Премини към съдържанието

Magnolia D

Потребител
  • Публикации

    4
  • Регистрация

  • Последно онлайн

Харесвания

4 Неутрална репутация

Всичко за Magnolia D

  • Титла
    Новобранец
  1. Като цяло, мисля че нещата се оправиха. Самият компютър се забърза, относно интернет връзката - със сигурност се подобри доста - страниците се зареждат нормално. Наистина искам да Ви благодаря за бързия отговор и помощ! Хубаво е , когато след всеки невежа има по някой , който знае какво прави с компютъра ! Още веднъж благодаря и поздрави!
  2. Първо, искам да благодаря за детайлното обяснение ( многооо полезно за хора като мен ) . Изпълних всичко, което бе описано: Стъпка 1: След като премахна програмата, имаше остатъци и на други места, които ги почисти също. Стъпка 2 и Стъпка 3: Свалих и изпълних всички точки успешно - ще кача файловете. Стъпка 2: Fix result of Farbar Recovery Scan Tool (x86) Version: 11.11.2018 Ran by Grigorovi (13-11-2018 22:49:54) Run:1 Running from D:\Instal\FRST Loaded Profiles: Grigorovi (Available Profiles: Grigorovi) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: HKLM\...\Run: [CL-22-D39888C9-D725-485F-B4A2-1AD9369147B7] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-22-4DEB32A9-F15E-4B9A-A7FB-125105229440\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-22-4DEB32A (the data entry has 44 more characters). File: C:\Windows\foJiYOYp.exe File: C:\Windows\system32\rNZYYO.exe File: C:\Windows\system32\OmATowuMEtOu.exe C:\Windows\foJiYOYp.exe C:\Windows\system32\rNZYYO.exe C:\Windows\system32\OmATowuMEtOu.exe 2016-09-01 09:53 - 2016-09-01 09:53 - 000000000 ____C () C:\Users\Grigorovi\AppData\Local\AtStart.txt 2016-09-01 09:53 - 2016-09-01 09:53 - 000000000 ____C () C:\Users\Grigorovi\AppData\Local\DSwitch.txt 2016-09-01 09:53 - 2016-09-01 09:53 - 000000000 ____C () C:\Users\Grigorovi\AppData\Local\QSwitch.txt Task: {799B0207-76DA-486E-A105-B3B344D7133B} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe [2015-12-30] (Bitberry Software) <==== ATTENTION Task: {B3B5309E-A3C8-4093-981D-2AFCA15741FD} - System32\Tasks\{7B3B30F2-C504-4623-B0F4-626DA15FEEAD} => C:\Windows\system32\pcalua.exe -a D:\Igri\pokerstars\PokerStarsUninstall.exe -d D:\Igri\pokerstars Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION FirewallRules: [{8F1BA0E7-F395-4535-93C9-36C48F5499FC}] => (Allow) C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe cmd: del %temp%\*.* /f /s /q cmd: rd /s /q %temp% cmd: bitsadmin /reset /allusers cmd: netsh winsock reset catalog cmd: ipconfig /flushdns RemoveProxy: EmptyTemp: End ***************** Restore point was successfully created. Processes closed successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CL-22-D39888C9-D725-485F-B4A2-1AD9369147B7" => removed successfully. ========================= File: C:\Windows\foJiYOYp.exe ======================== C:\Windows\foJiYOYp.exe File not signed MD5: 0920B14AA67A8B04ACF48FFE7C6F0927 Creation and modification date: 30826-10-22 18:57 - 30826-10-22 18:57 Size: 000186368 Attributes: ----N Company Name: Microsoft Corporation Internal Name: bitsadmin.exe Original Name: bitsadmin.exe Product: Microsoft® Windows® Operating System Description: BITS administration utility File Version: 7.5.7601.17514 (win7sp1_rtm.101119-1850) Product Version: 7.5.7601.17514 Copyright: © Microsoft Corporation. All rights reserved. VirusTotal: https://www.virustotal.com/file/838670c83e6d1984d0c46e39c196028d292b3a6d2df96183f2f6e408f1a16e00/analysis/1540796545/ ====== End of File: ====== ========================= File: C:\Windows\system32\rNZYYO.exe ======================== C:\Windows\system32\rNZYYO.exe File not signed MD5: 06983C58F6D1CAE00A72CE5091715C79 Creation and modification date: 30826-10-22 18:57 - 30826-10-22 18:57 Size: 000073216 Attributes: ----N Company Name: Microsoft Corporation Internal Name: msiexec Original Name: msiexec.exe Product: Windows Installer - Unicode Description: Windows® installer File Version: 5.0.7601.24052 (win7sp1_ldr.180202-0600) Product Version: 5.0.7601.24052 Copyright: © Microsoft Corporation. All rights reserved. VirusTotal: https://www.virustotal.com/file/c91439319df61808e8fc4b4cf259b4ddd40dd09da9e90947d80eb417d32a7949/analysis/1541650258/ ====== End of File: ====== ========================= File: C:\Windows\system32\OmATowuMEtOu.exe ======================== C:\Windows\system32\OmATowuMEtOu.exe File not signed MD5: 06983C58F6D1CAE00A72CE5091715C79 Creation and modification date: 30826-10-22 18:57 - 30826-10-22 18:57 Size: 000073216 Attributes: ----N Company Name: Microsoft Corporation Internal Name: msiexec Original Name: msiexec.exe Product: Windows Installer - Unicode Description: Windows® installer File Version: 5.0.7601.24052 (win7sp1_ldr.180202-0600) Product Version: 5.0.7601.24052 Copyright: © Microsoft Corporation. All rights reserved. VirusTotal: https://www.virustotal.com/file/c91439319df61808e8fc4b4cf259b4ddd40dd09da9e90947d80eb417d32a7949/analysis/1541650258/ ====== End of File: ====== C:\Windows\foJiYOYp.exe => moved successfully C:\Windows\system32\rNZYYO.exe => moved successfully C:\Windows\system32\OmATowuMEtOu.exe => moved successfully "C:\Users\Grigorovi\AppData\Local\AtStart.txt" => not found C:\Users\Grigorovi\AppData\Local\DSwitch.txt => moved successfully C:\Users\Grigorovi\AppData\Local\QSwitch.txt => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{799B0207-76DA-486E-A105-B3B344D7133B}" => removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{799B0207-76DA-486E-A105-B3B344D7133B}" => removed successfully. C:\Windows\System32\Tasks\FreeFileViewerUpdateChecker => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker" => removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3B5309E-A3C8-4093-981D-2AFCA15741FD}" => removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3B5309E-A3C8-4093-981D-2AFCA15741FD}" => removed successfully. C:\Windows\System32\Tasks\{7B3B30F2-C504-4623-B0F4-626DA15FEEAD} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7B3B30F2-C504-4623-B0F4-626DA15FEEAD}" => removed successfully. C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => moved successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8F1BA0E7-F395-4535-93C9-36C48F5499FC}" => removed successfully. ========= del %temp%\*.* /f /s /q ========= Deleted file - C:\Users\GRIGOR~1\AppData\Local\Temp\AdobeARM.log Deleted file - C:\Users\GRIGOR~1\AppData\Local\Temp\AdobeARM_NotLocked.log C:\Users\GRIGOR~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt Џа®жҐбкв ­Ґ ¬®¦Ґ ¤ ­ Їа ўЁ ®Ўак饭ЁҐ Єк¬ д ©« , § й®в® в®© ᥠЁ§Ї®«§ў ®в ¤агЈ Їа®жҐб. Deleted file - C:\Users\GRIGOR~1\AppData\Local\Temp\acrord32_sbx\BroadcastMsg_1542058406.txt ========= End of CMD: ========= ========= rd /s /q %temp% ========= C:\Users\GRIGOR~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt - Џа®жҐбкв ­Ґ ¬®¦Ґ ¤ ­ Їа ўЁ ®Ўак饭ЁҐ Єк¬ д ©« , § й®в® в®© ᥠЁ§Ї®«§ў ®в ¤агЈ Їа®жҐб. C:\Users\GRIGOR~1\AppData\Local\Temp\POKERS~1\000010~2.000 - „ЁаҐЄв®аЁпв ­Ґ Ґ Їа §­ . ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. 0 out of 0 jobs canceled. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully. "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully. "HKU\S-1-5-21-2744073735-3007959217-1321240149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully. "HKU\S-1-5-21-2744073735-3007959217-1321240149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully. ========= End of RemoveProxy: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8167321 B Java, Flash, Steam htmlcache => 506 B Windows/system/drivers => 3952250 B Edge => 0 B Chrome => 268125914 B Firefox => 16162188 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 128 B LocalService => 0 B NetworkService => 3790198 B Grigorovi => 160141 B RecycleBin => 0 B EmptyTemp: => 294.4 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 22:57:36 ==== Стъпка 3: # ------------------------------- # Malwarebytes AdwCleaner 7.2.4.0 # ------------------------------- # Build: 09-19-2018 # Database: 2018-08-30.1 (Local) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 11-13-2018 # Duration: 00:00:03 # OS: Windows 7 Ultimate # Cleaned: 1 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Bitberry ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1410 octets] - [05/10/2018 13:42:45] AdwCleaner[C00].txt - [1516 octets] - [05/10/2018 13:43:17] AdwCleaner[S01].txt - [1393 octets] - [13/11/2018 23:17:51] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
  3. Здравейте, Благодаря Ви за бързия отговор. Наистина съм много боса по тия въпроси...ще задам, може би, доста глупав въпрос - но трябва ли да направя нещо с горепосочените три файла (файла може би?) или да не правя нищо , докато изрично не е казано - "Направи това, после това...и т.н." ? Както на децата - "първо пишеш чертичка.... после точка..."
  4. Здравейте, От два - три дни интернет връзката ми се влоши драматично - почти невъзможно беше да се зареди каквато и да е страница (отнемаше минути, ако въобще успееше да го направи). Анти вирусната показа, че има Троянец(нещо си ) - може би е трябвало да запомня какво точно нещо си, но аз просто натиснах да го изтрие. Повторната проверка показа, че всичко е наред, но не мисля че е точно така. Сега зарежда малко по-бързо, но като цяло е изключително бавно и не мисля, че е от връзката. Предполагам, че се разбира, че знанието за компютрите не е една от най-силните ми страни, но за всеки случай ще го подчертая, за да се опитам да оправдая глупостите , които евентуално съм направила и елементарния си "компютърен изказ". Относно стъпките за публикуване - нямам диск с операционната система, прикачвам другите два файла. П.С. Предварително благодаря за времето и съдействието! Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11.11.2018 Ran by Grigorovi (administrator) on DIDI (13-11-2018 15:39:12) Running from D:\Instal Loaded Profiles: Grigorovi (Available Profiles: Grigorovi) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Български (България) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [CL-22-D39888C9-D725-485F-B4A2-1AD9369147B7] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-22-4DEB32A9-F15E-4B9A-A7FB-125105229440\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-22-4DEB32A (the data entry has 44 more characters). HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation) HKU\S-1-5-21-2744073735-3007959217-1321240149-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{3247EA78-9C23-40D4-AF6B-21088034F9BF}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{AE99D80D-ED5E-4FA1-8934-689D4319410D}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = FireFox: ======== FF DefaultProfile: ixj5pejf.default-1538731853205 FF ProfilePath: C:\Users\Grigorovi\AppData\Roaming\Mozilla\Firefox\Profiles\ixj5pejf.default-1538731853205 [2018-11-12] FF Extension: (Firefox Monitor) - C:\Users\Grigorovi\AppData\Roaming\Mozilla\Firefox\Profiles\ixj5pejf.default-1538731853205\features\{a452a5ff-64b4-44fa-910c-c6debf5ffb1d}\fxmonitor@mozilla.org.xpi [2018-10-05] FF Extension: (Telemetry coverage) - C:\Users\Grigorovi\AppData\Roaming\Mozilla\Firefox\Profiles\ixj5pejf.default-1538731853205\features\{a452a5ff-64b4-44fa-910c-c6debf5ffb1d}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-05] [Legacy] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-14] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-29] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-29] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2744073735-3007959217-1321240149-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Grigorovi\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-08-10] (Zoom Video Communications, Inc.) Chrome: ======= CHR Profile: C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default [2018-11-13] CHR Extension: (Презентации) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Документи) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Диск) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17] CHR Extension: (YouTube) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-26] CHR Extension: (Adblock Plus) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-10-31] CHR Extension: (Adobe Acrobat) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04] CHR Extension: (Facebook Pixel Helper) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2018-10-23] CHR Extension: (Таблици) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Google Документи офлайн) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22] CHR Extension: (Pinterest Save Button) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-10-19] CHR Extension: (Grammar.com) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hamhaljjdpcgkelbadepgmnocknejief [2018-10-02] CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2018-09-19] CHR Extension: (Reasy) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfiiflbfkgfmeinikcgikgiijegkhgf [2017-12-09] CHR Extension: (Grammar and Spelling checker by Ginger) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfieneakcjfaiglcfcgkidlkmlijjnh [2018-11-07] CHR Extension: (Tag Assistant (by Google)) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2018-09-27] CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-10-09] CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2018-07-23] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05] CHR Extension: (Gmail) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-26] CHR Extension: (Chrome Media Router) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-19] CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [114648 2018-11-12] (SurfRight B.V.) R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [4406408 2018-11-12] (SurfRight B.V.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.) R1 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [263288 2018-11-12] (SurfRight B.V.) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [229568 2018-11-13] (Malwarebytes) R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation) R1 MpKsl5e3716e3; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4EE32FF0-58AB-4EF4-90BC-B7873B344D95}\MpKsl5e3716e3.sys [49504 2018-11-13] (Microsoft Corporation) R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2099-10-22 18:57 - 30826-10-22 18:57 - 000186368 ____N (Microsoft Corporation) C:\Windows\foJiYOYp.exe 2099-10-22 18:57 - 30826-10-22 18:57 - 000073216 ____N (Microsoft Corporation) C:\Windows\system32\rNZYYO.exe 2099-10-22 18:57 - 30826-10-22 18:57 - 000073216 ____N (Microsoft Corporation) C:\Windows\system32\OmATowuMEtOu.exe 2018-11-13 10:08 - 2018-11-13 10:08 - 000229568 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-11-12 18:25 - 2018-11-13 15:38 - 000000000 ____D C:\Windows\CryptoGuard 2018-11-12 18:25 - 2018-11-13 10:06 - 000000000 ___DC C:\ProgramData\HitmanPro.Alert 2018-11-12 18:25 - 2018-11-12 18:25 - 000875656 _____ (SurfRight B.V.) C:\Windows\system32\hmpalert.dll 2018-11-12 18:25 - 2018-11-12 18:25 - 000263288 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpalert.sys 2018-11-12 18:25 - 2018-11-12 18:25 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert 2018-11-12 18:25 - 2018-11-12 18:25 - 000000000 ___DC C:\Program Files\HitmanPro.Alert 2018-11-12 18:14 - 2018-11-12 18:14 - 000001847 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2018-11-12 18:14 - 2018-11-12 18:14 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2018-11-12 18:13 - 2018-11-12 18:14 - 000000000 ___DC C:\Program Files\HitmanPro 2018-11-07 09:29 - 2018-11-07 09:29 - 001292716 _____ C:\Users\Grigorovi\Desktop\ros.zip 2018-11-07 02:23 - 2018-11-05 16:55 - 009162423 _____ C:\Users\Grigorovi\Desktop\139_da_badesh_bog2.zip 2018-11-07 02:14 - 2018-11-07 02:14 - 001062670 _____ C:\Users\Grigorovi\Desktop\Ерик Бърн -Психология на човешките взаимоотношения.pdf 2018-11-07 02:13 - 2018-11-07 02:13 - 000798148 _____ C:\Users\Grigorovi\Desktop\Игрите, които хората играят.pdf 2018-11-01 17:09 - 2018-11-04 22:36 - 000000000 ____D C:\Users\Grigorovi\Desktop\WP-UnEducatedMermad 2018-10-29 18:44 - 2018-10-29 18:44 - 001092248 _____ C:\Users\Grigorovi\Desktop\Quick-Start-Affiliate-Marketing-Report.pdf 2018-10-26 22:52 - 2018-10-26 22:52 - 002583150 _____ C:\Users\Grigorovi\Desktop\lipton_spontanna.zip 2018-10-26 22:51 - 2018-10-26 22:51 - 001290479 _____ C:\Users\Grigorovi\Desktop\24_lipton_honemoon.zip 2018-10-20 16:07 - 2018-10-20 16:07 - 002677746 _____ C:\Users\Grigorovi\Desktop\unblock_your_abundance_by_christiemarie_sheldon_workbook_nsp2.pdf 2018-10-17 01:23 - 2018-10-17 01:24 - 000507221 _____ C:\Users\Grigorovi\Desktop\shum_v_ushite.zip 2018-10-16 18:55 - 2018-10-16 18:55 - 006273583 _____ C:\Users\Grigorovi\Desktop\Шакти Гуаейн-Пътят към истинското блоагоденствие.rar ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-11-13 15:39 - 2018-04-07 19:16 - 000000000 ___DC C:\FRST 2018-11-13 10:15 - 2009-07-14 06:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-11-13 10:15 - 2009-07-14 06:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-11-13 10:10 - 2018-04-10 19:56 - 000000386 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job 2018-11-13 10:06 - 2018-04-07 21:35 - 000065536 _____ C:\Windows\system32\Ikeext.etl 2018-11-13 10:06 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-11-13 05:49 - 2017-04-26 17:00 - 000000000 ___DC C:\ProgramData\HitmanPro 2018-11-12 19:59 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf 2018-11-12 18:48 - 2014-10-15 19:19 - 000000000 ____D C:\Windows\Minidump 2018-11-12 18:34 - 2016-12-02 16:12 - 000000702 _____ C:\Users\Public\Desktop\System Ninja.lnk 2018-11-12 18:34 - 2016-12-02 16:12 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Ninja 2018-11-09 18:05 - 2018-07-24 14:22 - 000000000 ___DC C:\Users\Grigorovi\AppData\Local\gtk-2.0 2018-10-30 09:45 - 2016-10-28 18:07 - 000660594 _____ C:\Windows\system32\perfh01D.dat 2018-10-30 09:45 - 2016-10-28 18:07 - 000144252 _____ C:\Windows\system32\perfc01D.dat 2018-10-30 09:45 - 2016-10-28 17:31 - 000425298 _____ C:\Windows\system32\perfh012.dat 2018-10-30 09:45 - 2016-10-28 17:31 - 000122162 _____ C:\Windows\system32\perfc012.dat 2018-10-30 09:45 - 2016-10-28 16:02 - 000378044 _____ C:\Windows\system32\prfh0804.dat 2018-10-30 09:45 - 2016-10-28 16:02 - 000121370 _____ C:\Windows\system32\prfc0804.dat 2018-10-30 09:45 - 2016-10-28 15:29 - 000413652 _____ C:\Windows\system32\perfh011.dat 2018-10-30 09:45 - 2016-10-28 15:29 - 000123878 _____ C:\Windows\system32\perfc011.dat 2018-10-30 09:45 - 2016-10-28 15:09 - 000680628 _____ C:\Windows\system32\perfh00E.dat 2018-10-30 09:45 - 2016-10-28 15:09 - 000173052 _____ C:\Windows\system32\perfc00E.dat 2018-10-30 09:45 - 2016-10-28 14:49 - 000478376 _____ C:\Windows\system32\perfh00B.dat 2018-10-30 09:45 - 2016-10-28 14:49 - 000103298 _____ C:\Windows\system32\perfc00B.dat 2018-10-30 09:45 - 2016-10-28 14:25 - 000389218 _____ C:\Windows\system32\perfh00D.dat 2018-10-30 09:45 - 2016-10-28 14:25 - 000086536 _____ C:\Windows\system32\perfc00D.dat 2018-10-30 09:45 - 2016-10-28 13:57 - 000740372 _____ C:\Windows\system32\perfh013.dat 2018-10-30 09:45 - 2016-10-28 13:57 - 000154880 _____ C:\Windows\system32\perfc013.dat 2018-10-30 09:45 - 2016-10-28 13:42 - 000491388 _____ C:\Windows\system32\perfh014.dat 2018-10-30 09:45 - 2016-10-28 13:42 - 000097182 _____ C:\Windows\system32\perfc014.dat 2018-10-30 09:45 - 2016-10-28 13:17 - 000603862 _____ C:\Windows\system32\perfh008.dat 2018-10-30 09:45 - 2016-10-28 13:17 - 000112906 _____ C:\Windows\system32\perfc008.dat 2018-10-30 09:45 - 2016-10-28 12:51 - 000736920 _____ C:\Windows\system32\perfh010.dat 2018-10-30 09:45 - 2016-10-28 12:51 - 000148624 _____ C:\Windows\system32\perfc010.dat 2018-10-30 09:45 - 2016-10-28 12:37 - 000665714 _____ C:\Windows\system32\perfh005.dat 2018-10-30 09:45 - 2016-10-28 12:37 - 000143204 _____ C:\Windows\system32\perfc005.dat 2018-10-30 09:45 - 2016-10-28 12:18 - 000475888 _____ C:\Windows\system32\perfh001.dat 2018-10-30 09:45 - 2016-10-28 12:18 - 000096550 _____ C:\Windows\system32\perfc001.dat 2018-10-30 09:45 - 2016-10-28 12:05 - 000742590 _____ C:\Windows\system32\perfh00C.dat 2018-10-30 09:45 - 2016-10-28 12:05 - 000151358 _____ C:\Windows\system32\perfc00C.dat 2018-10-30 09:45 - 2016-10-28 11:52 - 000725892 _____ C:\Windows\system32\prfh0816.dat 2018-10-30 09:45 - 2016-10-28 11:52 - 000154684 _____ C:\Windows\system32\prfc0816.dat 2018-10-30 09:45 - 2016-10-28 11:36 - 000506288 _____ C:\Windows\system32\perfh006.dat 2018-10-30 09:45 - 2016-10-28 11:36 - 000100436 _____ C:\Windows\system32\perfc006.dat 2018-10-30 09:45 - 2016-10-28 11:24 - 000742330 _____ C:\Windows\system32\perfh00A.dat 2018-10-30 09:45 - 2016-10-28 11:24 - 000160252 _____ C:\Windows\system32\perfc00A.dat 2018-10-30 09:45 - 2016-10-28 11:11 - 000395216 _____ C:\Windows\system32\prfh0404.dat 2018-10-30 09:45 - 2016-10-28 11:11 - 000116868 _____ C:\Windows\system32\prfc0404.dat 2018-10-30 09:45 - 2016-10-28 10:59 - 000737232 _____ C:\Windows\system32\perfh015.dat 2018-10-30 09:45 - 2016-10-28 10:59 - 000157650 _____ C:\Windows\system32\perfc015.dat 2018-10-30 09:45 - 2016-10-28 10:44 - 000721474 _____ C:\Windows\system32\perfh019.dat 2018-10-30 09:45 - 2016-10-28 10:44 - 000152620 _____ C:\Windows\system32\perfc019.dat 2018-10-30 09:45 - 2016-10-28 10:25 - 000710754 _____ C:\Windows\system32\prfh0416.dat 2018-10-30 09:45 - 2016-10-28 10:25 - 000149434 _____ C:\Windows\system32\prfc0416.dat 2018-10-30 09:45 - 2016-10-28 09:57 - 000694082 _____ C:\Windows\system32\perfh007.dat 2018-10-30 09:45 - 2016-10-28 09:57 - 000150894 _____ C:\Windows\system32\perfc007.dat 2018-10-30 09:45 - 2016-10-28 09:41 - 000653556 _____ C:\Windows\system32\perfh01F.dat 2018-10-30 09:45 - 2016-10-28 09:41 - 000141778 _____ C:\Windows\system32\perfc01F.dat 2018-10-30 09:45 - 2016-10-28 09:41 - 000126256 _____ C:\Windows\system32\perfh002.dat 2018-10-30 09:45 - 2016-10-28 09:41 - 000028684 _____ C:\Windows\system32\perfc002.dat 2018-10-30 09:45 - 2010-11-20 23:01 - 017739850 _____ C:\Windows\system32\PerfStringBackup.INI 2018-10-26 11:12 - 2018-10-05 13:08 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys 2018-10-25 10:37 - 2018-04-10 18:45 - 000002093 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-10-25 10:37 - 2016-08-26 11:58 - 000002134 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-10-24 12:51 - 2018-04-15 10:33 - 000000000 ___DC C:\Users\Grigorovi\AppData\Local\ElevatedDiagnostics 2018-10-23 08:50 - 2016-08-24 15:28 - 000002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-10-15 23:48 - 2014-10-15 19:37 - 000479504 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2017-11-23 15:47 - 2017-11-23 15:47 - 001276776 _____ () C:\Users\Grigorovi\AppData\Roaming\screenshot11Thursday1547301350000.png 2018-05-17 11:44 - 2018-05-17 11:44 - 001302316 _____ () C:\Users\Grigorovi\AppData\Roaming\screenshot5Thursday1244426890000.png 2018-05-17 11:44 - 2018-05-17 11:44 - 001299942 _____ () C:\Users\Grigorovi\AppData\Roaming\screenshot5Thursday1244446010000.png 2016-09-01 09:53 - 2016-09-01 09:53 - 000000000 ____C () C:\Users\Grigorovi\AppData\Local\AtStart.txt 2016-09-01 09:53 - 2016-09-01 09:53 - 000000000 ____C () C:\Users\Grigorovi\AppData\Local\DSwitch.txt 2016-09-01 09:53 - 2016-09-01 09:53 - 000000000 ____C () C:\Users\Grigorovi\AppData\Local\QSwitch.txt 2018-07-31 22:52 - 2018-07-31 22:52 - 000003292 ____C () C:\Users\Grigorovi\AppData\Local\recently-used.xbel 2017-08-26 20:16 - 2017-08-26 20:16 - 000007597 ____C () C:\Users\Grigorovi\AppData\Local\Resmon.ResmonCfg 2018-04-07 13:19 - 2018-04-07 13:19 - 000000003 ____C () C:\Users\Grigorovi\AppData\Local\wbem.ini ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-11-04 00:42 ==================== End of FRST.txt ============================ Addition.txt
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.