Премини към съдържанието

Traxex

Потребител
  • Публикации

    55
  • Регистрация

  • Последно онлайн

Харесвания

4 Неутрална репутация

Всичко за Traxex

  • Титла
    Редовен потребител

Последни посетители

Информацията с последните посетители на профила ви е изключена и не се показва на другите потребители.

  1. Traxex

    Проблем с HTC Desire 500

    Здравейте! Телефонът ми е доста стар и въпреки това работеше перфектно, но снощи се случи нещо с него, което не знам как и дали изобщо е възможно да се поправи и затова пиша тук, да видим дали някой може да предложи нещо. Ето го и проблема: Снощи си включих телефона да се зарежда и легнах да спя. По едно време, към 4-5 часа, телефона започна да вибрира 6-7 пъти и спря. Реших, че се е рестартирал, въпреки че се е случвало много рядко. Погледнах и видях, зеленото лого HTC, което се появява при включване. Проблема е, че беше замръзнало и не можех да направя нищо. Извадих батерията, включих го отново, но след като показа логото, пак започна да вибрира 6-7 пъти и спря, след което замръзна пак. Опитах се да дам Factory Reset, но пак показва логото и пак нищо... Какъв може да е проблема според вас, дали е възможно да се реши вкъщи, или по-скоро е хардуер? Благодаря!
  2. Окей, благодаря много!
  3. Премахнах ги, но след като пуснах лога. Току-що сканирах отново с AdwCleaner и не откри нищо.
  4. Случва се рядко да инсталирам софтуер. MBAM не откри нищо, а AdwCleaner откри само 2-те заплахи, които бях пуснал по-рано. Долу качвам лог от сканирането. За момента изглежда така, сякаш уж всичко е окей, но и преди се случи така - сканирам, почиствам и след няколко дни пак има някакви боклуци. # ------------------------------- # Malwarebytes AdwCleaner 7.2.4.0 # ------------------------------- # Build: 09-19-2018 # Database: (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 11-11-2018 # Duration: 00:00:42 # OS: Windows 7 Ultimate # Scanned: 32052 # Detected: 2 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.Conduit HKCU\Software\Conduit PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C} ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. AdwCleaner[S00].txt - [3839 octets] - [22/09/2018 22:29:30] AdwCleaner[C00].txt - [3459 octets] - [22/09/2018 22:32:31] AdwCleaner[S01].txt - [1380 octets] - [10/10/2018 18:15:05] AdwCleaner[C01].txt - [1546 octets] - [10/10/2018 18:15:29] AdwCleaner[S02].txt - [1485 octets] - [10/10/2018 18:29:39] AdwCleaner[S03].txt - [1663 octets] - [03/11/2018 20:21:05] AdwCleaner[C03].txt - [1811 octets] - [03/11/2018 20:22:13] AdwCleaner[S04].txt - [1668 octets] - [03/11/2018 20:26:48] AdwCleaner[S05].txt - [1729 octets] - [03/11/2018 21:38:30] AdwCleaner[S06].txt - [1907 octets] - [10/11/2018 12:43:48] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S07].txt ##########
  5. Здравейте отново! Системата ми се държи много добре, но когато пусна AdwCleaner, открива някакви заплахи. Пуснах го преди 6-7 дни и намери 2 заплахи. Почистих ги, но сега сканирах отново и пак са намерени 2. # ------------------------------- # Malwarebytes AdwCleaner 7.2.4.0 # ------------------------------- # Build: 09-19-2018 # Database: (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 11-10-2018 # Duration: 00:00:28 # OS: Windows 7 Ultimate # Scanned: 32052 # Detected: 2 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.Conduit HKCU\Software\Conduit PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C} ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. AdwCleaner[S00].txt - [3839 octets] - [22/09/2018 22:29:30] AdwCleaner[C00].txt - [3459 octets] - [22/09/2018 22:32:31] AdwCleaner[S01].txt - [1380 octets] - [10/10/2018 18:15:05] AdwCleaner[C01].txt - [1546 octets] - [10/10/2018 18:15:29] AdwCleaner[S02].txt - [1485 octets] - [10/10/2018 18:29:39] AdwCleaner[S03].txt - [1663 octets] - [03/11/2018 20:21:05] AdwCleaner[C03].txt - [1811 octets] - [03/11/2018 20:22:13] AdwCleaner[S04].txt - [1668 octets] - [03/11/2018 20:26:48] AdwCleaner[S05].txt - [1729 octets] - [03/11/2018 21:38:30] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S06].txt ########## Отново преди 6-7 или 8 дни бях пуснал MBAM и там също намери някакви гнусотии, въпреки че няколко дни преди това, бях сканирал и почистил. Има ли вариант да се отърва от тези неща?
  6. Здравейте! Сканирах веднъж за "Остарели файлове", а после цъкнах всички отметки, за пълно сканиране. Изтрих си софтуера Cimco 7 и 8 и на негово място сложих 5-ца. Трябва ли да правим още някакви сканирания, за да съм сигурен, че системата е окей? :)
  7. Здравейте! Както споменах в предния пост, C:\Windows\{F3C70089-653A-40EE-A681-9499F3097E6A} - тук вътре имаше две подпапки, всяка от които с по едно приложение ares, което не знам какво е. Изтрих цялата папка, с грозното име. Относно останалите, във Firewall - 1clickdownloader.exe го намира в правилата и пише че е блокирано, но когато отида в самата директория, това нещо не успявам да го намеря, съответно и да го изтрия. YourFile.exe пък изобщо не го намирам, нито във Firewall, нито в директорията.
  8. Здравейте! Започвам със съдържанието на папките. C:\Windows\{F3C70089-653A-40EE-A681-9499F3097E6A} - Вътре има две подпапки, и в двете има някакво приложение ares, от 13.02.208 година и няма нищо друго вътре; C:\Users\user\AppData\Roaming\dnlgxlauhck - Празна папка; C:\Users\user\AppData\Local\D2FFF3.tmpd - Празна папка; C:\Users\user\AppData\Local\D25593.tmpd - Празна папка; C:\Users\user\AppData\Local\D2396B.tmpd - Празна папка; C:\Users\user\AppData\Local\D2FDB6.tmpd - Празна папка; C:\Users\user\AppData\Local\D2BD6B.tmpd - Празна папка; C:\Users\user\AppData\Local\D2DA0D.tmpd - Празна папка; C:\Users\user\AppData\Local\D289BC.tmpd - Празна папка; C:\Users\user\AppData\Local\D23CC6.tmpd - Празна папка. Предполагам, че това са някакви временни папки, но така или иначе съм ги изтрил. Освен папките, в директорията Local има 8 .tmp файла, които са със същото име, като това на папките. Изтрил съм и тях. Относно шорткъта - стои си на работния плот от години. Мисля, че е излишен, но просто не съм се сетил да го изтрия. Само не разбрах къде е това на кирилицата. Необходимо ли е сканиране с нещо друго?
  9. Здравейте. Ето новите логове от FRST. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10.10.2018 Ran by user (administrator) on USER-PC (18-10-2018 23:44:41) Running from C:\Users\user\Desktop Loaded Profiles: user (Available Profiles: user & UpdatusUser & DefaultAppPool) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Български (България) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Dassault Systèmes SolidWorks Corp.) E:\Install\SolidWorks 2013\SolidWorks\sldworks_fs.exe (Autodata Limited) C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe (Mentor Graphics Corporation) E:\Install\SolidWorks 2013\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (Mentor Graphics Corporation) E:\Install\SolidWorks 2013\SolidWorks Flow Simulation\binCFW\dispatcher.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-08-17] (Avira Operations GmbH & Co. KG) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-2890759512-461326267-1525351829-1000\...\Policies\Explorer: [] HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [894344 2013-02-05] (Autodesk, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Fast Start.lnk [2014-05-16] ShortcutTarget: SolidWorks 2013 Fast Start.lnk -> C:\Windows\Installer\{B85DDD77-4A6A-4811-B241-EDADBF996BD0}\NewShortcut2_F1630D75496847DD999177A077E0CA0F.exe (Flexera Software, Inc.) GroupPolicy: Restriction - Windows Defender <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.11.2.1 Tcpip\..\Interfaces\{6D7A384E-CF67-4AC2-983B-FEE7D2A85FA9}: [DhcpNameServer] 10.11.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2890759512-461326267-1525351829-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2890759512-461326267-1525351829-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-23] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-23] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: 35llrj8x.default-1417880167796 FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\35llrj8x.default-1417880167796 [2018-10-18] FF Homepage: Mozilla\Firefox\Profiles\35llrj8x.default-1417880167796 -> hxxps://www.google.bg/ FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\35llrj8x.default-1417880167796\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-27] [Legacy] FF Extension: (Telemetry coverage) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\35llrj8x.default-1417880167796\features\{cf40082d-d8b6-404f-9406-11eda2956b82}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-10] [Legacy] FF HKU\S-1-5-21-2890759512-461326267-1525351829-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\user\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-12] () FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-23] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-10-02] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-10-02] (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] FF Plugin: @t.garena.com/garenatalk -> E:\Games\Стратегии\Warcraft III 1.26\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File] FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2890759512-461326267-1525351829-1000: @acestream.net/acestreamplugin,version=3.1.20.1 -> C:\Users\user\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File] Chrome: ======= CHR StartupUrls: Default -> "hxxp://google.bg/" CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2018-10-18] CHR Extension: (Презентации) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17] CHR Extension: (Документи) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17] CHR Extension: (Google Диск) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-31] CHR Extension: (Google Търсене) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31] CHR Extension: (Adobe Acrobat) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04] CHR Extension: (Avira Browser Safety) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-05-27] CHR Extension: (Google Документи офлайн) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-30] CHR Extension: (Ace Script) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2017-10-25] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-31] CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-18] CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2890759512-461326267-1525351829-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [891472 2018-10-18] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [248312 2018-10-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [248312 2018-10-18] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1162120 2018-10-18] (Avira Operations GmbH & Co. KG) R2 Autodata Limited License Service; C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2017-09-13] (Autodata Limited) [File not signed] R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed] R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [436848 2018-08-17] (Avira Operations GmbH & Co. KG) S3 CoordinatorServiceHost; E:\Install\SolidWorks 2013\SolidWorks\swScheduler\DTSCoordinatorService.exe [76904 2012-09-28] (Dassault Systèmes SolidWorks Corp.) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2015-10-30] (Flexera Software LLC) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation) R2 RemoteSolverDispatcher; E:\Install\SolidWorks 2013\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [46728 2012-09-13] (Mentor Graphics Corporation) [File not signed] S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-05-16] (SolidWorks) [File not signed] S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) S4 WinGateEngine; E:\Install\VPN\WinGate.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] () S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [38984 2014-09-05] (The OpenVPN Project) S3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-14] (Atheros Communications, Inc.) S0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [46440 2017-06-17] (Avira Operations GmbH & Co. KG) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [132448 2018-07-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [147880 2018-07-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35840 2017-03-02] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [59000 2017-03-02] (Avira Operations GmbH & Co. KG) R2 cpuz132; C:\Windows\system32\drivers\cpuz132_x32.sys [12672 2009-03-27] (Windows (R) Codename Longhorn DDK provider) [File not signed] R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] () S1 QbikHkVista; C:\Windows\System32\DRIVERS\QbikHkVista32.sys [303264 2015-10-13] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2012-04-06] () S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project) U3 a35ymxbp; C:\Windows\system32\Drivers\a35ymxbp.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) S3 GGSAFERDriver; \??\E:\Games\Стратегии\Warcraft III 1.26\Garena Plus\Room\safedrv.sys [X] S3 gkernel; \??\C:\Users\user\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION S3 taphss6; system32\DRIVERS\taphss6.sys [X] U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-18 23:44 - 2018-10-18 23:46 - 000015540 _____ C:\Users\user\Desktop\FRST.txt 2018-10-18 23:44 - 2018-10-18 23:44 - 000000000 ____D C:\Users\user\Desktop\FRST-OlderVersion 2018-10-17 21:37 - 2018-10-17 21:43 - 000000000 ____D C:\Users\user\Desktop\Gotti.1996.SATRip.XviD.BgAudio-TBO 2018-10-15 19:08 - 2018-10-16 18:07 - 000000000 ____D C:\Users\user\AppData\Local\D2FFF3.tmpd 2018-10-15 19:08 - 2018-10-16 18:07 - 000000000 ____D C:\Users\user\AppData\Local\D25593.tmpd 2018-10-15 19:08 - 2018-10-16 18:07 - 000000000 ____D C:\Users\user\AppData\Local\D2396B.tmpd 2018-10-15 19:08 - 2018-10-15 19:08 - 000000000 _____ C:\Users\user\AppData\Local\D2FFF3.tmp 2018-10-15 19:08 - 2018-10-15 19:08 - 000000000 _____ C:\Users\user\AppData\Local\D25593.tmp 2018-10-15 19:08 - 2018-10-15 19:08 - 000000000 _____ C:\Users\user\AppData\Local\D2396B.tmp 2018-10-09 20:45 - 2018-10-10 18:10 - 000000000 ____D C:\Users\user\AppData\Local\D2FDB6.tmpd 2018-10-09 20:45 - 2018-10-10 18:10 - 000000000 ____D C:\Users\user\AppData\Local\D2BD6B.tmpd 2018-10-09 20:45 - 2018-10-09 20:45 - 000000000 _____ C:\Users\user\AppData\Local\D2FDB6.tmp 2018-10-09 20:45 - 2018-10-09 20:45 - 000000000 _____ C:\Users\user\AppData\Local\D2BD6B.tmp 2018-10-09 20:44 - 2018-10-10 18:10 - 000000000 ____D C:\Users\user\AppData\Local\D2DA0D.tmpd 2018-10-09 20:44 - 2018-10-10 18:10 - 000000000 ____D C:\Users\user\AppData\Local\D289BC.tmpd 2018-10-09 20:44 - 2018-10-10 18:10 - 000000000 ____D C:\Users\user\AppData\Local\D23CC6.tmpd 2018-10-09 20:44 - 2018-10-09 20:44 - 000000000 _____ C:\Users\user\AppData\Local\D2DA0D.tmp 2018-10-09 20:44 - 2018-10-09 20:44 - 000000000 _____ C:\Users\user\AppData\Local\D289BC.tmp 2018-10-09 20:44 - 2018-10-09 20:44 - 000000000 _____ C:\Users\user\AppData\Local\D23CC6.tmp 2018-09-22 22:21 - 2018-09-22 22:31 - 000000000 ____D C:\AdwCleaner 2018-09-19 19:54 - 2018-10-18 23:44 - 001774592 _____ (Farbar) C:\Users\user\Desktop\FRST.exe 2018-09-19 18:59 - 2018-09-19 18:59 - 000000000 ____D C:\Users\user\AppData\Local\mbam 2018-09-19 18:55 - 2018-09-19 18:55 - 000000000 ____D C:\Program Files\Malwarebytes 2018-09-18 23:01 - 2018-09-19 18:35 - 000000000 ____D C:\Windows\{F3C70089-653A-40EE-A681-9499F3097E6A} 2018-09-18 22:32 - 2018-09-18 22:32 - 000000290 __RSH C:\Users\user\ntuser.pol 2018-09-18 21:28 - 2018-09-18 21:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CIMCO V8 2018-09-18 21:11 - 2018-09-19 18:35 - 000000000 ____D C:\Users\user\AppData\Roaming\dnlgxlauhck 2018-09-18 21:11 - 2018-09-18 21:11 - 000003676 __RSH C:\ProgramData\ntuser.pol 2018-09-18 21:11 - 2018-09-18 21:11 - 000000003 _____ C:\Users\user\AppData\Local\wbem.ini ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-18 23:44 - 2015-10-10 14:23 - 000000000 ____D C:\FRST 2018-10-18 23:34 - 2016-11-15 23:11 - 000000000 ____D C:\Users\user\AppData\LocalLow\Mozilla 2018-10-18 21:09 - 2016-07-26 19:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2018-10-18 19:04 - 2009-07-14 07:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-10-18 19:04 - 2009-07-14 07:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-10-18 18:56 - 2012-02-27 16:40 - 000000000 ____D C:\ProgramData\NVIDIA 2018-10-18 18:56 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-10-17 21:58 - 2017-09-09 13:04 - 000000000 ____D C:\Users\user\AppData\Local\SmartView2 2018-10-17 21:44 - 2014-09-16 12:33 - 000000000 ____D C:\Users\user\AppData\Roaming\uTorrent 2018-10-17 21:43 - 2018-05-25 14:43 - 000000000 ____D C:\Users\user\AppData\LocalLow\uTorrent 2018-10-17 18:17 - 2015-10-31 13:13 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-10-17 18:17 - 2015-10-31 13:13 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-10-12 18:13 - 2014-12-21 01:21 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2018-10-12 18:13 - 2014-12-21 01:21 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2018-10-12 18:13 - 2014-08-20 15:57 - 000000000 ____D C:\Users\user\AppData\Local\Adobe 2018-10-12 18:13 - 2012-02-27 16:33 - 000000000 ____D C:\Windows\system32\Macromed 2018-10-10 22:00 - 2016-06-05 22:11 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-10-05 17:50 - 2017-04-20 19:14 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-10-05 17:50 - 2014-12-06 18:32 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service 2018-10-01 18:09 - 2009-07-14 07:53 - 000032540 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2018-09-29 00:51 - 2014-08-15 23:06 - 000000000 ____D C:\Users\user\AppData\Roaming\Skype 2018-09-27 22:49 - 2014-05-31 14:34 - 000000000 ____D C:\Users\user\Documents\Outlook Files 2018-09-23 12:31 - 2016-01-16 19:02 - 000295998 _____ C:\Windows\system32\PerfStringBackup.INI 2018-09-23 12:31 - 2016-01-16 18:57 - 000120544 _____ C:\Windows\system32\perfh002.dat 2018-09-23 12:31 - 2016-01-16 18:57 - 000038570 _____ C:\Windows\system32\perfc002.dat 2018-09-23 12:31 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf 2018-09-19 20:50 - 2012-02-27 20:22 - 000000000 ____D C:\Users\user\Desktop\Games 2018-09-19 18:55 - 2012-08-05 12:18 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-09-18 21:11 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\GroupPolicy ==================== Files in the root of some directories ======= 2012-08-05 14:53 - 2015-12-29 20:28 - 000045270 _____ () C:\Users\user\AppData\Roaming\room_v3.dat 2013-06-22 12:26 - 2013-06-22 12:43 - 000001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 12.0 Prefs 2018-10-15 19:08 - 2018-10-15 19:08 - 000000000 _____ () C:\Users\user\AppData\Local\D2396B.tmp 2018-10-09 20:44 - 2018-10-09 20:44 - 000000000 _____ () C:\Users\user\AppData\Local\D23CC6.tmp 2018-10-15 19:08 - 2018-10-15 19:08 - 000000000 _____ () C:\Users\user\AppData\Local\D25593.tmp 2018-10-09 20:44 - 2018-10-09 20:44 - 000000000 _____ () C:\Users\user\AppData\Local\D289BC.tmp 2018-10-09 20:45 - 2018-10-09 20:45 - 000000000 _____ () C:\Users\user\AppData\Local\D2BD6B.tmp 2018-10-09 20:44 - 2018-10-09 20:44 - 000000000 _____ () C:\Users\user\AppData\Local\D2DA0D.tmp 2018-10-09 20:45 - 2018-10-09 20:45 - 000000000 _____ () C:\Users\user\AppData\Local\D2FDB6.tmp 2018-10-15 19:08 - 2018-10-15 19:08 - 000000000 _____ () C:\Users\user\AppData\Local\D2FFF3.tmp 2016-08-07 13:37 - 2016-08-07 13:40 - 000000156 _____ () C:\Users\user\AppData\Local\prepatch.log 2014-10-12 12:30 - 2018-07-30 09:49 - 000007592 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg 2018-09-18 21:11 - 2018-09-18 21:11 - 000000003 _____ () C:\Users\user\AppData\Local\wbem.ini 2016-05-27 18:39 - 2016-05-27 18:39 - 000000000 _____ () C:\Users\user\AppData\Local\{1646A5E3-C87D-4217-9458-D830E5C491DF} 2012-02-27 18:27 - 2012-02-27 18:27 - 000000000 _____ () C:\Users\user\AppData\Local\{1722D3AE-A621-4943-B344-E181F8BD6C9D} ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-10-16 22:40 ==================== End of FRST.txt ============================ Addition.txt
  10. От къде искате да пусна нови логове? FRST?
  11. Ако искате, направо да направя нови сканирания и да пусна нови логове? Вече не се обажда антивирусната, но ще ми е по-спокойно ако завършим темата. Поздрави!
  12. Здравейте. За момента не съм предприемал никакви стъпки, след последния път, когато качих лог. Видяхте ли логовете, както и писанията ми?
  13. Здравейте отново! Пуснах сканиране с AdwCleaner, почистих, рестартирах и по-долу пускам лог. Направи ми впечатление, че логовете са два, като по-горният е почистващ, а вторият - този от сканирането. Пускам този, който е отдолу (Сканиране), както казахте да направя. И двата са с една дата (лoгично), но час няма. Ако трябва да кача и лога от почистването, кажете. Виждам, че "лошите" файлове са под карантина, в AdwCleaner. Мога ли да ги изтрия? Прикачвам и двата лога от FRST, защото така казахте (вместо да копирам единия и да прикача другия). # ------------------------------- # Malwarebytes AdwCleaner 7.2.4.0 # ------------------------------- # Build: 09-19-2018 # Database: (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 09-22-2018 # Duration: 00:00:37 # OS: Windows 7 Ultimate # Scanned: 42056 # Detected: 31 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.Legacy C:\_acestream_cache_ PUP.Optional.Legacy C:\Users\user\AppData\LocalLow\.acestream PUP.Optional.Legacy C:\Users\user\AppData\Roaming\.acestream PUP.Optional.Legacy C:\Users\user\AppData\Roaming\acestream PUP.Optional.WhiteClick C:\Users\user\AppData\Local\WhiteClick ***** [ Files ] ***** PUP.Optional.Legacy C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\35llrj8x.default-1417880167796\invalidprefs.js ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.ASMagicPlayer HKCU\Software\Classes\acestream PUP.Optional.AceStream HKCU\Software\RegisteredApplications|AceStream PUP.Optional.Conduit HKCU\Software\Conduit PUP.Optional.DiskPower HKLM\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} PUP.Optional.Legacy HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream PUP.Optional.Legacy HKCU\Software\AceStream PUP.Optional.Legacy HKCU\Software\DownLite PUP.Optional.Legacy HKCU\SOFTWARE\Classes\Applications\ace_player.exe PUP.Optional.Legacy HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive PUP.Optional.Legacy HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream PUP.Optional.Legacy HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia PUP.Optional.Legacy HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17} PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C} PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{008D87A0-C02F-4E49-AC7E-35C877E87FCC} PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{37E71578-4F44-474F-AA05-065A22B923F9} PUP.Optional.Legacy HKCU\Software\Classes\.acestream PUP.Optional.Legacy HKLM\Software\Classes\.acestream PUP.Optional.Legacy HKCU\Software\Classes\.tslive PUP.Optional.Legacy HKCU\Software\Classes\.acemedia PUP.Optional.Legacy HKCU\Software\Classes\.acelive PUP.Optional.SupTab HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} PUP.Optional.WeatherAlerts HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** PUP.Optional.Legacy Ask ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## Addition.txt FRST.txt
  14. Проверката с MBAM я направих преди да пиша тук, така че май няма смисъл да сканирам отново с FRST. Логове не направих, след като сканирах с MBAM. Хитро. Да сканирам ли отново с MBAM или просто да изтрия файловете?
  15. Здравейте. Няма проблем с работата на компютъра, но антивирусната започна да свири много, засичайки най-различни "съмнителни" файлове, след като ползвах краковете, които най-вероятно са били зловредни. Както казах, вчера ползвах MBAM и изтрих всичко, което беше засечено като зловредно. Файловете бяха 37, като не помня колко точно бяха от вчера. Днес не се е включвала никаква аларма, от антивирусната. Пускам линковете по-долу. https://www.virustotal.com/#/file/10d14426220f2c8995f3d0b5fb07e308c92d5ac9917e3b8e091072839498a7d0/detection https://www.virustotal.com/#/file/ca0fce99b83c33cbe98d4911f54e152a241dbee6daccd42bcc84216ad8f4552f/detection https://www.virustotal.com/#/file/78617ddf9a0067a32cb5d87a796c93a9618ac006ccdcb3c7c824fdeb6ec5fd59/detection Трябва ли да предприема нещо друго и може ли да изтрия тези файлове? Между другото, антивирусната система е вкарала 42 обекта под карантина, 3 от които са само подозрителни, а останалите са инфектирани. Половианта са от 16-ти, а другата половина - от вчера.
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.