Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Доклад на Malwarebytes - нужна ли е вашата намеса?


Препоръчан отговор

След сканиране с Malwarebytes - 

Malwarebytes
www.malwarebytes.com

-Детайли за регистъра-
Дата на сканиране: 23.07.20 г.
Час на сканиране: 17:36
Файл на регистъра: f1d5ee08-ccf1-11ea-816a-f4ce46ad0471.json

-Информация за софтуера-
Версия: 4.1.2.73
Версия на компонентите: 1.0.976
Актуализирай версията на пакета: 1.0.27281
Лиценз: Free

-Системна информация-
OS: Windows 8.1
CPU: x64
Файлова система: NTFS
Потребител: PAPA\\u00d0\u0092\u00d0\u0095\u00d0\u00a1\u00d0\u009a\u00d0\u009e

-Резюме на сканирането-
Тип сканиране: Сканиране за заплахи
Сканирането е стартирано от: Ръчно
Резултат: Завършено
Сканирани обекти: 236694
Открити заплахи: 17
Заплахи под карантина: 17
Изтекло време: 11 мин, 58 сек

-Опции за сканиране-
Памет: Разрешено
Стартиране: Разрешено
Файлова система: Разрешено
Архиви: Разрешено
руткитове: Разрешено
Евристика: Разрешено
PUP: Открий
PUM: Открий

-Детайли за сканирането-
Процес: 0
(Не бяха открити зловредни елементи)

Модул: 0
(Не бяха открити зловредни елементи)

Ключ на регистъра: 0
(Не бяха открити зловредни елементи)

Стойност на регистъра: 0
(Не бяха открити зловредни елементи)

Данни на регистъра: 0
(Не бяха открити зловредни елементи)

Поток данни: 0
(Не бяха открити зловредни елементи)

Папка: 3
PUP.Optional.PushNotifications, C:\USERS\ВЕСКО\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Под карантина, 203, 838273, , , , 
PUP.Optional.PushNotifications, C:\USERS\ВЕСКО\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Под карантина, 203, 838273, , , , 
PUP.Optional.PushNotifications, C:\USERS\ВЕСКО\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Под карантина, 203, 838273, , , , 

Файл: 14
PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Под карантина, 203, 838273, , , , 
PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000093.ldb, Под карантина, 203, 838273, , , , 
PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000096.ldb, Под карантина, 203, 838273, , , , 
PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000099.ldb, Под карантина, 203, 838273, , , , 
PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000101.log, Под карантина, 203, 838273, , , , 
PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000102.ldb, Под карантина, 203, 838273, , , , 
PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Под карантина, 203, 838273, , , , 
PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Под карантина, 203, 838273, , , , 
PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Под карантина, 203, 838273, , , , 
PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Под карантина, 203, 838273, , , , 
PUP.Optional.PushNotifications, C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Под карантина, 203, 838273, , , , 
PUP.Optional.PushNotifications, C:\USERS\ВЕСКО\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Сменен, 203, 838273, 1.0.27281, , ame, 
PUP.Optional.PushNotifications, C:\USERS\ВЕСКО\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Сменен, 203, 838273, 1.0.27281, , ame, 
PUP.Optional.PushNotifications, C:\USERS\ВЕСКО\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Сменен, 203, 838273, 1.0.27281, , ame, 

Физически сектор: 0
(Не бяха открити зловредни елементи)

WMI: 0
(Не бяха открити зловредни елементи)


(end)

Линк към коментара
Сподели в други сайтове

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2020
Ran by ВЕСКО (administrator) on PAPA (Hewlett-Packard HP EliteBook 6930p) (24-07-2020 18:01:54)
Running from C:\Users\ВЕСКО\Downloads
Loaded Profiles: ВЕСКО
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-
scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core
\smax4pnp.exe
(PLARIUM GLOBAL LTD. -> ) C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\6.1.0-0.0.1\PlariumPlayClientService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated ->
Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11]
(Hewlett-Packard Company ->  Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Microsoft
Windows Hardware Compatibility Publisher -> Analog Devices, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files
(x86)\Google\Chrome\Application\84.0.4147.89\Installer\chrmstp.exe [2020-07-16] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)

Task: {265168EC-659E-486F-A588-95AEB76ABA97} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash
\FlashPlayerUpdateService.exe [335416 2020-07-18] (Adobe Inc. -> Adobe)
Task: {34623323-DEFF-4314-B094-7F8713513045} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ВЕСКО\Downloads
\esetonlinescanner_enu.exe
Task: {6B9E0AD0-AB0C-4380-A4C4-DCAD81DBD548} - System32\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001 => C:\Program
Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {87935F6A-A2F4-4866-A907-C7CD2C7A0A21} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater
\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {9FF7AC8D-513B-44BB-96F6-B7107D0F6437} - System32\Tasks\Opera GX scheduled Autoupdate 1587844699 => C:\Users\ВЕСКО\AppData
\Local\Programs\Opera GX\launcher.exe [1459224 2020-07-15] (Opera Software AS -> Opera Software)
Task: {A843C120-2505-4293-BDFD-A29A24C02977} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google
\Update\GoogleUpdate.exe [154920 2019-08-10] (Google Inc -> Google LLC)
Task: {ACA797F2-DFAE-40E9-A1A1-F0FF47044B6A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed
\Flash\FlashUtil32_32_0_0_403_pepper.exe [1471032 2020-07-18] (Adobe Inc. -> Adobe)
Task: {BC7D6B7B-03DE-4E5D-A1B5-62B9B694C8C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update
\GoogleUpdate.exe [154920 2019-08-10] (Google Inc -> Google LLC)
Task: {F1B81EA2-DA5D-42DC-9C29-E67D88055A79} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ВЕСКО\Downloads
\esetonlinescanner_enu.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be
moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001.job => C:\Program Files (x86)\Skillbrains\Updater
\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 46.35.180.1 46.35.180.2
Tcpip\..\Interfaces\{42BC6B57-A733-46D9-8ABC-14B01E8C41EF}: [DhcpNameServer] 46.35.180.1 46.35.180.2
Tcpip\..\Interfaces\{A7FF16DF-7DC1-437C-8A22-C8C6BDC82A48}: [DhcpNameServer] 46.35.180.1 46.35.180.2
Tcpip\..\Interfaces\{E1D0E267-FB12-4D8A-899D-ECB810445149}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.bg/

FireFox:
========
FF DefaultProfile: tq2nngvb.default
FF ProfilePath: C:\Users\ВЕСКО\AppData\Roaming\Mozilla\Firefox\Profiles\tq2nngvb.default [2020-03-19]
FF ProfilePath: C:\Users\ВЕСКО\AppData\Roaming\Mozilla\Firefox\Profiles\i1y0xx66.default-release [2020-04-23]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23]
(Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10
-23] (Microsoft Corporation ->  Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default [2020-07-24]
CHR Notifications: Default -> hxxps://www.zyngapoker.com
CHR HomePage: Default -> hxxp://google.bg/
CHR StartupUrls: Default -> "hxxps://www.google.bg/"
CHR Extension: (Презентации) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions
\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-10]
CHR Extension: (Документи) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions
\aohghmighlieiainnegkcijnfilokake [2019-08-10]
CHR Extension: (Google Диск) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions
\apdfllckaahabafndbhieahigkjlhalf [2019-08-10]
CHR Extension: (YouTube) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions
\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-10]
CHR Extension: (Adblock Plus — безплатен блокер на реклами) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default
\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-07-24]
CHR Extension: (Таблици) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions
\felcaaldnbdncclmgdcncolpebgiejap [2019-08-10]
CHR Extension: (Google Документи офлайн) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions
\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-21]
CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions
\mbniclmhobmnbdlbpiphghaielnnpgdp [2020-01-27]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions
\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
[2019-08-10]
CHR Extension: (Chrome Media Router) - C:\Users\ВЕСКО\AppData\Local\Google\Chrome\User Data\Default\Extensions
\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-16]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)

S4 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-18] (Adobe Inc. ->
Adobe)
S4 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Microsoft Windows Hardware Compatibility Publisher ->
Andrea Electronics Corporation)
S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [42096 2015-08-04] (Avago Technologies U.S. Inc. -> LSI
Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6970968 2020-07-08] (Malwarebytes Inc ->
Malwarebytes)
R2 Plarium Play Client Service; C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\6.1.0-0.0.1\PlariumPlayClientService.exe [89696
2020-06-18] (PLARIUM GLOBAL LTD. -> )
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2019-08-11] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2019-08-11] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)

R3 ADIHdAudAddService; C:\Windows\system32\drivers\ADIHdAud.sys [497152 2009-05-18] (Microsoft Windows Hardware Compatibility
Publisher -> Analog Devices, Inc.)
R3 AgereSoftModem; C:\Windows\system32\DRIVERS\agrsm64.sys [1230104 2015-08-04] (Microsoft Windows Hardware Compatibility
Publisher -> LSI Corporation)
R3 HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [19000 2010-02-25] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 HpqKbFiltr; C:\Windows\System32\drivers\HpqKbFiltr.sys [18432 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher
-> Hewlett-Packard Development Company, L.P.)
S0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-07-08] (Malwarebytes Inc -> Malwarebytes)
R1 MpKsl5976d10a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C95734CA-1077-44CF-B2A0-
B54B171EEC0B}\MpKsl5976d10a.sys [43232 2020-07-19] (Microsoft Windows -> Microsoft Corporation)
R1 MpKslDrv; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C95734CA-1077-44CF-B2A0-B54B171EEC0B}\MpKslDrv.sys
[43232 2020-07-15] (Microsoft Windows -> Microsoft Corporation)
R3 RICOH SmartCard Reader; C:\Windows\system32\DRIVERS\rismcx64.sys [79488 2006-10-03] (Microsoft Windows Hardware Compatibility
Publisher -> RICOH Company, Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2019-08-11] (Microsoft Windows Early Launch Anti-malware Publisher ->
Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2019-08-11] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2019-08-11] (Microsoft Windows -> Microsoft Corporation)
R0 WofAdk; C:\Windows\System32\drivers\wofadk.sys [221376 2019-08-11] (Microsoft Corporation -> Microsoft Corporation)
S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-24 18:01 - 2020-07-24 18:02 - 000012068 _____ C:\Users\ВЕСКО\Downloads\FRST.txt
2020-07-24 18:01 - 2020-07-24 18:02 - 000000000 ____D C:\FRST
2020-07-24 17:58 - 2020-07-24 17:58 - 002294784 _____ (Farbar) C:\Users\ВЕСКО\Downloads\FRST64.exe
2020-07-08 16:06 - 2020-07-08 16:06 - 000005994 _____ C:\Users\ВЕСКО\Desktop\malwarebytes.txt
2020-07-08 15:47 - 2020-07-08 15:47 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-07-08 15:47 - 2020-07-08 15:47 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-07-04 18:57 - 2020-07-04 18:57 - 000000095 _____ C:\Users\ВЕСКО\Documents\hhhh.cms
2020-07-04 18:30 - 2020-07-04 18:30 - 002810297 _____ C:\Users\ВЕСКО\Downloads\cm413_64.zip
2020-07-04 17:27 - 2020-07-04 17:27 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\EpicGamesLauncher
2020-07-04 17:27 - 2020-07-04 17:27 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\CrashReportClient
2020-07-04 17:17 - 2020-07-04 17:26 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2020-07-04 17:17 - 2020-07-04 17:17 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\Ubisoft Game Launcher
2020-07-04 17:04 - 2020-07-04 17:27 - 000000000 ____D C:\Program Files\Epic Games
2020-07-04 17:02 - 2020-07-04 17:02 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2020-07-04 17:02 - 2020-07-04 17:02 - 000000000 ____D C:\Program Files (x86)\MSBuild
2020-07-04 17:01 - 2020-07-04 17:01 - 000000000 ____D C:\Program Files\Reference Assemblies
2020-07-04 17:01 - 2020-07-04 17:01 - 000000000 ____D C:\Program Files\MSBuild
2020-07-04 16:59 - 2013-08-03 07:48 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2020-07-04 16:59 - 2013-08-03 07:48 - 000124112 _____ (Microsoft Corporation) C:\Windows
\system32\PresentationCFFRasterizerNative_v0300.dll
2020-07-04 16:59 - 2013-08-03 07:48 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2020-07-04 16:59 - 2013-08-03 07:41 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2020-07-04 16:59 - 2013-08-03 07:41 - 000102608 _____ (Microsoft Corporation) C:\Windows
\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2020-07-04 16:59 - 2013-08-03 07:41 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2020-07-04 16:54 - 2020-07-04 16:54 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\UnrealEngine

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-24 16:45 - 2020-02-16 12:43 - 000000398 _____ C:\Windows\Tasks\update-sys.job
2020-07-24 16:33 - 2019-08-10 23:03 - 000000000 ___DO C:\Users\ВЕСКО\SkyDrive
2020-07-24 04:40 - 2019-08-10 23:08 - 000003910 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{54DC4300-FD57-426E-
B02E-B8CE96343A01}
2020-07-24 03:07 - 2020-02-16 12:43 - 000000398 _____ C:\Windows\Tasks\update-S-1-5-21-2076816696-1300689269-2899885506-1001.job
2020-07-23 17:36 - 2020-04-23 17:13 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\CrashDumps
2020-07-21 05:28 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\Inf
2020-07-20 06:00 - 2019-08-10 22:55 - 000000000 ____D C:\Users\ВЕСКО
2020-07-19 00:43 - 2013-08-22 17:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-07-18 11:52 - 2019-10-13 12:30 - 000004424 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-07-18 11:52 - 2019-10-13 12:30 - 000004282 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-07-18 11:52 - 2019-10-13 12:30 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\Adobe
2020-07-18 11:52 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-07-18 11:52 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\system32\Macromed
2020-07-16 23:50 - 2019-08-10 23:00 - 000003600 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-
2076816696-1300689269-2899885506-1001
2020-07-16 19:01 - 2019-08-10 23:13 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-07-16 19:01 - 2019-08-10 23:13 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-07-16 19:01 - 2019-08-10 23:13 - 000002203 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-07-15 16:30 - 2020-05-17 21:43 - 000001459 _____ C:\Users\ВЕСКО\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
\Браузър Opera GX.lnk
2020-07-15 16:30 - 2020-04-25 22:58 - 000004052 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1587844699
2020-07-14 19:01 - 2013-09-30 07:14 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI
2020-07-14 18:52 - 2020-01-04 21:07 - 000000065 _____ C:\Users\ВЕСКО\Downloads\uopilot.ini
2020-07-14 18:52 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\system32\NDF
2020-07-14 17:34 - 2020-02-07 20:31 - 000000000 ____D C:\Users\ВЕСКО\AppData\Local\ElevatedDiagnostics
2020-07-14 17:05 - 2013-08-22 16:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2020-07-08 15:47 - 2020-01-11 21:25 - 000001964 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-07-08 15:47 - 2020-01-11 21:25 - 000001964 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-07-08 15:46 - 2020-01-11 21:25 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-07-07 20:10 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\AppReadiness
2020-07-05 04:21 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\rescache
2020-07-04 17:26 - 2019-10-13 12:37 - 000000000 ____D C:\Windows\system32\appmgmt
2020-07-04 17:09 - 2013-08-22 18:20 - 000000000 ____D C:\Windows\CbsTemp
2020-07-04 16:57 - 2019-08-11 10:20 - 000000000 ____D C:\ProgramData\Package Cache
2020-06-29 18:18 - 2020-01-15 21:02 - 000000000 ____D C:\Users\ВЕСКО\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
\QTranslate
2020-06-29 18:18 - 2020-01-15 21:02 - 000000000 ____D C:\Program Files (x86)\QTranslate
2020-06-29 18:17 - 2013-08-22 18:36 - 000000000 ___HD C:\Program Files\WindowsApps
2020-06-29 18:14 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\registration

==================== Files in the root of some directories ========

2019-10-13 12:25 - 2019-10-13 12:24 - 051823104 _____ () C:\Program Files\Macromedia Captivate.msi
2019-08-11 01:00 - 2019-08-11 01:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\AtStart.txt
2019-10-27 12:08 - 2019-10-27 12:08 - 000000556 _____ () C:\Users\ВЕСКО\AppData\Local\bowsakkdestx.txt
2019-08-11 01:00 - 2019-08-11 01:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\DSwitch.txt
2019-08-10 23:45 - 2020-06-18 19:42 - 000157609 _____ () C:\Users\ВЕСКО\AppData\Local\PlariumPlay.log
2019-08-11 01:00 - 2019-08-11 01:00 - 000000000 _____ () C:\Users\ВЕСКО\AppData\Local\QSwitch.txt
2020-02-16 12:43 - 2020-02-16 12:43 - 000000003 _____ () C:\Users\ВЕСКО\AppData\Local\updater.log
2020-02-16 12:43 - 2020-02-16 12:43 - 000000424 _____ () C:\Users\ВЕСКО\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-07-16 04:43
==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2020
Ran by ВЕСКО (24-07-2020 18:04:10)
Running from C:\Users\ВЕСКО\Downloads
Windows 8.1 Pro (Update) (X64) (2019-08-10 19:55:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2076816696-1300689269-2899885506-500 - Administrator - Disabled)
Guest (S-1-5-21-2076816696-1300689269-2899885506-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2076816696-1300689269-2899885506-1003 - Limited - Enabled)
ВЕСКО (S-1-5-21-2076816696-1300689269-2899885506-1001 - Administrator - Enabled) => C:\Users\ВЕСКО

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be
uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.403 - Adobe)
BitTorrent (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\BitTorrent) (Version: 7.10.5.45496 - BitTorrent Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.)
Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 84.0.4147.89 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains)
LINE (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\LINE) (Version: 6.1.1.2266 - LINE Corporation)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes version 4.1.2.73 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.2.73 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version:
9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version:
9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version:
10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version:
10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version:
12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version:
14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58})
(Version: 14.24.28127.4 - Microsoft Corporation)
Opera GX Stable 68.0.3618.197 (HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\Opera GX 68.0.3618.197) (Version:
68.0.3618.197 - Opera Software)
Plarium Play (HKLM-x32\...\{186b8f7a-d886-40d0-af54-0a87967eb0cf}) (Version: 6.1.0 - Plarium)
Plarium Play (HKLM-x32\...\{4FD60DF5-8569-4D49-B396-135E44C0B716}) (Version: 6.1.0 - Plarium) Hidden
QLBCASL (HKLM-x32\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QTranslate 6.7.4 (HKLM-x32\...\QTranslate) (Version: 6.7.4 - QuestSoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)

Packages:
=========
Frameworkuapbase -> C:\Program Files\WindowsApps\48682KiddoTest.Frameworkuapbase_1.0.0.2_neutral__81ffpr532s7pc [2020-06-29]
(KiddoTest)
Kinect for Windows Framework -> C:\Program Files\WindowsApps
\Microsoft.WindowsPreview.Kinect.8.0_2.0.1410.19000_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation)
Kinect for Windows Framework -> C:\Program Files\WindowsApps
\Microsoft.WindowsPreview.Kinect.8.0_2.0.1410.19000_x86__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation)
Kinect for Windows Framework -> C:\Program Files\WindowsApps
\Microsoft.WindowsPreview.Kinect.8.1_2.0.1410.19000_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation)
Kinect for Windows Framework -> C:\Program Files\WindowsApps
\Microsoft.WindowsPreview.Kinect.8.1_2.0.1410.19000_x86__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation)
Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x64__8wekyb3d8bbwe [2020
-06-29] (Microsoft Corporation)
Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x86__8wekyb3d8bbwe [2020
-06-29] (Microsoft Corporation)
Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps
\Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Platform Extensions Internal)
Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps
\Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x86__8wekyb3d8bbwe [2020-06-29] (Microsoft Platform Extensions Internal)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps
\Microsoft.WinJS.2.0.Preview.Internal_1.0.9385.3_neutral__8wekyb3d8bbwe [2020-06-29] (Microsoft Platform Extensions)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps
\Microsoft.WinJS.2.0.Preview_1.0.9431.0_neutral__8wekyb3d8bbwe [2020-06-29] (Microsoft Platform Extensions)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps
\Microsoft.WinJS.Preview.1_1.0.9345.0_neutral__8wekyb3d8bbwe [2020-06-29] (Microsoft Platform Extensions)
MSN Време -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation)
[MS Ad]
MSN Кулинария -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft
Corporation) [MS Ad]
MSN Пътуване -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft
Corporation) [MS Ad]
mxtest2 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.mxtest2_2.0.0.0_neutral__x35ns48czryn0 [2020-06-29] (m1df_mmengesha)
Racing 3D: Need For Race on Real Asphalt Speed Tracks -> C:\Program Files\WindowsApps
\C40DCF4F.SpeedRacing3DNeedForRaceonRealAsphaltTrac_1.0.2.0_x86__b6sb9g8avsqk2 [2020-06-29] (T-Bull)
Test_Framework_BP_052015 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkBP052015_1.0.0.9_neutral__x35ns48czryn0
[2020-06-29] (m1df_mmengesha)
Test_Framework_win81appxneutral_061115 -> C:\Program Files\WindowsApps
\24712m1dfmmengesha.TestFrameworkwin81appxneutral06_4.0.0.7_neutral__x35ns48czryn0 [2020-06-29] (M1DF_Mmengesha)
Test_FrameworkBackpublish_050515 -> C:\Program Files\WindowsApps
\24712m1dfmmengesha.TestFrameworkBackpublish050515_1.0.0.0_neutral__x35ns48czryn0 [2020-06-29] (m1df_mmengesha)
Test_FrameworkProd_062215_01 -> C:\Program Files\WindowsApps
\50856m1dfLL.TestFrameworkProd06221501_1.0.0.10_neutral__nwcxtg9ehxpvt [2020-06-29] (m1df_lucyll)
TESTFRAMEWORKABO2 -> C:\Program Files\WindowsApps\40538vasetest101.TESTFRAMEWORKABO2_12.0.21005.1_x64__ssm1v0s3df7zc [2020-06-29]
(vasetest101)
Видео -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) [MS
Ad]
Игри -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation)
[MS Ad]
Музика -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) [MS
Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05]
(win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-
05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware
\mbshlext.dll [2020-01-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware
\mbshlext.dll [2020-01-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05]
(win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-
05] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\ВЕСКО\Desktop\Браузър Opera GX.lnk -> C:\Users\ВЕСКО\AppData\Local\Programs\Opera GX\launcher.exe (Opera
Software) <==== Cyrillic
Shortcut: C:\Users\ВЕСКО\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Браузър Opera GX.lnk -> C:\Users\ВЕСКО\AppData
\Local\Programs\Opera GX\launcher.exe (Opera Software) <==== Cyrillic
Shortcut: C:\Users\ВЕСКО\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Браузър Opera GX.lnk -> 😄
\Users\ВЕСКО\AppData\Local\Programs\Opera GX\launcher.exe (Opera Software) <==== Cyrillic

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 16:25 - 2020-04-23 08:49 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ВЕСКО\AppData\Local\Microsoft
\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 46.35.180.1 - 46.35.180.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3)
(EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AEADIFilters => 2
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SafeIPS => 3
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "QlbCtrl.exe"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)

FirewallRules: [{90A6F7DD-E504-4409-ABEC-C48BCE0F48C2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC)
FirewallRules: [TCP Query User{75128495-E63B-4C18-86A2-FA3306C63C36}E:\lfs\lfs.exe] => (Allow) E:\lfs\lfs.exe () [File not
signed]
FirewallRules: [UDP Query User{C5906F14-8730-4E59-AB30-06C67E9BC2EB}E:\lfs\lfs.exe] => (Allow) E:\lfs\lfs.exe () [File not
signed]
FirewallRules: [{1BED8524-52DB-4260-8BBE-A881BD9D3E34}] => (Allow) C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\BitTorrent.exe => No
File
FirewallRules: [{AA496B3E-2F6F-4807-965E-F158476BB027}] => (Allow) C:\Users\ВЕСКО\AppData\Roaming\BitTorrent\BitTorrent.exe => No
File
FirewallRules: [TCP Query User{D5E3E617-6558-4159-A706-840C5B334B96}C:\users\веско\appdata\local\programs\opera gx
\67.0.3575.130\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\67.0.3575.130\opera.exe => No File
FirewallRules: [UDP Query User{6D6B588E-0882-4516-BB6C-FB65FAF2ABD3}C:\users\веско\appdata\local\programs\opera gx
\67.0.3575.130\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\67.0.3575.130\opera.exe => No File
FirewallRules: [TCP Query User{E859D23C-6F07-4BE8-B41B-6C3BEB15AF7D}C:\users\веско\appdata\local\programs\opera gx
\68.0.3618.129\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.129\opera.exe => No File
FirewallRules: [UDP Query User{43A95E54-B07C-45B1-8E73-66514B35824E}C:\users\веско\appdata\local\programs\opera gx
\68.0.3618.129\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.129\opera.exe => No File
FirewallRules: [TCP Query User{DED12865-66D2-43F2-8879-E264ACD7BB32}C:\users\веско\appdata\local\programs\opera gx
\68.0.3618.186\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.186\opera.exe => No File
FirewallRules: [UDP Query User{009FD906-4E38-4551-9D52-9D1270FB5477}C:\users\веско\appdata\local\programs\opera gx
\68.0.3618.186\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.186\opera.exe => No File
FirewallRules: [TCP Query User{8F120CF3-F066-4DC6-9A81-0F244E23B59F}C:\users\веско\appdata\local\programs\opera gx
\68.0.3618.191\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.191\opera.exe (Opera Software AS ->
Opera Software)
FirewallRules: [UDP Query User{5CE62F49-C29D-4716-BF99-4BE400D86415}C:\users\веско\appdata\local\programs\opera gx
\68.0.3618.191\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.191\opera.exe (Opera Software AS ->
Opera Software)
FirewallRules: [TCP Query User{CCAA93CB-9818-491C-B988-427999AC0B39}C:\users\веско\appdata\local\programs\opera gx
\68.0.3618.197\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.197\opera.exe (Opera Software AS ->
Opera Software)
FirewallRules: [UDP Query User{E1A68F6A-E93B-43A8-833F-AC36C3DD693D}C:\users\веско\appdata\local\programs\opera gx
\68.0.3618.197\opera.exe] => (Allow) C:\users\веско\appdata\local\programs\opera gx\68.0.3618.197\opera.exe (Opera Software AS ->
Opera Software)
FirewallRules: [{8EE4EF7B-9803-4012-A253-3F8749E6B152}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC)

==================== Restore Points =========================

04-07-2020 16:53:20 Installed DirectX
12-07-2020 02:45:22 Scheduled Checkpoint
19-07-2020 05:19:42 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: Redmi
Description: Redmi
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the
instructions.

Name: Fingerprint Sensor
Description: Fingerprint Sensor
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the
instructions.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the
instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (07/23/2020 05:36:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.728, time stamp: 0x5ef6345c
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x5e8272e4
Exception code: 0xc0000005
Fault offset: 0x0000000000219d05
Faulting process id: 0x368
Faulting application start time: 0x01d660fe9dc1e21d
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: f2370483-ccf1-11ea-82ba-f4ce46ad0471
Faulting package full name: 
Faulting package-relative application ID:

Error: (07/21/2020 04:25:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 90080108).

Error: (07/19/2020 05:19:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/16/2020 05:04:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: game.exe, version: 2018.4.20.34440, time stamp: 0x5e72fda9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x6361206e
Faulting process id: 0xe8c
Faulting application start time: 0x01d65b79d722f88c
Faulting application path: C:\Users\ВЕСКО\AppData\Local\Plarium\PlariumPlay\StandAloneApps\throne\93\game.exe
Faulting module path: unknown
Report Id: 408ed5d9-c76d-11ea-82b8-aa8b79b0f859
Faulting package full name: 
Faulting package-relative application ID:

Error: (07/12/2020 02:45:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/10/2020 07:56:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAPA)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927142 See the Microsoft-Windows-
TWinUI/Operational log for additional information.

Error: (07/10/2020 07:56:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WWAHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more
information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8d8

Start Time: 01d656db02a3e61a

Termination Time: 4294967295

Application Path: C:\Windows\System32\WWAHost.exe

Report Id: 4a941707-c2ce-11ea-82b4-002713343a56

Faulting package full name: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: Windows.Store

Error: (07/10/2020 07:56:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: PAPA)
Description: App winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store did not launch within its allotted time.


System errors:
=============
Error: (07/23/2020 06:20:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service.

Error: (07/23/2020 06:19:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service.

Error: (07/23/2020 06:19:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service.

Error: (07/23/2020 06:18:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service.

Error: (07/23/2020 06:18:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service.

Error: (07/23/2020 06:14:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service.

Error: (07/22/2020 06:02:49 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (07/22/2020 06:02:49 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2020-06-22 17:57:38.200
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {DA0F79FE-708A-413C-89DE-70AD10CBD434}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-06-19 16:09:59.096
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {2C80E799-C55A-4A35-9912-1FAC112CE127}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-06-09 03:22:06.191
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {8F709E50-DC9E-420C-96BF-FB4B3FDA9983}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-06-06 02:30:20.783
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {0B605A47-9F65-4275-A8B0-0877E2D4757C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-05-29 11:02:00.392
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {E557884F-266F-41EC-B720-AC99CF717DE0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-05-10 07:49:28.408
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007042c
Error description: The dependency service or group failed to start. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and
restart the computer.

Date: 2020-05-08 17:55:06.166
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007042c
Error description: The dependency service or group failed to start. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and
restart the computer.

Date: 2020-04-30 16:47:53.488
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007042c
Error description: The dependency service or group failed to start. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and
restart the computer.

Date: 2020-04-30 16:47:07.497
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.313.1441.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16900.4
Error code: 0x8007041d
Error description: The service did not respond to the start or control request in a timely fashion. 

Date: 2020-04-30 16:47:04.605
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007042c
Error description: The dependency service or group failed to start. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and
restart the computer.

CodeIntegrity:
===================================

Date: 2020-03-03 18:56:44.054
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load
\Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-03-03 18:56:42.406
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load
\Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-03-03 17:59:04.212
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load
\Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-03-03 17:59:03.621
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load
\Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-03-03 17:17:02.606
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load
\Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-03-03 17:17:01.890
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load
\Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-03-03 17:09:15.326
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load
\Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-03-03 17:09:14.624
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load
\Device\HarddiskVolume3\Windows\System32\SafeIPs64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

BIOS: Hewlett-Packard 68PCU Ver. F.20 12/08/2011
Motherboard: Hewlett-Packard 30DB
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 56%
Total physical RAM: 3000.26 MB
Available physical RAM: 1297.14 MB
Total Virtual: 7000.26 MB
Available Virtual: 4482.2 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:365.12 GB) (Free:323.1 GB) NTFS
Drive e: () (Fixed) (Total:100.1 GB) (Free:84.29 GB) NTFS

\\?\Volume{bce0ecb4-bba7-11e9-8250-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{bce0ecb7-bba7-11e9-8250-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0FD73A73)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=365.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt =======================

 

Линк към коментара
Сподели в други сайтове

Здравейте,

По-късно ще прегледам лог файловете, че съм ангажиран. Имате ли някакви конкретни оплаквания?

Специално намерените елементи от Malwarebytes не са особено опасни:

https://blog.malwarebytes.com/detections/pup-optional-pushnotifications/

Все пак можете да направите една проверка и с AdwCleaner:

https://www.kaldata.com/софтуер/adwcleaner-103982.html

Линк към коментара
Сподели в други сайтове

Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build:    07-22-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-24-2020
# Duration: 00:00:06
# OS:       Windows 8.1 Pro
# Cleaned:  3
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1651 octets] - [24/07/2020 20:28:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Линк към коментара
Сподели в други сайтове

Лог файловете са чисти. Има само остатъци от драйвера на Zemana, няколко невалидни правила в защитната стена и записи свързани с Webcompanion, който предполагам, вече беше изтрит от AdwCleaner.

Все пак за да ги почистите:

Изтеглете fixlist.txt и го запазете в папката, където сте свалили FRST64.exe (в папката C:\Users\ВЕСКО\Downloads)

Стартирайте FRST64.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

Поздрави!

Линк към коментара
Сподели в други сайтове

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-07-2020
Ran by ВЕСКО (25-07-2020 12:47:47) Run:1
Running from C:\Users\ВЕСКО\Downloads
Loaded Profiles: ВЕСКО
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X] 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
IE trusted site: HKU\S-1-5-21-2076816696-1300689269-2899885506-1001\...\webcompanion.com -> hxxp://webcompanion.com 
FirewallRules: [{1BED8524-52DB-4260-8BBE-A881BD9D3E34}] => (Allow) C:\Users\�����\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [{AA496B3E-2F6F-4807-965E-F158476BB027}] => (Allow) C:\Users\�����\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [TCP Query User{D5E3E617-6558-4159-A706-840C5B334B96}C:\users\�����\appdata\local\programs\opera gx\67.0.3575.130\opera.exe] => (Allow) C:\users\�����\appdata\local\programs\opera gx\67.0.3575.130\opera.exe => No File
FirewallRules: [UDP Query User{6D6B588E-0882-4516-BB6C-FB65FAF2ABD3}C:\users\�����\appdata\local\programs\opera gx\67.0.3575.130\opera.exe] => (Allow) C:\users\�����\appdata\local\programs\opera gx\67.0.3575.130\opera.exe => No File
FirewallRules: [TCP Query User{E859D23C-6F07-4BE8-B41B-6C3BEB15AF7D}C:\users\�����\appdata\local\programs\opera gx\68.0.3618.129\opera.exe] => (Allow) C:\users\�����\appdata\local\programs\opera gx\68.0.3618.129\opera.exe => No File
FirewallRules: [UDP Query User{43A95E54-B07C-45B1-8E73-66514B35824E}C:\users\�����\appdata\local\programs\opera gx\68.0.3618.129\opera.exe] => (Allow) C:\users\�����\appdata\local\programs\opera gx\68.0.3618.129\opera.exe => No File
FirewallRules: [TCP Query User{DED12865-66D2-43F2-8879-E264ACD7BB32}C:\users\�����\appdata\local\programs\opera gx\68.0.3618.186\opera.exe] => (Allow) C:\users\�����\appdata\local\programs\opera gx\68.0.3618.186\opera.exe => No File
FirewallRules: [UDP Query User{009FD906-4E38-4551-9D52-9D1270FB5477}C:\users\�����\appdata\local\programs\opera gx\68.0.3618.186\opera.exe] => (Allow) C:\users\�����\appdata\local\programs\opera gx\68.0.3618.186\opera.exe => No File
cmd: del %temp%\*.* /f /s /q
cmd: rd /s /q %temp%
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\amsdk => removed successfully
amsdk => service removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => removed successfully

Линк към коментара
Сподели в други сайтове

Всичко изглежда наред.

За да премахнем Farbar Recovery Scan Tool направете следното:

Преименувайте изпълнимия файл FRST64.exe на Uninstall.exe.

image.png.9cf9e0ab76b122782aff3552f54c5829.png     =>     image.png.44f957ce25ef61c76206655a46425152.png

Кликнете с десен бутон на мишката върху Uninstall.exe и изберете Run as administrator. Ще бъдете уведомени, че трябва да рестартирате системата, за да изтриете инструмента.

image.png.abcc20b28654d54fae08e7451bb5dc3b.png

След рестарта инструмента и прилежащите към него файлове ще бъдат изтрити.

 

Изтеглете  KpRm от kernel-panik и го запишете на вашия работен плот. 

  • Щракнете с десния бутон върху kprm_2.8.exe и изберете Run as administrator
  • Когато инструментът се отвори сложете всички отметки и натиснете бутона Run.

111.PNG

  • След като приключите, щракнете върху OK. 
  • В Notepad ще се отвори лог файла, копирайте съдържанието му в следващия си отговор.

 

Поздрави!

Линк към коментара
Сподели в други сайтове

# Run at 2.8.2020 'г.' 20:24:34
# KpRm (Kernel-panik) version 2.8
# Website https://kernel-panik.me/tool/kprm/
# Run by ВЕСКО from C:\Users\ВЕСКО\Downloads
# Computer Name: PAPA
# OS: Windows 8.1 X64 (9600) 
# Number of passes: 3

- Checked options -

    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point

- Create Registry Backup -

   ~ [OK] Hive C:\Windows\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\ВЕСКО\NTUSER.dat backed up

     [OK] Registry Backup: C:\KPRM\backup\2020-08-02-20-24-34

- Delete Tools -


  ## AdwCleaner
     [OK] C:\Users\ВЕСКО\Downloads\adwcleaner_8.0.7.exe deleted

  ## FRST
     [OK] C:\Users\ВЕСКО\Desktop\Addition.txt deleted
     [OK] C:\Users\ВЕСКО\Desktop\FRST.txt deleted

  ## Malwarebytes (log)
     [OK] C:\Users\ВЕСКО\Desktop\malwarebytes.txt deleted

- Other Lines -


  ## Quarantines keeped
    ~ C:\AdwCleaner (AdwCleaner)

- Restore System Settings -

     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files

- Restore UAC -

     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

   ~ [OK] RP named Scheduled Checkpoint created at 07/11/2020 23:45:22 deleted
   ~ [OK] RP named Scheduled Checkpoint created at 07/19/2020 02:19:42 deleted
   ~ [OK] RP named Restore Point Created by FRST created at 07/25/2020 09:47:54 deleted
     [OK] All system restore points have been successfully deleted

- Create Restore Point -

     [OK] System Restore Point created

- Display System Restore Point -

   ~ RP named KpRm created at 08/02/2020 17:25:10

-- KPRM finished in 84.14s --
 

Линк към коментара
Сподели в други сайтове

Ами това беше. Не е лоша идея може би периодично да сканирате системата си с програми, които са добри срещу нежелани приложения като Eset Online Scanner или преносимата версия на Emsisoft Emergency Kit.

Можете да изтриете инструмента KpRm и неговия лог файл, както и папката C:\AdwCleaner

Поздрави и приятна седмица! :bye1:

Линк към коментара
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.

  • Разглеждащи това в момента   0 потребители

    • Няма регистрирани потребители разглеждащи тази страница.
  • Горещи теми в момента

  • Подобни теми

    • от Rusttyy1
      Здравейте, съмнявам се, че системата ми е заразена. Крашват ми приложения/игри и почти винаги процесора ми стои на над 90% в таск мениджър-а
      Addition.txt FRST.txt
    • от kre10
      Здравейте, от скоро в диспечъра се появи този процес search.exe, някой знае ли за какво е? Намерих противоречиви информации в интернет. Дърпаше по 100~ MB г/д и не може да се спре.
    • от ivanralchev
      Здравейте, 
      малко я позакъсахме
      На едни мои познати им криптираха компютър с важна информация.
      Разширението на файловете е exlock. Доколкото разбирам от google, вируса е от семейство medusa.
      Прикачвам два скрийншота, един с разширението на файла, и друг с автоматично генерирания htm файл с инструкциите за откуп. Искат 7000$ след пазарене - непосилна сума.
      Прикачвам и двата файла. addition и FRST генерирани след сканиране с farbar.
      Ако някой може да помогне да пише. Разбира се ако оправим нещата няма да се размине само с черпене.


      Addition.txt FRST.txt
    • от Емил Костов
      Моля да се провери дали тази машина е заразена или всичко е наред. При мен всичко работи, но когато се включи на мястото в офиса върви бавно, лентата със задачи на Windows блокира както и половината му команди.
      Прикачам съдържанието от FRST64
      Addition.txt FRST.txt
    • от Alpine Trail
      Здравейте!Преди около 2 месеца Avast взе да алармира за заплаха Експлойт.Изглежда това се оказа провокирано от Adobe Flash Player,защото след като го деинсталирах нещата се оправиха.Наскоро пак имах съмнения че нещо не е наред със системата ми,затова инсталирах MBAM,която почна да изкарва съобщения че блокирва някои неща от мюторент,както и от тракера p2p,но пробният му период изтече и ето че сега Avast пропищя.Изкарва съобщения:"Заплахата е обезвредена.Безопасно прекъснахме връзката на udp://172.86.180.122.9777,тъй като беше заразена с/ъс Botnet:Blacklist."
      Ето логовете от FRST:
      FRST.txt Addition.txt
×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване