Премини към съдържанието

miroslav24

Потребител
  • Публикации

    8
  • Регистрация

  • Последно онлайн

Постижения на miroslav24

Новобранец

Новобранец (2/21)

  • Първа публикация
  • Разговор за начинаещи
  • Първа седмица
  • Месец по-късно

Нови значки

1

Репутация

  1. ето и последния лог # Run at 8.11.2021 'г.' 14:59:01 'ч.' # KpRm (Kernel-panik) version 2.9.2 # Website https://kernel-panik.me/tool/kprm/ # Run by m from C:\Users\m\Desktop # Computer Name: M-PC # OS: Windows 7 X64 (7601) Service Pack 1 # Number of passes: 1 - Checked options - ~ Registry Backup ~ Delete Tools ~ Restore System Settings ~ UAC Restore ~ Delete Restore Points ~ Create Restore Point ~ Delete Quarantines after 7 days - Create Registry Backup - ~ [OK] Hive C:\Windows\System32\config\SOFTWARE backed up ~ [OK] Hive C:\Users\m\NTUSER.dat backed up [OK] Registry Backup: C:\KPRM\backup\2021-11-08-14-59-01 - Delete Tools - ## AdwCleaner [OK] C:\Users\m\Desktop\adwcleaner_8.3.0.exe deleted ## Malwarebytes (log) [OK] C:\Users\m\Desktop\Malwarebytes.txt deleted ## SecurityCheck [OK] C:\Users\m\Desktop\SecurityCheck.exe deleted ## Systemlook [OK] C:\Users\m\Desktop\SystemLook_x64.exe deleted - Other Lines - ## Quarantines that will be deleted in 7 days (2021/11/15) ~ C:\AdwCleaner (AdwCleaner) ~ C:\EEK (Emisoft Emergency Kit) - Restore System Settings - [OK] Reset WinSock [OK] FLUSHDNS [OK] Hide Hidden file. [OK] Show Extensions for known file types [OK] Hide protected operating system files - Restore UAC - [OK] Set EnableLUA with default (1) value [OK] Set ConsentPromptBehaviorAdmin with default (5) value [OK] Set ConsentPromptBehaviorUser with default (3) value [OK] Set EnableInstallerDetection with default (0) value [OK] Set EnableSecureUIAPaths with default (1) value [OK] Set EnableUIADesktopToggle with default (0) value [OK] Set EnableVirtualization with default (1) value [OK] Set FilterAdministratorToken with default (0) value [OK] Set PromptOnSecureDesktop with default (1) value [OK] Set ValidateAdminCodeSignatures with default (0) value - Clear Restore Points - ~ [OK] RP named Restore Point Created by FRST created at 11/06/2021 10:58:32 deleted ~ [OK] RP named Restore Point Created by FRST created at 11/07/2021 06:26:00 deleted [OK] All system restore points have been successfully deleted - Create Restore Point - [OK] System Restore Point created - Display System Restore Point - ~ [I] RP named KpRm created at 11/08/2021 12:59:19 -- KPRM finished in 50.71s -- Благодаря отново за свършената работа.
  2. ето последните логове msert.log Malwarebytes.txt AdwCleaner[C01].txt
  3. ето и последния лог Fix result of Farbar Recovery Scan Tool (x64) Version: 06-11-2021 Ran by m (07-11-2021 08:25:57) Run:2 Running from C:\Users\m\Desktop Loaded Profiles: m & user & UpdatusUser Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: C:\Users\user\AppData\Roaming\adaware C:\Users\user\AppData\Roaming\adaware\adaware antivirus C:\Users\user\AppData\Local\AdAwareDesktop C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_AdAwareDesktop.e_64cdf6ce65aa46f419f283aecfcd52406658d93_23b4d56b C:\Users\m\AppData\Local\AdAwareDesktop C:\ProgramData\BitDefender C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_084d916d C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_088ad305 C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_088ebbf3 C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_08c196fb C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0b95a2a3 C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0ba98e12 C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bb98d18 C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bc99d93 C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bcd9fb5 C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bd19286 C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0be590d1 C:\Program Files\adaware\adaware antivirus\Antimalware Engine C:\Program Files\adaware\adaware antivirus C:\Program Files\adaware C:\Users\m\Downloads\Adaware_Installer (1).exe StartRegedit: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}] ""=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C43C21609E58D74B9C5F017D78D7262] "ProductName"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C43C21609E58D74B9C5F017D78D7262\SourceList] "PackageName"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C43C21609E58D74B9C5F017D78D7262\InstallProperties] "DisplayName"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\adaware] [-HKEY_LOCAL_MACHINE\SOFTWARE\adaware\adaware antivirus] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\AdAwareService.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdAwareService.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\adaware] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\adaware\adaware antivirus] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdAwareService.exe] [HKEY_USERS\S-1-5-21-3677490310-1812953499-2719145278-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Users\m\Downloads\Adaware_Installer (1).exe"=- EndRegedit: EmptyTemp: ***************** Restore point was successfully created. Processes closed successfully. C:\Users\user\AppData\Roaming\adaware => moved successfully "C:\Users\user\AppData\Roaming\adaware\adaware antivirus" => not found C:\Users\user\AppData\Local\AdAwareDesktop => moved successfully C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_AdAwareDesktop.e_64cdf6ce65aa46f419f283aecfcd52406658d93_23b4d56b => moved successfully C:\Users\m\AppData\Local\AdAwareDesktop => moved successfully C:\ProgramData\BitDefender => moved successfully C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_084d916d => moved successfully C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_088ad305 => moved successfully C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_088ebbf3 => moved successfully C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_08c196fb => moved successfully C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0b95a2a3 => moved successfully C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0ba98e12 => moved successfully C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bb98d18 => moved successfully C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bc99d93 => moved successfully C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bcd9fb5 => moved successfully C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bd19286 => moved successfully C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0be590d1 => moved successfully "C:\Program Files\adaware\adaware antivirus\Antimalware Engine" => not found "C:\Program Files\adaware\adaware antivirus" => not found "C:\Program Files\adaware" => not found "C:\Users\m\Downloads\Adaware_Installer (1).exe" => not found Registry ====> The operation completed successfully. =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5000072 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 78291140 B Edge => 0 B Chrome => 37800208 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 128 B systemprofile32 => 256 B LocalService => 256 B NetworkService => 256 B m => 32520 B user => 1199279 B UpdatusUser.m-PC => 1199279 B RecycleBin => 13344533 B EmptyTemp: => 130.5 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 08:26:22 ====
  4. да,усеща се разликата.Остана само проблема с клавиатурата.Сложих друга да пробвам ,при нея обаче само цифрите 5 и 6 могат да се изписват,всички други не могат да се изписват и съответните им знаци при комбиниране с шифт.На първата клавиатура с цифрите няма проблем ,а само остана при натискане на "q" се визуализира функцията на комбинацията CTRL+B ,няма смисъл да изброявам останалите 7-8 разминавания.
  5. Fix result of Farbar Recovery Scan Tool (x64) Version: 06-11-2021 Ran by m (06-11-2021 12:58:25) Run:1 Running from C:\Users\m\Desktop Loaded Profiles: m & user & UpdatusUser Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\...\MountPoints2: {0a81dba5-27a3-11ea-a847-001966873225} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: G - G:\HiSuiteDownLoader.exe HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: {0a81dba5-27a3-11ea-a847-001966873225} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: {47ff949c-0a92-11ea-a190-001966873225} - G:\HiSuiteDownLoader.exe HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: {8577a3fe-b396-11e9-aa0e-001966873225} - G:\HiSuiteDownLoader.exe HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: {e039427d-ec0a-11e9-a6c5-001966873225} - G:\HiSuiteDownLoader.exe FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] S2 DFWSIDService; C:\Program Files (x86)\Wondershare\drfone\WsidService.exe [X] S2 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Unlock\ElevationService.exe [X] S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone\Addins\SocialApps\DriverInstall.exe [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] FirewallRules: [{47562BA6-10EE-4584-8257-58E76E629977}] => (Allow) H:\LetsView\LetsView.exe => No File FirewallRules: [{EEB53487-5539-4AAD-80B2-0CBA0368DDC2}] => (Allow) H:\LetsView\LetsView.exe => No File FirewallRules: [{66E2D4EF-C6D5-448E-98B0-7152BF0FF3FD}] => (Allow) C:\Users\user\Downloads\4ukey-for-android.exe => No File FirewallRules: [{FCAFB221-9508-4FB0-946B-D10F8A26A004}] => (Allow) C:\Users\user\Downloads\4ukey-for-android.exe => No File cmd: ipconfig /flushdns EmptyTemp: ***************** Restore point was successfully created. Processes closed successfully. HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81dba5-27a3-11ea-a847-001966873225} => removed successfully HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G => removed successfully HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81dba5-27a3-11ea-a847-001966873225} => removed successfully HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47ff949c-0a92-11ea-a190-001966873225} => removed successfully HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8577a3fe-b396-11e9-aa0e-001966873225} => removed successfully HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e039427d-ec0a-11e9-a6c5-001966873225} => removed successfully HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully HKLM\System\CurrentControlSet\Services\DFWSIDService => removed successfully DFWSIDService => service removed successfully HKLM\System\CurrentControlSet\Services\ElevationService => removed successfully ElevationService => service removed successfully HKLM\System\CurrentControlSet\Services\WsDrvInst => removed successfully WsDrvInst => service removed successfully HKLM\System\CurrentControlSet\Services\VGPU => removed successfully VGPU => service removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{47562BA6-10EE-4584-8257-58E76E629977}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EEB53487-5539-4AAD-80B2-0CBA0368DDC2}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66E2D4EF-C6D5-448E-98B0-7152BF0FF3FD}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FCAFB221-9508-4FB0-946B-D10F8A26A004}" => removed successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 52430048 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 247157766 B Edge => 0 B Chrome => 91712262 B Firefox => 0 B Opera => 20301692 B Temp, IE cache, history, cookies, recent: Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 128 B systemprofile32 => 416719104 B LocalService => 416719104 B NetworkService => 416735234 B m => 1387897132 B user => 1714004016 B UpdatusUser.m-PC => 1714004016 B RecycleBin => 44612997 B EmptyTemp: => 6.1 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 13:00:53 ==== Farbar Recovery Scan Tool (x64) Version: 06-11-2021 Ran by m (06-11-2021 13:05:45) Running from C:\Users\m\Desktop Boot Mode: Normal ================== Search Files: "SearchAll: Adobe Flash Player;swMSM;Bitdefender;adaware" ============= File: ======== folder: ======== 2018-09-24 11:16 - 2018-09-24 11:16 _____ C:\Users\user\AppData\Roaming\adaware 2018-09-24 11:16 - 2018-09-24 11:16 _____ C:\Users\user\AppData\Roaming\adaware\adaware antivirus 2018-09-24 11:16 - 2018-09-24 11:16 _____ C:\Users\user\AppData\Local\AdAwareDesktop 2021-09-01 14:43 - 2021-09-01 14:43 ____C C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_AdAwareDesktop.e_64cdf6ce65aa46f419f283aecfcd52406658d93_23b4d56b 2018-09-12 14:55 - 2018-09-12 14:55 _____ C:\Users\m\AppData\Local\AdAwareDesktop 2018-09-12 15:20 - 2018-09-12 15:20 _____ C:\ProgramData\BitDefender 2019-04-11 07:16 - 2019-04-11 07:16 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_084d916d 2019-04-11 07:20 - 2019-04-11 07:20 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_088ad305 2019-04-11 07:24 - 2019-04-11 07:24 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_088ebbf3 2019-04-09 07:14 - 2019-04-09 07:14 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_08c196fb 2019-04-05 07:11 - 2019-04-05 07:11 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0b95a2a3 2019-04-04 06:58 - 2019-04-04 06:58 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0ba98e12 2019-04-08 17:47 - 2019-04-08 17:47 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bb98d18 2019-04-03 12:37 - 2019-04-03 12:37 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bc99d93 2019-04-12 07:12 - 2019-04-12 07:12 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bcd9fb5 2019-04-10 10:58 - 2019-04-10 10:58 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0bd19286 2019-04-08 07:29 - 2019-04-08 07:29 ____C C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_adawareantivirus_5ea2d8a75c3c3a3c974530f2d3d5a555628d62d_0be590d1 Registry: ======== ===================== Search result for "Adobe Flash Player" ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}] ""="Adobe Flash Player" ===================== Search result for "swMSM" ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C43C21609E58D74B9C5F017D78D7262] "ProductName"="swMSM" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C43C21609E58D74B9C5F017D78D7262\SourceList] "PackageName"="swMSM.msi" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C43C21609E58D74B9C5F017D78D7262\InstallProperties] "DisplayName"="swMSM" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}] "DisplayName"="swMSM" ===================== Search result for "Bitdefender" ========== ===================== Search result for "adaware" ========== [HKEY_LOCAL_MACHINE\SOFTWARE\adaware] [HKEY_LOCAL_MACHINE\SOFTWARE\adaware\adaware antivirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\AdAwareService.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\adaware\adaware antivirus\Antimalware Engine\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\adaware\adaware antivirus\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\adaware\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\adaware\adaware antivirus\AdAwareProxyEngine\1.0.0.8\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\adaware\adaware antivirus\AdAwareProxyEngine\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\adaware\adaware antivirus\Online Threats Engine\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\adaware\adaware antivirus\Antispam Engine\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\adaware\adaware antivirus\adaware antivirus\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\adaware\adaware antivirus\AVC Engine\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.5.961.11619\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.6.1005.11662\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.7.1055.0\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.60.0\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.129.0\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\adaware\adaware antivirus\Antimalware Engine\3.1.261.0\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.134.0\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdAwareService.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\adaware] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\adaware\adaware antivirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\adaware\adaware antivirus] "InstallerPath"="C:\Users\m\AppData\Local\Temp\17220858-ac9c-4fd2-9cb3-bb2586c93ff2\AdAwareWebInstaller.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdAwareService.exe] [HKEY_USERS\S-1-5-21-3677490310-1812953499-2719145278-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Users\m\Downloads\Adaware_Installer (1).exe"="1" ====== End of Search ======
  6. ето и логовете след последното сканиране Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2021 Ran by m (administrator) on M-PC (Dell Inc. OptiPlex 990) (05-11-2021 16:03:40) Running from C:\Users\m\Desktop Loaded Profiles: m & UpdatusUser : Microsoft Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Comodo Security Solutions -> Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13> (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\vsnpstd3.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Opera Software AS -> Opera Software) C:\Users\m\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2> (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft) C:\Program Files (x86)\iSkysoft\IAF\2.4.3.241\IsAppService.exe (Wondershare Technology Co.,Ltd -> Wondershare) C:\ProgramData\Wondershare\Service\InstallAssistService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-12-20] (Intel Corporation -> Intel Corporation) HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\...\Run: [Opera Browser Assistant] => C:\Users\m\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4105424 2021-10-14] (Opera Software AS -> Opera Software) HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\...\MountPoints2: {0a81dba5-27a3-11ea-a847-001966873225} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91016584 2021-01-15] (Skype Software Sarl -> Skype Technologies S.A.) HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: G - G:\HiSuiteDownLoader.exe HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: {0a81dba5-27a3-11ea-a847-001966873225} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: {47ff949c-0a92-11ea-a190-001966873225} - G:\HiSuiteDownLoader.exe HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: {8577a3fe-b396-11e9-aa0e-001966873225} - G:\HiSuiteDownLoader.exe HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\MountPoints2: {e039427d-ec0a-11e9-a6c5-001966873225} - G:\HiSuiteDownLoader.exe HKLM\...\Windows x64\Print Processors\hpzpp5k2: C:\Windows\System32\spool\prtprocs\x64\hpzpp5k2.dll [224768 2007-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\PCL hpz3l5k2: C:\Windows\system32\hpz3l5k2.dll [130048 2007-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-11-02] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2018-09-15] ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe () [File not signed] ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {34A3C3A9-41B8-4DD7-AFD4-631A74ADB020} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-17] (Google Inc -> Google LLC) Task: {585061AA-3B0D-466C-8614-66CE8C9A197A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.) Task: {847DA880-4A40-41C0-92F4-373750132701} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation) Task: {99DF0363-65B3-487E-B846-603ED223A397} - System32\Tasks\Opera scheduled assistant Autoupdate 1583764303 => C:\Users\m\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\m\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {9CF4AD45-905B-4986-B3B8-0D665F300EE7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation) Task: {ACD5325D-DC99-4ED9-A3D8-EB8540E8A810} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-17] (Google Inc -> Google LLC) Task: {D4092DC2-36B9-44A5-92E9-1D0E2FD04052} - System32\Tasks\G2MUploadTask-S-1-5-21-3677490310-1812953499-2719145278-1003 => C:\Users\m\AppData\Local\GoToMeeting\18068\g2mupload.exe [32424 2020-07-07] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {D8C822A7-9352-4816-A40A-A852B43E34AE} - System32\Tasks\G2MUpdateTask-S-1-5-21-3677490310-1812953499-2719145278-1003 => C:\Users\m\AppData\Local\GoToMeeting\18068\g2mupdate.exe [32424 2020-07-07] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {DAFE22E4-BB1F-4CBC-84C3-B62EB2CE1D57} - System32\Tasks\Microsoft Office 15 Sync Maintenance for m-PC-user m-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [469640 2012-10-01] (Microsoft Corporation -> Microsoft Corporation) Task: {DD3A4D7A-74CC-4A31-9FC9-DB96ED1449E9} - System32\Tasks\{D5C0511E-22B3-48DF-96F9-9AAB51402E03} => C:\Windows\system32\pcalua.exe -a H:\самуилово\vpn\setup.exe -d H:\самуилово\vpn Task: {DFF57AE8-0D83-4309-892F-D419979B38FE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation) Task: {EFA15619-F75B-4EA1-8FAE-6AB1B8B6FAAB} - System32\Tasks\Opera scheduled Autoupdate 1536927954 => C:\Users\m\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3677490310-1812953499-2719145278-1003.job => C:\Users\m\AppData\Local\GoToMeeting\18068\g2mupdate.exe Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3677490310-1812953499-2719145278-1003.job => C:\Users\m\AppData\Local\GoToMeeting\18068\g2mupload.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7F4187BD-1817-46B8-86DB-464168D9D2FB}: [NameServer] 46.40.72.9,46.40.72.27 Tcpip\..\Interfaces\{EF05353F-1AB4-4F63-852E-FDF507B7D414}: [NameServer] 192.168.1.1 Tcpip\..\Interfaces\{EF05353F-1AB4-4F63-852E-FDF507B7D414}: [DhcpNameServer] 192.168.0.1 HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1] FireFox: ======== FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2021-10-20] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\m\AppData\Local\Google\Chrome\User Data\Default [2021-11-05] CHR Extension: (Презентации) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-05-03] CHR Extension: (Документи) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-03] CHR Extension: (Google Диск) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-05] CHR Extension: (YouTube) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-03] CHR Extension: (Таблици) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-05-03] CHR Extension: (McAfee® WebAdvisor) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-11-05] CHR Extension: (Google Документи офлайн) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-05] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-06] CHR Extension: (Gmail) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-05] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] Opera: ======= OPR Profile: C:\Users\m\AppData\Roaming\Opera Software\Opera Stable [2021-11-05] OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} OPR Extension: (Rich Hints Agent) - C:\Users\m\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-07-26] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (Shanghai Comet Network Technology -> www.BitComet.com) R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2307768 2016-05-05] (Comodo Security Solutions -> Comodo) S4 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2019-08-19] (Huawei Technologies Co., Ltd. -> ) [File not signed] R2 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.3.241\IsAppService.exe [495240 2018-07-26] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-05] (Malwarebytes Inc -> Malwarebytes) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [973040 2021-10-20] (McAfee, LLC -> McAfee, LLC) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-08-16] (Microsoft Windows -> Microsoft Corporation) R2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [269200 2020-04-02] (Wondershare Technology Co.,Ltd -> Wondershare) S2 DFWSIDService; C:\Program Files (x86)\Wondershare\drfone\WsidService.exe [X] S2 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Unlock\ElevationService.exe [X] S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone\Addins\SocialApps\DriverInstall.exe [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] (Cisco Systems, Inc. -> ) S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2018-09-11] (Disc Soft Ltd -> Disc Soft Ltd) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [160176 2021-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2019-08-19] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2019-08-19] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Microsoft Corporation) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [210352 2021-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [193448 2021-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [69040 2021-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-11-05] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [146864 2021-11-05] (Microsoft Windows Hardware Compatibility Publisher -> ) S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Microsoft Windows Hardware Compatibility Publisher -> Sonix Co. Ltd.) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-11-05 15:47 - 2021-11-05 15:47 - 000000000 ____D C:\Windows\system32\Macromed 2021-11-05 15:38 - 2021-11-05 15:38 - 000193448 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2021-11-05 15:38 - 2021-11-05 15:38 - 000146864 _____ C:\Windows\system32\Drivers\mwac.sys 2021-11-05 15:38 - 2021-11-05 15:38 - 000069040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2021-11-05 15:04 - 2021-11-05 15:04 - 000000000 ____D C:\SecurityCheck 2021-11-05 14:57 - 2021-11-05 14:57 - 001503928 _____ (Adobe) C:\Users\m\Downloads\uninstall_flash_player.exe 2021-11-05 14:39 - 2021-11-05 14:39 - 009679549 _____ C:\Users\m\Desktop\RevoUninstaller_Portable.zip 2021-11-05 14:30 - 2021-11-05 14:30 - 000004224 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1583764303 2021-11-05 14:08 - 2021-11-05 14:14 - 860890176 _____ (Doctor Web, Ltd.) C:\Users\user\Downloads\drweb-livedisk-900-usb.exe 2021-11-05 12:47 - 2021-11-05 16:04 - 000017019 _____ C:\Users\m\Desktop\FRST.txt 2021-11-05 12:33 - 2021-11-05 12:34 - 000028668 _____ C:\Users\user\Downloads\Addition.txt 2021-11-05 12:32 - 2021-11-05 12:34 - 000023593 _____ C:\Users\user\Downloads\FRST.txt 2021-11-05 12:31 - 2021-11-05 12:32 - 002311168 _____ (Farbar) C:\Users\user\Downloads\FRST64 (1).exe 2021-11-05 12:19 - 2021-11-05 12:19 - 000001441 _____ C:\Users\user\Desktop\mbam.txt 2021-11-05 11:49 - 2021-11-05 14:51 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2021-11-05 11:49 - 2021-11-05 11:55 - 000210352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2021-11-05 11:49 - 2021-11-05 11:49 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-11-05 11:49 - 2021-11-05 11:49 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-11-05 11:48 - 2021-11-05 11:48 - 000160176 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2021-11-05 11:48 - 2021-11-05 11:48 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-11-05 11:48 - 2021-11-05 11:48 - 000000000 ____D C:\Program Files\Malwarebytes 2021-11-05 11:29 - 2021-11-05 11:55 - 000148548 _____ C:\Windows\ntbtlog.txt 2021-10-16 09:14 - 2021-10-16 09:14 - 000000000 ____D C:\Users\user\DxReport 2021-10-13 11:01 - 2021-11-05 13:57 - 000004938 _____ C:\Windows\system32\Tasks\Microsoft Office 15 Sync Maintenance for m-PC-user m-PC ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-11-05 16:03 - 2020-03-11 06:51 - 000000000 ____D C:\FRST 2021-11-05 15:47 - 2018-09-13 07:32 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2021-11-05 15:46 - 2009-07-14 06:45 - 000030112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2021-11-05 15:46 - 2009-07-14 06:45 - 000030112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2021-11-05 15:43 - 2018-09-13 13:13 - 000000000 ____D C:\Program Files (x86)\Google 2021-11-05 15:42 - 2009-07-14 07:13 - 000006182 _____ C:\Windows\system32\PerfStringBackup.INI 2021-11-05 15:36 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-11-05 14:31 - 2018-09-14 14:25 - 000003998 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1536927954 2021-11-05 14:28 - 2020-07-07 15:02 - 000000610 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3677490310-1812953499-2719145278-1003.job 2021-11-05 14:24 - 2020-07-07 15:02 - 000000514 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3677490310-1812953499-2719145278-1003.job 2021-11-05 12:47 - 2020-03-11 06:47 - 002311168 _____ (Farbar) C:\Users\m\Desktop\FRST64.exe 2021-11-04 14:16 - 2018-11-29 12:48 - 000000000 ____D C:\Users\UpdatusUser.m-PC 2021-11-02 14:29 - 2019-04-17 13:57 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-10-18 10:08 - 2020-02-20 13:03 - 000000000 ____D C:\Users\user\Desktop\пътни листи 2021-10-17 16:19 - 2019-04-16 11:33 - 000000000 ____D C:\Users\user\Desktop\биопродукти 2021-10-14 07:35 - 2018-09-13 13:43 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2021-10-13 15:31 - 2018-09-17 10:26 - 000000000 ____D C:\Windows\system32\MRT 2021-10-13 15:28 - 2018-09-11 14:54 - 139806512 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2021-10-13 09:59 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF 2021-10-08 07:05 - 2009-07-14 07:08 - 000032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======== 2010-04-05 15:47 - 2006-08-03 14:02 - 002168933 _____ () C:\Users\user\Easy WIFI Radar 1.0.3 Installer.exe 2010-02-25 20:37 - 2010-02-10 17:08 - 000378368 _____ () C:\Users\user\Rar.exe 2010-02-25 20:37 - 2010-02-10 17:10 - 000141824 _____ () C:\Users\user\RarExt.dll 2010-02-25 20:37 - 2010-02-10 17:10 - 000052224 _____ () C:\Users\user\RarExt64.dll 2010-02-25 20:37 - 2010-02-10 17:10 - 000045056 _____ () C:\Users\user\RarExtLoader.exe 2010-04-05 16:23 - 2010-04-05 16:23 - 000000000 _____ () C:\Users\user\SoftonicDownloader53151(1).exe 2010-04-05 16:23 - 2010-04-05 16:23 - 000253224 _____ () C:\Users\user\SoftonicDownloader53151.exe 2010-04-05 15:43 - 2010-04-05 15:43 - 000000000 _____ () C:\Users\user\SoftonicDownloader54560(1).exe 2010-04-05 15:43 - 2010-04-05 15:43 - 000253232 _____ () C:\Users\user\SoftonicDownloader54560.exe 2010-02-25 20:37 - 2010-02-10 17:10 - 000120832 _____ () C:\Users\user\Uninstall.exe 2010-02-25 20:37 - 2010-02-10 17:08 - 000246272 _____ () C:\Users\user\UnRAR.exe 2010-02-25 20:33 - 2010-02-25 20:32 - 001531691 _____ () C:\Users\user\winrar-x64-392.exe 2010-02-25 20:37 - 2010-02-10 17:08 - 001039360 _____ () C:\Users\user\WinRAR.exe 2010-04-05 17:54 - 2010-04-05 17:54 - 000000000 _____ () C:\Users\user\wlsetup-custom(1).exe 2010-04-05 17:54 - 2010-04-05 17:54 - 001203024 _____ () C:\Users\user\wlsetup-custom.exe 2010-03-25 22:44 - 2010-03-25 22:44 - 000000012 _____ () C:\Users\user\_ERSION.DAT 2010-04-04 11:41 - 2010-04-04 11:38 - 000110646 _____ () C:\Users\user\_TORRENT.EXE 2020-06-29 11:35 - 2019-11-21 07:27 - 002317824 _____ (Remo Software) C:\Program Files (x86)\rs-repairdoc.exe 2018-09-13 07:27 - 2018-09-13 07:27 - 000007613 _____ () C:\Users\m\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2021-10-29 08:10 ==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2021 Ran by m (05-11-2021 16:04:39) Running from C:\Users\m\Desktop Microsoft Windows 7 Ultimate Service Pack 1 (X64) (2018-09-11 12:55:43) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-3677490310-1812953499-2719145278-500 - Administrator - Disabled) Guest (S-1-5-21-3677490310-1812953499-2719145278-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3677490310-1812953499-2719145278-1005 - Limited - Enabled) m (S-1-5-21-3677490310-1812953499-2719145278-1001 - Administrator - Enabled) => C:\Users\m UpdatusUser (S-1-5-21-3677490310-1812953499-2719145278-1004 - Limited - Enabled) => C:\Users\UpdatusUser.m-PC user (S-1-5-21-3677490310-1812953499-2719145278-1003 - Limited - Enabled) => C:\Users\user ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\...\uTorrent) (Version: 3.5.5.45704 - BitTorrent Inc.) 64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated) AgriDent HandHeldDemo V1.6 (HKLM-x32\...\AgriDent_is1) (Version: - ) BitComet 1.68 (HKLM-x32\...\BitComet_x64) (Version: 1.68 - CometNetwork) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.) Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 49.13.20.400 - Comodo) EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.) GoTo Opener (HKLM-x32\...\{E69269DB-A77B-4BC1-8F39-241107B09F26}) (Version: 1.0.539 - LogMeIn, Inc.) GoToMeeting 10.11.1.18068 (HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\...\GoToMeeting) (Version: 10.11.1.18068 - LogMeIn, Inc.) GoToMeeting 10.16.0.19598 (HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\...\GoToMeeting) (Version: 10.16.0.19598 - LogMeIn, Inc.) HiSuite (HKLM-x32\...\Hi Suite) (Version: 9.1.0.309 - ) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel) iSkysoft Data Recovery(Build 5.0.0.9) (HKLM-x32\...\{656DB838-DB63-4acd-82E3-BB363ED99116}_is1) (Version: 5.0.0.9 - iSkysoft Software Co.,Ltd.) LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes) Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes) Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation) NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) Ontrack® EasyRecovery™ (HKLM\...\Ontrack® EasyRecovery™_is1) (Version: 14.0.0.4 - Ontrack) Opera Stable 80.0.4170.63 (HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\...\Opera 80.0.4170.63) (Version: 80.0.4170.63 - Opera Software) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden RAR Password Unlocker (HKLM-x32\...\{69B77D45-F5AD-4AB9-933D-352703324469}_is1) (Version: - RAR Password Unlocker, Inc.) Skype version 8.68 (HKLM-x32\...\Skype_is1) (Version: 8.68 - Skype Technologies S.A.) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.641 - McAfee, LLC) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/27/2012 7.0.0000.00004) (HKLM\...\70EE67FB13B2F2BE1F5A57AB193643AEFBA8D39C) (Version: 08/27/2012 7.0.0000.00004 - Google, Inc.) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/27/2012 7.0.0000.00004) (HKLM\...\BE156A27AFEAEA39D6A7C9D25CFA8DAFAF91756B) (Version: 08/27/2012 7.0.0000.00004 - Google, Inc.) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (dg_ssudbus) USB (12/02/2015 2.12.1.0) (HKLM\...\85A33267F12961AF9ED9AE799DEDA5E62BEA236F) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. ) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssudmdm) Modem (12/02/2015 2.12.1.0) (HKLM\...\88ED314360B98E6E82E7CC3201FAEB4A9FD291B4) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. ) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (WinUSB) AndroidUsbDeviceClass (12/02/2015 2.12.1.0) (HKLM\...\701281E8283E9E3681220099A9DA5013A5A437AF) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. ) WinRAR 5.60 (64-битова версия) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3677490310-1812953499-2719145278-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\m\AppData\Local\GoToMeeting\18068\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-11-05] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-01-31] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-11-05] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Какво е новото в последната версия.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () <==== Cyrillic Shortcut: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Помощен файл на WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () <==== Cyrillic Shortcut: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ръководство за конзолната версия на RAR.lnk -> C:\Program Files\WinRAR\Rar.txt () <==== Cyrillic ShortcutWithArgument: C:\Users\m\AppData\Roaming\Microsoft\Word\Добрин%2030.05.2019_000308224943653414088\Добрин%2030.05.2019_000.doc.lnk -> C:\Users\m\Desktop\flash\Recovered data 07-01 14_51_45\Quick Scan result\Existing Partition(FAT32)\Other lost files\марки\поръчка ДПЖ\Добрин 30.05.2019_000.doc () -> 14 <==== Cyrillic ==================== Loaded Modules (Whitelisted) ============= 2021-07-26 14:00 - 2010-12-20 16:49 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll 2019-01-28 14:17 - 2008-09-25 01:00 - 000088576 _____ (Brother Industries Ltd.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\BRDSMA80.dll 2008-12-03 19:05 - 2008-12-03 19:05 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll 2008-12-03 19:05 - 2008-12-03 19:05 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll 2021-07-26 14:00 - 2010-12-20 17:15 - 000015360 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\AMT_COM_InterfaceLib.dll 2021-07-26 14:00 - 2010-12-20 16:50 - 000471040 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\AMT_SW_GUI.dll 2021-07-26 14:00 - 2010-12-20 16:45 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll 2019-01-28 14:16 - 2010-03-05 01:01 - 000392704 _____ (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\KBDLMA8A.dll 2019-01-28 14:16 - 2010-03-10 01:01 - 000078336 _____ (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\KBLGMA8A.DLL 2019-01-28 14:16 - 2010-03-05 01:01 - 000751616 _____ (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\KBUIMA8A.DLL ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Version 11) (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/en-xl/?ocid=iehp BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation) BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-10-20] (McAfee, LLC -> McAfee, LLC) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-10-20] (McAfee, LLC -> McAfee, LLC) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\...\localhost -> localhost ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3677490310-1812953499-2719145278-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\m\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-3677490310-1812953499-2719145278-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 46.40.72.9 - 46.40.72.27 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: HuaweiHiSuiteService64.exe => 2 MSCONFIG\startupreg: Skype for Desktop => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe MSCONFIG\startupreg: snpstd3 => C:\Windows\vsnpstd3.exe ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{46963181-BA0E-4B2F-94D4-FDB31FA4BD12}C:\program files (x86)\comodo\dragon\dragon.exe] => (Block) C:\program files (x86)\comodo\dragon\dragon.exe (Comodo Security Solutions -> Comodo) FirewallRules: [UDP Query User{2712946F-C2C0-4FC7-94AC-9EA705B1399F}C:\program files (x86)\comodo\dragon\dragon.exe] => (Block) C:\program files (x86)\comodo\dragon\dragon.exe (Comodo Security Solutions -> Comodo) FirewallRules: [TCP Query User{C5A55925-A26A-41D7-BBF2-C9B8B269AAB7}C:\users\user\downloads\anydesk.exe] => (Allow) C:\users\user\downloads\anydesk.exe => No File FirewallRules: [UDP Query User{58C48D0F-E73C-433A-8452-6D92B472722B}C:\users\user\downloads\anydesk.exe] => (Allow) C:\users\user\downloads\anydesk.exe => No File FirewallRules: [TCP Query User{7831BD17-11B8-4C3F-B1B0-93F4FAB1F350}C:\users\m\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\m\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{4345B2C7-2AA2-4EA1-9C6D-5029187B3F97}C:\users\m\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\m\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{FB5226D7-0CFC-4ECD-A2F8-23CF0BC54794}] => (Allow) C:\Program Files\BitComet\BitComet.exe (Xing Wang -> www.BitComet.com) FirewallRules: [{85F043AC-E8A2-489C-A9AD-73B77DFB4015}] => (Allow) C:\Program Files\BitComet\BitComet.exe (Xing Wang -> www.BitComet.com) FirewallRules: [{5699967A-7848-464E-B2AD-A3AF32F4F052}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{AC8B4037-CF63-4285-B449-BF434BF1DCB9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{7D1604D8-0776-4F1F-9549-45C401EEB7A4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{BFB23C1B-4936-4AED-8175-F757E5AF36C4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{24002E7F-9D4F-4AA4-A95D-5CCAA0EC8D5B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{47562BA6-10EE-4584-8257-58E76E629977}] => (Allow) H:\LetsView\LetsView.exe => No File FirewallRules: [{EEB53487-5539-4AAD-80B2-0CBA0368DDC2}] => (Allow) H:\LetsView\LetsView.exe => No File FirewallRules: [{471C995D-4DB7-4349-90BF-756605FB7475}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D74B6038-E1EC-4CDC-87C2-775CC0A87ACE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{66E2D4EF-C6D5-448E-98B0-7152BF0FF3FD}] => (Allow) C:\Users\user\Downloads\4ukey-for-android.exe => No File FirewallRules: [{FCAFB221-9508-4FB0-946B-D10F8A26A004}] => (Allow) C:\Users\user\Downloads\4ukey-for-android.exe => No File FirewallRules: [{49C43266-A47C-4B5B-85C8-1546A56C3ACE}] => (Allow) C:\Program Files (x86)\iMobie\DroidKit\xldownload\download\MiniThunderPlatform.exe => No File FirewallRules: [{F1608F24-AD3B-4094-96CE-74782076196F}] => (Allow) C:\Program Files (x86)\iMobie\DroidKit\xldownload\download\MiniThunderPlatform.exe => No File FirewallRules: [{5E86DB47-174D-4B98-8CA6-C096AA7F573E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 30-10-2021 10:16:36 Windows Update 04-11-2021 08:22:31 Windows Update 05-11-2021 14:46:32 Revo Uninstaller's restore point - adaware antivirus 05-11-2021 14:47:32 AA11 ==================== Faulty Device Manager Devices ============ Name: Cisco Systems VPN Adapter for 64-bit Windows Description: Cisco Systems VPN Adapter for 64-bit Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Application errors: ================== Error: (11/05/2021 03:42:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (11/05/2021 03:42:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (11/05/2021 03:32:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (11/05/2021 03:32:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (11/05/2021 03:04:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (11/05/2021 03:04:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (11/05/2021 02:55:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (11/05/2021 02:55:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. System errors: ============= Error: (11/05/2021 04:07:28 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout. Error: (11/05/2021 03:43:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (11/05/2021 03:38:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (11/05/2021 03:36:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Wondershare Driver Install Service service failed to start due to the following error: The system cannot find the file specified. Error: (11/05/2021 03:36:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Wondershare Driver Install Service help service failed to start due to the following error: The system cannot find the file specified. Error: (11/05/2021 03:36:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Wondershare WSID help service failed to start due to the following error: The system cannot find the file specified. Error: (11/05/2021 03:27:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (11/05/2021 03:27:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Windows Defender: ================ Date: 2021-04-28 08:14:34.908 Description: Windows Defender scan has been stopped before completion. Scan Type:AntiSpyware Scan Parameters:Quick Scan Date: 2021-06-30 08:19:44.606 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version:1.343.25.0 Previous Signature Version:1.341.1435.0 Update Source:User Signature Type:AntiSpyware Update Type:Delta Current Engine Version:1.1.18300.4 Previous Engine Version:1.1.18200.4 Error code:0x80070666 Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2021-06-30 08:19:44.606 Description: Windows Defender has encountered an error trying to update the engine. New Engine Version:1.1.18300.4 Previous Engine Version:1.1.18200.4 Update Source:User Error Code:0x80070666 Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2021-06-04 08:27:51.140 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version:1.341.8.0 Previous Signature Version:1.339.1767.0 Update Source:User Signature Type:AntiSpyware Update Type:Delta Current Engine Version:1.1.18200.4 Previous Engine Version:1.1.18100.6 Error code:0x80070666 Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2021-06-04 08:27:51.097 Description: Windows Defender has encountered an error trying to update the engine. New Engine Version:1.1.18200.4 Previous Engine Version:1.1.18100.6 Update Source:User Error Code:0x80070666 Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2021-05-24 11:27:49.941 Description: Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted:Current Error Code:0x80070002 Error description:The system cannot find the file specified. Signature version:0.0.0.0 Engine version:0.0.0.0 ==================== Memory info =========================== BIOS: Dell Inc. A24 07/02/2018 Motherboard: Dell Inc. 06D7TR Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz Percentage of memory in use: 42% Total physical RAM: 8073.06 MB Available physical RAM: 4629.12 MB Total Virtual: 16144.26 MB Available Virtual: 11189.11 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:99.8 GB) (Free:27.71 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:496.37 GB) (Free:283.04 GB) NTFS Drive f: (HiSuite) (CDROM) (Total:0 GB) (Free:0 GB) CDFS Drive g: () (Removable) (Total:14.65 GB) (Free:13.75 GB) NTFS Drive h: () (Removable) (Total:7.46 GB) (Free:2.89 GB) FAT32 Drive i: () (Removable) (Total:7.48 GB) (Free:6.49 GB) FAT32 Drive z: (New Volume) (Fixed) (Total:232.88 GB) (Free:232.72 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 31FAAEF3) Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: D122D122) Partition 1: (Active) - (Size=99.8 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=496.4 GB) - (Type=0F Extended) ========================================================== Disk: 2 (Size: 7.5 GB) (Disk ID: 0585BB0A) Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B) ========================================================== Disk: 3 (Size: 7.5 GB) (Disk ID: 08510FF5) Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B) ========================================================== Disk: 4 (Protective MBR) (Size: 14.6 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt =======================
  7. само в Safe Mode можех да пиша с клавиатурата,затова го използвах.Изпълних посочените стъпки и прилагам файла от SecurityCheck SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17] WebSite: www.safezone.cc DateLog: 05.11.2021 15:04:22 Path starting: C:\Users\m\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: m VersionXML: 9.26is-31.10.2021 ___________________________________________________________________________ Windows 7(6.1.7601) Service Pack 1 (x64) Ultimate Lang: English(0409) Installation date OS: 11.09.2018 12:55:43 LicenseStatus: Windows(R) 7, Ultimate edition The machine is permanently activated. Boot Mode: Normal Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe SystemDrive: 😄 FS: [NTFS] Capacity: [99.8 Gb] Used: [71.9 Gb] Free: [27.9 Gb] ------------------------------- [ Windows ] ------------------------------- [color=red][b]Extended support has ended 14.01.2020, Your operating system may be vulnerable to new types of threats[/b][/color] Internet Explorer 11.0.9600.19596 User Account Control [b]enabled[/b] (Level 3) Automatically download and schedule installation Date install updates: 2021-11-04 06:23:06 Windows Update (wuauserv) - The service is running Security Center (wscsvc) - The service is running Remote Registry (RemoteRegistry) - The service has stopped SSDP Discovery (SSDPSRV) - The service is running Remote Desktop Services (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ------------------------------ [ MS Office ] ------------------------------ Microsoft Office 2013 x64 v.15.0.4420.1017 ---------------------------- [ Antivirus_WMI ] ---------------------------- Malwarebytes (enabled and up to date) --------------------------- [ FirewallWindows ] --------------------------- Windows Firewall (MpsSvc) - The service is running --------------------------- [ AntiSpyware_WMI ] --------------------------- Malwarebytes (enabled and up to date) Windows Defender (enabled and up to date) ---------------------- [ AntiVirusFirewallInstall ] ----------------------- Malwarebytes version 4.4.10.144 v.4.4.10.144 [b][+][/b] -------------------------- [ SecurityUtilities ] -------------------------- WebAdvisor by McAfee v.4.1.1.641 --------------------------- [ OtherUtilities ] ---------------------------- Microsoft .NET Framework 4.8 v.4.8.03761 ------------------------------ [ ArchAndFM ] ------------------------------ WinRAR 5.60 (64-битова версия) v.5.60.0 [color=red][b]Warning! [url=https://www.rarlab.com/download.htm]Download Update[/url][/b][/color] -------------------------- [ IMAndCollaborate ] --------------------------- GoToMeeting 10.11.1.18068 v.10.11.1.18068 Skype version 8.68 v.8.68 [color=red][b]Warning! [url=https://go.skype.com/windows.desktop.download]Download Update[/url][/b][/color] --------------------------------- [ P2P ] --------------------------------- µTorrent v.3.5.5.45704 [b][color=red]Warning! Ad-supported P2P-client[/color][/b]. BitComet 1.68 v.1.68 [b][color=red]Warning! Ad-supported P2P-client[/color][/b]. --------------------------- [ AdobeProduction ] --------------------------- Adobe Shockwave Player 12.3 v.12.3.4.204 [b][color=red]Warning! This software is no longer supported.[/color][/b] Please uninstall it. swMSM v.12.0.0.1 [color=blue][b]<< Hidden[/b][/color] [b][color=red]Warning! This software is no longer supported.[/color][/b] Please uninstall it. Adobe Acrobat Reader DC v.21.007.20099 ------------------------------- [ Browser ] ------------------------------- Opera Stable 80.0.4170.63 v.80.0.4170.63 [color=red][b]Warning! [url=https://net.geo.opera.com/opera/stable/windows]Download Update[/url][/b][/color] Comodo Dragon v.49.13.20.400 [color=red][b]Warning! [url=https://www.comodo.com/home/browsers-toolbars/browser.php]Download Update[/url][/b][/color] Google Chrome v.95.0.4638.69 ------------------ [ AntivirusFirewallProcessServices ] ------------------- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.4.0.0.1162 Malwarebytes Service (MBAMService) - The service is running C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1005 Windows Defender (WinDefend) - The service is running ---------------------------- [ UnwantedApps ] ----------------------------- Wondershare Helper Compact 2.5.3 v.2.5.3 [b]Warning![/b] Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. ----------------------------- [ End of Log ] ------------------------------
  8. Здравейте,странно нещо се случи след като си пуснах компютъра и опитах да си вляза в пощата,установих че при натискане на един бутон се изписват две букви.Прави го само на горния ред и на някои от цифрите.Сканирах с Malwarebytes и публикувам резултата.Не съм предприемал никакви действия по карантиниране или изчистване на намереното. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/5/21 Scan Time: 11:58 AM Log File: e0e93651-3e1e-11ec-93b7-180373dd34b3.json -Software Information- Version: 4.4.10.144 Components Version: 1.0.1499 Update Package Version: 1.0.46810 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: m-PC\user -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 314020 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 5 min, 16 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Adware.InstallCore, C:\USERS\USER\APPDATA\LOCAL\TEMP\BITC986.TMP.EXE, No Action By User, 517, 640569, 1.0.46810, 760370905C2B1C149042EF74, dds, 01496465, C292D40EF8D20CA5CCCEBA246BE70754, 622A4F58BBAE04994DFA4625E24009DE2B1AE01FE6B7691C6D24BCA0014BAE21 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) прикачам и файлове от сканиране с FRST FRST.txt Addition.txt
  • Разглеждащи това в момента   0 потребители

    • Няма регистрирани потребители разглеждащи тази страница.
×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване