Премини към съдържанието

v3cko

Потребител
  • Публикации

    63
  • Регистрация

  • Последно онлайн

Всичко за v3cko

  • Рожден ден 14.07.1977

Информация

  • Пол
    Мъж
  • Град
    Троян

Последни посетители

1221 прегледа на профила

Постижения на v3cko

Ентусиаст

Ентусиаст (6/21)

  • Първа публикация
  • Сътрудник Рядка
  • Първа седмица
  • Месец по-късно
  • Една година във форума

Нови значки

8

Репутация

  1. # Run at 2.8.2020 'г.' 20:24:34 # KpRm (Kernel-panik) version 2.8 # Website https://kernel-panik.me/tool/kprm/ # Run by ВЕСКО from C:\Users\ВЕСКО\Downloads # Computer Name: PAPA # OS: Windows 8.1 X64 (9600) # Number of passes: 3 - Checked options - ~ Registry Backup ~ Delete Tools ~ Restore System Settings ~ UAC Restore ~ Delete Restore Points ~ Create Restore Point - Create Registry Backup - ~ [OK] Hive C:\Windows\System32\config\SOFTWARE backed up ~ [OK] Hive C:\Users\ВЕСКО\NTUSER.dat backed up [OK] Registry Backup: C:\KPRM\backup\2020-08-02-20-24-34 - Delete Tools - ## AdwCleaner [OK] C:\Users\ВЕСКО\Downloads\adwcleaner_8.0.7.exe deleted ## FRST [OK] C:\Users\ВЕСКО\Desktop\Addition.txt deleted [OK] C:\Users\ВЕСКО\Desktop\FRST.txt deleted ## Malwarebytes (log) [OK] C:\Users\ВЕСКО\Desktop\malwarebytes.txt deleted - Other Lines - ## Quarantines keeped ~ C:\AdwCleaner (AdwCleaner) - Restore System Settings - [OK] Reset WinSock [OK] FLUSHDNS [OK] Hide Hidden file. [OK] Show Extensions for known file types [OK] Hide protected operating system files - Restore UAC - [OK] Set EnableLUA with default (1) value [OK] Set ConsentPromptBehaviorAdmin with default (5) value [OK] Set ConsentPromptBehaviorUser with default (3) value [OK] Set EnableInstallerDetection with default (0) value [OK] Set EnableSecureUIAPaths with default (1) value [OK] Set EnableUIADesktopToggle with default (0) value [OK] Set EnableVirtualization with default (1) value [OK] Set FilterAdministratorToken with default (0) value [OK] Set PromptOnSecureDesktop with default (1) value [OK] Set ValidateAdminCodeSignatures with default (0) value - Clear Restore Points - ~ [OK] RP named Scheduled Checkpoint created at 07/11/2020 23:45:22 deleted ~ [OK] RP named Scheduled Checkpoint created at 07/19/2020 02:19:42 deleted ~ [OK] RP named Restore Point Created by FRST created at 07/25/2020 09:47:54 deleted [OK] All system restore points have been successfully deleted - Create Restore Point - [OK] System Restore Point created - Display System Restore Point - ~ RP named KpRm created at 08/02/2020 17:25:10 -- KPRM finished in 84.14s --
  2. Fix result of Farbar Recovery Scan Tool (x64) Version: 23-07-2020 Ran by ВЕСКО (25-07-2020 12:47:47) Run:1 Running from C:\Users\ВЕСКО\Downloads Loaded Profiles: ВЕСКО Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver" IE trusted site: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\webcompanion.com -> hxxp://webcompanion.com FirewallRules: [{1BED8524-52DB-4260-8BBE-A881BD9D3E34}] => (Allow) C:\Users\�����\AppData\Roaming\BitTorrent\BitTorrent.exe => No File FirewallRules: [{AA496B3E-2F6F-4807-965E-F158476BB027}] => (Allow) C:\Users\�����\AppData\Roaming\BitTorrent\BitTorrent.exe => No File FirewallRules: [TCP Query User{D5E3E617-6558-4159-A706-840C5B334B96}C:\users\�����\appdata\local\programs\opera gx\67.0.3575.130\opera.exe] => (Allow) C:\users\�����\appdata\local\programs\opera gx\67.0.3575.130\opera.exe => No File FirewallRules: [UDP Query User{6D6B588E-0882-4516-BB6C-FB65FAF2ABD3}C:\users\�����\appdata\local\programs\opera gx\67.0.3575.130\opera.exe] => (Allow) C:\users\�����\appdata\local\programs\opera gx\67.0.3575.130\opera.exe => No File FirewallRules: [TCP Query User{E859D23C-6F07-4BE8-B41B-6C3BEB15AF7D}C:\users\�����\appdata\local\programs\opera gx\68.0.3618.129\opera.exe] => (Allow) C:\users\�����\appdata\local\programs\opera gx\68.0.3618.129\opera.exe => No File FirewallRules: [UDP Query User{43A95E54-B07C-45B1-8E73-66514B35824E}C:\users\�����\appdata\local\programs\opera gx\68.0.3618.129\opera.exe] => (Allow) C:\users\�����\appdata\local\programs\opera gx\68.0.3618.129\opera.exe => No File FirewallRules: [TCP Query User{DED12865-66D2-43F2-8879-E264ACD7BB32}C:\users\�����\appdata\local\programs\opera gx\68.0.3618.186\opera.exe] => (Allow) C:\users\�����\appdata\local\programs\opera gx\68.0.3618.186\opera.exe => No File FirewallRules: [UDP Query User{009FD906-4E38-4551-9D52-9D1270FB5477}C:\users\�����\appdata\local\programs\opera gx\68.0.3618.186\opera.exe] => (Allow) C:\users\�����\appdata\local\programs\opera gx\68.0.3618.186\opera.exe => No File cmd: del %temp%\*.* /f /s /q cmd: rd /s /q %temp% cmd: bitsadmin /reset /allusers cmd: netsh winsock reset catalog cmd: ipconfig /flushdns RemoveProxy: EmptyTemp: End ***************** Restore point was successfully created. Processes closed successfully. HKLM\System\CurrentControlSet\Services\amsdk => removed successfully amsdk => service removed successfully HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => removed successfully
  3. Malwarebytes AdwCleaner 8.0.7.0 # ------------------------------- # Build: 07-22-2020 # Database: 2020-07-20.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 07-24-2020 # Duration: 00:00:06 # OS: Windows 8.1 Pro # Cleaned: 3 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Lavasoft\Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1651 octets] - [24/07/2020 20:28:39] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
  4. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2020 Ran by ВЕСКО (administrator) on PAPA (Hewlett-Packard HP EliteBook 6930p) (24-07-2020 18:01:54) Running from C:\Users\ВЕСКО\Downloads Loaded Profiles: ВЕСКО Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States) Default browser: Opera Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery- scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core \smax4pnp.exe (PLARIUM GLOBAL LTD. -> ) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\6.1.0-0.0.1\PlariumPlayClientService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated -> Synaptics Incorporated) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Installer\chrmstp.exe [2020-07-16] (Google LLC -> Google LLC) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {265168EC-659E-486F-A588-95AEB76ABA97} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash \FlashPlayerUpdateService.exe [335416 2020-07-18] (Adobe Inc. -> Adobe) Task: {34623323-DEFF-4314-B094-7F8713513045} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ВЕСКО\Downloads \esetonlinescanner_enu.exe Task: {6B9E0AD0-AB0C-4380-A4C4-DCAD81DBD548} - System32\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {87935F6A-A2F4-4866-A907-C7CD2C7A0A21} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater \Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {9FF7AC8D-513B-44BB-96F6-B7107D0F6437} - System32\Tasks\Opera GX scheduled Autoupdate 1587844699 => C:\Users\ВЕСКО\AppData \Local\Programs\Opera GX\launcher.exe [1459224 2020-07-15] (Opera Software AS -> Opera Software) Task: {A843C120-2505-4293-BDFD-A29A24C02977} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google \Update\GoogleUpdate.exe [154920 2019-08-10] (Google Inc -> Google LLC) Task: {ACA797F2-DFAE-40E9-A1A1-F0FF47044B6A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed \Flash\FlashUtil32_32_0_0_403_pepper.exe [1471032 2020-07-18] (Adobe Inc. -> Adobe) Task: {BC7D6B7B-03DE-4E5D-A1B5-62B9B694C8C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update \GoogleUpdate.exe [154920 2019-08-10] (Google Inc -> Google LLC) Task: {F1B81EA2-DA5D-42DC-9C29-E67D88055A79} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ВЕСКО\Downloads \esetonlinescanner_enu.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001.job => C:\Program Files (x86)\Skillbrains\Updater \Updater.exe Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 46.35.180.1 46.35.180.2 Tcpip\..\Interfaces\{42BC6B57-A733-46D9-8ABC-14B01E8C41EF}: [DhcpNameServer] 46.35.180.1 46.35.180.2 Tcpip\..\Interfaces\{A7FF16DF-7DC1-437C-8A22-C8C6BDC82A48}: [DhcpNameServer] 46.35.180.1 46.35.180.2 Tcpip\..\Interfaces\{E1D0E267-FB12-4D8A-899D-ECB810445149}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.bg/ FireFox: ======== FF DefaultProfile: tq2nngvb.default FF ProfilePath: C:\Users\ВЕСКО\AppData\Roaming\Mozilla\Firefox\Profiles\tq2nngvb.default [2020-03-19] FF ProfilePath: C:\Users\ВЕСКО\AppData\Roaming\Mozilla\Firefox\Profiles\i1y0xx66.default-release [2020-04-23] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10 -23] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default [2020-07-24] CHR Notifications: Default -> hxxps://www.zyngapoker.com CHR HomePage: Default -> hxxp://google.bg/ CHR StartupUrls: Default -> "hxxps://www.google.bg/" CHR Extension: (Презентации) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions \aapocclcgogkmnckokdopfmhonfmgoek [2019-08-10] CHR Extension: (Документи) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions \aohghmighlieiainnegkcijnfilokake [2019-08-10] CHR Extension: (Google Диск) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions \apdfllckaahabafndbhieahigkjlhalf [2019-08-10] CHR Extension: (YouTube) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions \blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-10] CHR Extension: (Adblock Plus — безплатен блокер на реклами) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default \Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-07-24] CHR Extension: (Таблици) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions \felcaaldnbdncclmgdcncolpebgiejap [2019-08-10] CHR Extension: (Google Документи офлайн) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions \ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-21] CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions \mbniclmhobmnbdlbpiphghaielnnpgdp [2020-01-27] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions \nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04] CHR Extension: (Gmail) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-10] CHR Extension: (Chrome Media Router) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions \pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-16] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-18] (Adobe Inc. -> Adobe) S4 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [42096 2015-08-04] (Avago Technologies U.S. Inc. -> LSI Corporation) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6970968 2020-07-08] (Malwarebytes Inc -> Malwarebytes) R2 Plarium Play Client Service; C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\6.1.0-0.0.1\PlariumPlayClientService.exe [89696 2020-06-18] (PLARIUM GLOBAL LTD. -> ) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2019-08-11] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2019-08-11] (Microsoft Corporation -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ADIHdAudAddService; C:\Windows\system32\drivers\ADIHdAud.sys [497152 2009-05-18] (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.) R3 AgereSoftModem; C:\Windows\system32\DRIVERS\agrsm64.sys [1230104 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation) R3 HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [19000 2010-02-25] (Hewlett-Packard Company -> Hewlett-Packard Company) R3 HpqKbFiltr; C:\Windows\System32\drivers\HpqKbFiltr.sys [18432 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Development Company, L.P.) S0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-07-08] (Malwarebytes Inc -> Malwarebytes) R1 MpKsl5976d10a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C95734CA-1077-44CF-B2A0- B54B171EEC0B}\MpKsl5976d10a.sys [43232 2020-07-19] (Microsoft Windows -> Microsoft Corporation) R1 MpKslDrv; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C95734CA-1077-44CF-B2A0-B54B171EEC0B}\MpKslDrv.sys [43232 2020-07-15] (Microsoft Windows -> Microsoft Corporation) R3 RICOH SmartCard Reader; C:\Windows\system32\DRIVERS\rismcx64.sys [79488 2006-10-03] (Microsoft Windows Hardware Compatibility Publisher -> RICOH Company, Ltd.) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2019-08-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2019-08-11] (Microsoft Windows -> Microsoft Corporation) S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2019-08-11] (Microsoft Windows -> Microsoft Corporation) R0 WofAdk; C:\Windows\System32\drivers\wofadk.sys [221376 2019-08-11] (Microsoft Corporation -> Microsoft Corporation) S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-07-24 18:01 - 2020-07-24 18:02 - 000012068 _____ C:\Users\ВЕСКО\Downloads\FRST.txt 2020-07-24 18:01 - 2020-07-24 18:02 - 000000000 ____D C:\FRST 2020-07-24 17:58 - 2020-07-24 17:58 - 002294784 _____ (Farbar) C:\Users\ВЕСКО\Downloads\FRST64.exe 2020-07-08 16:06 - 2020-07-08 16:06 - 000005994 _____ C:\Users\ВЕСКО\Desktop\malwarebytes.txt 2020-07-08 15:47 - 2020-07-08 15:47 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2020-07-08 15:47 - 2020-07-08 15:47 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2020-07-04 18:57 - 2020-07-04 18:57 - 000000095 _____ C:\Users\ВЕСКО\Documents\hhhh.cms 2020-07-04 18:30 - 2020-07-04 18:30 - 002810297 _____ C:\Users\ВЕСКО\Downloads\cm413_64.zip 2020-07-04 17:27 - 2020-07-04 17:27 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\EpicGamesLauncher 2020-07-04 17:27 - 2020-07-04 17:27 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\CrashReportClient 2020-07-04 17:17 - 2020-07-04 17:26 - 000000000 ____D C:\Program Files (x86)\Ubisoft 2020-07-04 17:17 - 2020-07-04 17:17 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\Ubisoft Game Launcher 2020-07-04 17:04 - 2020-07-04 17:27 - 000000000 ____D C:\Program Files\Epic Games 2020-07-04 17:02 - 2020-07-04 17:02 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2020-07-04 17:02 - 2020-07-04 17:02 - 000000000 ____D C:\Program Files (x86)\MSBuild 2020-07-04 17:01 - 2020-07-04 17:01 - 000000000 ____D C:\Program Files\Reference Assemblies 2020-07-04 17:01 - 2020-07-04 17:01 - 000000000 ____D C:\Program Files\MSBuild 2020-07-04 16:59 - 2013-08-03 07:48 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll 2020-07-04 16:59 - 2013-08-03 07:48 - 000124112 _____ (Microsoft Corporation) C:\Windows \system32\PresentationCFFRasterizerNative_v0300.dll 2020-07-04 16:59 - 2013-08-03 07:48 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2020-07-04 16:59 - 2013-08-03 07:41 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll 2020-07-04 16:59 - 2013-08-03 07:41 - 000102608 _____ (Microsoft Corporation) C:\Windows \SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2020-07-04 16:59 - 2013-08-03 07:41 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2020-07-04 16:54 - 2020-07-04 16:54 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\UnrealEngine ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-07-24 16:45 - 2020-02-16 12:43 - 000000398 _____ C:\Windows\Tasks\update-sys.job 2020-07-24 16:33 - 2019-08-10 23:03 - 000000000 ___DO C:\Users\ВЕСКО\SkyDrive 2020-07-24 04:40 - 2019-08-10 23:08 - 000003910 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{54DC4300-FD57-426E- B02E-B8CE96343A01} 2020-07-24 03:07 - 2020-02-16 12:43 - 000000398 _____ C:\Windows\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001.job 2020-07-23 17:36 - 2020-04-23 17:13 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\CrashDumps 2020-07-21 05:28 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\Inf 2020-07-20 06:00 - 2019-08-10 22:55 - 000000000 ____D C:\Users\ВЕСКО 2020-07-19 00:43 - 2013-08-22 17:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-07-18 11:52 - 2019-10-13 12:30 - 000004424 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier 2020-07-18 11:52 - 2019-10-13 12:30 - 000004282 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater 2020-07-18 11:52 - 2019-10-13 12:30 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\Adobe 2020-07-18 11:52 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2020-07-18 11:52 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\system32\Macromed 2020-07-16 23:50 - 2019-08-10 23:00 - 000003600 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21- 2076816696-1300689269-2899885506-1001 2020-07-16 19:01 - 2019-08-10 23:13 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-07-16 19:01 - 2019-08-10 23:13 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-07-16 19:01 - 2019-08-10 23:13 - 000002203 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2020-07-15 16:30 - 2020-05-17 21:43 - 000001459 _____ C:\Users\ВЕСКО\AppData\Roaming\Microsoft\Windows\Start Menu\Programs \Браузър Opera GX.lnk 2020-07-15 16:30 - 2020-04-25 22:58 - 000004052 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1587844699 2020-07-14 19:01 - 2013-09-30 07:14 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI 2020-07-14 18:52 - 2020-01-04 21:07 - 000000065 _____ C:\Users\ВЕСКО\Downloads\uopilot.ini 2020-07-14 18:52 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\system32\NDF 2020-07-14 17:34 - 2020-02-07 20:31 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\ElevatedDiagnostics 2020-07-14 17:05 - 2013-08-22 16:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2020-07-08 15:47 - 2020-01-11 21:25 - 000001964 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-07-08 15:47 - 2020-01-11 21:25 - 000001964 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-07-08 15:46 - 2020-01-11 21:25 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2020-07-07 20:10 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\AppReadiness 2020-07-05 04:21 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\rescache 2020-07-04 17:26 - 2019-10-13 12:37 - 000000000 ____D C:\Windows\system32\appmgmt 2020-07-04 17:09 - 2013-08-22 18:20 - 000000000 ____D C:\Windows\CbsTemp 2020-07-04 16:57 - 2019-08-11 10:20 - 000000000 ____D C:\ProgramData\Package Cache 2020-06-29 18:18 - 2020-01-15 21:02 - 000000000 ____D C:\Users\ВЕСКО\AppData\Roaming\Microsoft\Windows\Start Menu\Programs \QTranslate 2020-06-29 18:18 - 2020-01-15 21:02 - 000000000 ____D C:\Program Files (x86)\QTranslate 2020-06-29 18:17 - 2013-08-22 18:36 - 000000000 ___HD C:\Program Files\WindowsApps 2020-06-29 18:14 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\registration ==================== Files in the root of some directories ======== 2019-10-13 12:25 - 2019-10-13 12:24 - 051823104 _____ () C:\Program Files\Macromedia Captivate.msi 2019-08-11 01:00 - 2019-08-11 01:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\AtStart.txt 2019-10-27 12:08 - 2019-10-27 12:08 - 000000556 _____ () C:\Users\ВЕСКО\AppData\Local\bowsakkdestx.txt 2019-08-11 01:00 - 2019-08-11 01:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\DSwitch.txt 2019-08-10 23:45 - 2020-06-18 19:42 - 000157609 _____ () C:\Users\ВЕСКО\AppData\Local\PlariumPlay.log 2019-08-11 01:00 - 2019-08-11 01:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\QSwitch.txt 2020-02-16 12:43 - 2020-02-16 12:43 - 000000003 _____ () C:\Users\ВЕСКО\AppData\Local\updater.log 2020-02-16 12:43 - 2020-02-16 12:43 - 000000424 _____ () C:\Users\ВЕСКО\AppData\Local\UserProducts.xml ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2020-07-16 04:43 ==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2020 Ran by ВЕСКО (24-07-2020 18:04:10) Running from C:\Users\ВЕСКО\Downloads Windows 8.1 Pro (Update) (X64) (2019-08-10 19:55:10) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2076816696-1300689269-2899885506-500 - Administrator - Disabled) Guest (S-1-5-21-2076816696-1300689269-2899885506-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2076816696-1300689269-2899885506-1003 - Limited - Enabled) ВЕСКО (S-1-5-21-2076816696-1300689269-2899885506-1001 - Administrator - Enabled) => C:\Users\ВЕСКО ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.403 - Adobe) BitTorrent (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\BitTorrent) (Version: 7.10.5.45496 - BitTorrent Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 84.0.4147.89 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains) LINE (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\LINE) (Version: 6.1.1.2266 - LINE Corporation) LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation) Malwarebytes version 4.1.2.73 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.2.73 - Malwarebytes) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation) Opera GX Stable 68.0.3618.197 (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\Opera GX 68.0.3618.197) (Version: 68.0.3618.197 - Opera Software) Plarium Play (HKLM-x32\...\{186b8f7a-d886-40d0-af54-0a87967eb0cf}) (Version: 6.1.0 - Plarium) Plarium Play (HKLM-x32\...\{4FD60DF5-8569-4D49-B396-135E44C0B716}) (Version: 6.1.0 - Plarium) Hidden QLBCASL (HKLM-x32\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden QTranslate 6.7.4 (HKLM-x32\...\QTranslate) (Version: 6.7.4 - QuestSoft) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated) VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN) WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH) Packages: ========= Frameworkuapbase -> C:\Program Files\WindowsApps\48682KiddoTest.Frameworkuapbase_1.0.0.2_neutral__81ffpr532s7pc [2020-06-29] (KiddoTest) Kinect for Windows Framework -> C:\Program Files\WindowsApps \Microsoft.WindowsPreview.Kinect.8.0_2.0.1410.19000_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) Kinect for Windows Framework -> C:\Program Files\WindowsApps \Microsoft.WindowsPreview.Kinect.8.0_2.0.1410.19000_x86__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) Kinect for Windows Framework -> C:\Program Files\WindowsApps \Microsoft.WindowsPreview.Kinect.8.1_2.0.1410.19000_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) Kinect for Windows Framework -> C:\Program Files\WindowsApps \Microsoft.WindowsPreview.Kinect.8.1_2.0.1410.19000_x86__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x64__8wekyb3d8bbwe [2020 -06-29] (Microsoft Corporation) Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x86__8wekyb3d8bbwe [2020 -06-29] (Microsoft Corporation) Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps \Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Platform Extensions Internal) Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps \Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x86__8wekyb3d8bbwe [2020-06-29] (Microsoft Platform Extensions Internal) Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps \Microsoft.WinJS.2.0.Preview.Internal_1.0.9385.3_neutral__8wekyb3d8bbwe [2020-06-29] (Microsoft Platform Extensions) Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps \Microsoft.WinJS.2.0.Preview_1.0.9431.0_neutral__8wekyb3d8bbwe [2020-06-29] (Microsoft Platform Extensions) Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps \Microsoft.WinJS.Preview.1_1.0.9345.0_neutral__8wekyb3d8bbwe [2020-06-29] (Microsoft Platform Extensions) MSN Време -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) [MS Ad] MSN Кулинария -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) [MS Ad] MSN Пътуване -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) [MS Ad] mxtest2 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.mxtest2_2.0.0.0_neutral__x35ns48czryn0 [2020-06-29] (m1df_mmengesha) Racing 3D: Need For Race on Real Asphalt Speed Tracks -> C:\Program Files\WindowsApps \C40DCF4F.SpeedRacing3DNeedForRaceonRealAsphaltTrac_1.0.2.0_x86__b6sb9g8avsqk2 [2020-06-29] (T-Bull) Test_Framework_BP_052015 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkBP052015_1.0.0.9_neutral__x35ns48czryn0 [2020-06-29] (m1df_mmengesha) Test_Framework_win81appxneutral_061115 -> C:\Program Files\WindowsApps \24712m1dfmmengesha.TestFrameworkwin81appxneutral06_4.0.0.7_neutral__x35ns48czryn0 [2020-06-29] (M1DF_Mmengesha) Test_FrameworkBackpublish_050515 -> C:\Program Files\WindowsApps \24712m1dfmmengesha.TestFrameworkBackpublish050515_1.0.0.0_neutral__x35ns48czryn0 [2020-06-29] (m1df_mmengesha) Test_FrameworkProd_062215_01 -> C:\Program Files\WindowsApps \50856m1dfLL.TestFrameworkProd06221501_1.0.0.10_neutral__nwcxtg9ehxpvt [2020-06-29] (m1df_lucyll) TESTFRAMEWORKABO2 -> C:\Program Files\WindowsApps\40538vasetest101.TESTFRAMEWORKABO2_12.0.21005.1_x64__ssm1v0s3df7zc [2020-06-29] (vasetest101) Видео -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) [MS Ad] Игри -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) [MS Ad] Музика -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12- 05] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware \mbshlext.dll [2020-01-11] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware \mbshlext.dll [2020-01-11] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12- 05] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\ВЕСКО\Desktop\Браузър Opera GX.lnk -> C:\Users\ВЕСКО\AppData\Local\Programs\Opera GX\launcher.exe (Opera Software) <==== Cyrillic Shortcut: C:\Users\ВЕСКО\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Браузър Opera GX.lnk -> C:\Users\ВЕСКО\AppData \Local\Programs\Opera GX\launcher.exe (Opera Software) <==== Cyrillic Shortcut: C:\Users\ВЕСКО\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Браузър Opera GX.lnk -> 😄 \Users\ВЕСКО\AppData\Local\Programs\Opera GX\launcher.exe (Opera Software) <==== Cyrillic ==================== Loaded Modules (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 16:25 - 2020-04-23 08:49 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ВЕСКО\AppData\Local\Microsoft \Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg DNS Servers: 46.35.180.1 - 46.35.180.2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AEADIFilters => 2 MSCONFIG\Services: AgereModemAudio => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: SafeIPS => 3 HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run: => "SynTPEnh" HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe" HKLM\...\StartupApproved\Run32: => "QlbCtrl.exe" HKLM\...\StartupApproved\Run32: => "Lightshot" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{90A6F7DD-E504-4409-ABEC-C48BCE0F48C2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{75128495-E63B-4C18-86A2-FA3306C63C36}E:\lfs\lfs.exe] => (Allow) E:\lfs\lfs.exe () [File not signed] FirewallRules: [UDP Query User{C5906F14-8730-4E59-AB30-06C67E9BC2EB}E:\lfs\lfs.exe] => (Allow) E:\lfs\lfs.exe () [File not signed] FirewallRules: [{1BED8524-52DB-4260-8BBE-A881BD9D3E34}] => (Allow) C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\BitTorrent.exe => No File FirewallRules: [{AA496B3E-2F6F-4807-965E-F158476BB027}] => (Allow) C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\BitTorrent.exe => No File FirewallRules: [TCP Query User{D5E3E617-6558-4159-A706-840C5B334B96}C:\users\веско\appdata\local\programs\opera gx \67.0.3575.130\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\67.0.3575.130\opera.exe => No File FirewallRules: [UDP Query User{6D6B588E-0882-4516-BB6C-FB65FAF2ABD3}C:\users\веско\appdata\local\programs\opera gx \67.0.3575.130\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\67.0.3575.130\opera.exe => No File FirewallRules: [TCP Query User{E859D23C-6F07-4BE8-B41B-6C3BEB15AF7D}C:\users\веско\appdata\local\programs\opera gx \68.0.3618.129\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.129\opera.exe => No File FirewallRules: [UDP Query User{43A95E54-B07C-45B1-8E73-66514B35824E}C:\users\веско\appdata\local\programs\opera gx \68.0.3618.129\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.129\opera.exe => No File FirewallRules: [TCP Query User{DED12865-66D2-43F2-8879-E264ACD7BB32}C:\users\веско\appdata\local\programs\opera gx \68.0.3618.186\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.186\opera.exe => No File FirewallRules: [UDP Query User{009FD906-4E38-4551-9D52-9D1270FB5477}C:\users\веско\appdata\local\programs\opera gx \68.0.3618.186\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.186\opera.exe => No File FirewallRules: [TCP Query User{8F120CF3-F066-4DC6-9A81-0F244E23B59F}C:\users\веско\appdata\local\programs\opera gx \68.0.3618.191\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.191\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [UDP Query User{5CE62F49-C29D-4716-BF99-4BE400D86415}C:\users\веско\appdata\local\programs\opera gx \68.0.3618.191\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.191\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [TCP Query User{CCAA93CB-9818-491C-B988-427999AC0B39}C:\users\веско\appdata\local\programs\opera gx \68.0.3618.197\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.197\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [UDP Query User{E1A68F6A-E93B-43A8-833F-AC36C3DD693D}C:\users\веско\appdata\local\programs\opera gx \68.0.3618.197\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.197\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{8EE4EF7B-9803-4012-A253-3F8749E6B152}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 04-07-2020 16:53:20 Installed DirectX 12-07-2020 02:45:22 Scheduled Checkpoint 19-07-2020 05:19:42 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ Name: Redmi Description: Redmi Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Fingerprint Sensor Description: Fingerprint Sensor Class Guid: Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Base System Device Description: Base System Device Class Guid: Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Application errors: ================== Error: (07/23/2020 05:36:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamtray.exe, version: 4.0.0.728, time stamp: 0x5ef6345c Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x5e8272e4 Exception code: 0xc0000005 Fault offset: 0x0000000000219d05 Faulting process id: 0x368 Faulting application start time: 0x01d660fe9dc1e21d Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Report Id: f2370483-ccf1-11ea-82ba-f4ce46ad0471 Faulting package full name: Faulting package-relative application ID: Error: (07/21/2020 04:25:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 90080108). Error: (07/19/2020 05:19:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (07/16/2020 05:04:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: game.exe, version: 2018.4.20.34440, time stamp: 0x5e72fda9 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x6361206e Faulting process id: 0xe8c Faulting application start time: 0x01d65b79d722f88c Faulting application path: C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\StandAloneApps\throne\93\game.exe Faulting module path: unknown Report Id: 408ed5d9-c76d-11ea-82b8-aa8b79b0f859 Faulting package full name: Faulting package-relative application ID: Error: (07/12/2020 02:45:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (07/10/2020 07:56:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAPA) Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927142 See the Microsoft-Windows- TWinUI/Operational log for additional information. Error: (07/10/2020 07:56:28 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program WWAHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 8d8 Start Time: 01d656db02a3e61a Termination Time: 4294967295 Application Path: C:\Windows\System32\WWAHost.exe Report Id: 4a941707-c2ce-11ea-82b4-002713343a56 Faulting package full name: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: Windows.Store Error: (07/10/2020 07:56:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: PAPA) Description: App winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store did not launch within its allotted time. System errors: ============= Error: (07/23/2020 06:20:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service. Error: (07/23/2020 06:19:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service. Error: (07/23/2020 06:19:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service. Error: (07/23/2020 06:18:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service. Error: (07/23/2020 06:18:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service. Error: (07/23/2020 06:14:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service. Error: (07/22/2020 06:02:49 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout. Error: (07/22/2020 06:02:49 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2020-06-22 17:57:38.200 Description: Windows Defender scan has been stopped before completion. Scan ID: {DA0F79FE-708A-413C-89DE-70AD10CBD434} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2020-06-19 16:09:59.096 Description: Windows Defender scan has been stopped before completion. Scan ID: {2C80E799-C55A-4A35-9912-1FAC112CE127} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2020-06-09 03:22:06.191 Description: Windows Defender scan has been stopped before completion. Scan ID: {8F709E50-DC9E-420C-96BF-FB4B3FDA9983} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2020-06-06 02:30:20.783 Description: Windows Defender scan has been stopped before completion. Scan ID: {0B605A47-9F65-4275-A8B0-0877E2D4757C} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2020-05-29 11:02:00.392 Description: Windows Defender scan has been stopped before completion. Scan ID: {E557884F-266F-41EC-B720-AC99CF717DE0} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2020-05-10 07:49:28.408 Description: Windows Defender Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer. Date: 2020-05-08 17:55:06.166 Description: Windows Defender Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer. Date: 2020-04-30 16:47:53.488 Description: Windows Defender Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer. Date: 2020-04-30 16:47:07.497 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.313.1441.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16900.4 Error code: 0x8007041d Error description: The service did not respond to the start or control request in a timely fashion. Date: 2020-04-30 16:47:04.605 Description: Windows Defender Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer. CodeIntegrity: =================================== Date: 2020-03-03 18:56:44.054 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-03-03 18:56:42.406 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-03-03 17:59:04.212 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-03-03 17:59:03.621 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-03-03 17:17:02.606 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-03-03 17:17:01.890 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-03-03 17:09:15.326 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-03-03 17:09:14.624 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: Hewlett-Packard 68PCU Ver. F.20 12/08/2011 Motherboard: Hewlett-Packard 30DB Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz Percentage of memory in use: 56% Total physical RAM: 3000.26 MB Available physical RAM: 1297.14 MB Total Virtual: 7000.26 MB Available Virtual: 4482.2 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:365.12 GB) (Free:323.1 GB) NTFS Drive e: () (Fixed) (Total:100.1 GB) (Free:84.29 GB) NTFS \\?\Volume{bce0ecb4-bba7-11e9-8250-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS \\?\Volume{bce0ecb7-bba7-11e9-8250-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0FD73A73) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=365.1 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=450 MB) - (Type=27) ==================== End of Addition.txt =======================
  5. След сканиране с Malwarebytes - Malwarebytes www.malwarebytes.com -Детайли за регистъра- Дата на сканиране: 23.07.20 г. Час на сканиране: 17:36 Файл на регистъра: f1d5ee08-ccf1-11ea-816a-f4ce46ad0471.json -Информация за софтуера- Версия: 4.1.2.73 Версия на компонентите: 1.0.976 Актуализирай версията на пакета: 1.0.27281 Лиценз: Free -Системна информация- OS: Windows 8.1 CPU: x64 Файлова система: NTFS Потребител: PAPA\\u00d0\u0092\u00d0\u0095\u00d0\u00a1\u00d0\u009a\u00d0\u009e -Резюме на сканирането- Тип сканиране: Сканиране за заплахи Сканирането е стартирано от: Ръчно Резултат: Завършено Сканирани обекти: 236694 Открити заплахи: 17 Заплахи под карантина: 17 Изтекло време: 11 мин, 58 сек -Опции за сканиране- Памет: Разрешено Стартиране: Разрешено Файлова система: Разрешено Архиви: Разрешено руткитове: Разрешено Евристика: Разрешено PUP: Открий PUM: Открий -Детайли за сканирането- Процес: 0 (Не бяха открити зловредни елементи) Модул: 0 (Не бяха открити зловредни елементи) Ключ на регистъра: 0 (Не бяха открити зловредни елементи) Стойност на регистъра: 0 (Не бяха открити зловредни елементи) Данни на регистъра: 0 (Не бяха открити зловредни елементи) Поток данни: 0 (Не бяха открити зловредни елементи) Папка: 3 PUP.Optional.PushNotifications, C:\USERS\ВЕСКО\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Под карантина, 203, 838273, , , , PUP.Optional.PushNotifications, C:\USERS\ВЕСКО\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Под карантина, 203, 838273, , , , PUP.Optional.PushNotifications, C:\USERS\ВЕСКО\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Под карантина, 203, 838273, , , , Файл: 14 PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Под карантина, 203, 838273, , , , PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000093.ldb, Под карантина, 203, 838273, , , , PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000096.ldb, Под карантина, 203, 838273, , , , PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000099.ldb, Под карантина, 203, 838273, , , , PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000101.log, Под карантина, 203, 838273, , , , PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000102.ldb, Под карантина, 203, 838273, , , , PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Под карантина, 203, 838273, , , , PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Под карантина, 203, 838273, , , , PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Под карантина, 203, 838273, , , , PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Под карантина, 203, 838273, , , , PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Под карантина, 203, 838273, , , , PUP.Optional.PushNotifications, C:\USERS\ВЕСКО\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Сменен, 203, 838273, 1.0.27281, , ame, PUP.Optional.PushNotifications, C:\USERS\ВЕСКО\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Сменен, 203, 838273, 1.0.27281, , ame, PUP.Optional.PushNotifications, C:\USERS\ВЕСКО\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Сменен, 203, 838273, 1.0.27281, , ame, Физически сектор: 0 (Не бяха открити зловредни елементи) WMI: 0 (Не бяха открити зловредни елементи) (end)
  6. v3cko

    Поддръжка в Уин 8.1

    При мен продължава вече 5-ти ден, не съм изключвал лаптопа като се надявах да си свърши работата и да спре.
  7. v3cko

    Поддръжка в Уин 8.1

    Здравейте , от 4 дена ми върви работа по поддръжката (прилагам снимки)- един път ги спрях и един път рестартирах лаптопа но след около два часа пак започна .Въпроса ми е защо продължава вече 4 дена?
  8. Благодаря , приятна и на вас
  9. Програмата зависна за около 30 мин. и след това изписа програмата не отговаря и се наложи да я стартирам наново # Run at 3.3.2020 'г.' 19:46:43 # KpRm (Kernel-panik) version 2.8 # Website https://kernel-panik.me/tool/kprm/ # Run by ВЕСКО from C:\Users\ВЕСКО\Downloads # Computer Name: PAPA # OS: Windows 8.1 X64 (9600) # Number of passes: 2 - Checked options - ~ Registry Backup ~ Delete Tools ~ Restore System Settings ~ UAC Restore ~ Delete Restore Points ~ Create Restore Point ~ Delete Quarantines - Create Registry Backup - ~ [OK] Hive C:\Windows\System32\config\SOFTWARE backed up ~ [OK] Hive C:\Users\ВЕСКО\NTUSER.dat backed up [OK] Registry Backup: C:\KPRM\backup\2020-03-03-19-46-43 - Delete Tools - ## ESET Online Scanner [OK] C:\Users\ВЕСКО\AppData\Local\ESET\ESETOnlineScanner deleted ## FRST [OK] C:\FRST deleted - Restore System Settings - [OK] Reset WinSock [OK] FLUSHDNS [OK] Hide Hidden file. [OK] Show Extensions for known file types [OK] Hide protected operating system files - Restore UAC - [OK] Set EnableLUA with default (1) value [OK] Set ConsentPromptBehaviorAdmin with default (5) value [OK] Set ConsentPromptBehaviorUser with default (3) value [OK] Set EnableInstallerDetection with default (0) value [OK] Set EnableSecureUIAPaths with default (1) value [OK] Set EnableUIADesktopToggle with default (0) value [OK] Set EnableVirtualization with default (1) value [OK] Set FilterAdministratorToken with default (0) value [OK] Set PromptOnSecureDesktop with default (1) value [OK] Set ValidateAdminCodeSignatures with default (0) value - Clear Restore Points - ~ [OK] RP named KpRm created at 03/03/2020 16:57:14 deleted [OK] All system restore points have been successfully deleted - Create Restore Point - [OK] System Restore Point created - Display System Restore Point - ~ RP named KpRm created at 03/03/2020 17:47:13 -- KPRM finished in 90.42s --
  10. Възможно е ,но досега не е показвало реклами . BitTorrent винаги ми е вкарвало това приложение.... и винаги ъпделтите са ми спряни - пускам само ако възникне проблем
  11. Програмата аз съм я инсталирал , позната ми е https://www.virustotal.com/gui/file/9e72384e18640eca6de036541b89747e739517687c536b3348fced709a1d849c/detection https://www.virustotal.com/gui/file/2b3bab861ea24115fa62a6873b16197dd8a8309183ec297bf8b8fc9473bc4d86/detection https://www.virustotal.com/gui/file/473c7991cfcc0660f19751dc5940939b3ca8f94e234c2bd996b5aa72880b1c19/detection 3.3.2020 г. 17:54:29 Сканирани файлове: 372010 Открити файлове: 3 Почистени файлове: 3 Общо време на сканиране 02:43:51 Състояние на сканиране: Готово C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\updates\7.10.5_45496.exe вариант на Win32/uTorrent.C потенциално нежелано приложение почистен чрез изтриване C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\BitTorrent.exe вариант на Win32/uTorrent.C потенциално нежелано приложение почистен чрез изтриване C:\Users\ВЕСКО\Downloads\BitTorrent.exe вариант на Win32/uTorrent.C потенциално нежелано приложение,вариант на Win32/WebCompanion.B потенциално нежелано приложение почистен чрез изтриване
  12. Здравейте , нямам оплаквания просто искам да направя профилактична проверка Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-02-2020 Ran by ВЕСКО (administrator) on PAPA (Hewlett-Packard HP EliteBook 6930p) (02-03-2020 14:47:25) Running from C:\Users\ВЕСКО\Downloads Loaded Profiles: ВЕСКО (Available Profiles: ВЕСКО) Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avago Technologies U.S. Inc. -> LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler64.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (PLARIUM GLOBAL LTD. -> ) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\TrayPP.exe (PLARIUM GLOBAL LTD. -> Plarium) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\PlariumPlay.exe (PLARIUM GLOBAL LTD. -> Plarium) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\PlariumPlay.exe (PLARIUM GLOBAL LTD. -> Plarium) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\PlariumPlay.exe (PLARIUM GLOBAL LTD. -> Plarium) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\PlariumPlay.exe (SafeIP) [File not signed] C:\Program Files (x86)\SafeIP\SafeIPS.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated -> Synaptics Incorporated) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-21] (Kilonova LLC -> ) HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.122\Installer\chrmstp.exe [2020-02-24] (Google LLC -> Google LLC) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {265168EC-659E-486F-A588-95AEB76ABA97} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-02-12] (Adobe Inc. -> Adobe) Task: {55DBABF8-7CBC-45AD-AA41-0CDE6FC314AF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd) Task: {5CB506C8-E8D6-4C56-AF40-B3D478C337CE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd) Task: {6B9E0AD0-AB0C-4380-A4C4-DCAD81DBD548} - System32\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {87935F6A-A2F4-4866-A907-C7CD2C7A0A21} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {A843C120-2505-4293-BDFD-A29A24C02977} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-10] (Google Inc -> Google LLC) Task: {ACA797F2-DFAE-40E9-A1A1-F0FF47044B6A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_pepper.exe [1453624 2020-02-12] (Adobe Inc. -> Adobe) Task: {BC7D6B7B-03DE-4E5D-A1B5-62B9B694C8C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-10] (Google Inc -> Google LLC) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog9 01 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP) [File not signed] Winsock: Catalog9 02 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP) [File not signed] Winsock: Catalog9 03 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP) [File not signed] Winsock: Catalog9 04 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP) [File not signed] Winsock: Catalog9 16 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP) [File not signed] Winsock: Catalog9-x64 01 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP) [File not signed] Winsock: Catalog9-x64 02 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP) [File not signed] Winsock: Catalog9-x64 03 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP) [File not signed] Winsock: Catalog9-x64 04 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP) [File not signed] Winsock: Catalog9-x64 16 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP) [File not signed] Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{A7FF16DF-7DC1-437C-8A22-C8C6BDC82A48}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171101&iDate=2020-02-16 08:34:09&bName= SearchScopes: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms} Chrome: ======= CHR Profile: C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default [2020-03-02] CHR Notifications: Default -> hxxps://realniistorii.com CHR HomePage: Default -> hxxp://google.bg/ CHR StartupUrls: Default -> "hxxps://www.google.bg/" CHR Extension: (Презентации) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-10] CHR Extension: (Документи) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-10] CHR Extension: (Google Диск) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-10] CHR Extension: (YouTube) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-10] CHR Extension: (Adblock Plus — безплатен блокер на реклами) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-02-19] CHR Extension: (Таблици) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-10] CHR Extension: (Google Документи офлайн) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-09] CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2020-01-27] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04] CHR Extension: (Gmail) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-10] CHR Extension: (Chrome Media Router) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-20] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [42096 2015-08-04] (Avago Technologies U.S. Inc. -> LSI Corporation) S3 GameforgeClientService; C:\Program Files (x86)\GameforgeClient\gfservice.exe [529568 2020-02-12] (Gameforge 4D GmbH -> ) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2020-01-11] (Malwarebytes Inc -> Malwarebytes) R3 SafeIPS; C:\Program Files (x86)\SafeIP\SafeIPs.exe [4606976 2015-08-03] (SafeIP) [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2019-08-11] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2019-08-11] (Microsoft Corporation -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AgereSoftModem; C:\Windows\system32\DRIVERS\agrsm64.sys [1230104 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Broadcom Corporation -> Windows (R) Win 7 DDK provider) R3 HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [19000 2010-02-24] (Hewlett-Packard Company -> Hewlett-Packard Company) R3 HpqKbFiltr; C:\Windows\System32\drivers\HpqKbFiltr.sys [18432 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Development Company, L.P.) R3 RICOH SmartCard Reader; C:\Windows\system32\DRIVERS\rismcx64.sys [79488 2006-10-03] (Microsoft Windows Hardware Compatibility Publisher -> RICOH Company, Ltd.) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2019-08-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2019-08-11] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2019-08-11] (Microsoft Windows -> Microsoft Corporation) R0 WofAdk; C:\Windows\System32\drivers\wofadk.sys [221376 2019-08-11] (Microsoft Corporation -> Microsoft Corporation) S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-03-02 14:47 - 2020-03-02 14:48 - 000011911 _____ C:\Users\ВЕСКО\Downloads\FRST.txt 2020-03-02 14:47 - 2020-03-02 14:48 - 000000000 ____D C:\FRST 2020-03-02 14:37 - 2020-03-02 14:38 - 002279424 _____ (Farbar) C:\Users\ВЕСКО\Downloads\FRST64.exe 2020-02-22 06:34 - 2020-02-22 06:35 - 000000000 ____D C:\Program Files\CCleaner 2020-02-22 06:34 - 2020-02-22 06:34 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update 2020-02-22 06:34 - 2020-02-22 06:34 - 000002800 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC 2020-02-22 06:34 - 2020-02-22 06:34 - 000000834 _____ C:\Users\Public\Desktop\CCleaner.lnk 2020-02-22 06:34 - 2020-02-22 06:34 - 000000834 _____ C:\ProgramData\Desktop\CCleaner.lnk 2020-02-22 06:34 - 2020-02-22 06:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2020-02-22 06:33 - 2020-02-22 06:34 - 024581800 _____ (Piriform Software Ltd) C:\Users\ВЕСКО\Downloads\cctrialsetup.exe 2020-02-21 04:37 - 2020-02-21 04:56 - 000002456 _____ C:\Windows\SysWOW64\SafeIPSOff.ini 2020-02-21 04:37 - 2020-02-21 04:56 - 000002456 _____ C:\Windows\system32\SafeIPSOff.ini 2020-02-21 04:28 - 2020-02-21 04:28 - 000000995 _____ C:\Users\ВЕСКО\Desktop\SafeIP.lnk 2020-02-21 04:28 - 2020-02-21 04:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeIP 2020-02-21 04:28 - 2020-02-21 04:28 - 000000000 ____D C:\Program Files (x86)\SafeIP 2020-02-21 04:28 - 2015-08-03 08:53 - 000384000 _____ (SafeIP) C:\Windows\SysWOW64\SafeIPs.dll 2020-02-16 12:58 - 2020-02-16 12:58 - 000000000 ____D C:\Users\ВЕСКО\Downloads\Collection 2020-02-16 12:47 - 2020-02-16 12:47 - 000000000 ____D C:\Users\ВЕСКО\AppData\Roaming\WinRAR 2020-02-16 12:47 - 2020-02-16 12:47 - 000000000 ____D C:\Users\ВЕСКО\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2020-02-16 12:47 - 2020-02-16 12:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2020-02-16 12:47 - 2020-02-16 12:47 - 000000000 ____D C:\Program Files\WinRAR 2020-02-16 12:46 - 2020-02-16 12:46 - 003205888 _____ (Alexander Roshal) C:\Users\ВЕСКО\Downloads\winrar-x64-580.exe 2020-02-16 12:37 - 2020-02-16 12:37 - 000000000 ____D C:\Users\Public\Documents\Steam 2020-02-16 12:37 - 2020-02-16 12:37 - 000000000 ____D C:\ProgramData\Documents\Steam 2020-02-16 12:33 - 2020-02-16 12:33 - 000016499 _____ C:\Users\ВЕСКО\Downloads\Collection.torrent 2020-02-16 12:21 - 2020-02-16 12:33 - 000000000 ____D C:\Windows\SysWOW64\directx 2020-02-16 12:21 - 2020-02-16 12:21 - 000000000 ___HD C:\Windows\msdownld.tmp 2020-02-16 11:45 - 2020-02-16 11:45 - 000000000 ____D C:\Users\ВЕСКО\Documents\Lightshot 2020-02-16 11:43 - 2020-03-02 12:45 - 000000398 _____ C:\Windows\Tasks\update-sys.job 2020-02-16 11:43 - 2020-03-02 11:07 - 000000398 _____ C:\Windows\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001.job 2020-02-16 11:43 - 2020-02-16 11:43 - 000003268 _____ C:\Windows\system32\Tasks\update-sys 2020-02-16 11:43 - 2020-02-16 11:43 - 000003246 _____ C:\Windows\system32\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001 2020-02-16 11:43 - 2020-02-16 11:43 - 000000424 _____ C:\Users\ВЕСКО\AppData\Local\UserProducts.xml 2020-02-16 11:43 - 2020-02-16 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot 2020-02-16 11:43 - 2020-02-16 11:43 - 000000000 ____D C:\Program Files (x86)\Skillbrains 2020-02-16 11:41 - 2020-02-16 11:41 - 002784344 _____ (Skillbrains ) C:\Users\ВЕСКО\Downloads\setup-lightshot.exe 2020-02-16 11:00 - 2020-02-16 14:38 - 000000000 ____D C:\Games 2020-02-16 10:32 - 2020-02-22 06:37 - 000000000 ____D C:\Users\ВЕСКО\AppData\Roaming\BitTorrent 2020-02-16 10:32 - 2020-02-16 10:32 - 000000913 _____ C:\Users\ВЕСКО\Desktop\BitTorrent.lnk 2020-02-16 10:32 - 2020-02-16 10:32 - 000000893 _____ C:\Users\ВЕСКО\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk 2020-02-16 10:30 - 2020-02-16 10:31 - 005077120 _____ (BitTorrent Inc.) C:\Users\ВЕСКО\Downloads\BitTorrent.exe 2020-02-16 10:29 - 2020-02-16 10:30 - 000018355 _____ C:\Users\ВЕСКО\Downloads\Euro Truck Simulator 2 v1.36.2.2s.torrent 2020-02-16 09:56 - 2020-02-16 10:13 - 2092624032 _____ C:\Users\ВЕСКО\Downloads\EuroTruckSimulator2_1_28_1_3_patch.exe 2020-02-14 17:23 - 2020-02-14 17:24 - 001018988 _____ C:\Users\ВЕСКО\Downloads\QTranslate.6.7.4.exe 2020-02-09 11:43 - 2020-02-09 11:43 - 001031213 _____ C:\Users\ВЕСКО\Downloads\05.02.2020_Списък_на_подлежащите_на_запечатване_търговски_обекти_и_тяхното_местонахождение.pdf 2020-02-09 07:55 - 2020-02-09 07:55 - 003045838 _____ C:\Users\ВЕСКО\Downloads\1dad5ad69c6d5c9593aff6de7ce2ae91.mp4 2020-02-09 07:55 - 2020-02-09 07:55 - 002747301 _____ C:\Users\ВЕСКО\Downloads\b073f119aaf0f65be906afc679159766.mp4 2020-02-09 07:54 - 2020-02-09 07:55 - 003781947 _____ C:\Users\ВЕСКО\Downloads\a4e3ac7ac21e72da14d0550abe14d173.mp4 2020-02-07 19:31 - 2020-02-07 19:31 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\ElevatedDiagnostics ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-03-02 14:45 - 2019-08-10 22:00 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2076816696-1300689269-2899885506-1001 2020-03-02 14:39 - 2019-12-01 14:43 - 000000037 _____ C:\Users\Public\Desktop\Gameforge Client.url 2020-03-02 14:39 - 2019-12-01 14:43 - 000000037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Gameforge Client.url 2020-03-02 14:39 - 2019-12-01 14:43 - 000000037 _____ C:\ProgramData\Desktop\Gameforge Client.url 2020-03-02 14:39 - 2019-12-01 14:43 - 000000000 ____D C:\Program Files (x86)\GameforgeClient 2020-03-02 08:40 - 2019-08-10 22:08 - 000003910 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{54DC4300-FD57-426E-B02E-B8CE96343A01} 2020-02-28 12:39 - 2019-08-10 22:03 - 000000000 ___DO C:\Users\ВЕСКО\SkyDrive 2020-02-28 12:38 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-02-28 12:37 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2020-02-28 01:00 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf 2020-02-25 18:01 - 2020-01-04 20:07 - 000000065 _____ C:\Users\ВЕСКО\Downloads\uopilot.ini 2020-02-24 21:44 - 2019-08-10 22:13 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-02-24 21:44 - 2019-08-10 22:13 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-02-24 21:44 - 2019-08-10 22:13 - 000002203 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2020-02-22 06:37 - 2019-10-10 03:14 - 000000000 ____D C:\Windows\Minidump 2020-02-22 06:37 - 2019-08-11 08:47 - 000000000 ____D C:\Windows\Panther 2020-02-16 12:33 - 2013-08-22 17:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2020-02-14 17:24 - 2020-01-15 20:02 - 000001047 _____ C:\Users\ВЕСКО\Desktop\QTranslate.lnk 2020-02-12 04:05 - 2019-10-13 11:30 - 000004424 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier 2020-02-12 04:05 - 2019-10-13 11:30 - 000004282 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater 2020-02-12 04:04 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2020-02-12 04:04 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\Macromed 2020-02-05 02:36 - 2019-08-10 22:11 - 000003434 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2020-02-05 02:36 - 2019-08-10 22:11 - 000003306 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2020-02-01 06:12 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\NDF 2020-02-01 03:03 - 2019-08-12 01:06 - 000000000 ____D C:\Users\ВЕСКО\AppData\LocalLow\Unity ==================== Files in the root of some directories ======== 2019-10-27 11:08 - 2019-10-27 11:08 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll 2019-10-27 11:08 - 2019-10-27 11:08 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll 2019-10-27 11:08 - 2019-10-27 11:08 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll 2019-10-27 11:08 - 2019-10-27 11:08 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll 2019-10-13 11:25 - 2019-10-13 11:24 - 051823104 _____ () C:\Program Files\Macromedia Captivate.msi 2019-08-11 00:00 - 2019-08-11 00:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\AtStart.txt 2019-10-27 11:08 - 2019-10-27 11:08 - 000000556 _____ () C:\Users\ВЕСКО\AppData\Local\bowsakkdestx.txt 2019-08-11 00:00 - 2019-08-11 00:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\DSwitch.txt 2019-08-10 22:45 - 2019-12-12 16:42 - 000039733 _____ () C:\Users\ВЕСКО\AppData\Local\PlariumPlay.log 2019-08-11 00:00 - 2019-08-11 00:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\QSwitch.txt 2020-02-16 11:43 - 2020-02-16 11:43 - 000000003 _____ () C:\Users\ВЕСКО\AppData\Local\updater.log 2020-02-16 11:43 - 2020-02-16 11:43 - 000000424 _____ () C:\Users\ВЕСКО\AppData\Local\UserProducts.xml ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2020-02-28 01:00 ==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2020 Ran by ВЕСКО (02-03-2020 14:49:23) Running from C:\Users\ВЕСКО\Downloads Windows 8.1 Pro (Update) (X64) (2019-08-10 19:55:10) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2076816696-1300689269-2899885506-500 - Administrator - Disabled) Guest (S-1-5-21-2076816696-1300689269-2899885506-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2076816696-1300689269-2899885506-1003 - Limited - Enabled) ВЕСКО (S-1-5-21-2076816696-1300689269-2899885506-1001 - Administrator - Enabled) => C:\Users\ВЕСКО ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.330 - Adobe) BitTorrent (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\BitTorrent) (Version: 7.10.5.45496 - BitTorrent Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform) Gameforge Client (HKLM-x32\...\{d3b2a0c1-f0d0-4888-ae0b-1c5e1febdafb}_is1) (Version: 2.0.51.124 - Gameforge) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.122 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company) Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains) LINE (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\LINE) (Version: 5.22.0.2111 - LINE Corporation) LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation) Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes) Metin2 ru-RU (HKLM-x32\...\{fab180a3-cd65-4b7e-bd0e-2ef77fd0c258.ru-RU}) (Version: - Gameforge) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation) Plarium Play (HKLM-x32\...\{4EE55C89-1180-4702-86C0-0E999BF691FD}) (Version: 5.1.0 - Plarium) Hidden Plarium Play (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\{1077884f-6e6c-4848-8a7c-9dec58d99637}) (Version: 5.1.0 - Plarium) QLBCASL (HKLM-x32\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden QTranslate 6.7.4 (HKLM-x32\...\QTranslate) (Version: 6.7.4 - QuestSoft) SafeIP (HKLM-x32\...\SAFEIP_is1) (Version: - SafeIP) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated) WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH) Packages: ========= Frameworkuapbase -> C:\Program Files\WindowsApps\48682KiddoTest.Frameworkuapbase_1.0.0.2_neutral__81ffpr532s7pc [2019-08-11] (KiddoTest) Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.0_2.0.1410.19000_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.0_2.0.1410.19000_x86__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.1_2.0.1410.19000_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.1_2.0.1410.19000_x86__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x86__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Platform Extensions Internal) Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x86__8wekyb3d8bbwe [2019-08-11] (Microsoft Platform Extensions Internal) Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.2.0.Preview.Internal_1.0.9385.3_neutral__8wekyb3d8bbwe [2019-08-11] (Microsoft Platform Extensions) Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.2.0.Preview_1.0.9431.0_neutral__8wekyb3d8bbwe [2019-08-11] (Microsoft Platform Extensions) Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.Preview.1_1.0.9345.0_neutral__8wekyb3d8bbwe [2019-08-11] (Microsoft Platform Extensions) MSN Време -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.322_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad] MSN Кулинария -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad] MSN Пътуване -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad] mxtest2 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.mxtest2_2.0.0.0_neutral__x35ns48czryn0 [2019-08-11] (m1df_mmengesha) Test_Framework_BP_052015 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkBP052015_1.0.0.9_neutral__x35ns48czryn0 [2019-08-11] (m1df_mmengesha) Test_Framework_win81appxneutral_061115 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkwin81appxneutral06_4.0.0.7_neutral__x35ns48czryn0 [2019-08-11] (M1DF_Mmengesha) Test_FrameworkBackpublish_050515 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkBackpublish050515_1.0.0.0_neutral__x35ns48czryn0 [2019-08-11] (m1df_mmengesha) Test_FrameworkProd_062215_01 -> C:\Program Files\WindowsApps\50856m1dfLL.TestFrameworkProd06221501_1.0.0.10_neutral__nwcxtg9ehxpvt [2019-08-11] (m1df_lucyll) TESTFRAMEWORKABO2 -> C:\Program Files\WindowsApps\40538vasetest101.TESTFRAMEWORKABO2_12.0.21005.1_x64__ssm1v0s3df7zc [2019-08-11] (vasetest101) Видео -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.2.802.0_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad] Игри -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad] Музика -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.2.800.0_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-11] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-11] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2019-08-15 04:28 - 2015-08-03 08:54 - 000547328 _____ (SafeIP) [File not signed] C:\Windows\system32\SafeIPs64.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeIPS => ""="service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2019-12-06 18:21 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ВЕСКО\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run: => "SynTPEnh" HKLM\...\StartupApproved\Run32: => "QlbCtrl.exe" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{90A6F7DD-E504-4409-ABEC-C48BCE0F48C2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{75128495-E63B-4C18-86A2-FA3306C63C36}E:\lfs\lfs.exe] => (Allow) E:\lfs\lfs.exe () [File not signed] FirewallRules: [UDP Query User{C5906F14-8730-4E59-AB30-06C67E9BC2EB}E:\lfs\lfs.exe] => (Allow) E:\lfs\lfs.exe () [File not signed] FirewallRules: [{1BED8524-52DB-4260-8BBE-A881BD9D3E34}] => (Allow) C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{AA496B3E-2F6F-4807-965E-F158476BB027}] => (Allow) C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{A809C2BA-1C3A-4ECC-A381-6678FB2DAD54}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 21-12-2019 21:54:55 Scheduled Checkpoint 20-01-2020 02:26:46 Scheduled Checkpoint 27-01-2020 03:35:29 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Fingerprint Sensor Description: Fingerprint Sensor Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Base System Device Description: Base System Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ======================== Application errors: ================== Error: (03/02/2020 06:15:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAPA) Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/02/2020 06:15:56 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program WWAHost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: d24 Start Time: 01d5f0493947cd5c Termination Time: 4294967295 Application Path: C:\Windows\System32\WWAHost.exe Report Id: 810a4bbc-5c3c-11ea-828f-002713343a56 Faulting package full name: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: Windows.Store Error: (03/02/2020 06:15:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: PAPA) Description: App winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store did not launch within its allotted time. Error: (02/28/2020 12:39:52 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (02/27/2020 04:18:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: skydrive.exe, version: 6.3.9600.17484, time stamp: 0x545d76bd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0x00000000 Fault offset: 0x0000000000000000 Faulting process id: 0x1114 Faulting application start time: 0x01d5ed78bd3cd471 Faulting application path: C:\Windows\System32\skydrive.exe Faulting module path: unknown Report Id: fccfc0d4-596b-11ea-828e-002713343a56 Faulting package full name: Faulting package-relative application ID: Error: (02/26/2020 04:20:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: skydrive.exe, version: 6.3.9600.17484, time stamp: 0x545d76bd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0x00000000 Fault offset: 0x0000000000000000 Faulting process id: 0x1614 Faulting application start time: 0x01d5ecafd3283424 Faulting application path: C:\Windows\System32\skydrive.exe Faulting module path: unknown Report Id: 134ef253-58a3-11ea-828e-002713343a56 Faulting package full name: Faulting package-relative application ID: Error: (02/26/2020 04:58:58 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (02/26/2020 04:58:51 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code. System errors: ============= Error: (02/27/2020 04:27:58 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (02/27/2020 04:27:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Услуга на Google Актуализация (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (02/27/2020 04:27:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Услуга на Google Актуализация (gupdate) service to connect. Error: (02/27/2020 04:18:47 PM) (Source: DCOM) (EventID: 10010) (User: PAPA) Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout. Error: (02/26/2020 04:21:21 PM) (Source: DCOM) (EventID: 10010) (User: PAPA) Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout. Error: (02/25/2020 04:19:39 PM) (Source: DCOM) (EventID: 10010) (User: PAPA) Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout. Error: (02/21/2020 04:23:25 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Peer Name Resolution Protocol service, but this action failed with the following error: An instance of the service is already running. Error: (02/21/2020 04:21:26 PM) (Source: DCOM) (EventID: 10010) (User: PAPA) Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2020-03-02 14:49:21.815 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:BAT/AutoKms.S!MTB&threatid=2147743496&enterprise=0 Name: HackTool:BAT/AutoKms.S!MTB ID: 2147743496 Severity: High Category: Tool Path: file:_C:\Users\ВЕСКО\Documents\windows8.cmd Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Users\ВЕСКО\Downloads\FRST64.exe Signature Version: AV: 1.311.394.0, AS: 1.311.394.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.16800.2, NIS: 2.1.14600.4 Date: 2020-02-24 16:49:50.613 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Vigram.A&threatid=232718&enterprise=0 Name: Program:Win32/Vigram.A ID: 232718 Severity: Severe Category: Potentially Unwanted Software Path: file:_C:\Users\ВЕСКО\Downloads\SafeIP.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: Unknown Signature Version: AV: 1.309.1602.0, AS: 1.309.1602.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.16700.3, NIS: 2.1.14600.4 Date: 2020-02-21 04:27:22.929 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Vigram.A&threatid=232718&enterprise=0 Name: Program:Win32/Vigram.A ID: 232718 Severity: Severe Category: Potentially Unwanted Software Path: file:_C:\Users\ВЕСКО\Downloads\SafeIP (1).exe;file:_C:\Users\ВЕСКО\Downloads\SafeIP.exe;webfile:_C:\Users\ВЕСКО\Downloads\SafeIP (1).exe|https://www.freesafeip.com/SafeIP.exe|chrome.exe;webfile:_C:\Users\ВЕСКО\Downloads\SafeIP.exe|https://www.freesafeip.com/SafeIP.exe|chrome.exe Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Signature Version: AV: 1.309.1348.0, AS: 1.309.1348.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.16700.3, NIS: 2.1.14600.4 Date: 2020-02-21 04:27:20.517 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Vigram.A&threatid=232718&enterprise=0 Name: Program:Win32/Vigram.A ID: 232718 Severity: Severe Category: Potentially Unwanted Software Path: file:_C:\Users\ВЕСКО\Downloads\SafeIP.exe;webfile:_C:\Users\ВЕСКО\Downloads\SafeIP.exe|https://www.freesafeip.com/SafeIP.exe|chrome.exe Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Signature Version: AV: 1.309.1348.0, AS: 1.309.1348.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.16700.3, NIS: 2.1.14600.4 Date: 2020-02-21 04:24:18.037 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Vigram.A&threatid=232718&enterprise=0 Name: Program:Win32/Vigram.A ID: 232718 Severity: Severe Category: Potentially Unwanted Software Path: file:_C:\Users\ВЕСКО\Downloads\SafeIP.exe;webfile:_C:\Users\ВЕСКО\Downloads\SafeIP.exe|https://www.freesafeip.com/SafeIP.exe|chrome.exe Detection Origin: Internet Detection Type: FastPath Detection Source: Downloads and attachments Process Name: Unknown Signature Version: AV: 1.309.1348.0, AS: 1.309.1348.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.16700.3, NIS: 2.1.14600.4 Date: 2020-03-02 12:48:53.550 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.311.300.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16800.2 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Date: 2020-02-29 12:48:53.098 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.311.96.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16800.2 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Date: 2020-02-27 16:25:58.491 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.311.51.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16800.2 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Date: 2020-02-26 02:54:12.140 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.309.1602.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16700.3 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Date: 2020-02-24 16:32:59.871 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.309.1475.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16700.3 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. CodeIntegrity: =================================== Date: 2020-03-02 14:42:10.317 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-03-02 14:42:09.709 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-01 14:45:58.203 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-01 14:45:57.468 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-27 11:05:31.653 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-27 11:05:30.955 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-15 17:13:52.723 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-10-15 17:13:51.566 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: Hewlett-Packard 68PCU Ver. F.20 12/08/2011 Motherboard: Hewlett-Packard 30DB Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz Percentage of memory in use: 57% Total physical RAM: 3000.26 MB Available physical RAM: 1289.71 MB Total Virtual: 7000.26 MB Available Virtual: 5244.19 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:365.12 GB) (Free:324.76 GB) NTFS Drive e: () (Fixed) (Total:100.1 GB) (Free:80.41 GB) NTFS \\?\Volume{bce0ecb4-bba7-11e9-8250-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS \\?\Volume{bce0ecb7-bba7-11e9-8250-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0FD73A73) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=365.1 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=450 MB) - (Type=27) ==================== End of Addition.txt =======================
  13. Благодаря за отделеното време , приятна вечр и на вас
  • Разглеждащи това в момента   0 потребители

    • Няма регистрирани потребители разглеждащи тази страница.
×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване