Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Препоръчан отговор

Здравейте , нямам оплаквания просто искам да направя профилактична проверка

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-02-2020
Ran by ВЕСКО (administrator) on PAPA (Hewlett-Packard HP EliteBook 6930p) (02-03-2020 14:47:25)
Running from C:\Users\ВЕСКО\Downloads
Loaded Profiles: ВЕСКО (Available Profiles: ВЕСКО)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avago Technologies U.S. Inc. -> LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(PLARIUM GLOBAL LTD. -> ) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\TrayPP.exe
(PLARIUM GLOBAL LTD. -> Plarium) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\PlariumPlay.exe
(PLARIUM GLOBAL LTD. -> Plarium) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\PlariumPlay.exe
(PLARIUM GLOBAL LTD. -> Plarium) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\PlariumPlay.exe
(PLARIUM GLOBAL LTD. -> Plarium) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\PlariumPlay.exe
(SafeIP) [File not signed] C:\Program Files (x86)\SafeIP\SafeIPS.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] (Hewlett-Packard Company ->  Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-21] (Kilonova LLC -> )
HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.122\Installer\chrmstp.exe [2020-02-24] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {265168EC-659E-486F-A588-95AEB76ABA97} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-02-12] (Adobe Inc. -> Adobe)
Task: {55DBABF8-7CBC-45AD-AA41-0CDE6FC314AF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {5CB506C8-E8D6-4C56-AF40-B3D478C337CE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {6B9E0AD0-AB0C-4380-A4C4-DCAD81DBD548} - System32\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {87935F6A-A2F4-4866-A907-C7CD2C7A0A21} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {A843C120-2505-4293-BDFD-A29A24C02977} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-10] (Google Inc -> Google LLC)
Task: {ACA797F2-DFAE-40E9-A1A1-F0FF47044B6A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_pepper.exe [1453624 2020-02-12] (Adobe Inc. -> Adobe)
Task: {BC7D6B7B-03DE-4E5D-A1B5-62B9B694C8C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-10] (Google Inc -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP) [File not signed]
Winsock: Catalog9 02 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP) [File not signed]
Winsock: Catalog9 03 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP) [File not signed]
Winsock: Catalog9 04 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP) [File not signed]
Winsock: Catalog9 16 C:\Windows\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP) [File not signed]
Winsock: Catalog9-x64 01 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP) [File not signed]
Winsock: Catalog9-x64 02 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP) [File not signed]
Winsock: Catalog9-x64 03 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP) [File not signed]
Winsock: Catalog9-x64 04 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP) [File not signed]
Winsock: Catalog9-x64 16 C:\Windows\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP) [File not signed]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A7FF16DF-7DC1-437C-8A22-C8C6BDC82A48}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171101&iDate=2020-02-16 08:34:09&bName=
SearchScopes: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}

Chrome: 
=======
CHR Profile: C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default [2020-03-02]
CHR Notifications: Default -> hxxps://realniistorii.com
CHR HomePage: Default -> hxxp://google.bg/
CHR StartupUrls: Default -> "hxxps://www.google.bg/"
CHR Extension: (Презентации) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-10]
CHR Extension: (Документи) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-10]
CHR Extension: (Google Диск) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-10]
CHR Extension: (YouTube) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-10]
CHR Extension: (Adblock Plus — безплатен блокер на реклами) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-02-19]
CHR Extension: (Таблици) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-10]
CHR Extension: (Google Документи офлайн) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-09]
CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2020-01-27]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-10]
CHR Extension: (Chrome Media Router) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-20]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [42096 2015-08-04] (Avago Technologies U.S. Inc. -> LSI Corporation)
S3 GameforgeClientService; C:\Program Files (x86)\GameforgeClient\gfservice.exe [529568 2020-02-12] (Gameforge 4D GmbH -> )
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2020-01-11] (Malwarebytes Inc -> Malwarebytes)
R3 SafeIPS; C:\Program Files (x86)\SafeIP\SafeIPs.exe [4606976 2015-08-03] (SafeIP) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2019-08-11] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2019-08-11] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AgereSoftModem; C:\Windows\system32\DRIVERS\agrsm64.sys [1230104 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> LSI Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
R3 HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [19000 2010-02-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 HpqKbFiltr; C:\Windows\System32\drivers\HpqKbFiltr.sys [18432 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Development Company, L.P.)
R3 RICOH SmartCard Reader; C:\Windows\system32\DRIVERS\rismcx64.sys [79488 2006-10-03] (Microsoft Windows Hardware Compatibility Publisher -> RICOH Company, Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2019-08-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2019-08-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2019-08-11] (Microsoft Windows -> Microsoft Corporation)
R0 WofAdk; C:\Windows\System32\drivers\wofadk.sys [221376 2019-08-11] (Microsoft Corporation -> Microsoft Corporation)
S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-02 14:47 - 2020-03-02 14:48 - 000011911 _____ C:\Users\ВЕСКО\Downloads\FRST.txt
2020-03-02 14:47 - 2020-03-02 14:48 - 000000000 ____D C:\FRST
2020-03-02 14:37 - 2020-03-02 14:38 - 002279424 _____ (Farbar) C:\Users\ВЕСКО\Downloads\FRST64.exe
2020-02-22 06:34 - 2020-02-22 06:35 - 000000000 ____D C:\Program Files\CCleaner
2020-02-22 06:34 - 2020-02-22 06:34 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-02-22 06:34 - 2020-02-22 06:34 - 000002800 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2020-02-22 06:34 - 2020-02-22 06:34 - 000000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-02-22 06:34 - 2020-02-22 06:34 - 000000834 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-02-22 06:34 - 2020-02-22 06:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-02-22 06:33 - 2020-02-22 06:34 - 024581800 _____ (Piriform Software Ltd) C:\Users\ВЕСКО\Downloads\cctrialsetup.exe
2020-02-21 04:37 - 2020-02-21 04:56 - 000002456 _____ C:\Windows\SysWOW64\SafeIPSOff.ini
2020-02-21 04:37 - 2020-02-21 04:56 - 000002456 _____ C:\Windows\system32\SafeIPSOff.ini
2020-02-21 04:28 - 2020-02-21 04:28 - 000000995 _____ C:\Users\ВЕСКО\Desktop\SafeIP.lnk
2020-02-21 04:28 - 2020-02-21 04:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeIP
2020-02-21 04:28 - 2020-02-21 04:28 - 000000000 ____D C:\Program Files (x86)\SafeIP
2020-02-21 04:28 - 2015-08-03 08:53 - 000384000 _____ (SafeIP) C:\Windows\SysWOW64\SafeIPs.dll
2020-02-16 12:58 - 2020-02-16 12:58 - 000000000 ____D C:\Users\ВЕСКО\Downloads\Collection
2020-02-16 12:47 - 2020-02-16 12:47 - 000000000 ____D C:\Users\ВЕСКО\AppData\Roaming\WinRAR
2020-02-16 12:47 - 2020-02-16 12:47 - 000000000 ____D C:\Users\ВЕСКО\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-02-16 12:47 - 2020-02-16 12:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-02-16 12:47 - 2020-02-16 12:47 - 000000000 ____D C:\Program Files\WinRAR
2020-02-16 12:46 - 2020-02-16 12:46 - 003205888 _____ (Alexander Roshal) C:\Users\ВЕСКО\Downloads\winrar-x64-580.exe
2020-02-16 12:37 - 2020-02-16 12:37 - 000000000 ____D C:\Users\Public\Documents\Steam
2020-02-16 12:37 - 2020-02-16 12:37 - 000000000 ____D C:\ProgramData\Documents\Steam
2020-02-16 12:33 - 2020-02-16 12:33 - 000016499 _____ C:\Users\ВЕСКО\Downloads\Collection.torrent
2020-02-16 12:21 - 2020-02-16 12:33 - 000000000 ____D C:\Windows\SysWOW64\directx
2020-02-16 12:21 - 2020-02-16 12:21 - 000000000 ___HD C:\Windows\msdownld.tmp
2020-02-16 11:45 - 2020-02-16 11:45 - 000000000 ____D C:\Users\ВЕСКО\Documents\Lightshot
2020-02-16 11:43 - 2020-03-02 12:45 - 000000398 _____ C:\Windows\Tasks\update-sys.job
2020-02-16 11:43 - 2020-03-02 11:07 - 000000398 _____ C:\Windows\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001.job
2020-02-16 11:43 - 2020-02-16 11:43 - 000003268 _____ C:\Windows\system32\Tasks\update-sys
2020-02-16 11:43 - 2020-02-16 11:43 - 000003246 _____ C:\Windows\system32\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001
2020-02-16 11:43 - 2020-02-16 11:43 - 000000424 _____ C:\Users\ВЕСКО\AppData\Local\UserProducts.xml
2020-02-16 11:43 - 2020-02-16 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2020-02-16 11:43 - 2020-02-16 11:43 - 000000000 ____D C:\Program Files (x86)\Skillbrains
2020-02-16 11:41 - 2020-02-16 11:41 - 002784344 _____ (Skillbrains ) C:\Users\ВЕСКО\Downloads\setup-lightshot.exe
2020-02-16 11:00 - 2020-02-16 14:38 - 000000000 ____D C:\Games
2020-02-16 10:32 - 2020-02-22 06:37 - 000000000 ____D C:\Users\ВЕСКО\AppData\Roaming\BitTorrent
2020-02-16 10:32 - 2020-02-16 10:32 - 000000913 _____ C:\Users\ВЕСКО\Desktop\BitTorrent.lnk
2020-02-16 10:32 - 2020-02-16 10:32 - 000000893 _____ C:\Users\ВЕСКО\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2020-02-16 10:30 - 2020-02-16 10:31 - 005077120 _____ (BitTorrent Inc.) C:\Users\ВЕСКО\Downloads\BitTorrent.exe
2020-02-16 10:29 - 2020-02-16 10:30 - 000018355 _____ C:\Users\ВЕСКО\Downloads\Euro Truck Simulator 2 v1.36.2.2s.torrent
2020-02-16 09:56 - 2020-02-16 10:13 - 2092624032 _____ C:\Users\ВЕСКО\Downloads\EuroTruckSimulator2_1_28_1_3_patch.exe
2020-02-14 17:23 - 2020-02-14 17:24 - 001018988 _____ C:\Users\ВЕСКО\Downloads\QTranslate.6.7.4.exe
2020-02-09 11:43 - 2020-02-09 11:43 - 001031213 _____ C:\Users\ВЕСКО\Downloads\05.02.2020_Списък_на_подлежащите_на_запечатване_търговски_обекти_и_тяхното_местонахождение.pdf
2020-02-09 07:55 - 2020-02-09 07:55 - 003045838 _____ C:\Users\ВЕСКО\Downloads\1dad5ad69c6d5c9593aff6de7ce2ae91.mp4
2020-02-09 07:55 - 2020-02-09 07:55 - 002747301 _____ C:\Users\ВЕСКО\Downloads\b073f119aaf0f65be906afc679159766.mp4
2020-02-09 07:54 - 2020-02-09 07:55 - 003781947 _____ C:\Users\ВЕСКО\Downloads\a4e3ac7ac21e72da14d0550abe14d173.mp4
2020-02-07 19:31 - 2020-02-07 19:31 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\ElevatedDiagnostics

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-02 14:45 - 2019-08-10 22:00 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2076816696-1300689269-2899885506-1001
2020-03-02 14:39 - 2019-12-01 14:43 - 000000037 _____ C:\Users\Public\Desktop\Gameforge Client.url
2020-03-02 14:39 - 2019-12-01 14:43 - 000000037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Gameforge Client.url
2020-03-02 14:39 - 2019-12-01 14:43 - 000000037 _____ C:\ProgramData\Desktop\Gameforge Client.url
2020-03-02 14:39 - 2019-12-01 14:43 - 000000000 ____D C:\Program Files (x86)\GameforgeClient
2020-03-02 08:40 - 2019-08-10 22:08 - 000003910 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{54DC4300-FD57-426E-B02E-B8CE96343A01}
2020-02-28 12:39 - 2019-08-10 22:03 - 000000000 ___DO C:\Users\ВЕСКО\SkyDrive
2020-02-28 12:38 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-02-28 12:37 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2020-02-28 01:00 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2020-02-25 18:01 - 2020-01-04 20:07 - 000000065 _____ C:\Users\ВЕСКО\Downloads\uopilot.ini
2020-02-24 21:44 - 2019-08-10 22:13 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-02-24 21:44 - 2019-08-10 22:13 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-02-24 21:44 - 2019-08-10 22:13 - 000002203 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-02-22 06:37 - 2019-10-10 03:14 - 000000000 ____D C:\Windows\Minidump
2020-02-22 06:37 - 2019-08-11 08:47 - 000000000 ____D C:\Windows\Panther
2020-02-16 12:33 - 2013-08-22 17:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-02-14 17:24 - 2020-01-15 20:02 - 000001047 _____ C:\Users\ВЕСКО\Desktop\QTranslate.lnk
2020-02-12 04:05 - 2019-10-13 11:30 - 000004424 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-02-12 04:05 - 2019-10-13 11:30 - 000004282 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-02-12 04:04 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-02-12 04:04 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\Macromed
2020-02-05 02:36 - 2019-08-10 22:11 - 000003434 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-02-05 02:36 - 2019-08-10 22:11 - 000003306 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-02-01 06:12 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\NDF
2020-02-01 03:03 - 2019-08-12 01:06 - 000000000 ____D C:\Users\ВЕСКО\AppData\LocalLow\Unity

==================== Files in the root of some directories ========

2019-10-27 11:08 - 2019-10-27 11:08 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-10-27 11:08 - 2019-10-27 11:08 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2019-10-27 11:08 - 2019-10-27 11:08 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2019-10-27 11:08 - 2019-10-27 11:08 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2019-10-13 11:25 - 2019-10-13 11:24 - 051823104 _____ () C:\Program Files\Macromedia Captivate.msi
2019-08-11 00:00 - 2019-08-11 00:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\AtStart.txt
2019-10-27 11:08 - 2019-10-27 11:08 - 000000556 _____ () C:\Users\ВЕСКО\AppData\Local\bowsakkdestx.txt
2019-08-11 00:00 - 2019-08-11 00:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\DSwitch.txt
2019-08-10 22:45 - 2019-12-12 16:42 - 000039733 _____ () C:\Users\ВЕСКО\AppData\Local\PlariumPlay.log
2019-08-11 00:00 - 2019-08-11 00:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\QSwitch.txt
2020-02-16 11:43 - 2020-02-16 11:43 - 000000003 _____ () C:\Users\ВЕСКО\AppData\Local\updater.log
2020-02-16 11:43 - 2020-02-16 11:43 - 000000424 _____ () C:\Users\ВЕСКО\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-02-28 01:00
==================== End of FRST.txt ========================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2020
Ran by ВЕСКО (02-03-2020 14:49:23)
Running from C:\Users\ВЕСКО\Downloads
Windows 8.1 Pro (Update) (X64) (2019-08-10 19:55:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2076816696-1300689269-2899885506-500 - Administrator - Disabled)
Guest (S-1-5-21-2076816696-1300689269-2899885506-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2076816696-1300689269-2899885506-1003 - Limited - Enabled)
ВЕСКО (S-1-5-21-2076816696-1300689269-2899885506-1001 - Administrator - Enabled) => C:\Users\ВЕСКО

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.330 - Adobe)
BitTorrent (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\BitTorrent) (Version: 7.10.5.45496 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
Gameforge Client (HKLM-x32\...\{d3b2a0c1-f0d0-4888-ae0b-1c5e1febdafb}_is1) (Version: 2.0.51.124 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.122 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains)
LINE (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\LINE) (Version: 5.22.0.2111 - LINE Corporation)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Metin2 ru-RU (HKLM-x32\...\{fab180a3-cd65-4b7e-bd0e-2ef77fd0c258.ru-RU}) (Version:  - Gameforge)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Plarium Play (HKLM-x32\...\{4EE55C89-1180-4702-86C0-0E999BF691FD}) (Version: 5.1.0 - Plarium) Hidden
Plarium Play (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\{1077884f-6e6c-4848-8a7c-9dec58d99637}) (Version: 5.1.0 - Plarium)
QLBCASL (HKLM-x32\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QTranslate 6.7.4 (HKLM-x32\...\QTranslate) (Version: 6.7.4 - QuestSoft)
SafeIP (HKLM-x32\...\SAFEIP_is1) (Version:  - SafeIP)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)

Packages:
=========
Frameworkuapbase -> C:\Program Files\WindowsApps\48682KiddoTest.Frameworkuapbase_1.0.0.2_neutral__81ffpr532s7pc [2019-08-11] (KiddoTest)
Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.0_2.0.1410.19000_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation)
Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.0_2.0.1410.19000_x86__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation)
Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.1_2.0.1410.19000_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation)
Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.1_2.0.1410.19000_x86__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation)
Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation)
Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x86__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation)
Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Platform Extensions Internal)
Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x86__8wekyb3d8bbwe [2019-08-11] (Microsoft Platform Extensions Internal)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.2.0.Preview.Internal_1.0.9385.3_neutral__8wekyb3d8bbwe [2019-08-11] (Microsoft Platform Extensions)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.2.0.Preview_1.0.9431.0_neutral__8wekyb3d8bbwe [2019-08-11] (Microsoft Platform Extensions)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.Preview.1_1.0.9345.0_neutral__8wekyb3d8bbwe [2019-08-11] (Microsoft Platform Extensions)
MSN Време -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.322_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad]
MSN Кулинария -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad]
MSN Пътуване -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad]
mxtest2 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.mxtest2_2.0.0.0_neutral__x35ns48czryn0 [2019-08-11] (m1df_mmengesha)
Test_Framework_BP_052015 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkBP052015_1.0.0.9_neutral__x35ns48czryn0 [2019-08-11] (m1df_mmengesha)
Test_Framework_win81appxneutral_061115 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkwin81appxneutral06_4.0.0.7_neutral__x35ns48czryn0 [2019-08-11] (M1DF_Mmengesha)
Test_FrameworkBackpublish_050515 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkBackpublish050515_1.0.0.0_neutral__x35ns48czryn0 [2019-08-11] (m1df_mmengesha)
Test_FrameworkProd_062215_01 -> C:\Program Files\WindowsApps\50856m1dfLL.TestFrameworkProd06221501_1.0.0.10_neutral__nwcxtg9ehxpvt [2019-08-11] (m1df_lucyll)
TESTFRAMEWORKABO2 -> C:\Program Files\WindowsApps\40538vasetest101.TESTFRAMEWORKABO2_12.0.21005.1_x64__ssm1v0s3df7zc [2019-08-11] (vasetest101)
Видео -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.2.802.0_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad]
Игри -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad]
Музика -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.2.800.0_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-08-15 04:28 - 2015-08-03 08:54 - 000547328 _____ (SafeIP) [File not signed] C:\Windows\system32\SafeIPs64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeIPS => ""="service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2019-12-06 18:21 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ВЕСКО\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run32: => "QlbCtrl.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{90A6F7DD-E504-4409-ABEC-C48BCE0F48C2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{75128495-E63B-4C18-86A2-FA3306C63C36}E:\lfs\lfs.exe] => (Allow) E:\lfs\lfs.exe () [File not signed]
FirewallRules: [UDP Query User{C5906F14-8730-4E59-AB30-06C67E9BC2EB}E:\lfs\lfs.exe] => (Allow) E:\lfs\lfs.exe () [File not signed]
FirewallRules: [{1BED8524-52DB-4260-8BBE-A881BD9D3E34}] => (Allow) C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{AA496B3E-2F6F-4807-965E-F158476BB027}] => (Allow) C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{A809C2BA-1C3A-4ECC-A381-6678FB2DAD54}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

21-12-2019 21:54:55 Scheduled Checkpoint
20-01-2020 02:26:46 Scheduled Checkpoint
27-01-2020 03:35:29 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Fingerprint Sensor
Description: Fingerprint Sensor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (03/02/2020 06:15:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAPA)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/02/2020 06:15:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WWAHost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d24

Start Time: 01d5f0493947cd5c

Termination Time: 4294967295

Application Path: C:\Windows\System32\WWAHost.exe

Report Id: 810a4bbc-5c3c-11ea-828f-002713343a56

Faulting package full name: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: Windows.Store

Error: (03/02/2020 06:15:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: PAPA)
Description: App winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store did not launch within its allotted time.

Error: (02/28/2020 12:39:52 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/27/2020 04:18:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: skydrive.exe, version: 6.3.9600.17484, time stamp: 0x545d76bd
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x0000000000000000
Faulting process id: 0x1114
Faulting application start time: 0x01d5ed78bd3cd471
Faulting application path: C:\Windows\System32\skydrive.exe
Faulting module path: unknown
Report Id: fccfc0d4-596b-11ea-828e-002713343a56
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/26/2020 04:20:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: skydrive.exe, version: 6.3.9600.17484, time stamp: 0x545d76bd
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x0000000000000000
Faulting process id: 0x1614
Faulting application start time: 0x01d5ecafd3283424
Faulting application path: C:\Windows\System32\skydrive.exe
Faulting module path: unknown
Report Id: 134ef253-58a3-11ea-828e-002713343a56
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/26/2020 04:58:58 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/26/2020 04:58:51 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.


System errors:
=============
Error: (02/27/2020 04:27:58 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (02/27/2020 04:27:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Услуга на Google Актуализация (gupdate) service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (02/27/2020 04:27:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Услуга на Google Актуализация (gupdate) service to connect.

Error: (02/27/2020 04:18:47 PM) (Source: DCOM) (EventID: 10010) (User: PAPA)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (02/26/2020 04:21:21 PM) (Source: DCOM) (EventID: 10010) (User: PAPA)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (02/25/2020 04:19:39 PM) (Source: DCOM) (EventID: 10010) (User: PAPA)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (02/21/2020 04:23:25 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Peer Name Resolution Protocol service, but this action failed with the following error: 
An instance of the service is already running.

Error: (02/21/2020 04:21:26 PM) (Source: DCOM) (EventID: 10010) (User: PAPA)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2020-03-02 14:49:21.815
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:BAT/AutoKms.S!MTB&threatid=2147743496&enterprise=0
Name: HackTool:BAT/AutoKms.S!MTB
ID: 2147743496
Severity: High
Category: Tool
Path: file:_C:\Users\ВЕСКО\Documents\windows8.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\ВЕСКО\Downloads\FRST64.exe
Signature Version: AV: 1.311.394.0, AS: 1.311.394.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.16800.2, NIS: 2.1.14600.4

Date: 2020-02-24 16:49:50.613
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Vigram.A&threatid=232718&enterprise=0
Name: Program:Win32/Vigram.A
ID: 232718
Severity: Severe
Category: Potentially Unwanted Software
Path: file:_C:\Users\ВЕСКО\Downloads\SafeIP.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.309.1602.0, AS: 1.309.1602.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.16700.3, NIS: 2.1.14600.4

Date: 2020-02-21 04:27:22.929
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Vigram.A&threatid=232718&enterprise=0
Name: Program:Win32/Vigram.A
ID: 232718
Severity: Severe
Category: Potentially Unwanted Software
Path: file:_C:\Users\ВЕСКО\Downloads\SafeIP (1).exe;file:_C:\Users\ВЕСКО\Downloads\SafeIP.exe;webfile:_C:\Users\ВЕСКО\Downloads\SafeIP (1).exe|https://www.freesafeip.com/SafeIP.exe|chrome.exe;webfile:_C:\Users\ВЕСКО\Downloads\SafeIP.exe|https://www.freesafeip.com/SafeIP.exe|chrome.exe
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: Unknown
Signature Version: AV: 1.309.1348.0, AS: 1.309.1348.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.16700.3, NIS: 2.1.14600.4

Date: 2020-02-21 04:27:20.517
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Vigram.A&threatid=232718&enterprise=0
Name: Program:Win32/Vigram.A
ID: 232718
Severity: Severe
Category: Potentially Unwanted Software
Path: file:_C:\Users\ВЕСКО\Downloads\SafeIP.exe;webfile:_C:\Users\ВЕСКО\Downloads\SafeIP.exe|https://www.freesafeip.com/SafeIP.exe|chrome.exe
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: Unknown
Signature Version: AV: 1.309.1348.0, AS: 1.309.1348.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.16700.3, NIS: 2.1.14600.4

Date: 2020-02-21 04:24:18.037
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Vigram.A&threatid=232718&enterprise=0
Name: Program:Win32/Vigram.A
ID: 232718
Severity: Severe
Category: Potentially Unwanted Software
Path: file:_C:\Users\ВЕСКО\Downloads\SafeIP.exe;webfile:_C:\Users\ВЕСКО\Downloads\SafeIP.exe|https://www.freesafeip.com/SafeIP.exe|chrome.exe
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: Unknown
Signature Version: AV: 1.309.1348.0, AS: 1.309.1348.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.16700.3, NIS: 2.1.14600.4

Date: 2020-03-02 12:48:53.550
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.311.300.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16800.2
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 

Date: 2020-02-29 12:48:53.098
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.311.96.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16800.2
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 

Date: 2020-02-27 16:25:58.491
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.311.51.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16800.2
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 

Date: 2020-02-26 02:54:12.140
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.309.1602.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16700.3
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 

Date: 2020-02-24 16:32:59.871
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.309.1475.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16700.3
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 

CodeIntegrity:
===================================

Date: 2020-03-02 14:42:10.317
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-03-02 14:42:09.709
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-12-01 14:45:58.203
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-12-01 14:45:57.468
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-27 11:05:31.653
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-27 11:05:30.955
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-15 17:13:52.723
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-15 17:13:51.566
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

BIOS: Hewlett-Packard 68PCU Ver. F.20 12/08/2011
Motherboard: Hewlett-Packard 30DB
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 57%
Total physical RAM: 3000.26 MB
Available physical RAM: 1289.71 MB
Total Virtual: 7000.26 MB
Available Virtual: 5244.19 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:365.12 GB) (Free:324.76 GB) NTFS
Drive e: () (Fixed) (Total:100.1 GB) (Free:80.41 GB) NTFS

\\?\Volume{bce0ecb4-bba7-11e9-8250-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{bce0ecb7-bba7-11e9-8250-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0FD73A73)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=365.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt =======================

Линк към коментара
Сподели в други сайтове

Здравейте..! Не виждам нещо притеснително ...! Само тази програма SafeIP ...позната ли ви е , вие ли я инсталирахте ...?

 

Моля, да проверите на  VirusTotal    следните  файловве

Цитат

C:\Program Files (x86)\SafeIP\SafeIPS.exe

C:\Windows\SysWOW64\SafeIPs.dll

C:\Windows\system32\SafeIPs64.dll

 

След това публикувайте   съответните връзки    с  резултатите  в следващия си пост...!

 

--------------------------------------------------------------------------------------------

 

ESET онлайн скенер

Изтеглете  ESET Online Scanner и го запишете на вашия работен плот.

  •     Щракнете с десния бутон върху esetonlinescanner_enu.exe и изберете  Run as Administrator  ( Изпълни като администратор).
  •     Когато инструментът се отвори, щракнете върху  Get Started ( Започнете).
  •     Прочетете и приемете лицензионното споразумение.
  •     В прозореца  Welcome to ESET Online Scanner щракнете върху Get Started (Започнете).
  •     Изберете дали искате да изпратите анонимни данни на ESET.
  •     Забележка: Ако видите екрана Welcome Back to ESET Online Scanner"  (Добре дошли в онлайн скенера на ESET) , щракнете върху  Computer Scan  ( Сканиране на компютър ) > Full Scan  (Пълно сканиране).
  •     Кликнете върху опцията за Full Scan ( Пълно сканиране).
  •     Изберете Enable ESET to detect and remove potentially unwanted applications  (Активиране на ESET, за да открие и премахне потенциално нежелани приложения), след което щракнете върху Start scan  (Старт на сканиране).
  •     ESET  ще започне да сканира вашия компютър. Това може да отнеме известно време.
  •     Когато сканирането приключи и ако са открити заплахи, изберете Save scan log (Запазване на дневника на сканиране). Запазете го на работния плот като eset.txt. Кликнете върху Continue  (Продължи).
  •     ESET Онлайн скенер може да попита дали искате да включите функцията за периодично сканиране. Кликнете върху  Continue ( Продължи).
  •     На следващия екран можете да оставите отзиви за програмата, ако желаете. Поставете отметка в квадратчето за  Delete application data on closing ( изтриване на данни от приложението при затваряне). Ако оставите обратна връзка, щракнете върху Submit and continue (Изпращане и продължете). Ако не, Close without feedback (Затворете без обратна връзка).
  •   Отворете дневника от сканирането от вашия работен плот (eset.txt) и копирайте и поставете съдържанието му в следващия си отговор.

 

---------------------------------------------------------------------------------------------

 

Сканиране с SecurityCheck by glax24

  • Изтеглете SecurityCheck by glax24 от тук и запомнете инструмента на десктопа .
  • Стартирате програмата (ако използвате Windows XP) или стартирате с десен бутон на мишката от името на администратор (ако използватеWindows Vista/7/8/10)
  • Изчакайте да приключи сканирането.Ще се отвори в текстов файл с име SecurityCheck.txt. Копирайте съдържанието на  този файл  следващия си пост
  • Можете да намерите този файл в основната директория на системния диск в папка с име SecurityCheck, напр. C:\SecurityCheck\SecurityCheck.txt

================================================================================================================================

 

В следващия си отговор, моля, включете:

  •  eset.txt
  •  SecurityCheck.txt
Линк към коментара
Сподели в други сайтове

Програмата аз съм я инсталирал , позната ми е

https://www.virustotal.com/gui/file/9e72384e18640eca6de036541b89747e739517687c536b3348fced709a1d849c/detection

https://www.virustotal.com/gui/file/2b3bab861ea24115fa62a6873b16197dd8a8309183ec297bf8b8fc9473bc4d86/detection

https://www.virustotal.com/gui/file/473c7991cfcc0660f19751dc5940939b3ca8f94e234c2bd996b5aa72880b1c19/detection

3.3.2020 г. 17:54:29
Сканирани файлове: 372010
Открити файлове: 3
Почистени файлове: 3
Общо време на сканиране 02:43:51
Състояние на сканиране: Готово


C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\updates\7.10.5_45496.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистен чрез изтриване
C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\BitTorrent.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистен чрез изтриване
C:\Users\ВЕСКО\Downloads\BitTorrent.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение,вариант на Win32/WebCompanion.B потенциално нежелано приложение    почистен чрез изтриване

 

 

Линк към коментара
Сподели в други сайтове

преди 9 минути, v3cko написа:

Програмата аз съм я инсталирал , позната ми е

Добре...! Ваш си е компютъра , вие си решавате..! Само да обърна внимание че:

Цитат

SafeIP  Warning!  Това приложение може да показва реклами.

Продължаваме ...ESET онлайн скенера е премахнал WebCompanion - потенциално нежелано приложение вкарано  в BitTorrent - а ви ..!

SecurityCheck - покзва:

Цитат

Windows Update (wuauserv) - Услугата е спряна..!

Защо..?

Линк към коментара
Сподели в други сайтове

Възможно е ,но досега не е показвало реклами .

BitTorrent винаги ми е вкарвало това приложение.... и винаги ъпделтите са ми спряни - пускам само ако възникне проблем

Линк към коментара
Сподели в други сайтове

преди 6 минути, v3cko написа:

и винаги ъпделтите са ми спряни - пускам само ако възникне проблем

..и как ви влизат критичните актуализации ....а актуализациите на дефиниции ..?

Гледам използвате един гол Windows Defender и той като не се актуализира ...какво правим...?

Но както и да е ...! Задачата  ми се заключава да видим дали в системата ви има активни зарази и да ги премахнем...Не ,  няма такива ..! Системата е чиста..!

KpRm 
 
Изтеглете  KpRm от kernel-panik и го запишете на вашия работен плот. 

  • Щракнете с десния бутон върху kprm_ (версия) .exe и изберете Изпълни като администратор. 
  • Когато инструментът се отвори, уверете се, че всички квадратчета са отметнати и изберете Изпълни ( Run ).

image.png.ae380ba8b0c6aa27fc373965f56ef973.png

image.png.f90aaeac26b9e18c5ce5f79e34f88914.png

  • След като приключите, щракнете върху OK. 
  • В Notepad ще се отвори журнал, озаглавен kprm- (date) .txt
  • Моля, копирайте и поставете съдържанието му в следващия си отговор.

 

 

Линк към коментара
Сподели в други сайтове

Програмата зависна за около 30 мин. и след това изписа програмата не отговаря и се наложи да я стартирам наново

# Run at 3.3.2020 'г.' 19:46:43
# KpRm (Kernel-panik) version 2.8
# Website https://kernel-panik.me/tool/kprm/
# Run by ВЕСКО from C:\Users\ВЕСКО\Downloads
# Computer Name: PAPA
# OS: Windows 8.1 X64 (9600) 
# Number of passes: 2

- Checked options -

    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines

- Create Registry Backup -

   ~ [OK] Hive C:\Windows\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\ВЕСКО\NTUSER.dat backed up

     [OK] Registry Backup: C:\KPRM\backup\2020-03-03-19-46-43

- Delete Tools -


  ## ESET Online Scanner
     [OK] C:\Users\ВЕСКО\AppData\Local\ESET\ESETOnlineScanner deleted

  ## FRST
     [OK] C:\FRST deleted

- Restore System Settings -

     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files

- Restore UAC -

     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

   ~ [OK] RP named KpRm created at 03/03/2020 16:57:14 deleted
     [OK] All system restore points have been successfully deleted

- Create Restore Point -

     [OK] System Restore Point created

- Display System Restore Point -

   ~ RP named KpRm created at 03/03/2020 17:47:13

-- KPRM finished in 90.42s --

Линк към коментара
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване