Документите на MS Word спираха, не се затваряха дълго време, нито се отваряха, нито записваха бързо, нито записваха бързо. Сканирането с AVG, Malwarebyes не показа нищо. Старата версия на Emsisoft показа това:
Setting.DisableRegistryTools (A)
Стойност: HKEY_Local_Machine\SOFTWARE\MICROSOFT\WINDOWS\CURRCURRENT\VERSION\POLICIES\SYSTEM –
Gen:Trojan.Heur.KT.2@l@@ai4D7Fki (B
Setting.DisableRegistryTools (A)
Стойност: HKEY_Local_Machine\SOFTWARE\MICROSOFT\WINDOWS\CURRCURRENT\VERSION\POLICIES\SYSTEM –
Gen:Trojan.Heur.KT.2@l@@ai4D7Fki (B
Emsisoft Emergency Kit - Версия 9.0
Последна актуализация: 18.11.2018 г. 18:31:20 ч.
Потребителски акаунт: Precision-T3600\MEH
Настройки за сканиране:
Тип сканиране: Интелигентно сканиране
Обекти: руткитове, памет, следи, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\
Откриване на PUPs: Вкл
Сканиране на архиви: Изкл
Сканиране на реклами: Вкл
Филтър за файлови разширения: Изкл
Разширено кеширане: Включено
Директен достъп до диска: Изкл
Начало на сканирането: 01.05.2022 г. 13:59:18 ч
Стойност: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> Открити са DISABLEREGISTRYTOOLS: Setting.DisableRegistryTools (A)
C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV.HXSdetected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\EXCEL.HXSdetected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\GRAPH.HXS открит: Gen:Trojan.Heur.KT.2.Li@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\MSOUC.HXS открит: Gen:Trojan.Heur.KT.2.Ai@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\MSTORE.HXSdetected: Gen:Trojan.Heur.KT.2.xi@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\OIS.HXS открит: Gen:Trojan.Heur.KT.2.Bi@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\ONENOTE.HXSdetected: Gen:Trojan.Heur.KT.2.Qj@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK.DEV.HXS открит: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK.HXSdetected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\POWERPNT.DEV.HXSdetected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\POWERPNT.HXS открит: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\SETLANG.HXS открит: Gen:Trojan.Heur.KT.2.yi@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\WINWORD.DEV.HXS открит: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B
C:\Program Files\Microsoft Office\Office14\1033\WINWORD.HXSdetected: Gen:Trojan.Heur.KT.2.@l@@ai4D7Fki (B
C:\Program Files (x86)\Common Files\microsoft shared\Help\HxRuntime.HxSdetected: Gen:Trojan.Heur.KT.2.bi!@ai4D7Fki (B
C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateBroker.exe открит: Gen:Trojan.Heur.FU.hu2@a4WmjAci (B
C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateOnDemand.exedetected: Gen:Trojan.Heur.FU.hu2@a0QUcoki (B
C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleUpdateSetup.exedetected: Gen:Trojan.Heur2.FU.wv2@aGX6qsAP (B
C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.36.132\GoogleUpdateSetup.exe открит: Gen:Trojan.Heur2.FU.wv2@aGX6qsAP (Б
Сканирано 249192
Намерени 20
Край на сканирането: 1.5.2022 г. 14:55:20 ч
Време за сканиране: 0:56:02
Резултат от сканиране на Farbar Recovery Scan Tool (FRST) (x64) Версия: 22-04-2022
Изпълнено от MEH (администратор) на PRECISION-T3600 (Dell Inc. Precision T3600) (05-01-2022 19:43:12)
Стартиране от C:\Users\MEH\Downloads
Заредени профили: MEH
Платформа: Microsoft Windows 7 ProfessionalService Pack 1 (X64) Език: английски (САЩ)
Браузър по подразбиране: FF
Режим на зареждане: нормален
==================== Процеси (в белия списък) ==================
(Ако даден запис е включен в списъка с корекции, процесът ще бъде затворен. Файлът няма да бъде преместен.)
(atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(AuthenTec, Inc. -> Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe <4>
(C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\ Antivirus\aswEngSrv.exe
(C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ->) (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live \WLIDSVCM.EXE
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(CNET Networks -> Webshots.com) C:\Program Files (x86)\Webshots\Webshots.scr
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <14>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgToolsSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
==================== Регистър (в белия списък) =====================
(Ако запис е включен в списъка с корекции, елементът от системния регистър ще бъде възстановен по подразбиране или премахнат. Файлът няма да бъде преместен.)
HKLM\...\Изпълни: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [168376 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1841496 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Изпълни: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ограничение <==== ВНИМАНИЕ
HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\Изпълни: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\Winlogon: [Shell] - <==== ВНИМАНИЕ
HKU\S-1-5-21-4144036370-3246485623-2860655430-501\...\Изпълни: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Windows x64\Print Processors\HP1020PrintProc: C:\Windows\System32\spool\prtprocs\x64\pphp1020.dll [65024 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\hpcpp160: C:\Windows\System32\spool\prtprocs\x64\hpcpp160.dll [602912 2013-12-04] (Hewlett-Packard Company -> Hewlett -Packard Corporation)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\Windows\system32\HPMPW081.DLL [74016 2013-12-04] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\...\Print\Monitors\HPLJ1020LM: C:\Windows\system32\zlhp1020.dll [192512 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher ->)
HKLM\...\Print\Monitors\HPMLM135: C:\Windows\system32\hpmlm135.dll [237344 2013-12-04] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\100.0.4896.127\Installer\chrmstp.exe [2022-04-14] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
HKLM\Software\...\Authentication\Credential Providers: [{18CBEEAA-6708-41A1-9379-D08915333CF2}] -> C:\Program Files\Common Files\SPBA\provider.dll [2012-08-17] (AuthenTec, Inc. -> Authentec Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
HKLM\Software\...\Authentication\Credential Provider Filters: [{AE583D93-8D1B-424F-9858-5623FB7824EE}] -> C:\Program Files\Common Files\SPBA\provider.dll [2012-08-17] (AuthenTec, Inc. -> Authentec Inc.)
Стартиране: C:\Users\MEH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk [2022-02-18]
ShortcutTarget: Webshots.lnk -> C:\Program Files (x86)\Webshots\Launcher.exe (CNET Networks -> Webshots.com)
BootExecute: автоматична проверка autochk * sdnclean64.exe
Групова политика: Ограничение? <==== ВНИМАНИЕ
Правила: C:\ProgramData\NTUSER.pol: Ограничение <==== ВНИМАНИЕ
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ограничение <==== ВНИМАНИЕ
HKLM\SOFTWARE\Policies\Google: Ограничение <==== ВНИМАНИЕ
==================== Планирани задачи (в белия списък) =============
(Ако даден запис е включен в списъка с корекции, той ще бъде премахнат от системния регистър. Файлът няма да бъде преместен, освен ако не е посочен отделно.)
Задача: {00715906-9A6C-43DA-866C-7523D9352346} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Задача: {06800F5D-26DE-4E82-985C-2B5EDD75F748} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49544 2017-12-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Задача: {35E42BBA-94A0-448C-A0DE-486444F0E3CF} - System32\Tasks\AdobeGCInvoker-1.0-Precision-T3600-MEH => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Задача: {419FB094-AADC-4E57-A1A2-146C5965B067} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Задача: {4B700974-F9F9-4691-B0F1-289888C6E47C} - System32\Tasks\Opera планирана автоматична актуализация 1544753743 => C:\Users\MEH\AppData\Local\Programs\Opera\launcher.exe [2469120 20.04.2022] (Opera Software AS -> Opera Software)
Задача: {5505C032-DF9F-4291-8D1B-E5D18C7C2E97} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [52224 2013-10-17] () [Файлът не е подписан]
Задача: {5535F17E-2A3B-49AE-A978-B9F9AAFCB300} - System32\Tasks\WSCEAA => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe [35184 2012-11-28] (Wave Systems Corp. -> Wave Systems Corp.)
Задача: {61DE9BA2-EB53-4D31-A4FB-E5F41422B32E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe /StartRecording (без файл)
Задача: {654A59F0-4DA5-4631-9129-7724ABE2DAC0} - \Adobe Flash Player NPAPI Notifier -> Няма файл <==== ВНИМАНИЕ
Задача: {65E60B25-67DB-4B81-8C0D-12D4BB8400B7} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [5008312 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Задача: {73A86648-CAE9-4631-B6CC-22C4813F53BB} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [893832 2017-12-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Задача: {776C0E4A-EC83-4830-ABE6-AE805CFE1A93} - System32\Tasks\HPCeeScheduleForMEH => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
Задача: {7EC5865E-ADD8-4742-A146-2F0E0AC97EE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Задача: {83B042A5-62E5-401C-BF12-6A57A8DA3F74} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2332984 2022-03-07] (AVG Technologies USA, LLC -> AVG Technologies)
Задача: {86AEF45F-AA8D-43EF-8E3C-034D046B7BA0} - System32\Tasks\Opera планиран асистент Autoupdate 1582400741 => C:\Users\MEH\AppData\Local\Programs\Opera\launcher.exe [2469120 20.04.2022] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\MEH\AppData\Local\Programs\Opera\assistant" $(Arg0)
Задача: {8A93C550-C837-46C1-B6CD-6E9A060BE90E} - System32\Tasks\{F08BEBEE-FD4F-4756-AE73-0B076D713704} => C:\Windows\system32\pcalua.exe -a "C:\Users\MEH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX4WHZXN\JavaSetup8u191.exe" -d C:\Users\MEH \Работен плот
Задача: {8FCAE949-B150-4ACE-9806-6D92EE95C7A2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-02-16] (Piriform Software Ltd -> Piriform)
Задача: {9EE9132B-95A6-41F2-B4E0-BBDC36446286} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Задача: {ACBC7FF7-1B9B-4A32-8465-EE0C5A74421C} - \Adobe Flash Player PPAPI Notifier -> Няма файл <==== ВНИМАНИЕ
Задача: {BE0C51C0-C83E-4CEB-96C5-96A11F08AE90} - System32\Tasks\AdobeAAMUpdater-1.0-Precision-T3600-MEH => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Задача: {C1BC7535-CE35-44EA-AB29-CA485836CFDB} - System32\Tasks\{E08EF988-BD4A-416B-BCA4-271B6798517A} => C:\Users\MEH\Desktop\JRT_NEW.exe (Няма файл)
Задача: {CFE23D24-940B-4A38-BF63-B93311BCC136} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Задача: {EDA1EEAA-630F-47CD-91BB-BFE68FE98CD6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send (Без файл)
Задача: {EEE9458D-E547-490C-BB08-BB85467EF2A1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Задача: {F532A395-364D-4F8F-B602-A9F923DC3FFE} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [69512 2017-12-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
(Ако в списъка с корекции е включен запис, файлът на задачата (.job) ще бъде преместен. Файлът, който се изпълнява от задачата, няма да бъде преместен.)
Задача: C:\Windows\Tasks\HPCeeScheduleForMEH.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Интернет (в белия списък) =====================
(Ако даден елемент е включен в списъка с корекции, ако е елемент от системния регистър, той ще бъде премахнат или възстановен по подразбиране.)
Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\Параметри: [DhcpNameServer] 192.168.0.1
Tcpip\..\Интерфейси\{07844A5C-8366-4EB3-9E56-C221DF0D0D64}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Интерфейси\{883F6A1F-DB26-41AD-A138-5D9A044B7999}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Интерфейси\{9C16CE0E-C564-4F18-B93B-E2AFE99373FE}: [DhcpNameServer] 10.1.10.1
Ръб:
=======
Edge DefaultProfile: По подразбиране
Профил на Edge: C:\Users\MEH\AppData\Local\Microsoft\Edge\User Data\Default [2022-05-01]
Начална страница на Edge: По подразбиране -> hxxp://www.duckduckgo.com/
Edge HKLM-x32\...\Edge\Разширение: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF Профил по подразбиране: 0u1mt6n7.default-1416744754553
FF ProfilePath: C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 [2022-05-01]
Начална страница на FF: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> hxxp://www.duckduckgo.com
Възстановяване на FF сесия: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> е активиран.
FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Активиран: newtaboverride@agenedia.com
FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Активиран: @webrtc-leak-shield
FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Активиран: ddg@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Активиран: wikipedia@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Активиран: google@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Активиран: ebay@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Активиран: bing@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553 -> Активиран: amazondotcom@search.mozilla.org
FF Разширение: (WebRTC Leak Shield) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\@webrtc-leak-shield.xpi [2021-09- 29]
FF Разширение: (бутон за запазване на Pinterest) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2022-03-01 ]
FF Разширение: (DuckDuckGo Privacy Essentials) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [26.04.2022 г. ]
FF Разширение: (Замяна на нов раздел) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\newtaboverride@agenedia.com.xpi [2022-02-07 ]
FF Разширение: (Добавка за изключване на Google Анализ (от Google)) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\{6d96bb5e-1175 -4ebf-8ab5-5f56f1c79f65}.xpi [2021-10-31] [UpdateUrl:hxxps://tools.google.com/service/update2/ff?guid=%ITEM_ID%&version=%ITEM_VERSION%&application =%APP_ID%&appversion=%APP_VERSION%]
FF Разширение: (NoScript) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2022 -04-18]
FF Разширение: (Цвят в друг цвят) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\{9e420261-1c2f-4eb7-a9f0-dc7292f17459} .xpi [12.2021]
FF Разширение: (Adblock Plus - безплатен блокер за реклами) - C:\Users\MEH\AppData\Roaming\Mozilla\Firefox\Profiles\0u1mt6n7.default-1416744754553\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d }.xpi [23 ноември 2021 г.]
Приставка за FF: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_453.dll [Няма файл]
Добавка за FF: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [29.11.2021] (Oracle America, Inc. -> Oracle Corporation)
Добавка за FF: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-11-29] (Oracle America, Inc. -> Oracle Corporation)
Добавка за FF: @microsoft.com/GENUINE -> деактивирано [Няма файл]
Приставка за FF: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
Приставка за FF: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_453.dll [Няма файл]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1233203.dll [2018-05-15] (Adobe Systems, Inc.) [Файлът не е подписан]
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.) [Файлът не е подписан]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2012-05-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2012-05-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> деактивирано [Няма файл]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.5.699 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [Няма файл]
FF Plugin-x32: @real.com/nprpplugin;version=18.1.5.699 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [Няма файл]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems Incorporated -> Adobe Systems)
Chrome:
=======
CHR профил: C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default [2022-05-01]
CHR DefaultSearchURL: По подразбиране -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: По подразбиране -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: По подразбиране -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={език}&PC=U316
CHR Разширение: (красота) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbbelgoeoihcmnkgkeanmogncgkfichm [2021-10-09]
CHR разширение: (NiftySplit) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjnlfillpnkgmjnhgklpjjlpjnfeil [2018-06-16]
CHR разширение: (Adblock Plus - безплатен блокер за реклами) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-01-13]
CHR разширение: (Adobe Acrobat: инструменти за редактиране, конвертиране, подписване на PDF) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [28.04.2022]
CHR Разширение: (AutoplayStopper) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddcgojdblidajhngkogefpkknnebdh [28.02.2022]
CHR Разширение: (Не пипайте с поставяне) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgllhigpcljnhoakjkgaieabnkmgdkb [2020-05-31]
CHR разширение: (плащания в уеб магазина на Chrome) - C:\Users\MEH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [29.01.2021]
CHR профил: C:\Users\MEH\AppData\Local\Google\Chrome\User Data\System Profile [2022-05-01]
CHR HKLM-x32\...\Chrome\Разширение: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Разширение: [ihcjicgdanjaechkgeegckofjjedodee]
Opera:
=======
OPR профил: C:\Users\MEH\AppData\Roaming\Opera Software\Opera Stable [2022-05-01]
OPR StartupUrls: Opera Stable -> "hxxps://duckduckgo.com/"
OPR DefaultSuggestURL: Opera Stable -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list&t={opera:vpnClient}
OPR разширение: (Rich Hints Agent) - C:\Users\MEH\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [3.3.2022]
OPR разширение: (Opera Crypto Wallet) - C:\Users\MEH\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [22.04.2022]
OPR разширение: (предотвратяване на изтичане на WebRTC) - C:\Users\MEH\AppData\Roaming\Opera Software\Opera Stable\Extensions\jjabaljgaabcnmcoalhaldkmcfbojkkb [26.04.2021]
OPR разширение: (промоция на Amazon Assistant) - C:\Users\MEH\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [16.8.2021]
==================== Услуги (в белия списък) =====================
(Ако даден запис е включен в списъка с корекции, той ще бъде премахнат от системния регистър. Файлът няма да бъде преместен, освен ако не е посочен отделно.)
S4 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [713656 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG защитна стена; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [1770424 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG инструменти; C:\Program Files (x86)\AVG\Antivirus\avgToolsSvc.exe [460728 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [8413296 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe [109480 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S4 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [204288 2012-08-02] (Broadcom Corporation) [Файлът не е подписан]
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation -> Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2486272 2013-04-30] (Dell Inc.) [Файлът не е подписан]
S4 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] (Wave Systems Corp. ->)
S4 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc. -> Invincea, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8347832 2022-05-01] (Malwarebytes Inc -> Malwarebytes)
R2 мрежов драйвер HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-15] (Hewlett-Packard) [Файлът не е подписан]
S4 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.) [Файлът не е подписан]
R2 Pml драйвер HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-15] (Hewlett-Packard) [Файлът не е подписан]
S4 poaService; C:\Program Files\Dell\PPO\poaService.exe [641232 2013-07-19] (Techporch Incorporated -> Dell Inc.)
S4 PoaSMSrv; C:\Program Files\Dell\PPO\poaSmSrv.exe [277712 2013-07-19] (Techporch Incorporated -> Dell Inc.)
S4 poaTaServ; C:\Program Files\Dell\PPO\poaTaServ.exe [516304 2013-07-19] (Techporch Incorporated -> Dell Inc.)
S4 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] (Invincea, Inc. ->)
S4 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [Файлът не е подписан]
S4 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.) [Файлът не е подписан]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-28] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
S4 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp. -> Wave Systems Corp.)
===================== Драйвери (в белия списък) ====================
(Ако даден запис е включен в списъка с корекции, той ще бъде премахнат от системния регистър. Файлът няма да бъде преместен, освен ако не е посочен отделно.)
S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1579520 2013-01-22] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [222240 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [372336 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [250456 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [99432 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [41480 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [184768 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [539120 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [29944 2018-11-11] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [107976 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [83040 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [852352 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [557784 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [214496 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [316752 2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-16] (Emsisoft GmbH -> Emsisoft GmbH)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [48464 2015-06-19] (Dell Inc. -> Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2013-04-29] (Techporch Incorporated -> Dell Computer Corporation)
R1 epp64; C:\EEK\bin\epp64.sys [136456 2018-10-27] (Emsisoft Ltd -> Emsisoft GmbH)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] (Invincea, Inc. ->)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-05-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239560 2022-05-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [80384 2010-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [181248 2010-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 POADrvr; C:\Windows\System32\drivers\POADrvr.sys [21264 2013-07-19] (Techporch Incorporated -> Dell Computer Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation -> Corel Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] (Invincea, Inc. ->)
S3 NTIOLib_DVDSetup; \??\F:\NTIOLib_X64.sys [X]
==================== NetSvcs (в белия списък) ====================
(Ако даден запис е включен в списъка с корекции, той ще бъде премахнат от системния регистър. Файлът няма да бъде преместен, освен ако не е посочен отделно.)
==================== Един месец (създадено) (в белия списък) =========
(Ако запис е включен в списъка с корекции, файлът/папката ще бъдат преместени.)
2022-05-01 19:43 - 2022-05-01 19:44 - 000030777 _____ C:\Users\MEH\Downloads\FRST.txt
2022-05-01 19:35 - 2022-05-01 19:35 - 002366976 _____ (Farbar) C:\Users\MEH\Downloads\FRST64(1).exe
2022-05-01 19:33 - 2022-05-01 19:33 - 002366976 _____ (Farbar) C:\Users\MEH\Downloads\FRST64.exe
2022-05-01 19:30 - 2022-05-01 19:30 - 002366976 _____ (Farbar) C:\Users\MEH\Downloads\Unconfirmed 516431.crdownload
2022-05-01 13:51 - 2022-05-01 19:37 - 000005014 _____ C:\Windows\system32\Tasks\WSCEAA
2022-04-21 10:37 - 2022-04-21 10:37 - 000128848 _____ C:\Users\MEH\Downloads\Minnesota Urology_20220421.pdf
2022-04-18 17:30 - 2022-04-18 17:30 - 000002178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2022-04-18 17:30 - 2022-04-18 17:30 - 000002166 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2022-04-09 16:08 - 2022-04-09 16:08 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2022-04-09 16:08 - 2022-04-09 16:08 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
==================== Един месец (променен) ===================
(Ако запис е включен в списъка с корекции, файлът/папката ще бъдат преместени.)
2022-05-01 19:43 - 2014-11-14 19:10 - 000000000 ____D C:\FRST
2022-05-01 19:34 - 2014-05-11 05:53 - 000000000 ____D C:\Program Files (x86)\Google
2022-05-01 19:31 - 2016-11-17 18:09 - 000000000 ____D C:\Users\MEH\AppData\LocalLow\Mozilla
2022-05-01 17:47 - 2017-01-15 21:07 - 000000000 ____D C:\Program Files\CCleaner
2022-05-01 15:48 - 2014-11-16 06:25 - 000000000 ____D C:\EEK
2022-05-01 15:39 - 2021-10-27 05:21 - 000223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-05-01 15:39 - 2021-08-07 00:53 - 000239560 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-05-01 15:39 - 2020-09-27 19:21 - 000001962 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-05-01 15:39 - 2020-01-24 06:28 - 000001950 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-05-01 15:38 - 2020-01-24 06:28 - 000103888 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2022-05-01 15:38 - 2017-12-23 17:02 - 000000000 ____D C:\Program Files\Malwarebytes
2022-05-01 15:38 - 2014-04-29 21:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-05-01 15:19 - 2014-04-29 18:39 - 000000000 ____D C:\Users\MEH\Documents\Word
2022-05-01 14:00 - 2009-07-13 23:45 - 000034832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d- 8115-601632D005A0
2022-05-01 14:00 - 2009-07-13 23:45 - 000034832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d- 8115-601632D005A0
2022-05-01 13:55 - 2009-07-14 00:13 - 000783790 _____ C:\Windows\system32\PerfStringBackup.INI
2022-05-01 13:55 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2022-05-01 13:48 - 2016-10-25 17:37 - 000000000 ____D C:\ProgramData\Avg
2022-05-01 13:47 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-05-01 13:46 - 2019-12-07 21:15 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2022-05-01 02:00 - 2014-06-12 13:04 - 000000000 ____D C:\Users\MEH\AppData\Local\Adobe
2022-04-29 04:31 - 2020-07-06 19:08 - 000002225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-29 04:31 - 2020-07-06 19:08 - 000002184 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-04-28 01:40 - 2017-10-02 04:53 - 000003174 _____ C:\Windows\system32\Tasks\HPCeeScheduleForMEH
2022-04-28 01:40 - 2017-10-02 04:53 - 000000324 _____ C:\Windows\Tasks\HPCeeScheduleForMEH.job
2022-04-25 15:17 - 2017-08-25 20:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-04-25 15:17 - 2014-03-15 16:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-04-21 12:31 - 2018-12-13 21:15 - 000004080 _____ C:\Windows\system32\Tasks\Opera планирана автоматична актуализация 1544753743
2022-04-21 10:56 - 2021-10-21 10:55 - 000004310 _____ C:\Windows\system32\Tasks\Opera планиран асистент Автоматично актуализиране 1582400741
2022-04-20 04:29 - 2014-05-11 05:53 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2022-04-20 04:29 - 2014-05-11 05:53 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2022-04-18 17:30 - 2014-05-11 05:53 - 000000000 ____D C:\Program Files\Google
2022-04-14 20:29 - 2017-05-30 07:04 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-04-14 20:29 - 2017-05-30 07:04 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-04-13 15:01 - 2015-07-15 13:07 - 000002061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-04-09 22:24 - 2020-07-06 19:01 - 000003380 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-04-09 22:24 - 2020-07-06 19:01 - 000003252 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-04-09 16:08 - 2014-03-15 16:07 - 000000000 ____D C:\ProgramData\Mozilla
2022-04-09 11:33 - 2019-12-07 21:13 - 000003346 _____ C:\Windows\system32\Tasks\AMD ThankingURL
2022-04-09 11:33 - 2018-08-25 14:15 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2022-04-09 11:33 - 2018-01-24 21:12 - 000003468 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0-Precision-T3600-MEH
2022-04-09 11:33 - 2017-11-15 06:40 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-04-09 11:33 - 2017-06-24 06:48 - 000004174 _____ C:\Windows\system32\Tasks\Antivirus Спешна актуализация
2022-04-09 11:33 - 2017-04-02 20:07 - 000003316 _____ C:\Windows\system32\Tasks\PinItAutoUpdate
2022-04-09 11:33 - 2017-01-15 21:07 - 000002800 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2022-04-09 11:33 - 2014-12-25 07:16 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Задача за актуализиране
2022-04-09 11:33 - 2014-06-08 13:11 - 000003512 _____ C:\Windows\system32\Tasks\AdobeAAMUpdater-1.0-Precision-T3600-MEH
==================== Файлове в корена на някои директории ========
2016-08-04 13:38 - 2016-08-04 13:38 - 000000132 _____ () C:\Users\MEH\AppData\Roaming\Adobe GIF Format CS5 Prefs
2018-10-07 17:25 - 2022-01-08 09:10 - 000000132 _____ () C:\Users\MEH\AppData\Roaming\Adobe PNG Format CS5 Prefs
2018-09-22 13:00 - 2018-09-22 13:00 - 000308274 _____ () C:\Users\MEH\AppData\Local\ars.cache
2018-09-22 13:00 - 2018-09-22 13:00 - 000589594 _____ () C:\Users\MEH\AppData\Local\census.cache
2018-09-22 12:24 - 2018-09-22 12:24 - 000000036 _____ () C:\Users\MEH\AppData\Local\housecall.guid.cache
2018-09-27 16:17 - 2018-09-27 16:17 - 000000000 _____ () C:\Users\MEH\AppData\Local\oobelibMkey.log
===================== SigCheck ============================ ==
(Няма автоматична корекция за файлове, които не преминават проверка.)
Последна връщане назад: 2022-04-27 00:23
==================== Край на FRST.txt ======================= ==
Допълнителен резултат от сканиране на Farbar Recovery Scan Tool (x64) Версия: 22-04-2022
Ранирано от MEH (01-05-2022 19:44:22)
Стартиране от C:\Users\MEH\Downloads
Microsoft Windows 7 ProfessionalService Pack 1 (X64) (2014-03-15 17:07:50)
Режим на зареждане: нормален
================================================= ===========
==================== Акаунти: =========================== ====
(Ако даден запис е включен в списъка с корекции, той ще бъде премахнат.)
Администратор (S-1-5-21-4144036370-3246485623-2860655430-500 - Администратор - Деактивиран)
Гост (S-1-5-21-4144036370-3246485623-2860655430-501 - Ограничен - Активиран) => C:\Потребители\Гост
HomeGroupUser$ (S-1-5-21-4144036370-3246485623-2860655430-1002 - Ограничен - Активиран)
MEH (S-1-5-21-4144036370-3246485623-2860655430-1000 - Администратор - Активирано) => C:\Потребители\MEH
==================== Център за сигурност =========================
(Ако даден запис е включен в списъка с корекции, той ще бъде премахнат.)
AV: AVG Antivirus (деактивиран - актуален) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: AVG Antivirus (деактивиран - актуален) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
AS: Windows Defender (деактивиран - актуален) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Antivirus (Активиран) {2092F4DC-EC63-3680-C854-E2DACF7E736A}
===================== Инсталирани програми ========================
(Само програмите за рекламен софтуер с флаг „Скрити“ могат да бъдат добавени към списъка с корекции, за да ги покажете. Програмите за рекламен софтуер трябва да се деинсталират ръчно.)
64 Bit HP CIO Components Installer (HKLM\...\{F8F948EA-5AEA-4158-8821-A2F788ECE936}) (Версия: 16.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Версия: 22.001.20117 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Версия: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Версия: 12.1.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Версия: 12.3.3.203 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\Amazon Kindle) (Версия: 1.28.0.57030 - Amazon)
Софтуер на AMD (HKLM\...\AMD Catalyst Install Manager) (Версия: 17.12.1 - Advanced Micro Devices, Inc.)
AVG Internet Security (HKLM\...\AVG Antivirus) (Версия: 21.9.3208 - AVG Technologies)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{7AA348CE-190E-416B-839E-68E33CFEB580}) (Версия: 15.4.14.1 - Broadcom Corporation)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Версия: 3.1.0.1 - Canon Inc.)
Задача CANON iMAGE GATEWAY за ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY задача) (Версия: 1.8.0.1 - Canon Inc.)
Интернет библиотека на Canon за ZoomBrowser EX (HKLM-x32\...\Интернет библиотека на Canon за ZoomBrowser EX) (Версия: 1.7.0.1 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Версия: 1.7.0.6 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Версия: 1.5.0.3 - Canon Inc.)
Canon MovieEdit Task за ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Версия: 3.6.0.5 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Версия: 6.6.0.23 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Версия: 1.4.0.4 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Версия: 5.77 - Piriform)
cloudLibrary 2.3 (HKLM-x32\...\cloudLibrary) (Версия: 2.3 - Bibliotheca)
CopyTrans HEIC за Windows (HKLM\...\CopyTrans HEIC за Windows_is1) (Версия: 1.0.1.0 - Ursa Minor Ltd)
По избор (HKLM\...\{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}) (Версия: 01.00.00.002 - Wave Systems Corp.) Скрит
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Версия: 15.4.2368.0902 - Microsoft) Скрит
Актуализация на клиентската система на Dell (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Версия: 1.3.0 - Dell Inc.)
Защита на данните на Dell | Достъп (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Версия: 2.3.00003.072 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Версия: 1.0.0 - Dell Inc)
Dell Precision Performance Optimizer (HKLM-x32\...\{D66A3355-FEA4-4F60-8BAF-D6CBEDB396D8}) (Версия: 01.07.00 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Версия: 2.3.15835 - Invincea, Inc.)
DellAccess (HKLM\...\{20A4AA32-B3FF-4A0B-853C-ACDDCD6CB344}) (Версия: 01.03.00.078 - Wave Systems Corp.) Скрит
EMBASSY Client Core (HKLM\...\{7EC46A4C-E659-418E-A65A-BD7FC82D4C48}) (Версия: 01.03.00.123 - Wave Systems Corp.) Скрито
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Версия:- Seiko Epson Corporation)
ERAS конектор (HKLM\...\{D46BCA58-0AF7-4455-8017-34CE3FEEE808}) (Версия: 02.09.05.0335 - Wave Systems Corp) Скрит
FARO LS 1.1.501.0 (64 бита) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Версия: 5.1.0.30630 - FARO Scanner Production)
Gemalto (HKLM\...\{91CE5F03-3A2A-4268-935A-04944F058AE9}) (Версия: 01.64.01.0010 - Wave Systems Corp) Скрит
GemPcCCID (HKLM\...\{7567A068-2F02-40D1-A34C-16D79ECD35A6}) (Версия: 2.0.1 - Gemalto) Скрит
Добавка за браузър за изключване на Google Анализ (HKLM\...\{381243CE-484C-4DD1-9F0C-0B117AE4D5C1}) (Версия: 0.9.7.0 - Google Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Версия: 100.0.4896.127 - Google LLC)
Google Earth Pro (HKLM\...\{C36E66A6-6EE5-47DB-945F-A6F03225D540}) (Версия: 7.3.4.8573 - Google)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Версия: 1.3.25.11 - Google Inc.) Скрит
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Версия: 1.2.1.1010 - Intel Corporation)
Intel® Identity Protection Technology 1.2.27.0 (HKLM-x32\...\{F109D156-577D-101B-A622-CF4351943AA4}) (Версия: 1.2.27.0 - Intel Corporation)
Компоненти на Intel® Management Engine (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Версия: 7.1.70.1205 - Intel Corporation)
Intel® Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Версия: 16.8.45.00 - Dell)
Intel® Rapid Storage Technology enterprise (HKLM-x32\...\{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}) (Версия: 3.7.0.1092 - Intel Corporation)
Java 8 Update 311 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180311F0}) (Версия: 8.0.3110.11 - Oracle Corporation)
Актуализация на филтъра за нежелана поща (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Версия: 16.4.3505.0912 - Microsoft Corporation) Скрит
Malwarebytes версия 4.5.8.191 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Версия: 4.5.8.191 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Версия: 4.8.03761 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Версия: 101.0.1210.32 - Microsoft Corporation)
Добавка за проверка на файлове на Microsoft Office (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Версия: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Версия: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Версия: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Версия: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Версия: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Версия: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Версия: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Версия: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Версия: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Версия: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Версия: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Версия: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Версия: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Версия: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Версия: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Версия: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Версия: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Версия: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Версия: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Версия: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Версия: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Версия: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Версия: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Версия: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Версия: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Версия: 16.4.3505.0912 - Microsoft Corporation) Скрит
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Версия: 16.4.3505.0912 - Microsoft Corporation) Скрит
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 99.0 (x64 en-US)) (Версия: 99.0 - Mozilla)
Услуга за поддръжка на Mozilla (HKLM\...\MozillaMaintenanceService) (Версия: 57.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Версия: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Версия: 4.20.9876.0 - Microsoft Corporation)
Opera Stable 85.0.4341.75 (HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\Opera 85.0.4341.75) (Версия: 85.0.4341.75 - Opera Software)
OverDrive за Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Версия: 3.6.0 - OverDrive, Inc.)
PBA Driver-x64 (HKLM\...\{DF5B5BEC-BA44-4669-98C8-2A691C5EA428}) (Версия: 1.0.1.8 - Dell Inc.) Скрит
Pin It (HKLM-x32\...\Pin It_is1) (Версия: 0.0.4 - Pinterest)
Диспечер за предварително зареждане (HKLM\...\{59ACD2BB-FC62-4427-81D2-618CF81A2A32}) (Версия: 03.05.00.043 - Wave Systems Corp.) Скрит
Мениджър на лични данни (HKLM\...\{A90F92B7-3C3F-4AEF-B281-31DD17BB73CA}) (Версия: 07.03.00.032 - Wave Systems Corp.) Скрит
PSE12 STI Installer (HKLM-x32\...\{11F9A376-342F-4297-82DA-1F6EA8ED4B6B}) (Версия: 12.0 - Adobe Systems Incorporated) Скрит
RealDownloader (HKLM-x32\...\{410F406E-7AFC-4E9F-BF7E-0CB3C72BDAB9}) (Версия: 18.1.5.699 - RealNetworks, Inc.) Скрит
RealDownloader (HKLM-x32\...\{4e8ca438-78fb-4658-ac5b-2d128f60c54e}) (Версия: 18.1.5.699 - RealNetworks) Скрит
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Версия: 9.0 - RealNetworks, Inc) Скрито
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Версия: 10.0 - RealNetworks, Inc) Скрито
Драйвер Realtek High Definition Audio (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Версия: 6.0.1.5890 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Версия: 1.1.0 - RealNetworks, Inc.) Скрит
Драйвер за хост контролер Renesas Electronics USB 3.0 (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Версия: 2.0.30.0 - Renesas Electronics Corporation) Скрит
Драйвер за хост контролер Renesas Electronics USB 3.0 (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Версия: 2.0.30.0 - Renesas Electronics Corporation)
Revo Uninstaller 2.1.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Версия: 2.1.1 - VS Revo Group, Ltd.)
Сервизен пакет 2 за Microsoft Office 2010 (KB2687455) 64-битово издание (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877C9080}) (Версия: - Microsoft)
Споделено C Run-time за x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Версия: 10.0.0 - McAfee)
SI TSS (HKLM\...\{A2309A2F-4BEB-45C8-92E1-84D430AC15AD}) (Версия: 2.1.41 - Иновация в сигурността) Скрит
SPBA (WBF) 5.9 (HKLM\...\{DD317AA5-F0EF-480F-9501-507712B5E0B6}) (Версия: 5.9.7.7232 - Authentec Inc.) Скрит
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Версия: 12.0.0.1 - Adobe Systems, Inc) Скрит
toolkit32for64bit (HKLM-x32\...\{CB63285D-990D-4207-AE31-000025626917}) (Версия: 7.70.13.0001 - Wave Systems Corp) Скрит
Trusted Drive Manager (HKLM\...\{236EBEF4-8DE5-4E0E-8FD0-27D94F772FF0}) (Версия: 5.0.2.24 - Wave Systems Corp.) Скрит
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Версия: 1.0.0 - RealNetworks, Inc.) Скрит
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Версия: 1.0.0.0 - Realnetworks) Скрит
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Версия: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Версия: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Версия: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Версия: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Версия: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Версия: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Версия: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Версия: 9.0.30729.177 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Версия: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Версия: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
vs2015_redist x64 (HKLM\...\{EAED8692-5B63-4665-B857-D626633691DA}) (Версия: 1.0.0.0 - Realnetworks) Скрит
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Версия: 1.0.0.0 - Realnetworks) Скрит
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Версия: 1.0.65.0 - LunarG, Inc.) Скрити
Wave Crypto Runtime 2.0.9.0 x64 (HKLM\...\{5F160A36-29D0-4AE0-986C-671A564BC0D4}) (Версия: 02.00.09.0000 - Wave Systems Corp) Скрит
Wave Crypto Runtime 2.0.9.0 x86 (HKLM-x32\...\{29D07FB4-A026-4E1F-B9A2-8C9EC0E2FEBB}) (Версия: 02.00.09.0000 - Wave Systems Corp) Скрит
Инсталатор на Wave Infrastructure (HKLM\...\{90DB5C39-360F-4187-9D56-E3B013CEEF73}) (Версия: 07.70.13.0001 - Wave Systems Corp) Скрит
Инсталатор на софтуер за поддръжка на Wave (HKLM\...\{86A9BBDF-9B6D-4E3D-810E-23C9079C6217}) (Версия: 05.15.00.024 - Wave Systems Corp) Скрит
Webshots Desktop (HKLM-x32\...\Webshots Desktop_is1) (Версия:- CNET Networks)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Версия: 16.4.3505.0912 - Microsoft Corporation)
==================== Персонализиран CLSID (в белия списък): ===============
(Ако даден запис е включен в списъка с корекции, той ще бъде премахнат от системния регистър. Файлът няма да бъде преместен, освен ако не е посочен отделно.)
Персонализиран CLSID: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated ->)
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated ->)
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated ->)
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Идентификатори на ShellIconOverlay: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2013-03-05] (Wave Systems Corp. -> Wave Systems Corp.)
Идентификатори на ShellIconOverlay: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2013-03-05] (Wave Systems Corp. -> Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated ->)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>-> Няма файл
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-12-06] (Advanced Micro Devices, Inc.) [Файлът не е подписан]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] (Adobe Systems Incorporated ->)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-10-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
==================== Кодеци (в белия списък) =====================
==================== Преки пътища & WMI =========================
(Записите могат да бъдат изброени за възстановяване или премахване.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"CmdLineConsumer_WSCEAA\"",Filter="__EventFilter.Name=\"CmdLinefilter_WSCEAA\"::
WMI:абонамент\__EventFilter->CmdLinefilter_WSCEAA::[Query => ИЗБЕРЕТЕ * ОТ MSNdis_StatusMediaConnect]
WMI:абонамент\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" И TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->CmdLineConsumer_WSCEAA::[CommandLineTemplate => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\\WSCEAA.exe -nic][WorkingDirectory => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][Работна директория => C:\\инструменти\\kernrate]
==================== Заредени модули (в белия списък) ==============
2017-12-06 19:26 - 2017-12-06 19:26 - 000155688 _____ (AMD PMP-PE CB Code Signer v20170331 -> Advanced Micro Devices, Inc.) [Файлът не е подписан] C:\ Windows\system32\amdihk64.dll
2013-11-15 00:47 - 2013-11-15 00:47 - 000050688 _____ (Hewlett-Packard) [Файлът не е подписан] c:\windows\system32\hpzinw12.dll
2013-11-15 00:47 - 2013-11-15 00:47 - 000066048 _____ (Hewlett-Packard) [Файлът не е подписан] c:\windows\system32\hpzipm12.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll] C:\Program Files (x86)\AVG\Antivirus\ 1033\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll] C:\Program Files (x86)\AVG\Antivirus\ defs\22050104\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ 1033\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ defs\22050104\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll] C:\Program Files (x86)\AVG\Antivirus\ 1033\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll] C:\Program Files (x86)\AVG\Antivirus\ defs\22050104\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll] C:\Program Files (x86)\AVG\Antivirus\ 1033\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll] C:\Program Files (x86)\AVG\Antivirus\ defs\22050104\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll] C:\Program Files (x86)\AVG\Antivirus\ 1033\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll] C:\Program Files (x86)\AVG\Antivirus\ defs\22050104\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ 1033\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ defs\22050104\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ 1033\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ defs\22050104\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ defs\22050104\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ defs\22050104\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ 1033\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ defs\22050104\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ defs\22050104\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ defs\22050104\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ defs\22050104\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ 1033\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ defs\22050104\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ 1033\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ defs\22050104\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ 1033\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ defs\22050104\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ defs\22050104\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll] C:\Program Files (x86)\AVG\Antivirus\ defs\22050104\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\msvcp140.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\MSVCP140.dll
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\ucrtbase.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\ucrtbase.DLL
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\ucrtbase.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\ucrtbase.DLL
2021-10-27 09:06 - 2021-10-27 09:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\vcruntime140.dll] C:\Program Files (x86)\AVG\Antivirus\1033\avg.local_vc142.crt\VCRUNTIME140.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\vcruntime140.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\VCRUNTIME140.dll
2022-05-01 11:40 - 2022-05-01 11:40 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files (x86)\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_1.dll] C:\Program Files (x86)\AVG\Antivirus\defs\22050104\avg.local_vc142.crt\VCRUNTIME140_1.dll
==================== Алтернативни потоци от данни (в белия списък) ========
==================== Безопасен режим (в белия списък) ====================
(Ако даден запис е включен в списъка с корекции, той ще бъде премахнат от системния регистър. „AlternateShell“ ще бъде възстановен.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Шофьор"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Шофьор"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Шофьор"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Услуга"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Шофьор"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Шофьор"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Шофьор"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Услуга"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "DisplayName"="Нанолечение"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ImagePath"="C:\Program Files\Nanoheal\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Старт"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client => "Тип"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "Приложение"="C:\Програмни файлове\Nanoheal\Клиент\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanoheal Client\Parameters => "Параметри на приложението"=""
==================== Асоциация (в белия списък) ==================
==================== Internet Explorer (Версия 11) (в белия списък) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main, Страница за търсене =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Страница за търсене = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Начална страница = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\Software\Microsoft\Internet Explorer\Main, страница за търсене = hxxp://www.microsoft.com/isapi/redir.dll?prd =ie&ar=iesearch
HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\Software\Microsoft\Internet Explorer\Main, Начална страница = hxxps://www.bing.com/
HKU\S-1-5-21-4144036370-3246485623-2860655430-501\Software\Microsoft\Internet Explorer\Main, Начална страница = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-4144036370-3246485623-2860655430-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
Обхват на търсене: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Обхват на търсене: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Обхват на търсене: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000 -> Обхват по подразбиране {404F5F50-8A0E-4007-B50F-2A7CE96CB1E7} URL =
Обхват на търсене: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000 -> {404F5F50-8A0E-4007-B50F-2A7CE96CB1E7} URL =
BHO: Без име -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> Няма файл
BHO: Добавка за браузър за изключване на Google Анализ -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll [2019-04-04] (Google LLC -> Google, Inc.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_311\bin\ssv.dll [2021-11-29] (Oracle America, Inc. -> Oracle Corporation)
BHO: Помощник за влизане в Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: Управление на кеша на документи на Office -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_311\bin\jp2ssv.dll [29.11.2021] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Добавка за браузър за изключване на Google Анализ -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll [2019-04-04] (Google LLC -> Google, Inc.)
BHO-x32: Помощник за влизане в Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Обработчик на кеша на документи на Office -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
(Ако даден запис е включен в списъка с корекции, той ще бъде премахнат от системния регистър.)
IE надежден сайт: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\juno.com -> juno.com
Ограничен сайт за IE: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\2mdn.net -> m1.2mdn.net
Ограничен сайт за IE: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\adbright.com -> ads.adbright.com
Ограничен сайт за IE: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\adbrite.com -> ads.adbrite.com
Ограничен сайт за IE: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\atdmt.com -> ad.atdmt.com
Ограничен сайт за IE: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\doubleclick.net -> ad.doubleclick.net
Ограничен сайт за IE: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\google-analytics.com -> google-analytics.com
Ограничен сайт за IE: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\googleadvervice.com -> googleadvervice.com
Ограничен сайт за IE: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\googlesyndication.com -> googlesyndication.com
Ограничен сайт за IE: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\paypopups.com -> paypopups.com
Ограничен сайт за IE: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\rmxads.com -> rmxads.com
Ограничен сайт за IE: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\tumri.net -> tumri.net
Ограничен сайт за IE: HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\...\yimg.com -> ads.yimg.com
==================== Съдържание на хостове: ========================== =
(Ако е необходимо Hosts: директивата може да бъде включена в fixlist за нулиране на Hosts.)
2018-11-15 17:15 - 2018-12-03 11:19 - 000000000 _____ C:\Windows\system32\drivers\etc\hosts
2015-06-23 07:14 - 2015-06-23 07:14 - 000000375 _____ C:\Windows\system32\drivers\etc\hosts.ics
==================== Други области ========================== ==
(В момента няма автоматична корекция за този раздел.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\ Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86) \Intel\Services\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Gemalto\Access Client\ v5;C:\Program Files (x86)\Security Innovation\SI TSS\bin;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Common Files\Autodesk Shared\
HKU\S-1-5-21-4144036370-3246485623-2860655430-1000\Контролен панел\Desktop\\Тапет -> C:\Users\MEH\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
HKU\S-1-5-21-4144036370-3246485623-2860655430-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS сървъри: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Защитната стена на Windows е активирана.
==================== MSCONFIG/TASK MANAGER деактивирани елементи ==
(Ако даден запис е включен в списъка с корекции, той ще бъде премахнат.)
MSCONFIG\Services: AdobeActiveFileMonitor12.0 => 2
MSCONFIG\Услуги: AdobeARMservice => 2
MSCONFIG\Services: AdobeUpdateService => 3
MSCONFIG\Услуги: AGMService => 2
MSCONFIG\Услуги: AGSService => 2
MSCONFIG\Services: AMD External Events Utility => 3
MSCONFIG\Услуги: BrcmMgmtAgent => 2
MSCONFIG\Services: DellDataVault => 3
MSCONFIG\Services: EmbassyService => 2
MSCONFIG\Услуги: gupdate => 2
MSCONFIG\Услуги: gupdatem => 3
MSCONFIG\Услуги: IAStorDataMgrSvc => 2
MSCONFIG\Services: Intel® PROSet Monitoring Service => 2
MSCONFIG\Services: InvProtectSvc => 3
MSCONFIG\Услуги: jhi_service => 2
MSCONFIG\Услуги: LMS => 2
MSCONFIG\Услуги: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Услуги: PbaDrvSvc_x64 => 2
MSCONFIG\Services: poaService => 2
MSCONFIG\Услуги: PoaSMSrv => 2
MSCONFIG\Услуги: poaTaServ => 2
MSCONFIG\Услуги: SboxSvc => 3
MSCONFIG\Services: SecureStorageService => 3
MSCONFIG\Услуги: tcsd_win32.exe => 2
MSCONFIG\Услуги: TdmService => 2
MSCONFIG\Услуги: UNS => 2
MSCONFIG\Services: Wave Authentication Manager Service => 2
MSCONFIG\Услуги: WvPCR => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^MEH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk => C:\Windows\pss\Webshots.lnk.Startup
MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
MSCONFIG\startupreg: Интелигентно почистване на CCleaner => "C:\Програмни файлове\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DellPoaEvents => C:\Program Files\Dell\PPO\DellPoaEvents.exe
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
MSCONFIG\startupreg: NUSB3MON => "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: Opera Browser Assistant => C:\Users\MEH\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TdmNotify => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
==================== Правила за защитна стена (в белия списък) =================
(Ако даден запис е включен в списъка с корекции, той ще бъде премахнат от системния регистър. Файлът няма да бъде преместен, освен ако не е посочен отделно.)
Правила на защитната стена: [SPPSVC-In-TCP] => (Разрешаване) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
Правила за защитна стена: [SPPSVC-In-TCP-NoScope] => (Разрешаване) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
Правила на защитната стена: [{8391D894-0B9C-4407-A9C9-60AB7ADA451D}] => (Разрешаване) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
Правила на защитната стена: [{E47325C9-CDE2-450B-9396-7A9D86C145CB}] => (Разрешаване) LPort=2869
Правила на защитната стена: [{73DB5D30-4F8A-4F30-B3C9-2FC67FA9F1B4}] => (Разрешаване) LPort=1900
Правила на защитната стена: [{076F0951-B5C3-437B-AF88-C096F9FBA359}] => (Разрешаване) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
Правила на защитната стена: [{DBF65BEF-6C63-45A9-B050-FAAA4113F253}] => (Разрешаване) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
Правила на защитната стена: [{56491988-FE67-49DB-B9EB-6A2B083887E4}] => (Разрешаване) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
Правила на защитната стена: [{7D1AD8E0-8A53-4AD2-BB42-AEF7C55797BC}] => (Разрешаване) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
Правила на защитната стена: [{B02375BB-3A42-4297-A339-F972E8D7351D}] => (Разрешаване) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
Правила на защитната стена: [{EDC49DDE-F6B7-413A-A119-BDA1FE332B6F}] => (Разрешаване) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
Правила за защитна стена: [{B4C2CF95-14A1-47BB-8229-5B8EC972EA13}] => (Блок) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Правила на защитната стена: [{021329CB-0B39-4AE9-9ABB-09A04F713A0F}] => (Блок) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Правила на защитната стена: [{32A841FD-C766-43A3-863A-78098975ECF0}] => (Разрешаване) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Точки за възстановяване ===========================
15-04-2022 00:00:01 Контролен пункт по график
23-04-2022 00:00:00 Контролен пункт по график
30-04-2022 00:00:02 Контролен пункт по график
==================== Дефектни устройства на диспечера на устройства =============
Име: Псевдоинтерфейс за тунелиране на Teredo
Описание: Адаптер за тунелиране на Microsoft Teredo
Ръководство за клас: {4d36e972-e325-11ce-bfc1-08002be10318}
Производител: Microsoft
Услуга: тунел
Проблем: : Това устройство не може да стартира. (Код10)
Разрешение: Устройството не успя да стартира. Щракнете върху „Актуализиране на драйвера“, за да актуализирате драйверите за това устройство.
В раздела „Общи свойства“ на устройството щракнете върху „Отстраняване на неизправности“, за да стартирате съветника за отстраняване на неизправности.
==================== Грешки в регистъра на събитията: ========================= =
Грешки в приложението:
===================
Грешка: (01.05.2022 г. 19:46:17 ч.) (Източник: WinMgmt) (Идент. № на събитие: 10) (Потребител: )
Описание: Филтър за събития със заявка "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" не може да бъде активиран отново в пространството на имената "//./root/CIMV2" поради грешка 0x80041003. Събитията не могат да се доставят през този филтър, докато проблемът не бъде коригиран.
Грешка: (01.05.2022 г. 19:46:17 ч.) (Източник: Грешка в приложението) (Идент. № на събитие: 1000) (Потребител: )
Описание: Име на неизправно приложение: wmiprvse.exe, версия: 6.1.7601.17514, клеймо за време: 0x4ce79d42
Име на повреден модул: TdmWmiProvider.dll, версия: 5.0.2.24, времеви печат: 0x513671b8
Код на изключение: 0xc0000005
Отместване на грешка: 0x000000000001ad88
Идентификатор на процес с грешка: 0x2b00
Начално време на неизправно приложение: 0x01d85dbcc1a4bdb7
Път на неизправно приложение: C:\Windows\system32\wbem\wmiprvse.exe
Път на повреден модул: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll
Идентификационен номер на отчета: 46051d0c-c9b1-11ec-82d8-000af72c30e1
Грешка: (01.05.2022 г. 19:37:08) (Източник: Грешка в приложението) (Идент. № на събитие: 1000) (Потребител: )
Описание: Име на неизправно приложение: wmiprvse.exe, версия: 6.1.7601.17514, клеймо за време: 0x4ce79d42
Име на повреден модул: TdmWmiProvider.dll, версия: 5.0.2.24, времеви печат: 0x513671b8
Код на изключение: 0xc0000005
Отместване на грешка: 0x000000000001ad88
Идентификатор на процес с грешка: 0x21d4
Начално време на неизправно приложение: 0x01d85dbb7da1b9be
Път на неизправно приложение: C:\Windows\system32\wbem\wmiprvse.exe
Път на повреден модул: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll
Идентификационен номер на отчета: ff20d252-c9af-11ec-82d8-000af72c30e1
Грешка: (01.05.2022 г. 19:28:05 ч.) (Източник: Грешка в приложението) (Идент. № на събитие: 1000) (Потребител: )
Описание: Име на неизправно приложение: wmiprvse.exe, версия: 6.1.7601.17514, клеймо за време: 0x4ce79d42
Име на повреден модул: TdmWmiProvider.dll, версия: 5.0.2.24, времеви печат: 0x513671b8
Код на изключение: 0xc0000005
Отместване на грешка: 0x000000000001ad88
Идентификатор на процес с грешка: 0x22e4
Начално време на неизправно приложение: 0x01d85dba395c561d
Път на неизправно приложение: C:\Windows\system32\wbem\wmiprvse.exe
Път на повреден модул: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll
Идентификационен номер на отчета: bb228935-c9ae-11ec-82d8-000af72c30e1
Грешка: (01.05.2022 г. 19:19:01 ч.) (Източник: Грешка в приложението) (Идент. № на събитие: 1000) (Потребител: )
Описание: Име на неизправно приложение: wmiprvse.exe, версия: 6.1.7601.17514, клеймо за време: 0x4ce79d42
Име на повреден модул: TdmWmiProvider.dll, версия: 5.0.2.24, времеви печат: 0x513671b8
Код на изключение: 0xc0000005
Отместване на грешка: 0x000000000001ad88
Идентификатор на процес с грешка: 0x22a0
Начално време на неизправно приложение: 0x01d85db8f51b890c
Път на неизправно приложение: C:\Windows\system32\wbem\wmiprvse.exe
Път на повреден модул: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll
Идентификационен номер на отчета: 76e2caf9-c9ad-11ec-82d8-000af72c30e1
Грешка: (01.05.2022 г. 19:09:57 ч.) (Източник: Грешка в приложението) (Идент. № на събитие: 1000) (Потребител: )
Описание: Име на неизправно приложение: wmiprvse.exe, версия: 6.1.7601.17514, клеймо за време: 0x4ce79d42
Име на повреден модул: TdmWmiProvider.dll, версия: 5.0.2.24, времеви печат: 0x513671b8
Код на изключение: 0xc0000005
Отместване на грешка: 0x000000000001ad88
Идентификатор на процес с грешка: 0x194
Начално време на неизправно приложение: 0x01d85db7b0de8edf
Път на неизправно приложение: C:\Windows\system32\wbem\wmiprvse.exe
Път на повреден модул: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll
Идентификационен номер на отчета: 32a1fde8-c9ac-11ec-82d8-000af72c30e1
Грешка: (01.05.2022 г. 19:00:53 ч.) (Източник: Грешка в приложението) (Идент. № на събитие: 1000) (Потребител: )
Описание: Име на неизправно приложение: wmiprvse.exe, версия: 6.1.7601.17514, клеймо за време: 0x4ce79d42
Име на повреден модул: TdmWmiProvider.dll, версия: 5.0.2.24, времеви печат: 0x513671b8
Код на изключение: 0xc0000005
Отместване на грешка: 0x000000000001ad88
Идентификатор на процес с грешка: 0x18d8
Начално време на неизправно приложение: 0x01d85db66ca2642f
Път на неизправно приложение: C:\Windows\system32\wbem\wmiprvse.exe
Път на повреден модул: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll
Идентификационен номер на отчета: ee62a25b-c9aa-11ec-82d8-000af72c30e1
Грешка: (01.05.2022 г. 18:51:49 ч.) (Източник: Грешка в приложението) (Идент. № на събитие: 1000) (Потребител: )
Описание: Име на неизправно приложение: wmiprvse.exe, версия: 6.1.7601.17514, клеймо за време: 0x4ce79d42
Име на повреден модул: TdmWmiProvider.dll, версия: 5.0.2.24, времеви печат: 0x513671b8
Код на изключение: 0xc0000005
Отместване на грешка: 0x000000000001ad88
Идентификатор на процес с грешка: 0x3a8
Начално време на неизправно приложение: 0x01d85db5286538e3
Път на неизправно приложение: C:\Windows\system32\wbem\wmiprvse.exe
Път на повреден модул: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmWmiProvider.dll
Идентификационен номер на отчета: aa24164a-c9a9-11ec-82d8-000af72c30e1
Системни грешки:
==============
Грешка: (01.05.2022 г. 19:47:16 ч.) (Източник: DCOM) (Идент. № на събитие: 10010) (Потребител: )
Описание: Сървърът {BB6DF56B-CACE-11DC-9992-0019B93A3A84} не се регистрира в DCOM в рамките на необходимото време за изчакване.
Грешка: (01.05.2022 г. 15:48:42 ч.) (Източник: Service Control Manager) (EventID: 7000) (Потребител: )
Описание: Услугата cleanhlp не успя да стартира поради следната грешка:
Не може да се създаде файл, когато той вече съществува.
Грешка: (01.05.2022 г. 13:57:37 ч.) (Източник: Service Control Manager) (EventID: 7000) (Потребител: )
Описание: Услугата cleanhlp не успя да стартира поради следната грешка:
Не може да се създаде файл, когато той вече съществува.
Грешка: (01.05.2022 г. 13:54:37 ч.) (Източник: Service Control Manager) (EventID: 7023) (Потребител: )
Описание: Услугата на Центъра за сигурност прекъсна със следната грешка:
%%16389
Грешка: (01.05.2022 г. 13:54:14 ч.) (Източник: WMPNetworkSvc) (Идент. № на събитие: 14332) (Потребител: )
Описание: Услугата „WMPNetworkSvc“ не стартира правилно, защото CoCreateInstance(CLSID_UPnPDeviceFinder) откри грешка „0x80004005“. Проверете дали услугата UPnPHost работи и че компонентът UPnPHost на Windows е инсталиран правилно.
Грешка: (01.05.2022 г. 13:50:02 ч.) (Източник: Service Control Manager) (EventID: 7031) (Потребител: )
Описание: Услугата Windows Search прекъсна неочаквано. Това е направено 1 път(а). Следните коригиращи действия ще бъдат предприети след 30 000 милисекунди: Рестартирайте услугата.
Грешка: (01.05.2022 г. 13:50:02 ч.) (Източник: Service Control Manager) (EventID: 7024) (Потребител: )
Описание: Услугата за търсене на Windows е прекратена със специфична за услугата грешка %%-1073473535.
Грешка: (01.05.2022 г. 13:49:17 ч.) (Източник: DCOM) (Идент. № на събитие: 10016) (Потребител: NT AUTHORITY)
Описание: Настройките за разрешение за конкретно приложение не предоставят разрешение за локално стартиране за приложението COM Server с CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
и APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
към потребителя NT AUTHORITY\SYSTEM SID (S-1-5-18) от адрес LocalHost (Използване на LRPC). Това разрешение за сигурност може да бъде променено с помощта на административния инструмент на Component Services.
Windows Defender:
================Събитие[0]:
Дата: 2017-01-12 17:09:22.056
Описание:
Windows Defender откри грешка при опит за зареждане на подписи и ще се опита да се върне обратно към известен добър набор от подписи.
Опити за подписи: Текущи
Код на грешка: 0x80070002
Описание на грешката: Системата не може да намери посочения файл.
Версия на подписа: 0.0.0.0
Версия на двигателя: 0.0.0.0
==================== Информация за паметта ========================== ==
BIOS: Dell Inc. A12 03.11.2013 г
Дънна платка: Dell Inc. 08HPGT
Процесор: Intel® Xeon® CPU E5-1620 0 @ 3,60 GHz
Процент на използваната памет: 42%
Обща физическа RAM: 16341,69 MB
Налична физическа RAM: 9477,45 MB
Общо виртуално: 32681,53 MB
Налично виртуално: 23453,89 MB
==================== Дискове ============================ ======
Диск c: (ОС) (Фиксиран) (Общо: 464,99 GB) (Безплатно: 342,63 GB) NTFS
Устройство d: (MEH) (Фиксиран) (Общо: 465,76 GB) (Безплатно: 362,78 GB) NTFS
\\?\Том{c2ff78dd-6fab-11e3-bf1a-806e6f6e6963}\ (ВЪЗСТАНОВЯВАНЕ) (Фиксиран) (Общо: 0,73 GB) (Безплатно: 0,49 GB) NTFS
==================== MBR & Разделителна таблица =====================
================================================= ===========
Диск: 0 (MBR код: Windows 7 или Vista) (Размер: 465,8 GB) (ID на диск: 4A3DDD73)
Дял 1: (Неактивен) - (Размер=39 MB) - (Тип=DE)
Дял 2: (Активен) - (Размер=750 MB) - (Тип=07 NTFS)
Дял 3: (Неактивен) - (Размер=465 GB) - (Тип=07 NTFS)
================================================= ===========
Диск: 1 (MBR код: Windows 7/8/10) (Размер: 465,8 GB) (ID на диска: 4A3DDD04)
Дял 1: (Неактивен) - (Размер=465,8 GB) - (Тип=07 NTFS)
==================== Край на Addition.txt ======================== =