Премини към съдържанието

blinkxz

Потребител
  • Публикации

    10
  • Регистрация

  • Последно онлайн

Нови отговори публикувани от blinkxz

  1. ГДБОП  (отдел pc престъпления) не ми отговарят ... проблема ми е от много време и съм ги чакал с години да ми дадат обратен отговор на мейла.

    Преди да пиша тук бях пуснал тема в bleeping computer.

    Eто я и темата :

    https://www.bleepingcomputer.com/forums/t/756054/virus-surviving-after-format/

    Като и там ми казаха същото.

    А за сервиза - не ми казаха каква е процедурата на премахването. (казаха ми само,че са направили бавен формат).

    А относно вируса незнам защо не се засича от никоя антивирусна/инструмент и т.н.

    Не съм разбирач,но мисля че компютъра ми няма как сам да си ги прави тези неща.

    Благодаря.

    • Харесване 1
  2. При зареждане на файла от флашката ми излезна грешка.

    Затова направо инсталирах  Уиндол-са.

    Ето и лог файловете :

     

    ADDITION LOG

    Цитат

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2021
    Ran by Petroff (12-08-2021 16:27:31)
    Running from C:\Users\Petroff\Downloads
    Windows 10 Home Version 1709 16299.15 (X64) (2021-08-12 10:03:52)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================


    (If an entry is included in the fixlist, it will be removed.)

    Administrator (S-1-5-21-3515235264-704741029-952955272-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3515235264-704741029-952955272-503 - Limited - Disabled)
    Guest (S-1-5-21-3515235264-704741029-952955272-501 - Limited - Disabled)
    Petroff (S-1-5-21-3515235264-704741029-952955272-1001 - Administrator - Enabled) => C:\Users\Petroff
    WDAGUtilityAccount (S-1-5-21-3515235264-704741029-952955272-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
    AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Antivirus (Enabled) {2092F4DC-EC63-3680-C854-E2DACF7E736A}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AVG Internet Security (HKLM\...\AVG Antivirus) (Version: 21.6.3189 - AVG Technologies)
    Microsoft OneDrive (HKU\S-1-5-21-3515235264-704741029-952955272-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
    Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 91.0 (x64 en-US)) (Version: 91.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 91.0 - Mozilla)
    NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)

    Packages:
    =========
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1705.4.0_x64__8wekyb3d8bbwe [2021-08-12] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1705.4.0_x86__8wekyb3d8bbwe [2021-08-12] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.17.8162.0_x64__8wekyb3d8bbwe [2021-08-12] (Microsoft Studios) [MS Ad]
    MSN Време -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.21.2492.0_x64__8wekyb3d8bbwe [2021-08-12] (Microsoft Corporation) [MS Ad]
    Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.596.0_x64__kzf8qxf38zg5c [2021-08-12] (Skype)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\Petroff\AppData\Roaming\Microsoft\Windows\SendTo\Прехвърляне на файлове с Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) <==== Cyrillic

    ==================== Loaded Modules (Whitelisted) =============

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========


    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2017-09-29 16:46 - 2017-09-29 16:44 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3515235264-704741029-952955272-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-21-3515235264-704741029-952955272-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{0B90805E-6541-4B6E-B390-F809C6C5CB4A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{21E29946-4395-48B2-B312-928B3FB86624}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

    ==================== Restore Points =========================

    12-08-2021 16:17:12 Windows Update

    ==================== Faulty Device Manager Devices ============

    Name: Unknown USB Device (Device Descriptor Request Failed)
    Description: Unknown USB Device (Device Descriptor Request Failed)
    Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
    Manufacturer: (Standard USB Host Controller)
    Service:
    Problem: : Windows has stopped this device because it has reported problems. (Code 43)
    Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (08/12/2021 04:08:36 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x803F7001
    Command-line arguments:
    RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (08/12/2021 01:08:23 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8024402C
    Command-line arguments:
    RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (08/12/2021 01:06:37 PM) (Source: ESENT) (EventID: 522) (User: )
    Description: ShellExperienceHost (4168,P,0) TILEREPOSITORYS-1-5-21-3515235264-704741029-952955272-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

    Error: (08/12/2021 01:06:37 PM) (Source: ESENT) (EventID: 522) (User: )
    Description: ShellExperienceHost (4168,P,0) TILEREPOSITORYS-1-5-21-3515235264-704741029-952955272-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

    Error: (08/12/2021 01:06:37 PM) (Source: ESENT) (EventID: 522) (User: )
    Description: ShellExperienceHost (4168,P,0) TILEREPOSITORYS-1-5-21-3515235264-704741029-952955272-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

    Error: (08/12/2021 01:06:37 PM) (Source: ESENT) (EventID: 522) (User: )
    Description: ShellExperienceHost (4168,P,0) TILEREPOSITORYS-1-5-21-3515235264-704741029-952955272-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

    Error: (08/12/2021 01:06:37 PM) (Source: ESENT) (EventID: 522) (User: )
    Description: ShellExperienceHost (4168,P,0) TILEREPOSITORYS-1-5-21-3515235264-704741029-952955272-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

    Error: (08/12/2021 01:06:37 PM) (Source: ESENT) (EventID: 522) (User: )
    Description: ShellExperienceHost (4168,P,0) TILEREPOSITORYS-1-5-21-3515235264-704741029-952955272-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).


    System errors:
    =============
    Error: (08/12/2021 04:25:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
     and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/12/2021 04:25:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/12/2021 04:25:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
     and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/12/2021 04:25:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/12/2021 04:25:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
     and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/12/2021 04:25:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/12/2021 04:25:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
     and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/12/2021 04:25:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    ==================== Memory info ===========================

    BIOS: Award Software International, Inc. F10 03/22/2011
    Motherboard: Gigabyte Technology Co., Ltd. GA-MA770T-UD3
    Processor: AMD Athlon(tm) II X4 645 Processor
    Percentage of memory in use: 34%
    Total physical RAM: 12285.55 MB
    Available physical RAM: 8030.27 MB
    Total Virtual: 14717.55 MB
    Available Virtual: 10501.17 MB

    ==================== Drives ================================

    Drive 😄 () (Fixed) (Total:930.97 GB) (Free:904.47 GB) NTFS

    \\?\Volume{1ba15cf0-0000-0000-0000-100000000000}\ (Резервирана за системата) (Fixed) (Total:0.54 GB) (Free:0.16 GB) NTFS

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 1BA15CF0)
    Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt =======================

     

    FRST LOG

    Цитат

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2021
    Ran by Petroff (administrator) on DESKTOP-EPF8BK9 (Gigabyte Technology Co., Ltd. GA-MA770T-UD3) (12-08-2021 16:25:52)
    Running from C:\Users\Petroff\Downloads
    Loaded Profiles: defaultuser0 & Petroff
    Platform: Windows 10 Home Version 1709 16299.15 (X64) Language: Български (България)
    Default browser: FF
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\afwServ.exe
    (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
    (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
    (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
    (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
    (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4>
    (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Users\Petroff\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <9>

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [171320 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    HKLM\...\Print\Monitors\IppMon: C:\Windows\system32\IPPMon.dll [226816 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {82CD39B6-382B-4F5E-988D-73AF75A374C5} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [673720 2021-08-05] (Mozilla Corporation -> Mozilla Foundation)
    Task: {89E38877-B238-4C2B-B6CA-D0177AEB37E0} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4950328 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    Task: {C255C923-5D36-44AD-BB75-3A17811AD075} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1821968 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{650ac328-1c36-4bc8-b3ab-252f605deb59}: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF DefaultProfile: 8ef1xjbw.default
    FF ProfilePath: C:\Users\Petroff\AppData\Roaming\Mozilla\Firefox\Profiles\8ef1xjbw.default [2021-08-12]
    FF ProfilePath: C:\Users\Petroff\AppData\Roaming\Mozilla\Firefox\Profiles\cm4bbvez.default-release [2021-08-12]
    FF Extension: (uBlock Origin) - C:\Users\Petroff\AppData\Roaming\Mozilla\Firefox\Profiles\cm4bbvez.default-release\Extensions\[email protected] [2021-08-12]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [628024 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R2 AVG Firewall; C:\Program Files\AVG\Antivirus\afwServ.exe [1616696 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [375096 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8310384 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [219104 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [367696 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [250448 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [99440 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    S0 avgElam; C:\Windows\System32\drivers\avgElam.sys [17336 2021-08-12] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
    R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [41504 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [184768 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [559960 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [108552 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    S0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [83064 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [851864 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [472072 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [215544 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [328720 2021-08-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
    R3 RTL8023x64; C:\Windows\System32\drivers\Rtnic64.sys [51712 2017-09-29] (Microsoft Windows -> Realtek Semiconductor Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-08-12 16:22 - 2021-08-12 16:26 - 000008411 _____ C:\Users\Petroff\Downloads\FRST.txt
    2021-08-12 16:21 - 2021-08-12 16:21 - 000000000 ____D C:\Users\Petroff\AppData\Local\AVG
    2021-08-12 16:20 - 2021-08-12 16:20 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Internet Security.lnk
    2021-08-12 16:20 - 2021-08-12 16:20 - 000002059 _____ C:\Users\Public\Desktop\AVG Internet Security.lnk
    2021-08-12 16:20 - 2021-08-12 16:20 - 000000000 ____D C:\Users\Petroff\AppData\Roaming\AVG
    2021-08-12 16:20 - 2021-08-12 16:20 - 000000000 ____D C:\Users\Petroff\AppData\Local\CEF
    2021-08-12 16:19 - 2021-08-12 16:19 - 000000000 ____D C:\Windows\system32\Tasks\AVG
    2021-08-12 16:18 - 2021-08-12 16:18 - 000003992 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
    2021-08-12 16:18 - 2021-08-12 16:18 - 000000000 ____D C:\Program Files\NVIDIA Corporation
    2021-08-12 16:18 - 2021-08-12 16:18 - 000000000 ____D C:\Program Files\Common Files\AVG
    2021-08-12 16:18 - 2021-08-12 16:17 - 000851864 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
    2021-08-12 16:18 - 2021-08-12 16:17 - 000559960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetHub.sys
    2021-08-12 16:18 - 2021-08-12 16:17 - 000472072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
    2021-08-12 16:18 - 2021-08-12 16:17 - 000367696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
    2021-08-12 16:18 - 2021-08-12 16:17 - 000340280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
    2021-08-12 16:18 - 2021-08-12 16:17 - 000328720 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
    2021-08-12 16:18 - 2021-08-12 16:17 - 000250448 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
    2021-08-12 16:18 - 2021-08-12 16:17 - 000219104 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
    2021-08-12 16:18 - 2021-08-12 16:17 - 000215544 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
    2021-08-12 16:18 - 2021-08-12 16:17 - 000184768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
    2021-08-12 16:18 - 2021-08-12 16:17 - 000108552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
    2021-08-12 16:18 - 2021-08-12 16:17 - 000099440 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
    2021-08-12 16:18 - 2021-08-12 16:17 - 000083064 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
    2021-08-12 16:18 - 2021-08-12 16:17 - 000041504 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
    2021-08-12 16:18 - 2021-08-12 16:17 - 000017336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgElam.sys
    2021-08-12 16:16 - 2021-08-12 16:19 - 000000000 ____D C:\ProgramData\AVG
    2021-08-12 16:16 - 2021-08-12 16:16 - 000261448 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Petroff\Downloads\avg_internet_security_setup.exe
    2021-08-12 16:16 - 2021-08-12 16:16 - 000000000 ____D C:\Program Files\AVG
    2021-08-12 16:14 - 2021-08-12 16:26 - 000000000 ____D C:\FRST
    2021-08-12 16:14 - 2021-08-12 16:14 - 002300416 _____ (Farbar) C:\Users\Petroff\Downloads\FRST64.exe
    2021-08-12 16:09 - 2021-08-12 16:11 - 000000000 ____D C:\ProgramData\Mozilla
    2021-08-12 16:09 - 2021-08-12 16:09 - 000333000 _____ (Mozilla) C:\Users\Petroff\Downloads\Firefox Installer.exe
    2021-08-12 16:09 - 2021-08-12 16:09 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2021-08-12 16:09 - 2021-08-12 16:09 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
    2021-08-12 16:09 - 2021-08-12 16:09 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
    2021-08-12 16:09 - 2021-08-12 16:09 - 000000000 ____D C:\Users\Petroff\AppData\Roaming\Mozilla
    2021-08-12 16:09 - 2021-08-12 16:09 - 000000000 ____D C:\Users\Petroff\AppData\LocalLow\Mozilla
    2021-08-12 16:09 - 2021-08-12 16:09 - 000000000 ____D C:\Users\Petroff\AppData\Local\Mozilla
    2021-08-12 16:09 - 2021-08-12 16:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2021-08-12 16:09 - 2021-08-12 16:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2021-08-12 16:08 - 2021-08-12 16:08 - 000000000 ___HD C:\Users\Petroff\MicrosoftEdgeBackups
    2021-08-12 16:08 - 2021-08-12 16:08 - 000000000 ____D C:\Users\Petroff\AppData\Local\MicrosoftEdge
    2021-08-12 16:08 - 2021-08-12 16:08 - 000000000 ____D C:\Users\Petroff\AppData\Local\Comms
    2021-08-12 16:08 - 2021-08-12 16:08 - 000000000 ____D C:\ProgramData\USOShared
    2021-08-12 13:49 - 2021-08-12 13:02 - 000000000 ____D C:\Windows\Panther
    2021-08-12 13:08 - 2021-08-12 13:08 - 000003294 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task v2
    2021-08-12 13:08 - 2021-08-12 13:08 - 000002397 _____ C:\Users\Petroff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2021-08-12 13:08 - 2021-08-12 13:08 - 000000000 ___RD C:\Users\Petroff\OneDrive
    2021-08-12 13:07 - 2021-08-12 13:07 - 000841206 _____ C:\Windows\system32\PerfStringBackup.INI
    2021-08-12 13:07 - 2021-08-12 13:07 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
    2021-08-12 13:06 - 2021-08-12 16:25 - 000000000 ____D C:\Users\Petroff\AppData\Local\Packages
    2021-08-12 13:06 - 2021-08-12 16:08 - 000000000 ____D C:\Users\Petroff
    2021-08-12 13:06 - 2021-08-12 13:06 - 000000020 ___SH C:\Users\Petroff\ntuser.ini
    2021-08-12 13:06 - 2021-08-12 13:06 - 000000000 __RHD C:\Users\Public\AccountPictures
    2021-08-12 13:06 - 2021-08-12 13:06 - 000000000 ___RD C:\Users\Petroff\3D Objects
    2021-08-12 13:06 - 2021-08-12 13:06 - 000000000 ____D C:\Users\Petroff\AppData\Roaming\Adobe
    2021-08-12 13:06 - 2021-08-12 13:06 - 000000000 ____D C:\Users\Petroff\AppData\Local\VirtualStore
    2021-08-12 13:06 - 2021-08-12 13:06 - 000000000 ____D C:\Users\Petroff\AppData\Local\Publishers
    2021-08-12 13:06 - 2021-08-12 13:06 - 000000000 ____D C:\Users\Petroff\AppData\Local\ConnectedDevicesPlatform
    2021-08-12 13:04 - 2021-08-12 13:05 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
    2021-08-12 13:04 - 2021-08-12 13:04 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
    2021-08-12 13:04 - 2021-08-12 13:04 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
    2021-08-12 13:03 - 2021-08-12 13:03 - 000000020 ___SH C:\Users\defaultuser0\ntuser.ini
    2021-08-12 13:03 - 2021-08-12 13:03 - 000000000 ____D C:\Users\defaultuser0
    2021-08-12 12:53 - 2021-08-12 13:03 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2021-08-12 12:49 - 2021-08-12 12:53 - 000000000 ____D C:\Windows\system32\SleepStudy
    2021-08-12 12:49 - 2021-08-12 12:50 - 000221968 _____ C:\Windows\system32\FNTCACHE.DAT
    2021-08-12 12:49 - 2021-08-12 12:49 - 000000000 ____D C:\Windows\ServiceProfiles

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-08-12 16:25 - 2017-09-29 16:46 - 000000000 ___HD C:\Program Files\WindowsApps
    2021-08-12 16:25 - 2017-09-29 16:46 - 000000000 ____D C:\Windows\AppReadiness
    2021-08-12 16:22 - 2017-09-29 16:46 - 000000000 ____D C:\Windows\DeliveryOptimization
    2021-08-12 16:19 - 2017-09-29 16:44 - 000000000 ____D C:\Windows\INF
    2021-08-12 16:19 - 2017-09-29 16:37 - 000000000 ____D C:\Windows\CbsTemp
    2021-08-12 16:18 - 2017-09-29 16:46 - 000000000 ___HD C:\Windows\ELAMBKUP
    2021-08-12 16:08 - 2017-09-29 16:46 - 000000000 ____D C:\ProgramData\USOPrivate
    2021-08-12 13:48 - 2017-09-29 16:46 - 000028672 _____ C:\Windows\system32\config\BCD-Template
    2021-08-12 13:05 - 2017-09-29 16:46 - 000000000 ____D C:\Windows\system32\spool
    2021-08-12 13:05 - 2017-09-29 16:46 - 000000000 ____D C:\Windows\system32\FxsTmp
    2021-08-12 13:02 - 2017-09-29 11:45 - 000262144 _____ C:\Windows\system32\config\BBI
    2021-08-12 12:56 - 2017-09-29 11:45 - 000000000 ____D C:\Windows\system32\Sysprep
    2021-08-12 12:54 - 2017-09-29 16:46 - 000000000 ___RD C:\Windows\PrintDialog
    2021-08-12 12:54 - 2017-09-29 16:46 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
    2021-08-12 12:53 - 2017-09-29 11:45 - 000032768 _____ C:\Windows\system32\config\ELAM

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)


    ==================== BCD ================================

    Windows Boot Manager
    --------------------
    identifier              {bootmgr}
    device                  partition=\Device\HarddiskVolume1
    description             Windows Boot Manager
    locale                  bg-BG
    inherit                 {globalsettings}
    default                 {current}
    resumeobject            {cfc9b13d-fb5a-11eb-8eb2-907d45ffe2d3}
    displayorder            {current}
    toolsdisplayorder       {memdiag}
    timeout                 30

    Windows Boot Loader
    -------------------
    identifier              {current}
    device                  partition=C:
    path                    \Windows\system32\winload.exe
    description             Windows 10
    locale                  bg-BG
    inherit                 {bootloadersettings}
    recoverysequence        {cfc9b13f-fb5a-11eb-8eb2-907d45ffe2d3}
    displaymessageoverride  Recovery
    recoveryenabled         Yes
    allowedinmemorysettings 0x15000075
    osdevice                partition=C:
    systemroot              \Windows
    resumeobject            {cfc9b13d-fb5a-11eb-8eb2-907d45ffe2d3}
    nx                      OptIn
    bootmenupolicy          Standard

    Windows Boot Loader
    -------------------
    identifier              {cfc9b13f-fb5a-11eb-8eb2-907d45ffe2d3}
    device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{cfc9b140-fb5a-11eb-8eb2-907d45ffe2d3}
    path                    \windows\system32\winload.exe
    description             Windows Recovery Environment
    locale                  bg-bg
    inherit                 {bootloadersettings}
    displaymessage          Recovery
    osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{cfc9b140-fb5a-11eb-8eb2-907d45ffe2d3}
    systemroot              \windows
    nx                      OptIn
    bootmenupolicy          Standard
    winpe                   Yes

    Resume from Hibernate
    ---------------------
    identifier              {cfc9b13d-fb5a-11eb-8eb2-907d45ffe2d3}
    device                  partition=C:
    path                    \Windows\system32\winresume.exe
    description             Windows Resume Application
    locale                  bg-BG
    inherit                 {resumeloadersettings}
    recoverysequence        {cfc9b13f-fb5a-11eb-8eb2-907d45ffe2d3}
    recoveryenabled         Yes
    allowedinmemorysettings 0x15000075
    filedevice              partition=C:
    filepath                \hiberfil.sys
    bootmenupolicy          Standard
    debugoptionenabled      No

    Windows Memory Tester
    ---------------------
    identifier              {memdiag}
    device                  partition=\Device\HarddiskVolume1
    path                    \boot\memtest.exe
    description             Windows Memory Diagnostic
    locale                  bg-BG
    inherit                 {globalsettings}
    badmemoryaccess         Yes

    EMS Settings
    ------------
    identifier              {emssettings}
    bootems                 No

    Debugger Settings
    -----------------
    identifier              {dbgsettings}
    debugtype               Local

    RAM Defects
    -----------
    identifier              {badmemory}

    Global Settings
    ---------------
    identifier              {globalsettings}
    inherit                 {dbgsettings}
                            {emssettings}
                            {badmemory}

    Boot Loader Settings
    --------------------
    identifier              {bootloadersettings}
    inherit                 {globalsettings}
                            {hypervisorsettings}

    Hypervisor Settings
    -------------------
    identifier              {hypervisorsettings}
    hypervisordebugtype     Serial
    hypervisordebugport     1
    hypervisorbaudrate      115200

    Resume Loader Settings
    ----------------------
    identifier              {resumeloadersettings}
    inherit                 {globalsettings}

    Device options
    --------------
    identifier              {cfc9b140-fb5a-11eb-8eb2-907d45ffe2d3}
    description             Windows Recovery
    ramdisksdidevice        partition=\Device\HarddiskVolume1
    ramdisksdipath          \Recovery\WindowsRE\boot.sdi

    ==================== End of FRST.txt ========================

     

  3. Благодаря за отговорите.

    Мисля,че съм заразен със РАТ.

    Защото някой направо ми контролира комптъра :

    -затваря приложения и игри

    -повечето от паролите ми се сменени

    -някой дори ми пипаше и настройките на уиндоус-а

    -мишката на работния плот се мърда сама

    -спира се защитната стена на Комодо

    Интересното е ,че някой ме заразява вече за 5-ти път.

    Като излолзвам ''чисти'' флашки и дискове.

    Вируса не се засича от никоя антивирусна/антиспаиуеър програма.

    Последните 4 пъти ходих на сервиз за да го махат,но вече не ми се дават пари.

    Като мисля,че вируса не е толкова ''сложен''.

    И,че най-много трябва да се ''изчисти от МБР''.

    Ако трябва мога да инсталирам Уиндовс 10.

    Благодаря.

     

  4. Здравейте,отнякъде съм хванал RAT (remote administration tool).

    Който остава след преинсталация на Windows.

    Опитах да сканирам с няколко буут антивирусни,но без успех.

    Също пробвах да направя слоу формат,но гадинката си остава.

    В интернет прочетох,че има такива който поразяват MBR/BIOS.

    Имам още един проблем,че в момента съм на Линукс.

    Та какво да правя.

     

  • Разглеждащи това в момента   0 потребители

    • Няма регистрирани потребители разглеждащи тази страница.
×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване