Премини към съдържанието

georginikoloff

Потребител
  • Публикации

    18
  • Регистрация

  • Последно онлайн

Харесвания

2 Неутрална репутация

Всичко за georginikoloff

  • Титла
    Потребител

Последни посетители

Информацията с последните посетители на профила ви е изключена и не се показва на другите потребители.

  1. georginikoloff

    High CPU Usage-svchost.exe

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018 Ran by J (administrator) on J-PC (09-12-2018 21:04:01) Running from C:\Users\J\Desktop Loaded Profiles: J & (Available Profiles: J) Platform: Windows 7 Professional Service Pack 1 (X64) Language: Български (България) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Discord Inc.) C:\Users\J\AppData\Local\Discord\app-0.0.301\Discord.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Discord Inc.) C:\Users\J\AppData\Local\Discord\app-0.0.301\Discord.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (Discord Inc.) C:\Users\J\AppData\Local\Discord\app-0.0.301\Discord.exe (Discord Inc.) C:\Users\J\AppData\Local\Discord\app-0.0.301\Discord.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Viber Media S.Ã r.l.) C:\Users\J\AppData\Local\Viber\Viber.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-18] (AVAST Software) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [406328 2015-03-25] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [213816 2015-03-25] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation) HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [125872 2018-09-19] (VMware, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1340212317-3700379154-1979773957-1000\...\Run: [Discord] => C:\Users\J\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.) HKU\S-1-5-21-1340212317-3700379154-1979773957-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [731240 2018-09-13] (Disc Soft Ltd) HKU\S-1-5-21-1340212317-3700379154-1979773957-1000\...\Run: [Viber] => C:\Users\J\AppData\Local\Viber\Viber.exe [36901960 2018-12-04] (Viber Media S.Ã r.l.) HKU\S-1-5-21-1340212317-3700379154-1979773957-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-1340212317-3700379154-1979773957-1000\...\MountPoints2: {5fe3d1cb-c091-11e8-9aca-08606e0343f4} - G:\setup.exe HKU\S-1-5-21-1340212317-3700379154-1979773957-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12092018192711244\...\Run: [Discord] => C:\Users\J\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.) HKU\S-1-5-21-1340212317-3700379154-1979773957-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12092018192711244\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [731240 2018-09-13] (Disc Soft Ltd) HKU\S-1-5-21-1340212317-3700379154-1979773957-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12092018192711244\...\Run: [Viber] => C:\Users\J\AppData\Local\Viber\Viber.exe [36901960 2018-12-04] (Viber Media S.Ã r.l.) HKU\S-1-5-21-1340212317-3700379154-1979773957-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12092018192711244\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-1340212317-3700379154-1979773957-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12092018192711244\...\MountPoints2: {5fe3d1cb-c091-11e8-9aca-08606e0343f4} - G:\setup.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [171384 2017-06-28] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [149224 2017-06-28] (NVIDIA Corporation) GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{1B55A1E1-BB4B-4015-9959-DD63FF29CC01}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{27002EBC-17A3-4E26-A5F7-1D50ED10CA3E}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{89C040F0-33A9-4273-82C8-FAB9DFD000B6}: [DhcpNameServer] 192.168.247.1 Tcpip\..\Interfaces\{C6F2D092-23AA-4917-8EFD-A8AFCA4E580D}: [DhcpNameServer] 192.168.64.2 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-12-02] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-02] (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2018-12-02] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2018-12-02] (Oracle Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-02] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2018-12-02] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2018-12-02] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-09-21] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-09-21] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\J\AppData\Local\Google\Chrome\User Data\Default [2018-12-09] CHR Extension: (Презентации) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-21] CHR Extension: (Документи) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-21] CHR Extension: (Google Диск) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-27] CHR Extension: (YouTube) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-21] CHR Extension: (Таблици) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-21] CHR Extension: (Google Документи офлайн) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-21] CHR Extension: (AdBlock) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-12-05] CHR Extension: (Avast Online Security) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-25] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-21] CHR Extension: (Gmail) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-21] CHR Extension: (Chrome Media Router) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-31] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-18] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-18] (AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-10-03] () R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3648616 2018-09-13] (Disc Soft Ltd) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2018-09-21] (EasyAntiCheat Ltd) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH) R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15445936 2018-09-19] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-06-25] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201240 2018-11-18] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230344 2018-11-18] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201768 2018-11-18] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346592 2018-11-18] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59496 2018-11-18] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239840 2018-11-26] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46384 2018-11-18] (AVAST Software) R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2018-11-18] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163208 2018-11-18] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111800 2018-11-18] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87432 2018-11-18] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028680 2018-11-18] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469272 2018-11-18] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208472 2018-11-18] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380464 2018-11-18] (AVAST Software) R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [61824 2012-10-31] (ASUS Corporation) S3 cpuz140; C:\Users\J\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [43840 2018-09-24] (CPUID) <==== ATTENTION R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-09-25] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-09-25] (Disc Soft Ltd) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-12-04] (Malwarebytes) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2018-12-09] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [126624 2018-12-09] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [72536 2018-12-09] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [261032 2018-12-09] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [103760 2018-12-09] (Malwarebytes) R1 npcap; C:\Windows\System32\DRIVERS\npcap.sys [72400 2018-03-13] (Insecure.Com LLC.) S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [213216 2018-11-08] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [223000 2018-11-08] (Oracle Corporation) R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [93576 2018-06-22] (VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-x64.sys [52576 2018-02-28] (VMware, Inc.) U4 npcap_wifi; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-12-09 21:04 - 2018-12-09 21:05 - 000019837 _____ C:\Users\J\Desktop\FRST.txt 2018-12-09 21:03 - 2018-12-09 21:04 - 000000000 ____D C:\FRST 2018-12-09 21:03 - 2018-12-09 21:03 - 002417152 _____ (Farbar) C:\Users\J\Desktop\FRST64.exe 2018-12-09 19:18 - 2018-12-09 19:18 - 000072536 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-12-09 19:18 - 2018-12-09 19:18 - 000000000 ____D C:\Users\J\AppData\Local\mbam 2018-12-09 19:17 - 2018-12-09 19:19 - 000103760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-12-09 19:17 - 2018-12-09 19:17 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-12-09 19:17 - 2018-12-09 19:17 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-12-09 19:17 - 2018-12-09 19:17 - 000126624 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-12-09 19:17 - 2018-12-09 19:17 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-12-09 19:17 - 2018-12-09 19:17 - 000000000 ____D C:\Users\J\AppData\Local\mbamtray 2018-12-09 19:17 - 2018-12-09 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-12-09 19:17 - 2018-12-09 19:17 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-12-09 19:17 - 2018-12-09 19:17 - 000000000 ____D C:\Program Files\Malwarebytes 2018-12-09 19:17 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2018-12-09 19:16 - 2018-12-09 19:17 - 081227760 _____ (Malwarebytes ) C:\Users\J\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe 2018-12-09 19:05 - 2018-12-09 19:05 - 000007609 _____ C:\Users\J\AppData\Local\Resmon.ResmonCfg 2018-12-09 18:38 - 2018-12-09 18:38 - 001828569 _____ C:\Users\J\Downloads\ProcessExplorer.zip 2018-12-09 18:38 - 2018-12-09 18:38 - 000000000 ____D C:\Users\J\Downloads\ProcessExplorer 2018-12-09 15:16 - 2018-12-09 15:16 - 000000000 ____D C:\Users\J\Documents\My Games 2018-12-09 15:15 - 2018-12-09 15:15 - 013830440 _____ (Grinding Gear Games) C:\Users\J\Downloads\PathOfExileInstaller.exe 2018-12-09 15:15 - 2018-12-09 15:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games 2018-12-09 15:15 - 2018-12-09 15:15 - 000000000 ____D C:\Program Files (x86)\Grinding Gear Games 2018-12-09 15:15 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2018-12-09 15:15 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll 2018-12-06 18:35 - 2018-12-06 18:35 - 000000000 ____D C:\Users\J\AppData\Local\Viber 2018-12-05 20:24 - 2018-12-05 20:24 - 000000000 ____D C:\Users\J\AppData\Local\famatech 2018-12-05 20:24 - 2018-12-05 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radmin Viewer 3 2018-12-05 20:24 - 2018-12-05 20:24 - 000000000 ____D C:\Program Files (x86)\Radmin Viewer 3 2018-12-05 20:20 - 2018-12-05 20:20 - 000000000 ____D C:\Users\J\AppData\Roaming\SystemTools 2018-12-05 20:18 - 2018-12-05 20:18 - 020670514 _____ C:\Users\J\Downloads\hyena_en_x64.zip 2018-12-05 20:18 - 2018-12-05 20:18 - 000000000 ____D C:\Users\J\Downloads\hyena_en_x64 2018-12-05 20:12 - 2003-03-01 14:20 - 000062464 _____ (Camelott GmbH) C:\Users\J\Desktop\NetBIOS Enumerater.exe 2018-12-05 20:01 - 2018-12-05 20:09 - 000000000 ____D C:\Users\J\.zenmap 2018-12-05 19:54 - 2018-12-05 20:25 - 000001262 _____ C:\Users\J\advanced_ip_scanner_MAC.bin 2018-12-05 19:54 - 2018-12-05 20:25 - 000000015 _____ C:\Users\J\advanced_ip_scanner_Comments.bin 2018-12-05 19:54 - 2018-12-05 20:25 - 000000015 _____ C:\Users\J\advanced_ip_scanner_Aliases.bin 2018-12-05 19:03 - 2003-08-19 10:31 - 000207360 _____ (Foundstone Inc.) C:\Users\J\Desktop\SuperScan4.exe 2018-12-04 10:14 - 2018-12-04 10:14 - 000000000 ____D C:\ProgramData\WNR 2018-12-03 19:54 - 2018-12-05 20:33 - 000000000 ____D C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Proxy Workbench 2018-12-03 19:54 - 2018-12-03 19:54 - 000002955 _____ C:\Users\J\Desktop\Proxy Workbench.lnk 2018-12-03 19:54 - 2018-12-03 19:54 - 000000000 ____D C:\Users\J\AppData\Roaming\WNR 2018-12-03 19:54 - 2018-12-03 19:54 - 000000000 ____D C:\Users\J\AppData\Roaming\MPC-HC 2018-12-03 19:51 - 2018-12-05 20:32 - 000014336 _____ C:\Users\J\Documents\nstprodata-demo.db3 2018-12-03 19:51 - 2018-12-05 20:19 - 000000601 _____ C:\Users\J\Desktop\Nmap - Zenmap GUI.lnk 2018-12-03 19:51 - 2018-12-03 19:51 - 000000917 _____ C:\Users\Public\Desktop\NetScanTools Pro Demo.lnk 2018-12-03 19:51 - 2018-12-03 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap 2018-12-03 19:51 - 2018-12-03 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetScanTools Pro Demo 2018-12-03 19:51 - 2018-12-03 19:51 - 000000000 ____D C:\Program Files (x86)\WinPcap 2018-12-03 19:50 - 2018-12-05 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyena 2018-12-03 19:50 - 2018-12-03 19:50 - 000000441 _____ C:\Users\J\Desktop\Hyena.lnk 2018-12-03 19:50 - 2018-12-03 19:50 - 000000000 ____D C:\Users\J\AppData\Roaming\NWPS 2018-12-03 19:50 - 2018-12-03 19:50 - 000000000 ____D C:\ProgramData\NWPS 2018-12-03 19:49 - 2018-12-03 19:49 - 000000981 _____ C:\Users\Public\Desktop\Advanced IP Scanner.lnk 2018-12-03 19:49 - 2018-12-03 19:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2 2018-12-03 19:49 - 2018-12-03 19:49 - 000000000 ____D C:\Program Files (x86)\Advanced IP Scanner 2018-12-03 19:47 - 2018-12-03 19:47 - 000026624 _____ (Gibson Research Corp.) C:\Users\J\Desktop\idserve.exe 2018-12-03 19:37 - 2018-12-03 19:37 - 000000000 ____D C:\Windows\SysWOW64\Npcap 2018-12-03 19:37 - 2018-12-03 19:37 - 000000000 ____D C:\Windows\system32\Npcap 2018-12-03 19:37 - 2018-12-03 19:37 - 000000000 ____D C:\Program Files\Npcap 2018-12-03 16:21 - 2018-09-03 11:22 - 003552256 _____ C:\Windows\system32\pwNative.exe 2018-12-03 16:21 - 2013-09-30 16:26 - 000019152 _____ C:\Windows\system32\pwdrvio.sys 2018-12-03 16:21 - 2013-09-30 16:26 - 000012504 _____ C:\Windows\system32\pwdspio.sys 2018-12-03 16:06 - 2018-12-05 14:15 - 000001031 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard.lnk 2018-12-03 16:06 - 2018-12-03 16:21 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 10 2018-12-03 16:06 - 2018-12-03 16:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 10 2018-12-03 15:25 - 2018-12-03 15:27 - 000000432 __RSH C:\ProgramData\ntuser.pol 2018-12-02 23:08 - 2018-12-05 13:00 - 000000000 ____D C:\Users\J\PycharmProjects 2018-12-02 22:58 - 2018-12-02 23:12 - 000000000 ____D C:\Users\J\AppData\Roaming\JetBrains 2018-12-02 22:57 - 2018-12-02 22:57 - 000000000 ____D C:\Users\J\.PyCharm2018.3 2018-12-02 21:12 - 2018-12-02 21:12 - 000263584 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2018-12-02 21:12 - 2018-12-02 21:12 - 000174496 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2018-12-02 21:12 - 2018-12-02 21:12 - 000174496 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2018-12-02 21:12 - 2018-12-02 21:12 - 000095648 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2018-12-02 21:12 - 2018-12-02 21:12 - 000000000 ____D C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eMailTrackerPro 2018-12-02 21:12 - 2018-12-02 21:12 - 000000000 ____D C:\Program Files (x86)\Java 2018-12-02 21:12 - 2018-12-02 21:12 - 000000000 ____D C:\Program Files (x86)\eMailTrackerPro 2018-12-02 21:11 - 2018-12-02 21:11 - 000000000 ____D C:\Users\J\AppData\Roaming\Sun 2018-12-02 21:10 - 2018-12-02 21:10 - 000110968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2018-12-02 21:10 - 2018-12-02 21:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2018-12-02 21:10 - 2018-12-02 21:10 - 000000000 ____D C:\Program Files\Java 2018-12-02 21:05 - 2018-12-02 21:05 - 000000033 _____ C:\ProgramData\JexePack-Path 2018-12-02 21:05 - 2018-12-02 21:05 - 000000000 ____D C:\Users\J\applogs 2018-12-02 21:05 - 2018-12-02 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JexePack 2018-12-02 21:05 - 2018-12-02 21:05 - 000000000 ____D C:\Program Files (x86)\JexePack 2018-12-02 20:59 - 2018-12-02 20:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains 2018-12-02 20:58 - 2018-12-05 14:15 - 000000807 _____ C:\Users\Public\Desktop\JetBrains PyCharm 2018.3 x64.lnk 2018-12-02 20:58 - 2018-12-02 20:58 - 000000000 ____D C:\Program Files\JetBrains 2018-12-02 20:55 - 2018-12-02 20:55 - 000000000 ____D C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.7 2018-11-28 21:44 - 2018-11-28 21:44 - 000000000 ____D C:\Users\J\AppData\Local\Spadix 2018-11-28 21:40 - 2018-11-28 21:40 - 000000000 ____D C:\Users\J\AppData\Roaming\WebDataExtractorPro 2018-11-28 21:40 - 2018-11-28 21:40 - 000000000 ____D C:\ProgramData\Isolated Storage 2018-11-28 21:34 - 2018-11-28 21:37 - 000000000 ____D C:\My Web Sites 2018-11-28 21:29 - 2018-11-28 21:29 - 000000000 ____D C:\Users\J\eMailTrackerPro 2018-11-28 21:22 - 2018-11-28 21:22 - 000001083 _____ C:\Users\J\Desktop\SmartWhois.lnk 2018-11-28 20:57 - 2018-11-28 20:57 - 000000000 ____D C:\Users\J\AppData\Roaming\TamoSoft 2018-11-28 20:57 - 2018-11-28 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartWhois 2018-11-28 20:57 - 2018-11-28 20:57 - 000000000 ____D C:\Program Files (x86)\SmartWhois 2018-11-28 20:32 - 2018-11-28 20:57 - 000000000 ____D C:\ProgramData\TamoSoft 2018-11-28 20:32 - 2018-11-28 20:32 - 000001111 _____ C:\Users\Public\Desktop\TamoGraph Site Survey.lnk 2018-11-28 20:32 - 2018-11-28 20:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TamoGraph Site Survey 2018-11-28 20:32 - 2018-11-28 20:32 - 000000000 ____D C:\Program Files (x86)\TamoGraph 2018-11-28 20:31 - 2018-11-28 21:40 - 000000000 ____D C:\Program Files (x86)\WebDataExtractorPro 2018-11-28 20:31 - 2018-11-28 20:31 - 000001114 _____ C:\Users\Public\Desktop\WebDataExtractorPro.lnk 2018-11-28 20:31 - 2018-11-28 20:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebDataExtractorPro 2018-11-28 20:30 - 2018-12-05 14:15 - 000000880 _____ C:\Users\J\Desktop\HTTrack Website Copier.lnk 2018-11-28 20:30 - 2018-11-28 20:30 - 000000000 ____D C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Path Analyzer Pro 2.7 2018-11-28 20:30 - 2018-11-28 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack 2018-11-28 20:30 - 2018-11-28 20:30 - 000000000 ____D C:\Program Files\WinHTTrack 2018-11-28 20:30 - 2018-11-28 20:30 - 000000000 ____D C:\Program Files (x86)\Path Analyzer Pro 2.7 2018-11-28 20:29 - 2018-12-02 21:12 - 000866720 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2018-11-28 20:29 - 2018-12-02 21:12 - 000788896 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2018-11-28 20:29 - 2018-11-28 20:29 - 000000000 ____D C:\Users\J\AppData\LocalLow\Sun 2018-11-20 18:02 - 2018-11-20 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MathWave 2018-11-20 18:02 - 2018-11-20 18:02 - 000000000 ____D C:\Program Files (x86)\MathWave 2018-11-20 17:02 - 2018-11-20 17:09 - 000000000 ____D C:\Users\J\.VirtualBox 2018-11-20 17:02 - 2018-11-20 17:02 - 000001076 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk 2018-11-20 17:02 - 2018-11-20 17:02 - 000000000 ____D C:\Program Files\Oracle 2018-11-20 17:02 - 2018-11-08 16:40 - 000984512 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2018-11-20 17:02 - 2018-11-08 16:40 - 000169056 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2018-11-20 16:21 - 2018-11-20 23:14 - 000000000 ____D C:\Users\J\AppData\Roaming\VMware 2018-11-20 16:21 - 2018-11-20 23:14 - 000000000 ____D C:\Users\J\AppData\Local\VMware 2018-11-20 16:21 - 2018-09-19 04:10 - 000099272 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys 2018-11-20 16:21 - 2018-06-22 01:30 - 000093576 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys 2018-11-20 16:21 - 2018-06-22 01:30 - 000046472 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll 2018-11-20 16:21 - 2018-06-22 01:30 - 000042376 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll 2018-11-20 16:20 - 2018-09-19 04:17 - 001266096 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll 2018-11-20 16:20 - 2018-09-19 04:16 - 000396208 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe 2018-11-20 16:20 - 2018-09-19 04:16 - 000374192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe 2018-11-20 16:20 - 2018-09-19 04:16 - 000134104 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll 2018-11-20 16:20 - 2018-09-19 04:16 - 000046040 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys 2018-11-20 16:20 - 2018-09-19 04:16 - 000043992 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys 2018-11-20 16:20 - 2018-09-05 22:43 - 000084752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys 2018-11-20 16:19 - 2018-11-20 16:19 - 000001203 _____ C:\Users\Public\Desktop\VMware Workstation Pro.lnk 2018-11-20 16:19 - 2018-11-20 16:19 - 000001024 _____ C:\Windows\SysWOW64\%TMP% 2018-11-20 16:18 - 2018-12-09 18:31 - 000000000 ____D C:\ProgramData\VMware 2018-11-20 16:18 - 2018-11-20 16:18 - 000000000 ____D C:\Users\Public\Documents\Shared Virtual Machines 2018-11-20 16:18 - 2018-11-20 16:18 - 000000000 ____D C:\Program Files\Common Files\VMware 2018-11-20 16:18 - 2018-11-20 16:18 - 000000000 ____D C:\Program Files (x86)\VMware 2018-11-18 19:55 - 2018-11-18 19:55 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2018-11-12 23:59 - 2018-11-12 23:59 - 000000000 ____D C:\Users\J\AppData\Local\CrashReportClient ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-12-09 21:02 - 2018-09-26 16:18 - 000003716 _____ C:\Windows\System32\Tasks\MATLAB R2018b Startup Accelerator 2018-12-09 21:02 - 2018-09-26 16:18 - 000000538 _____ C:\Windows\Tasks\MATLAB R2018b Startup Accelerator.job 2018-12-09 21:02 - 2018-09-24 19:52 - 000003542 _____ C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64) 2018-12-09 21:02 - 2018-09-22 20:09 - 000002984 _____ C:\Windows\System32\Tasks\ATKOSD2 2018-12-09 21:02 - 2018-09-21 19:36 - 000003796 _____ C:\Windows\System32\Tasks\Driver Easy Scheduled Scan 2018-12-09 21:02 - 2018-09-21 19:36 - 000000398 _____ C:\Windows\Tasks\Driver Easy Scheduled Scan.job 2018-12-09 21:02 - 2018-09-21 10:42 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software 2018-12-09 21:02 - 2018-09-21 10:40 - 000003116 _____ C:\Windows\System32\Tasks\klcp_update 2018-12-09 21:02 - 2018-09-21 10:37 - 000003432 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-12-09 21:02 - 2018-09-21 10:37 - 000003304 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2018-12-09 19:37 - 2018-10-07 22:51 - 000000000 ____D C:\Users\J\Documents\ViberDownloads 2018-12-09 19:03 - 2018-10-07 22:51 - 000000000 ____D C:\Users\J\AppData\Roaming\ViberPC 2018-12-09 18:48 - 2009-07-14 06:45 - 000031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-12-09 18:48 - 2009-07-14 06:45 - 000031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-12-09 18:31 - 2018-09-21 10:38 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-12-09 18:31 - 2018-09-21 10:35 - 000000000 ____D C:\ProgramData\NVIDIA 2018-12-09 18:31 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-12-09 15:15 - 2018-09-21 14:41 - 000000000 ____D C:\ProgramData\Package Cache 2018-12-06 15:02 - 2018-09-21 14:40 - 000000000 ____D C:\Users\J\AppData\Local\UnrealEngine 2018-12-05 22:59 - 2018-09-21 10:44 - 000000000 ____D C:\Users\J\AppData\Roaming\uTorrent 2018-12-05 20:58 - 2018-09-21 10:41 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2018-12-05 20:01 - 2018-09-21 10:19 - 000000000 ____D C:\Users\J 2018-12-05 12:46 - 2018-09-26 14:58 - 000000000 ____D C:\Users\J\Documents\MATLAB 2018-12-03 19:50 - 2018-09-24 21:08 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2018-12-03 19:37 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2018-12-03 15:50 - 2009-07-14 07:13 - 000785446 _____ C:\Windows\system32\PerfStringBackup.INI 2018-12-03 15:25 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2018-12-03 15:25 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy 2018-12-02 20:54 - 2018-10-07 22:50 - 000000000 ____D C:\Users\J\AppData\Local\Package Cache 2018-11-29 23:30 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\Registration 2018-11-28 15:44 - 2018-09-21 10:38 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-11-26 15:55 - 2018-09-21 10:41 - 000239840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2018-11-26 11:40 - 2009-07-14 07:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2018-11-20 16:19 - 2018-09-21 14:36 - 000790212 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2018-11-18 19:55 - 2018-10-20 11:16 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2018-11-18 19:55 - 2018-09-21 10:41 - 001028680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2018-11-18 19:55 - 2018-09-21 10:41 - 000469272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2018-11-18 19:55 - 2018-09-21 10:41 - 000380464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2018-11-18 19:55 - 2018-09-21 10:41 - 000346592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys 2018-11-18 19:55 - 2018-09-21 10:41 - 000230344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2018-11-18 19:55 - 2018-09-21 10:41 - 000208472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2018-11-18 19:55 - 2018-09-21 10:41 - 000201768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys 2018-11-18 19:55 - 2018-09-21 10:41 - 000201240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2018-11-18 19:55 - 2018-09-21 10:41 - 000163208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2018-11-18 19:55 - 2018-09-21 10:41 - 000111800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2018-11-18 19:55 - 2018-09-21 10:41 - 000087432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2018-11-18 19:55 - 2018-09-21 10:41 - 000059496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys 2018-11-18 19:55 - 2018-09-21 10:41 - 000046384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2018-11-14 19:16 - 2018-09-25 16:19 - 000000288 _____ C:\Users\J\.packettracer 2018-11-14 13:43 - 2018-09-25 16:19 - 000000000 ____D C:\Users\J\AppData\Local\PacketTracer7 ==================== Files in the root of some directories ======= 2018-12-09 19:05 - 2018-12-09 19:05 - 000007609 _____ () C:\Users\J\AppData\Local\Resmon.ResmonCfg 2018-12-05 20:01 - 2018-12-05 20:01 - 000000000 _____ () C:\Users\J\AppData\Local\zenmap.exe.log Some files in TEMP: ==================== 2017-06-20 03:59 - 2017-06-20 03:59 - 000164424 _____ (Microsoft Corporation) C:\Users\J\AppData\Local\Temp\atl110.dll 2017-06-20 03:59 - 2017-06-20 03:59 - 000069632 _____ () C:\Users\J\AppData\Local\Temp\HwInfo.dll 2018-06-27 08:26 - 2018-06-27 08:26 - 001202688 _____ () C:\Users\J\AppData\Local\Temp\NSISPromotionEx.dll 2017-06-20 03:59 - 2017-06-20 03:59 - 000099328 _____ () C:\Users\J\AppData\Local\Temp\NSISTrigger.dll 2012-02-25 15:25 - 2012-02-25 15:25 - 000410624 _____ () C:\Users\J\AppData\Local\Temp\setup.exe 2018-10-04 19:58 - 2018-08-08 11:29 - 000070656 _____ () C:\Users\J\AppData\Local\Temp\ShellHook.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-12-04 10:43 ==================== End of FRST.txt ============================ Addition.txt
  2. georginikoloff

    High CPU Usage-svchost.exe

    Резултат от сканирането , изтрих всичко , но си държи същото ниво. Тъкмо качвах 2те снимки :
  3. Разрових се малко в google относно проблема със процеса svchost.exe , но без успех - използва много памет за разлика от другите работещи негови процеси (около 10x). Прикачвам снимка с използваните от него услуги. Имах свалена програма , която антивирусната засече , нещо свързано със mining беше и я деинсталирах , но процеса продължи да си държи високо ниво и след рестарт .
  4. georginikoloff

    Хакнато абв?

    Говорих по телефона със съпорта , обясних им станалото и ми казаха , че след като не помня данните си няма как да възстановят акаунта .
  5. georginikoloff

    Хакнато абв?

    Мда , фалшиви бяха . Проблема е ,че не ги и помня. Говорих с един по телефона и ми обясни ,че няма как да ми я възстанови щом не помня данните.
  6. georginikoloff

    Хакнато абв?

    Е да става с лична карта но ако си въвел данните си от нея в пощата , а аз на 13 не съм мислил баш това :Д
  7. georginikoloff

    Хакнато абв?

    Съдя по това което съм минал веднъж не друго. ИП-тата до днешен са така както бяха и преди 2 години(предишната ми случка с връщане на акаунт- с фирма много по мащабна от абв) и тогава бяха 2 и сега са . Но няма смисъл да спорим - като цяло си прав . Edit : погледнах дали има опция за смяна на въпрос и отговор, но нямаше моя грешка.просто не ги помня , минало е бая време :Д.
  8. georginikoloff

    Хакнато абв?

    Е тук не е въпроса за това ,а че те могат да видят разликата в ип-тата след като аз влизам САМО от 2 места и те могат да го видят . Следователно могат да си направят труда да се опитат да ми върнат акаунта , но не им се занимава.Преди време бях в същата ситуация , но с кадърни администратори ,които си разбираха работата и ми върнаха акаунта , е не в абв естествено :Д
  9. georginikoloff

    Хакнато абв?

    Е администраторите на сайта предполагам могат да видят ИП-тата от които е влизан следователно да видят ,че е хакнат. След като е сменен и тайния въпрос и другите споменати няма как да го върна , пощатата е правена преди 10 години +- и да не ги е сменил няма как да ги помня , но това че нивото на сигурност е трагично е така .
  10. georginikoloff

    Хакнато абв?

    Грешен потребител/парола. Само това. Разбрах че е хакнат емайла в последствие понеже беше свързан с една игра , акаунта в който също е хакнат.
  11. georginikoloff

    Хакнато абв?

    Е не съм компютърно неграмотен :Д през ден 2 влизам в пощатата и не съм си забравил паролата :Д Иначе през опцията пишете ни , най долу в сайта на абв.
  12. georginikoloff

    Хакнато абв?

    Няма оправия май..
  13. georginikoloff

    Хакнато абв?

    5 пъти им писах - опитайте с възстановяване на емайл чрез друг емайл или номер ..
  14. georginikoloff

    Хакнато абв?

    Вече всичко е сменено , но въпроса ми е как да постъпя след като искам да върна майла си .
  15. Здравейте, вчера ми беше хакнато абв-то , някой дали му се е налагало да контактува с администраторите на сайта ? Меко казано май са пуснати само ботове да отговарят с : Възстановете си паролата . Не става , сменен е номера и всичко останало . (или аз съм сложил преди 10 години неща които не помня :Д) Та ако някой може да удари едно рамо как да се постъпи в ситуацията , понеже имам важна информация там .
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.