData\Roaming\54681132-2e00-4ca9-b146-fc9b88bc9564
2022-12-04 08:17 - 2022-01-09 22:41 - 000000016 _____ () C:\Users\Lenovo\AppData\Roaming\6443f552-f262-4142-a287-2d67ddbd4477
2022-12-04 08:17 - 2022-11-06 08:00 - 000016289 _____ () C:\Users\Lenovo\AppData\Roaming\6f2278fa-1e4a-4e5b-aa4d-513eeb8f7ad2
2022-12-04 08:18 - 2022-04-22 17:33 - 000053725 _____ () C:\Users\Lenovo\AppData\Roaming\73b074e5-ec85-46e9-9a2b-cc17f87cb433
2022-12-04 08:17 - 2022-11-20 13:23 - 000000335 _____ () C:\Users\Lenovo\AppData\Roaming\764aa004-468d-4a8b-8b33-09528f9a7171
2022-12-04 08:17 - 2022-05-10 17:42 - 000063084 _____ () C:\Users\Lenovo\AppData\Roaming\77fc39b3-21b7-49ed-8c91-d7bcfaba5ff4
2022-12-04 08:17 - 2022-11-25 17:29 - 000000337 _____ () C:\Users\Lenovo\AppData\Roaming\780791ae-90aa-4cf0-9563-d0a2ea0d8c65
2022-12-04 08:17 - 2022-11-25 17:29 - 000000337 _____ () C:\Users\Lenovo\AppData\Roaming\7e838190-6f28-47de-a2b7-b3d27da009e6
2022-12-04 08:17 - 2022-11-20 13:23 - 000000335 _____ () C:\Users\Lenovo\AppData\Roaming\7f40593a-bef7-4436-98fc-88ce448b09bc
2022-12-04 08:17 - 2022-11-25 17:35 - 000000335 _____ () C:\Users\Lenovo\AppData\Roaming\88f272cc-cde9-4c17-8023-d3623d681b9a
2022-12-04 08:17 - 2021-10-29 21:44 - 000021466 _____ () C:\Users\Lenovo\AppData\Roaming\902321d1-0f64-4431-b905-f7f06cf5497b
2022-12-04 08:17 - 2022-01-09 22:41 - 000000016 _____ () C:\Users\Lenovo\AppData\Roaming\94374585-f0a0-4358-977a-2512d8c4cce0
2022-12-04 08:17 - 2021-08-31 19:24 - 000000016 _____ () C:\Users\Lenovo\AppData\Roaming\9545c70e-3ea0-48a4-a098-c6d3017dd006
2022-12-04 08:17 - 2022-11-25 17:35 - 000000337 _____ () C:\Users\Lenovo\AppData\Roaming\9718f58a-654f-49a4-aacc-3f684fe03e07
2022-12-04 08:18 - 2022-11-25 17:35 - 000000335 _____ () C:\Users\Lenovo\AppData\Roaming\9b01dc3f-8b61-4e46-9426-7965538c2126
2022-12-04 08:17 - 2022-05-10 17:42 - 000063084 _____ () C:\Users\Lenovo\AppData\Roaming\9e8d328e-a1ec-490d-994a-20935fa52002
2022-12-04 08:18 - 2022-08-10 16:46 - 000000000 _____ () C:\Users\Lenovo\AppData\Roaming\a1454159-1092-4ce3-ac25-571ff4f4f6d3
2022-12-04 08:18 - 2022-01-09 22:41 - 000000016 _____ () C:\Users\Lenovo\AppData\Roaming\a86fbd45-63d2-4a11-ab4b-924690112fe6
2022-12-04 08:18 - 2022-04-22 17:33 - 000000293 _____ () C:\Users\Lenovo\AppData\Roaming\a9ece743-5171-48cb-90d7-0e125954121b
2022-12-04 08:18 - 2021-10-29 21:44 - 000021466 _____ () C:\Users\Lenovo\AppData\Roaming\b85f1377-feeb-462a-ad35-6d8e7c47fe86
2022-12-04 08:17 - 2022-08-10 16:46 - 000000000 _____ () C:\Users\Lenovo\AppData\Roaming\bb917342-4edb-4b15-b2c5-766568a62d27
2022-12-04 08:17 - 2022-11-06 08:00 - 000016289 _____ () C:\Users\Lenovo\AppData\Roaming\c4f7e723-f15a-4873-a6cf-af3727cc40d4
2022-12-04 08:18 - 2022-11-06 08:00 - 000016289 _____ () C:\Users\Lenovo\AppData\Roaming\c5be1d6d-767c-4265-9ea7-862913e41ca5
2022-12-04 08:17 - 2022-11-25 17:35 - 000000335 _____ () C:\Users\Lenovo\AppData\Roaming\c74f439b-1813-4c53-9a09-1f626afcb260
2022-12-04 08:18 - 2022-11-17 15:18 - 000008259 _____ () C:\Users\Lenovo\AppData\Roaming\cb372d39-9c9a-4f13-b183-a910247e6465
2022-12-04 08:17 - 2022-05-10 17:42 - 000000280 _____ () C:\Users\Lenovo\AppData\Roaming\e3fe2c98-e465-4d19-955b-0387524ddd05
2022-12-04 08:17 - 2022-11-17 15:18 - 000008259 _____ () C:\Users\Lenovo\AppData\Roaming\e682b467-bdf3-45dc-a302-53418dd1a829
2022-12-04 08:17 - 2022-04-22 17:33 - 000053725 _____ () C:\Users\Lenovo\AppData\Roaming\e68d6ded-783d-4496-9dcb-9177d3bbd1cb
2022-12-04 08:17 - 2022-04-22 17:33 - 000053725 _____ () C:\Users\Lenovo\AppData\Roaming\ebbd6c58-f366-418c-a9c0-e9a69fca7b4d
2022-12-04 08:17 - 2022-08-10 16:46 - 000000000 _____ () C:\Users\Lenovo\AppData\Roaming\f5d9f8de-e001-4fc4-9ad2-8addc7c3c2b0
2022-12-04 08:17 - 2022-04-22 17:33 - 000000293 _____ () C:\Users\Lenovo\AppData\Roaming\f7dc8b2b-6ba7-484e-bf98-5b1e588ef27d
2022-10-12 07:12 - 2022-10-12 07:12 - 000359424 ____N () C:\Users\Lenovo\AppData\Roaming\fbvgfjr
2022-12-03 21:55 - 2022-12-03 21:55 - 000000555 _____ () C:\Users\Lenovo\AppData\Local\bowsakkdestx.txt
Folder: C:\Users\Lenovo\AppData\Local\cache
AlternateDataStreams: C:\Windows\system32\Drivers\aiydctei.sys:changelist [296] 
2022-12-04 15:54 - 2022-12-04 15:54 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Java
FirewallRules: [{9EBEAD5F-8AEA-47B9-9C45-24449A1FDF6E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{07B3D723-3BA8-4112-A046-C5268919777E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{715B0D67-9299-470C-BCED-279BD4AE5330}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9B8ADB80-FBEE-4B12-8C52-C81925284ECD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
C:\Windows\system32\MW9SFPK7JY.tmp
cmd: del %temp%\*.* /f /s /q
cmd: rd /s /q %temp%
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
End
*****************

Processes closed successfully.
C:\Windows\rss\csrss.exe => No running process found
C:\Users\Lenovo\AppData\Local\Temp\csrss\934057bb263593087d4cce4817adb057.exe => No running process found
C:\Users\Lenovo\AppData\Local\Temp\csrss\injector\injector.exe => No running process found
C:\Windows\rss => moved successfully
C:\Users\Lenovo\AppData\Local\Temp\csrss => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-589266725-163046098-2985141653-1001\Software\Microsoft\Windows\CurrentVersion\Run\\softx64.exe" => removed successfully
"HKU\S-1-5-21-589266725-163046098-2985141653-1001\Software\Microsoft\Windows\CurrentVersion\Run\\linda5.exe" => removed successfully
"HKU\S-1-5-21-589266725-163046098-2985141653-1001\Software\Microsoft\Windows\CurrentVersion\Run\\doza.exe" => removed successfully
"HKU\S-1-5-21-589266725-163046098-2985141653-1001\Software\Microsoft\Windows\CurrentVersion\Run\\anon.exe" => removed successfully
"HKU\S-1-5-21-589266725-163046098-2985141653-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SysHelper" => not found
"HKU\S-1-5-21-589266725-163046098-2985141653-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Lege.exe" => removed successfully
"HKU\S-1-5-21-589266725-163046098-2985141653-1001\Software\Microsoft\Windows\CurrentVersion\Run\\mfc40" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{066F3570-49E2-4542-A879-F61566C247D5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{066F3570-49E2-4542-A879-F61566C247D5}" => removed successfully
C:\Windows\System32\Tasks\TinyTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TinyTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{357993EC-A886-4CB2-BD44-D819F3489EBB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{357993EC-A886-4CB2-BD44-D819F3489EBB}" => removed successfully
C:\Windows\System32\Tasks\csrss => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\csrss" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E11AB69-D6BF-4192-853D-34D662AD9330}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E11AB69-D6BF-4192-853D-34D662AD9330}" => removed successfully
C:\Windows\System32\Tasks\gntuud.exe => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gntuud.exe" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7F0E6088-9467-425A-B505-38DCE817651D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F0E6088-9467-425A-B505-38DCE817651D}" => removed successfully
C:\Windows\System32\Tasks\KHrSLiwgubkDm2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KHrSLiwgubkDm2" => removed successfully
C:\ProgramData\toJoOaCasrkHDLVB => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A83878DB-40C7-45D1-AAED-1AC3DFF6E8DD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A83878DB-40C7-45D1-AAED-1AC3DFF6E8DD}" => removed successfully
C:\Windows\System32\Tasks\ThPcltKqrSbKdqUsLXA2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ThPcltKqrSbKdqUsLXA2" => removed successfully
C:\Program Files (x86)\BHnEOumqQNxwC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C332567E-B3F9-44EE-A4DA-635A74FA26BB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C332567E-B3F9-44EE-A4DA-635A74FA26BB}" => removed successfully
C:\Windows\System32\Tasks\Azure-Update-Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Azure-Update-Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C4B7F923-E1EE-4AC1-A923-935B278A86CE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4B7F923-E1EE-4AC1-A923-935B278A86CE}" => removed successfully
C:\Windows\System32\Tasks\PwWEMgFlvPzjkD => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PwWEMgFlvPzjkD" => removed successfully
C:\Program Files (x86)\wcBHSMtwAxoU2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2822267-1427-4F03-8F13-ED56BBA21E5A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2822267-1427-4F03-8F13-ED56BBA21E5A}" => removed successfully
C:\Windows\System32\Tasks\HELPXygtJRSAxDU2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HELPXygtJRSAxDU2" => removed successfully
C:\Program Files (x86)\MqnvxdqkU => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E828EA22-575B-4EF9-A689-70578CF6346B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E828EA22-575B-4EF9-A689-70578CF6346B}" => removed successfully
C:\Windows\System32\Tasks\fsScmaedPutWjGGAu2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fsScmaedPutWjGGAu2" => removed successfully
C:\Program Files (x86)\qEEOQNqyZQNOGAPVwcR => moved successfully
VirusTotal: C:\Users\Lenovo\AppData\Local\EntityTexts\MioracionMail\Saksoft_nscfg.dll => https://www.virustotal.com/gui/file/4e7264ca50600306e05b2219e202107d49282f7b7ac7f5e247d855084907d2a2/detection/f-4e7264ca50600306e05b2219e202107d49282f7b7ac7f5e247d855084907d2a2-1670168075
VirusTotal: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe => https://www.virustotal.com/gui/file/2d72b948928e4444e730c7bc1983e12adb7b4db8a41c754c1e81f517c820d8ba/detection/f-2d72b948928e4444e730c7bc1983e12adb7b4db8a41c754c1e81f517c820d8ba-1669559307
HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr\{58B69C5E-32C4-48F0-92D4-28C5832E31D8} => removed successfully
"HKU\S-1-5-21-589266725-163046098-2985141653-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\" => removed successfully
"Firefox homepage" => removed successfully
"FF Notifications:" => removed successfully
C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\2qrgp3fv.default-release-1-1661029269790\searchplugins\cdnsearch.xml => moved successfully
"FF Notifications:" => removed successfully
C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\okepyaxx.default-release\searchplugins\cdnsearch.xml => moved successfully
C:\Program Files\Mozilla Firefox\browser\features\{469DEDC5-791B-41B7-99CA-EB25B08298D1}.xpi => moved successfully
C:\Program Files\Mozilla Firefox\browser\features\{9E4089DD-BC9D-4FF0-88B6-7CA5D03DF300}.xpi => moved successfully
"Chrome Notifications" => removed successfully
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
CHR Extension: (YoutubeDownloader) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcdbodapcbfckbfpmgeldfkkgjknceo [2022-12-04] [UpdateUrl:hxxps://clients54.google.com/service/update2/crx] <==== ATTENTION => Error: No automatic fix found for this entry.
C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcdbodapcbfckbfpmgeldfkkgjknceo => moved successfully
HKLM\System\CurrentControlSet\Services\VBoxGuest => removed successfully
VBoxGuest => service removed successfully
HKLM\System\CurrentControlSet\Services\VBoxMouse => removed successfully
VBoxMouse => service removed successfully
HKLM\System\CurrentControlSet\Services\VBoxService => removed successfully
VBoxService => service removed successfully
HKLM\System\CurrentControlSet\Services\VBoxSF => removed successfully
VBoxSF => service removed successfully
HKLM\System\CurrentControlSet\Services\VBoxVideo => removed successfully
VBoxVideo => service removed successfully
HKLM\System\CurrentControlSet\Services\VBoxWddm => removed successfully
VBoxWddm => service removed successfully
VirusTotal: C:\Windows\system32\drivers\aiydctei.sys => https://www.virustotal.com/gui/file/247356ae1f8568aa93ec38f81dcfc8c2ed129ab7973f3590e75b8ed626df0d8e/detection/f-247356ae1f8568aa93ec38f81dcfc8c2ed129ab7973f3590e75b8ed626df0d8e-1668356582
HKLM\System\CurrentControlSet\Services\aiydctei => removed successfully
aiydctei => service removed successfully
C:\Windows\system32\drivers\aiydctei.sys => moved successfully
HKLM\System\CurrentControlSet\Services\TaskKill => removed successfully
TaskKill => service removed successfully
C:\Users\Lenovo\AppData\Local\Temp\Иисус.sys => moved successfully
"C:\Windows\system32\Tasks\PwWEMgFlvPzjkD" => not found
"C:\Windows\system32\Tasks\KHrSLiwgubkDm2" => not found
"C:\Windows\system32\Tasks\fsScmaedPutWjGGAu2" => not found
"C:\Windows\system32\Tasks\ThPcltKqrSbKdqUsLXA2" => not found
"C:\Windows\system32\Tasks\HELPXygtJRSAxDU2" => not found
"C:\ProgramData\toJoOaCasrkHDLVB" => not found
"C:\Program Files (x86)\wcBHSMtwAxoU2" => not found
C:\Program Files (x86)\SmxCdYxMLBUn => moved successfully
"C:\Program Files (x86)\qEEOQNqyZQNOGAPVwcR" => not found
"C:\Program Files (x86)\MqnvxdqkU" => not found
"C:\Program Files (x86)\BHnEOumqQNxwC" => not found
C:\Users\Lenovo\Documents\sgNslHzHyD_vIxEceTAX0zc0.exe.uyro => moved successfully
C:\Users\Lenovo\Documents\r0d8ZEeats83QIlCP15drYVX.exe.uyro => moved successfully
C:\Users\Lenovo\Documents\9mvt4K8Up90OUfnMTwjJkkAn.exe.uyro => moved successfully
C:\Program Files\aieoplapobidheellikiicjfpamacpfd => moved successfully
C:\Users\Lenovo\Documents\_QXfq31iEsazaYtwnNpTuK4j.uyro => moved successfully
C:\Users\Lenovo\AppData\Roaming\153fc053-e88e-44d0-9e5d-d971c7e53214 => moved successfully
C:\Users\Lenovo\AppData\Roaming\9b01dc3f-8b61-4e46-9426-7965538c2126 => moved successfully
C:\Users\Lenovo\AppData\Roaming\267b92dc-dc21-4f74-a6e5-a3b925e9e5a8 => moved successfully
C:\Users\Lenovo\AppData\Roaming\48f7ed8b-4181-48ad-ba12-7b7fe6d3585a => moved successfully
C:\Users\Lenovo\AppData\Roaming\cb372d39-9c9a-4f13-b183-a910247e6465 => moved successfully
C:\Users\Lenovo\AppData\Roaming\c5be1d6d-767c-4265-9ea7-862913e41ca5 => moved successfully
C:\Users\Lenovo\AppData\Roaming\484fe4f2-9bad-42aa-a197-dd9fbb41bc60 => moved successfully
C:\Users\Lenovo\AppData\Roaming\a1454159-1092-4ce3-ac25-571ff4f4f6d3 => moved successfully
C:\Users\Lenovo\AppData\Roaming\4aa565c9-2d32-4142-89e6-cfa648dbc2e3 => moved successfully
C:\Users\Lenovo\AppData\Roaming\4668bf8d-2987-424f-abc3-de43c5977374 => moved successfully
C:\Users\Lenovo\AppData\Roaming\73b074e5-ec85-46e9-9a2b-cc17f87cb433 => moved successfully
C:\Users\Lenovo\AppData\Roaming\a9ece743-5171-48cb-90d7-0e125954121b => moved successfully
C:\Users\Lenovo\AppData\Roaming\4982092e-47c1-4c26-a06a-ba1eb5d50bd4 => moved successfully
C:\Users\Lenovo\AppData\Roaming\a86fbd45-63d2-4a11-ab4b-924690112fe6 => moved successfully
C:\Users\Lenovo\AppData\Roaming\b85f1377-feeb-462a-ad35-6d8e7c47fe86 => moved successfully
C:\Users\Lenovo\AppData\Roaming\0c0a07ce-3d36-42f8-b12a-c8db42595cac => moved successfully
"C:\Windows\system32\Tasks\csrss" => not found
C:\ProgramData\github => moved successfully
"C:\Windows\rss" => not found
C:\ProgramData\DNTException => moved successfully
C:\Users\Lenovo\AppData\Roaming\9718f58a-654f-49a4-aacc-3f684fe03e07 => moved successfully
C:\Users\Lenovo\AppData\Roaming\4f9506c0-d127-4ea2-817d-fe32e24e6bc6 => moved successfully
C:\Users\Lenovo\AppData\Roaming\c74f439b-1813-4c53-9a09-1f626afcb260 => moved successfully
C:\Users\Lenovo\AppData\Roaming\88f272cc-cde9-4c17-8023-d3623d681b9a => moved successfully
C:\Users\Lenovo\AppData\Roaming\7e838190-6f28-47de-a2b7-b3d27da009e6 => moved successfully
C:\Users\Lenovo\AppData\Roaming\780791ae-90aa-4cf0-9563-d0a2ea0d8c65 => moved successfully
C:\Users\Lenovo\AppData\Roaming\7f40593a-bef7-4436-98fc-88ce448b09bc => moved successfully
C:\Users\Lenovo\AppData\Roaming\764aa004-468d-4a8b-8b33-09528f9a7171 => moved successfully
C:\Users\Lenovo\AppData\Roaming\e682b467-bdf3-45dc-a302-53418dd1a829 => moved successfully
C:\Users\Lenovo\AppData\Roaming\1016f642-18df-41d4-ad2d-92b51b16363c => moved successfully
C:\Users\Lenovo\AppData\Roaming\c4f7e723-f15a-4873-a6cf-af3727cc40d4 => moved successfully
C:\Users\Lenovo\AppData\Roaming\6f2278fa-1e4a-4e5b-aa4d-513eeb8f7ad2 => moved successfully
C:\Users\Lenovo\AppData\Roaming\54681132-2e00-4ca9-b146-fc9b88bc9564 => moved successfully
C:\Users\Lenovo\AppData\Roaming\4d4a96f8-74c5-4068-9179-67f736002e9f => moved successfully
C:\Users\Lenovo\AppData\Roaming\f5d9f8de-e001-4fc4-9ad2-8addc7c3c2b0 => moved successfully
C:\Users\Lenovo\AppData\Roaming\bb917342-4edb-4b15-b2c5-766568a62d27 => moved successfully
C:\Users\Lenovo\AppData\Roaming\9e8d328e-a1ec-490d-994a-20935fa52002 => moved successfully
C:\Users\Lenovo\AppData\Roaming\77fc39b3-21b7-49ed-8c91-d7bcfaba5ff4 => moved successfully
C:\Users\Lenovo\AppData\Roaming\e3fe2c98-e465-4d19-955b-0387524ddd05 => moved successfully
C:\Users\Lenovo\AppData\Roaming\12869057-e0e9-44cd-b08a-114905264dc1 => moved successfully
C:\Users\Lenovo\AppData\Roaming\ebbd6c58-f366-418c-a9c0-e9a69fca7b4d => moved successfully
C:\Users\Lenovo\AppData\Roaming\e68d6ded-783d-4496-9dcb-9177d3bbd1cb => moved successfully
C:\Users\Lenovo\AppData\Roaming\f7dc8b2b-6ba7-484e-bf98-5b1e588ef27d => moved successfully
C:\Users\Lenovo\AppData\Roaming\09483473-e603-4bc7-a32b-4a8db751967b => moved successfully
C:\Users\Lenovo\AppData\Roaming\28c17e93-ed5a-4684-b8c3-ddfd2eec1d92 => moved successfully
C:\Users\Lenovo\AppData\Roaming\0df435bc-4812-467e-9214-bf66d9cc4053 => moved successfully
C:\Users\Lenovo\AppData\Roaming\94374585-f0a0-4358-977a-2512d8c4cce0 => moved successfully
C:\Users\Lenovo\AppData\Roaming\6443f552-f262-4142-a287-2d67ddbd4477 => moved successfully
C:\Users\Lenovo\AppData\Roaming\902321d1-0f64-4431-b905-f7f06cf5497b => moved successfully
C:\Users\Lenovo\AppData\Roaming\1b29a5ff-b068-4577-b83c-5e98ba9843e0 => moved successfully
C:\Users\Lenovo\AppData\Roaming\9545c70e-3ea0-48a4-a098-c6d3017dd006 => moved successfully
C:\Users\Lenovo\AppData\Roaming\33445f3d-78dc-4277-ba87-422ed8802181 => moved successfully
C:\Users\Lenovo\Documents\9TNxzTnxV_DPAx31L3E6q6Ql.exe.uyro => moved successfully
C:\Users\Lenovo\Documents\ITW6vWThzhpAB919kxWbM4UW.exe.uyro => moved successfully
C:\Users\Lenovo\AppData\Roaming\a091ec0a6e2227 => moved successfully
C:\Users\Lenovo\AppData\Roaming\f49dfc5e4e2508 => moved successfully
C:\Users\Lenovo\AppData\Local\bowsakkdestx.txt => moved successfully
C:\Users\Lenovo\AppData\Roaming\B283188499937572 => moved successfully
C:\Users\Lenovo\AppData\Roaming\56a1c3d463f381 => moved successfully
C:\Users\Lenovo\AppData\Local\4be453ca-a897-45e9-b45d-41c3df035795 => moved successfully
C:\SystemID => moved successfully
C:\Users\Lenovo\AppData\Local\01452eb3-bcf0-4a09-af08-c8a0bd38b550 => moved successfully
C:\Program Files (x86)\PowerControl => moved successfully
C:\Users\Lenovo\AppData\Roaming\{326b2940-29e7-11eb-8b86-806e6f6e6963} => moved successfully
C:\Program Files (x86)\PrintFolders => moved successfully
C:\Users\Lenovo\AppData\LocalLow\freebl3.dll => moved successfully
C:\Users\Lenovo\AppData\LocalLow\mozglue.dll => moved successfully
C:\Users\Lenovo\AppData\LocalLow\softokn3.dll => moved successfully
"C:\Windows\system32\Tasks\gntuud.exe" => not found
C:\Users\Lenovo\AppData\Roaming\sNNXzFjaM0w => moved successfully
C:\Users\Lenovo\AppData\Roaming\ch6jM3G501 => moved successfully
C:\Users\Lenovo\AppData\Roaming\3om9MROA => moved successfully
C:\Users\Lenovo\AppData\Local\Yandex => moved successfully
C:\Users\Lenovo\AppData\LocalLow\l9IycQIRyITc => moved successfully
"C:\Users\Lenovo\AppData\Roaming\09483473-e603-4bc7-a32b-4a8db751967b" => not found
"C:\Users\Lenovo\AppData\Roaming\0c0a07ce-3d36-42f8-b12a-c8db42595cac" => not found
"C:\Users\Lenovo\AppData\Roaming\0df435bc-4812-467e-9214-bf66d9cc4053" => not found
"C:\Users\Lenovo\AppData\Roaming\1016f642-18df-41d4-ad2d-92b51b16363c" => not found
"C:\Users\Lenovo\AppData\Roaming\12869057-e0e9-44cd-b08a-114905264dc1" => not found
"C:\Users\Lenovo\AppData\Roaming\153fc053-e88e-44d0-9e5d-d971c7e53214" => not found
"C:\Users\Lenovo\AppData\Roaming\1b29a5ff-b068-4577-b83c-5e98ba9843e0" => not found
"C:\Users\Lenovo\AppData\Roaming\267b92dc-dc21-4f74-a6e5-a3b925e9e5a8" => not found
"C:\Users\Lenovo\AppData\Roaming\28c17e93-ed5a-4684-b8c3-ddfd2eec1d92" => not found
"C:\Users\Lenovo\AppData\Roaming\33445f3d-78dc-4277-ba87-422ed8802181" => not found
"C:\Users\Lenovo\AppData\Roaming\4668bf8d-2987-424f-abc3-de43c5977374" => not found
"C:\Users\Lenovo\AppData\Roaming\484fe4f2-9bad-42aa-a197-dd9fbb41bc60" => not found
"C:\Users\Lenovo\AppData\Roaming\48f7ed8b-4181-48ad-ba12-7b7fe6d3585a" => not found
"C:\Users\Lenovo\AppData\Roaming\4982092e-47c1-4c26-a06a-ba1eb5d50bd4" => not found
"C:\Users\Lenovo\AppData\Roaming\4aa565c9-2d32-4142-89e6-cfa648dbc2e3" => not found
"C:\Users\Lenovo\AppData\Roaming\4d4a96f8-74c5-4068-9179-67f736002e9f" => not found
"C:\Users\Lenovo\AppData\Roaming\4f9506c0-d127-4ea2-817d-fe32e24e6bc6" => not found
"C:\Users\Lenovo\AppData\Roaming\54681132-2e00-4ca9-b146-fc9b88bc9564" => not found
"C:\Users\Lenovo\AppData\Roaming\6443f552-f262-4142-a287-2d67ddbd4477" => not found
"C:\Users\Lenovo\AppData\Roaming\6f2278fa-1e4a-4e5b-aa4d-513eeb8f7ad2" => not found
"C:\Users\Lenovo\AppData\Roaming\73b074e5-ec85-46e9-9a2b-cc17f87cb433" => not found
"C:\Users\Lenovo\AppData\Roaming\764aa004-468d-4a8b-8b33-09528f9a7171" => not found
"C:\Users\Lenovo\AppData\Roaming\77fc39b3-21b7-49ed-8c91-d7bcfaba5ff4" => not found
"C:\Users\Lenovo\AppData\Roaming\780791ae-90aa-4cf0-9563-d0a2ea0d8c65" => not found
"C:\Users\Lenovo\AppData\Roaming\7e838190-6f28-47de-a2b7-b3d27da009e6" => not found
"C:\Users\Lenovo\AppData\Roaming\7f40593a-bef7-4436-98fc-88ce448b09bc" => not found
"C:\Users\Lenovo\AppData\Roaming\88f272cc-cde9-4c17-8023-d3623d681b9a" => not found
"C:\Users\Lenovo\AppData\Roaming\902321d1-0f64-4431-b905-f7f06cf5497b" => not found
"C:\Users\Lenovo\AppData\Roaming\94374585-f0a0-4358-977a-2512d8c4cce0" => not found
"C:\Users\Lenovo\AppData\Roaming\9545c70e-3ea0-48a4-a098-c6d3017dd006" => not found
"C:\Users\Lenovo\AppData\Roaming\9718f58a-654f-49a4-aacc-3f684fe03e07" => not found
"C:\Users\Lenovo\AppData\Roaming\9b01dc3f-8b61-4e46-9426-7965538c2126" => not found
"C:\Users\Lenovo\AppData\Roaming\9e8d328e-a1ec-490d-994a-20935fa52002" => not found
"C:\Users\Lenovo\AppData\Roaming\a1454159-1092-4ce3-ac25-571ff4f4f6d3" => not found
"C:\Users\Lenovo\AppData\Roaming\a86fbd45-63d2-4a11-ab4b-924690112fe6" => not found
"C:\Users\Lenovo\AppData\Roaming\a9ece743-5171-48cb-90d7-0e125954121b" => not found
"C:\Users\Lenovo\AppData\Roaming\b85f1377-feeb-462a-ad35-6d8e7c47fe86" => not found
"C:\Users\Lenovo\AppData\Roaming\bb917342-4edb-4b15-b2c5-766568a62d27" => not found
"C:\Users\Lenovo\AppData\Roaming\c4f7e723-f15a-4873-a6cf-af3727cc40d4" => not found
"C:\Users\Lenovo\AppData\Roaming\c5be1d6d-767c-4265-9ea7-862913e41ca5" => not found
"C:\Users\Lenovo\AppData\Roaming\c74f439b-1813-4c53-9a09-1f626afcb260" => not found
"C:\Users\Lenovo\AppData\Roaming\cb372d39-9c9a-4f13-b183-a910247e6465" => not found
"C:\Users\Lenovo\AppData\Roaming\e3fe2c98-e465-4d19-955b-0387524ddd05" => not found
"C:\Users\Lenovo\AppData\Roaming\e682b467-bdf3-45dc-a302-53418dd1a829" => not found
"C:\Users\Lenovo\AppData\Roaming\e68d6ded-783d-4496-9dcb-9177d3bbd1cb" => not found
"C:\Users\Lenovo\AppData\Roaming\ebbd6c58-f366-418c-a9c0-e9a69fca7b4d" => not found
"C:\Users\Lenovo\AppData\Roaming\f5d9f8de-e001-4fc4-9ad2-8addc7c3c2b0" => not found
"C:\Users\Lenovo\AppData\Roaming\f7dc8b2b-6ba7-484e-bf98-5b1e588ef27d" => not found
Could not move "C:\Users\Lenovo\AppData\Roaming\fbvgfjr" => Scheduled to move on reboot.
"C:\Users\Lenovo\AppData\Local\bowsakkdestx.txt" => not found

========================= Folder: C:\Users\Lenovo\AppData\Local\cache ========================


====== End of Folder: ======

"C:\Windows\system32\Drivers\aiydctei.sys" => ":changelist" ADS not found.
C:\Users\Lenovo\AppData\Roaming\Java => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9EBEAD5F-8AEA-47B9-9C45-24449A1FDF6E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{07B3D723-3BA8-4112-A046-C5268919777E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{715B0D67-9299-470C-BCED-279BD4AE5330}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9B8ADB80-FBEE-4B12-8C52-C81925284ECD}" => removed successfully
"C:\Windows\system32\MW9SFPK7JY.tmp" => not found

========= del %temp%\*.* /f /s /q =========

Deleted file - C:\Users\Lenovo\AppData\Local\Temp\51d6804d-9699-4500-a378-35fb671c3311.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\cv_debug.log
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\db.dat
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\E0C0.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\E831.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\E8BF.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\E92D.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\E9BB.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\EA39.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\EAB7.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\EB35.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\EBB3.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\EC21.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\ECAF.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\ED2D.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\EDBB.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\EE48.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\EEC6.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\EF54.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\EFD2.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\F060.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\F0ED.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\F18A.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\F6F7.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\F795.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\F822.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\F8A0.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\hollyhock-7410355_1280.jpg
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\kmplex.png
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\lockfile.dat
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\msedge_installer.log
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\Setup Log 2022-12-04 #001.txt
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\Setup Log 2022-12-04 #002.txt
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\Setup Log 2022-12-04 #003.txt
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\Setup Log 2022-12-04 #004.txt
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\tmpA056.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\tmpaddon
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\tmpaddon-1
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\tmpaddon-2
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\tmpaddon-3
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\tmpaddon-4
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\tmpB296.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\tmpF853.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\x1b8.0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\x82k.0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\x8p8.0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\x9bw.0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\xa6o.0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\xfng.0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\xg8.0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\2c-eb935-259-2faa2-4f9cdefeebe66\Pebixusaega.exe.config
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\3a-ba0ed-986-2dc8e-c7354dc12fbef\Rekaelazhyro.exe.config
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\90-851fb-d03-8859f-21883b4ab428b\Pebixusaega.exe.config
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\AMSnHkdjZsthywcUaA\zzVJcq
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\aqTBNjcdddhRHuRgoe\KkdBpv
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\cBREqUSjaCSjxMXZAz\kZQAiF
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\ChromeCleaner_0_2756_1483759398\debug.log
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\DaiZsJDyhWbLcsbqzT\AECTHo
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\Diagnostics\WINWORD\App1670158818784295300_F2EB0DA9-72FC-4ED2-9C9C-667A85CD67C5.log
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\Diagnostics\WINWORD\App1670158818785155500_F2EB0DA9-72FC-4ED2-9C9C-667A85CD67C5.log
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\fMwOgGfVoIGLyxHcQq\NtOZcr
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350\uninstall.hta.log
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350\HTA\install.1670141350.zip
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350\HTA\i18n\br.json
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350\HTA\i18n\de.json
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350\HTA\i18n\en.json
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350\HTA\i18n\es.json
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350\HTA\i18n\fr.json
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350\HTA\i18n\it.json
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350\HTA\i18n\ko.json
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350\HTA\i18n\pt.json
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350\HTA\i18n\ru.json
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350\HTA\images\bt_icon_48px.png
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350\HTA\images\loading.gif
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350\HTA\images\main_icon.png
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350\HTA\styles\common.css
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350\HTA\styles\installer.css
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\bg_windows_7_ultimate_with_sp1_x64_dvd_u_677363.iso.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\Blind.S01E01.1080p.WEB-DL.H264.AAC-AppleTor.mp4.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\Blind.S01E02.1080p.WEB-DL.H264.AAC-AppleTor.mp4.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\Blind.S01E03.1080p.WEB-DL.H264.AAC-AppleTor.mp4.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\Blind.S01E04.1080p.WEB-DL.H264.AAC-AppleTor.mp4.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\Blind.S01E05.1080p.WEB-DL.H264.AAC-AppleTor.mp4.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\Blind.S01E06.1080p.WEB-DL.H264.AAC-AppleTor.mp4.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\Blind.S01E07.1080p.WEB-DL.H264.AAC-AppleTor.mp4.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\Blind.S01E08.1080p.WEB-DL.H264.AAC-AppleTor.mp4.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\chrome_native.json
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\dht.dat
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\dht_feed.dat
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\Emergency.Couple.E01.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\Ghost.Doctor.S01E01.220103.720p-NEXT.mp4.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\Ghost.Doctor.S01E02.220104.720p-NEXT.mp4.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\Ghost.Doctor.S01E03-04.720p-NEXT.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\helper_web_ui.btinstall
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\Love.Is.For.Suckers.S01E01-E02.720p-NEXT.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\Love.Is.For.Suckers.S01E03-E04.720p-NEXT.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\Love.Is.For.Suckers.S01E05-E06.720p-NEXT.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\Love.Is.For.Suckers.S01E07-E08.720p-NEXT.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\resume.dat
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\rss.dat
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\settings.dat
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\The Golden Spoon E05.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\The Golden Spoon E06.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\The Golden Spoon E07.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\The Golden Spoon E08.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\Tidal.Wave.2009.ROK.DVDRip.XviD-LB.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\updates.dat
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\utorrent.lng
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\VA - Billboard Global 200 Singles Chart [12.11.2022].torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\VA - The Official UK Top 100 Singles Chart [03.11.2022].torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\Zamunda Team Music vol.6.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\Спросите.медсестру.2021.(08.серии.от.08).WEB-HD.1080p.H264.AC3-BULGAR.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\Шеф. Возвращение S05 2021 WEB-DL 1080p AVC AC3.torrent
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\apps\featuredContent.btapp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\apps\player.btapp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\apps\plus.btapp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\apps\welcome-upsell.btapp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\dlimagecache\165F6EF40A81DD175FFAEA69E77ABFD30B27E71C
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\dlimagecache\21403779564BD2E3A33023568D7B75FDBEB7E284
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\helper\btinstall.txt
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\HYD2BC7.tmp.1670141350_permissionsCopy\helper\webui.zip
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\is-86NVR.tmp\_isetup\_setup64.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\is-OSPDH.tmp\_isetup\_setup64.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\is-PDA9U.tmp\_iscrypt.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\is-PDA9U.tmp\_isetup\_setup64.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\is-PDA9U.tmp\_isetup\_shfoldr.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\is-R6RA6.tmp\_isetup\_setup64.tmp
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\kfa5sx10.zog\pb1117.exe
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\KZvpBUIhCvCJXDNiZP\wcemGx
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\mKpHfCGKHImsAUcLsA\qzhfDL
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\NMEQACsiPhbGgLDaCQ\NlqXcP
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\QHAwKbDRQydtQVdxmJ\CApxRR
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\QNCNUuWMKEHooFXpIY\AzrvdD
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\QxhijRUdNDlcSoFdGJ\XVIJSh
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\Rar$EXa9428.10895\Magav User Manual 2020-04-27.pdf
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\rjJaBRZnNtaGxGqDvZ\FZXvqK
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\SjiIKOtCogoUCKaLjH\ciQdxI
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\SzOxWIPUpOLGJGVZcU\aRACyN
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\TCD839.tmp\CHICAGO.xsl
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\TCD83A.tmp\iso690nmerical.xsl
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\TCD83B.tmp\gb.xsl
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\TCD83C.tmp\turabian.xsl
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\TCD84F.tmp\gosttitle.xsl
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\TCD851.tmp\ieee2006officeonline.xsl
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\TCD891.tmp\mlaseventheditionofficeonline.xsl
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\TCD943.tmp\harvardanglia2008officeonline.xsl
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\TCD944.tmp\iso690.xsl
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\TCD945.tmp\sist02.xsl
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\TCD946.tmp\APASixthEditionOfficeOnline.xsl
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\TCD947.tmp\gostname.xsl
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\tLRrLTMtEXfmkEuXSq\TLZrOB
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\uWScKhtCpfsJOLrSXz\yjLVtF
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\ViZQlrUgzcBxipcmmU\ARELJy
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\WnvaxTodeYMNslXTGe\LGwzTe
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\XhwFYzSDtFeUGnMMOd\TMPuqK
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\XppzpHKBgoPvxcpbBJ\HNYtdP
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\yElxfyvvPmNfKCnmXf\pqIGLx
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{48edb28c-891e-4ad7-93ae-a8286f83b207}\cdcccc7f-d4e2-41ad-863a-dff5d5da7260.cmd
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\2de63549.exe
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-console-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-datetime-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-debug-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-errorhandling-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-file-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-file-l1-2-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-file-l2-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-handle-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-heap-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-interlocked-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-libraryloader-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-localization-l1-2-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-memory-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-namedpipe-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-processenvironment-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-processthreads-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-processthreads-l1-1-1.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-profile-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-rtlsupport-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-string-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-synch-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-synch-l1-2-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-sysinfo-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-timezone-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-core-util-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\API-MS-Win-core-xstate-l2-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-crt-conio-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-crt-convert-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-crt-environment-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-crt-filesystem-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-crt-heap-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-crt-locale-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-crt-math-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-crt-multibyte-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-crt-private-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-crt-process-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-crt-runtime-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-crt-stdio-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-crt-string-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-crt-time-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\api-ms-win-crt-utility-l1-1-0.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\app_core.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\app_core_meta.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\certdb_v2.ff0267f5856b0f932254.idx~0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\concrt140.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\config.esm
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\crypto_components.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\crypto_components_meta.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\crypto_ssl_1_1.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\DataFormats-en.xml
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\dbghelp.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\dblite.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\dumpwriter.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\instrumental_meta.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\instrumental_services.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\kdbldsc.dat
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\kdbprdmpsc.dat
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\key_value_storage.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\kldw.exe
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\klmd.sys
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\klsl.sys
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\ksn_facade.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\ksn_meta.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\KVRT.exe
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\KvrtGui.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\mc_statistic.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\msvcp140.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\persistent_q.db
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\persistent_q.db-shm
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\persistent_q.db-wal
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Qt5Core.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Qt5Gui.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Qt5Widgets.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\rootcertdb.909ed4654f968d612379.idx~0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\settings.dat
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\settings.kvdb
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\settings.kvdb-shm
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\settings.kvdb-wal
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\storage.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\storage.kvdb
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\storage.kvdb-shm
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\storage.kvdb-wal
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\ucrtbase.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\uds.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\vcruntime140.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Bases\arkmon32.drv
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Bases\arkmon32.drv0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Bases\arkmon64.drv
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Bases\arkmon64.drv0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Bases\certdb_v2.dat
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Bases\rootcertdb.dat
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Bases\Cache\arkmon.kdl.dd82b16ab8c750d3bc3432939f4b7a25_0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Bases\Cache\avengine.dll.3f0415fac092db9820bf875d8507a68b_0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Bases\Cache\kavbase.kdl.d1fb224d14b168546a97638054851b82_0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Bases\Cache\kavsys.kdl.6ab77d27b0822d55fc1178c0808f9e69_0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Bases\Cache\kjim.kdl.c8db75a0894b13545398ce6a65dd26b9_0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Bases\Cache\klavemu.kdl.7ba4b571e19461409ed8d30c53f11be5_0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Bases\Cache\mark.kdl.e4eec710e6e9470b1a57482165eb0814_0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Bases\Cache\qscan.kdl.839521cac3a8a20033c299a07ae94a47_0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Bases\Cache\sys_critical_obj.dll.15870ca4e4acf60690f114f8bda721fd_0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Bases\KLAVA\log0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Bases\KSN\log0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\Bases\SCO\log0
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\crls\83800a305c339a22876d9ee5b34737e5f1dbcea18d5f19e2c38b54f4c721fabd
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\crls\c7e6bd7fe0e4965892ad706f0d2f42e88789b8041daf5b3eea9ca41785297798
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\plugins\imageformats\qgif.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\plugins\imageformats\qicns.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\plugins\imageformats\qico.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\plugins\imageformats\qjpeg.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\plugins\imageformats\qtga.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\plugins\imageformats\qtiff.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\plugins\imageformats\qwbmp.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\plugins\imageformats\qwebp.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\plugins\platforms\qwindows.dll
Deleted file - C:\Users\Lenovo\AppData\Local\Temp\{e80e51be-9bf7-496c-9c73-3ce2ca641cd6}\x86\redist.tar

========= End of CMD: =========


========= rd /s /q %temp% =========

0
========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-589266725-163046098-2985141653-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-589266725-163046098-2985141653-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 491797035 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 520 B
Windows/system/drivers => 8982899 B
Edge => 0 B
Chrome => 208078872 B
Firefox => 1708529282 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4926 B
NetworkService => 247806 B
Lenovo => 12101466 B

RecycleBin => 2404833003 B
EmptyTemp: => 4.5 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 04-12-2022 17:36:29)

C:\Users\Lenovo\AppData\Roaming\fbvgfjr => Is moved successfully

==== End of Fixlog 17:36:29 ====

 

Все още всичко си стои с .uyro !     Да пускам ли проверката с Windows Defender?

Линк към коментара
Сподели в други сайтове

преди 14 минути, Димитър 59 написа:

Все още всичко си стои с .uyro !     Да пускам ли проверката с Windows Defender?

Е стои, но това не е заразата, а това са криптираните файлове. Не съм ги изтрил, защото нали каза, че после ще ги презаместваш с бекъп файловете и ги оставих да ти е по-лесно. Иначе лесно може да ги изтрия с една команда ако искаш.

И да, пусни една проверка с Windows Defender-a сега.

Линк към коментара
Сподели в други сайтове

 Windows Defender-a откри 3 заплахи.Маркирах ги за карантина.Пак започна да сканира.

След  повторното пълно сканиране откри 8 заплахи.Сложих ги под каратина.

Пуснах STOP Djvu decryptor,избрах диск „С“,маркирах бутона decrypt,работи само няколко секунди,нищо не направи.Никакви опции за продължение няма.

Линк към коментара
Сподели в други сайтове

Можеш ли да покажеш какво е намерила? Предполагам, че файловете в карантината - C:\FRST\Quarantine, но все пак.

Колкото до декриптора, не вярвам да сработи, но не пречи да опиташ.

Колкото до файловете, аз казах, че няма работещ декриптор за тях. Ако си очаквал след поправките да заработят си се заблудил. Ние само можем да премахнем заразата. Криптираните файлове или могат да се изтрия и да си ги замениш от бекъпа или да си ги преместиш някъде като свършим с почистването за да не ти заемат място и да се надяваш един ден да се появи декриптор за тях. На този етап не са опасни (заразни), но са и неизползваеми.

Ако решиш да ги изтрием направи следното:

Изтеглете fixlist.txt и го запазете в папката, където сте свалили FRST64.exe.

Стартирайте FRST64.exe и натиснете бутона Fix веднъж!

Ако ви поиска рестарт съгласете се.

Публикувайте лог файла - Fixlog.txt, който ще се създаде след работата на програмата.

Това ще ги изтрие и от двата дяла.

След това ако искаш направи една нова проверка с FRST с бутона SCAN и прикачи новите резултати за да видя дали нещо не се е върнало.

Поздрави!

 

Линк към коментара
Сподели в други сайтове

Вместо да ги трия,мисля да си направя преинсталация на системата и после да почна да си инсталирам всичко от начало,както и да си копирам какво ми е нужно.Мерси за оказаната помощ.

Линк към коментара
Сподели в други сайтове

Няма за какво. Почистването все пак не беше напразно, защото можеше да зарази и инсталационната флашка и бекъпна на външния диск.

Макар че имай предвид, че преинстацията засяга само системния дял, а скрипта би изтрил криптираните файлове и от дял D:\

Аз лично бих го пуснал преди преинсталацията, пък после пак си преинсталирай като искаш.

Поздрави!

Линк към коментара
Сподели в други сайтове

Между другото,след всичко това не ми работят половината програми,уиндоус ъпдейт и други функции на системата.Просто омазана работа. При исталацията на системата,ще форматирам както дял С ,така и Д

Линк към коментара
Сподели в други сайтове

За програмите е нормално, защото най-вероятно и техни файлове са били криптирани (въпреки, че гадините имат черни и бели списъци с това, кои файлове и папки да избягват).

Функциите на Windows се поправят, но ще отнеме време, а явно си нетърпелив, затова си действай по твоя начин. D:\ не мисля, че е нужно да се форматира, а на C:\ можеш и един Reset-PC да пробваш ако решиш да не форматираш.

А иначе занапред си прави image на дяла, защото с него щеше да си в играта с два клика на мишката и с максимум 15-тина минути загубено време. А сега времето ще е доста повеече.

Не е зле да помислиш за добавка към Windows Defender като Appcheck и да избягваш пиратско съдържание.

https://www.kaldata.com/софтуер/appcheck-anti-ransomware-274541.html

Линк към коментара
Сподели в други сайтове

преди 3 минути, B-boy/StyLe/ написа:

можеш и един Reset-PC да пробваш

Пробвах Reset-PC ,но също не иска работи.Диск „Д“ вече го форматирах.Сега тегля същата версия,която имах и инсталирам на чисто.Нетърпелив съм,защото от утре съм на работа.Постепенно ще си го оправя.Мерси за помоща още веднъж.

Линк към коментара
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Публикацията ви съдържа термини, които не допускаме! Моля, редактирайте съдържанието си и премахнете подчертаните думи по-долу. Ако замените букви от думата със звездички или друго, за да заобиколите това предупреждение, профилът ви ще бъде блокиран и наказан!
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.

 Сподели

×
×
  • Добави ново...