Премини към съдържанието
Форумът в приложение

По-лесно сърфиране. Научи повече.
Kaldata.com - Форуми

Приложение на форума на цял екран с push известия, значки и други.

За да инсталирате това приложение на iOS и iPadOS
  1. Докоснете Иконата за споделяне в Safari
  2. Превъртете менюто и докоснете Добавяне към началния екран.
  3. Докоснете Добавяне в горния десен ъгъл.
За да инсталирате това приложение на Android
  1. Докоснете менюто с 3 точки (⋮) в горния десен ъгъл на браузъра.
  2. Докоснете Добавяне към началния екран или Инсталиране на приложение.
  3. Потвърдете, като докоснете Инсталиране.
Добави Kaldata.com в предпочитани източници в Google

Добре дошли!

Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

 

Стар лаптоп - PUP.Optional.Reimage

legolas69
в Премахване на зловреден софтуер

Featured Replies

Здравейте, въпросният лаптоп се използва от майка ми за ежедневни дейности и то рядко. При стартирането на системата ESET засича PUP.Optional.Reimage, позволих си да сканирам с Malwarebytes, БЕЗ да предприемам действия. Каква е тази папка и има ли нещо притеснително ? Благодаря предварително. 

Addition.txt

FRST.txt

malwarebytes.txt

  • Цитирай

    Здравейте ..! Това е потенциално нежелан софтуер...! Препоръчвам:

    Деинсталирайте следната програма по стандартния метод:

    Цитат

    Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.5.8 - Reimage) <==== ATTENTION

     

    ....след което стартирайте отново Malwarebytes  ..но този път премахнете всичко което програмата открие и публикувайте дневник с резултата.

     

    След тази процедура моля отново да направите свежо сканиране с:

     

    Сканиране с Farbar Recovery Scan

    • Моля изтеглете icon1337953436.pngFarbar Recovery Scan Tool (според версията на Windows изберете 32 битовата или 64 битовата версия) и го запазете на десктопа.
    • Стартирайте файла FRST.exe (или FRST64.exe)
    • Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
    • Натиснете бутона YClYkft.jpg.
    • Изчакайте търпеливо проверката да приключи.
    • Ще се създадат два лог файла с името - FRST.txt и Addition.txt на десктопа.
    • Копирайте съдържанието на файла FRST.txt в следващия си пост.Прикачете Addition.txt в коментар си (погледнете опцията Прикачване на файлове, когато публикувате мнение).

     

     Дневници
     
    В следващия си отговор, моля да включите (като копирате целите съдържания ) следните дневници:

    • Дневник от Malwarebytes Anti -Malware
    • FRST.txt (копирате цялото съдържание)
    • Addition.txt (прикачате..) 
  • Цитирай
    • Автор

    Програмата не я виждам в Programs and Features. Да продължавам ли със следващите стъпки ?

  • Цитирай
    Цитат

    ...след което стартирайте отново Malwarebytes  ..но този път премахнете всичко което програмата открие и публикувайте дневник с резултата.

    Да, продължете първо с Malwarebytes ..след това с FRST..!

  • Цитирай
    • Автор

    Malwarebytes:

     

    -Детайли за регистъра-
    Дата на сканиране: 12.01.19 г.
    Час на сканиране: 18:02
    Файл на регистъра: 8359824e-1683-11e9-904d-000df05c5714.json

    -Информация за софтуера-
    Версия: 3.6.1.2711
    Версия на компонентите: 1.0.519
    Актуализирай версията на пакета: 1.0.8744
    Лиценз: Пробен период

    -Системна информация-
    OS: Windows 7 Service Pack 1
    CPU: x86
    Файлова система: NTFS
    Потребител: user-PC\user

    -Резюме на сканирането-
    Тип сканиране: Threat Scan
    Сканирането е стартирано от: Ръчно
    Резултат: Завършено
    Сканирани обекти: 187817
    Открити заплахи: 76
    Заплахи под карантина: 76
    Изтекло време: 4 мин, 39 сек

    -Опции за сканиране-
    Памет: Разрешено
    Стартиране: Разрешено
    Файлова система: Разрешено
    Архиви: Разрешено
    руткитове: Забранено
    Евристика: Разрешено
    PUP: Открий
    PUM: Открий

    -Детайли за сканирането-
    Процес: 0
    (Не бяха открити зловредни елементи)

    Модул: 0
    (Не бяха открити зловредни елементи)

    Ключ на регистъра: 16
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Под карантина, [333], [327197],1.0.8744
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1, Под карантина, [333], [327197],1.0.8744
    PUP.Optional.Reimage, HKU\S-1-5-21-856370633-3077922244-2168785184-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Под карантина, [333], [327197],1.0.8744
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Под карантина, [333], [327197],1.0.8744
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Под карантина, [333], [327197],1.0.8744
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Под карантина, [333], [327197],1.0.8744
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine, Под карантина, [333], [327197],1.0.8744
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, Под карантина, [333], [327193],1.0.8744
    PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\REIMAGE PROTECTOR, Под карантина, [333], [332504],1.0.8744
    PUP.Optional.Reimage, HKU\S-1-5-21-856370633-3077922244-2168785184-1000\SOFTWARE\REIMAGE\PC REPAIR, Под карантина, [333], [327204],1.0.8744
    PUP.Optional.Reimage, HKU\S-1-5-21-856370633-3077922244-2168785184-1000\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., Под карантина, [333], [327203],1.0.8744
    PUP.Optional.Reimage, HKU\S-1-5-21-856370633-3077922244-2168785184-1000\SOFTWARE\Reimage, Под карантина, [333], [357494],1.0.8744
    PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, Под карантина, [333], [336077],1.0.8744
    PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Reimage Repair, Под карантина, [333], [327201],1.0.8744
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Под карантина, [333], [332494],1.0.8744
    PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}, Под карантина, [333], [327206],1.0.8744

    Стойност на регистъра: 2
    PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\REIMAGE PROTECTOR|CFLPATH, Под карантина, [333], [332504],1.0.8744
    PUP.Optional.Reimage, HKU\S-1-5-21-856370633-3077922244-2168785184-1000\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE, Под карантина, [333], [327204],1.0.8744

    Данни на регистъра: 0
    (Не бяха открити зловредни елементи)

    Поток данни: 0
    (Не бяха открити зловредни елементи)

    Папка: 10
    PUP.Optional.APNToolBar.Gen, C:\PROGRAMDATA\APN\APN-STUB, Под карантина, [801], [175062],1.0.8744
    PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Protector, Под карантина, [333], [327184],1.0.8744
    PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170607_1314, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\Temp\20170607_1314\DownloaderTemp, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\Temp\20170607_1314, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\Results, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\Temp, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results, Под карантина, [333], [327186],1.0.8744
    PUP.Optional.Reimage, C:\PROGRAMDATA\REIMAGE PROTECTOR, Под карантина, [333], [327186],1.0.8744

    Файл: 48
    PUP.Optional.Reimage, C:\PROGRAM FILES\REIMAGE\REIMAGE REPAIR\REIMAGEICON.ICO, Под карантина, [333], [327184],1.0.8744
    PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest, Под карантина, [333], [327184],1.0.8744
    PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\Reimage Repair.url, Под карантина, [333], [327184],1.0.8744
    PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\Reimage_SafeMode.ico, Под карантина, [333], [327184],1.0.8744
    PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\Reimage_uninstall.ico, Под карантина, [333], [327184],1.0.8744
    PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\Reimage_website.ico, Под карантина, [333], [327184],1.0.8744
    PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\REI_AxControl.inf, Под карантина, [333], [327184],1.0.8744
    PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.lza, Под карантина, [333], [327184],1.0.8744
    PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\REI_Engine.lza, Под карантина, [333], [327184],1.0.8744
    PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\version.rei, Под карантина, [333], [327184],1.0.8744
    PUP.Optional.Reimage, C:\REI\AV\HBEDV.KEY, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\AV\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\AV\avupdate.conf, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\AV\avupdate.exe, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\AV\avupdate_msg.avr, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\AV\savapi3_restart.exe, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\AV\savapi3_start.exe, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\AV\savapi3_stop.exe, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170607_1314\debug-repair-2.log, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170607_1314\debug-repair.log, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170607_1314\Info_EnvironmentVars.res, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170607_1314\Info_Installed.rec, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170607_1314\out.log, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170607_1314\StabilityScanRes.xml, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\Temp\20170607_1314\ApplicationList.ini, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\About.txt, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\cfl.rei, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\rei1858nvt.ini, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\reimage.qsr, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\rei\SupportInfoTool.ini, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\USERS\USER\APPDATA\ROAMING\Microsoft\Windows\Recent\reimage.qsr.lnk, Под карантина, [333], [327187],1.0.8744
    PUP.Optional.Reimage, C:\USERS\USER\APPDATA\LOCAL\TEMP\REIMAGE.LOG, Под карантина, [333], [334717],1.0.8744
    PUP.Optional.Reimage, C:\PROGRAMDATA\REIMAGE PROTECTOR\CFL.REI, Под карантина, [333], [327186],1.0.8744
    PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\ProtectorPackage.log, Под карантина, [333], [327186],1.0.8744
    PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\ProtectorUpdater.log, Под карантина, [333], [327186],1.0.8744
    PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\ScanAgent.log, Под карантина, [333], [327186],1.0.8744
    PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\ScanAgentDebugRepair.log, Под карантина, [333], [327186],1.0.8744
    PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\scan_agent_result_log.txt, Под карантина, [333], [327186],1.0.8744
    PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\active_protection.txt, Под карантина, [333], [327186],1.0.8744
    PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\aps.rei, Под карантина, [333], [327186],1.0.8744
    PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\scan_agent_result_log.txt, Под карантина, [333], [327186],1.0.8744
    PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\urldb0.rei, Под карантина, [333], [327186],1.0.8744
    PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\urldb1.rei, Под карантина, [333], [327186],1.0.8744
    PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\urldb2.rei, Под карантина, [333], [327186],1.0.8744
    PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\url_setting_definitions.txt, Под карантина, [333], [327186],1.0.8744
    PUP.Optional.Reimage, C:\WINDOWS\TEMP\REIMAGE.LOG, Под карантина, [333], [334717],1.0.8744
    PUP.Optional.Reimage, C:\WINDOWS\REIMAGE.INI, Под карантина, [333], [412667],1.0.8744
    PUP.Optional.Reimage, C:\WINDOWS\TEMP\REIMAGEDEFINITIONUPDATE2018.EXE, Под карантина, [333], [327181],1.0.8744

    Физически сектор: 0
    (Не бяха открити зловредни елементи)

    WMI: 0
    (Не бяха открити зловредни елементи)


    (end)

    FRST: 

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-01-2019 01
    Ran by user (administrator) on USER-PC (12-01-2019 18:10:29)
    Running from C:\Users\user\Desktop
    Loaded Profiles: user (Available Profiles: user & Administrator)
    Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser not detected!)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    () C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE
    () C:\Program Files\Mtel NetAgent\MtelNetAgent_Service.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [307200 2011-06-15] (PowerISO Computing, Inc.)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
    HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\ecmds.exe [169616 2018-12-24] (ESET)
    HKU\S-1-5-21-856370633-3077922244-2168785184-1000\...\MountPoints2: G - G:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-856370633-3077922244-2168785184-1000\...\MountPoints2: {0356ca84-bb98-11e7-b310-000df05c5714} - G:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-856370633-3077922244-2168785184-1000\...\MountPoints2: {29d2a587-2a92-11e4-b355-000df05c5714} - G:\.\Autorun.exe AUTORUN=1
    HKU\S-1-5-21-856370633-3077922244-2168785184-1000\...\MountPoints2: {29d2a5a1-2a92-11e4-b355-000df05c5714} - G:\.\Autorun.exe AUTORUN=1
    HKU\S-1-5-21-856370633-3077922244-2168785184-1000\...\MountPoints2: {ef9a2ee5-f563-11e4-aedb-000df05c5714} - G:\Startme.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    HKLM\...\Drivers32: [msacm.l3codecp] => C:\Windows\system32\l3codecp.acm [220672 2009-07-14] (Fraunhofer Institut Integrierte Schaltungen IIS)
    HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] ( )
    HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw.dll [3649536 2013-03-17] (x264vfw project)
    HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [243200 2011-06-24] ()
    HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [112640 2014-05-16] ()
    HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [122880 2012-07-21] (fccHandler)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-24] (Google Inc.)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-11-06] (Adobe Systems, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{BD1956DB-31B6-426A-BE07-CD6FB83CBE58}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{F7D91C16-38E1-41B9-B168-A9FF47152060}: [DhcpNameServer] 10.0.40.236 212.122.184.193

    Internet Explorer:
    ==================
    HKU\S-1-5-21-856370633-3077922244-2168785184-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
    SearchScopes: HKU\S-1-5-21-856370633-3077922244-2168785184-1000 -> {DA9C9090-A76E-4051-93E1-8DDDC4652BF6} URL = hxxps://www.google.com/search?q={searchTerms}
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-05-19] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-19] (Oracle Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6dwn57uf.default [2019-01-12]
    FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll [2013-11-13] ()
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
    FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-19] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-05-19] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-24] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-24] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

    Chrome: 
    =======
    CHR DefaultProfile: Default
    CHR StartupUrls: Default -> "hxxp://www.google.com"
    CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2019-01-12]
    CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
    CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
    CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
    CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
    CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-16]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-21]
    CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
    CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-12]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1833552 2018-12-24] (ESET)
    R3 ekrnEpfw; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1833552 2018-12-24] (ESET)
    R2 HuaweiHiSuiteService.exe; C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe [155848 2017-07-26] () [File not signed]
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
    R2 TAG_Service; C:\Program Files\Mtel NetAgent\MtelNetAgent_Service.exe [338488 2013-09-03] ()
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3236864 2013-09-24] (Qualcomm Atheros Communications, Inc.)
    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [124776 2018-11-16] (ESET)
    R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [92176 2018-11-16] (ESET)
    R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [149192 2018-11-16] (ESET)
    R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [43816 2018-11-16] (ESET)
    R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [72912 2018-11-16] (ESET)
    R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [54240 2018-11-16] (ESET)
    R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [94712 2018-11-16] (ESET)
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-12-04] (Malwarebytes)
    R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-07-17] (Intel Corporation)
    R3 johci; C:\Windows\System32\DRIVERS\johci.sys [23136 2012-07-16] (JMicron Technology Corp.)
    S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2013-05-23] (Logitech, Inc.)
    S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-04-13] (MBB Incorporated)
    R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2019-01-12] (Malwarebytes)
    R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [106144 2019-01-12] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63760 2019-01-12] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2019-01-12] (Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [83648 2019-01-12] (Malwarebytes)
    R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [60156 2011-06-15] (PowerISO Computing, Inc.) [File not signed]
    R3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [116736 2012-10-05] (Unibrain)
    R2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [17408 2012-10-05] (Unibrain)
    R2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [46592 2012-10-05] (Unibrain)
    U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2017-07-26] (Huawei Technologies Co., Ltd.)
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-01-12 18:10 - 2019-01-12 18:11 - 000011041 _____ C:\Users\user\Desktop\FRST.txt
    2019-01-12 18:09 - 2019-01-12 18:09 - 000011674 _____ C:\Users\user\Desktop\mbam.txt
    2019-01-12 14:22 - 2019-01-12 18:10 - 000000000 ____D C:\FRST
    2019-01-12 14:21 - 2019-01-12 14:21 - 001785344 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
    2019-01-12 14:10 - 2019-01-12 14:10 - 000063760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2019-01-12 14:10 - 2019-01-12 14:10 - 000000000 ____D C:\Users\user\AppData\Local\mbam
    2019-01-12 14:09 - 2019-01-12 17:13 - 000083648 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2019-01-12 14:09 - 2019-01-12 14:09 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2019-01-12 14:09 - 2019-01-12 14:09 - 000172280 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
    2019-01-12 14:09 - 2019-01-12 14:09 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2019-01-12 14:09 - 2019-01-12 14:09 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2019-01-12 14:09 - 2019-01-12 14:09 - 000000000 ____D C:\Users\user\AppData\Local\mbamtray
    2019-01-12 14:09 - 2019-01-12 14:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-01-12 14:09 - 2019-01-12 14:09 - 000000000 ____D C:\ProgramData\Malwarebytes
    2019-01-12 14:09 - 2019-01-12 14:09 - 000000000 ____D C:\Program Files\Malwarebytes
    2019-01-12 14:09 - 2018-12-04 08:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
    2019-01-12 14:07 - 2019-01-12 14:08 - 082227336 _____ (Malwarebytes ) C:\Users\user\Desktop\mb3-setup-consumer-3.6.1.2711-1.0.519-1.0.8728.exe
    2018-12-24 12:44 - 2018-12-06 04:35 - 002405376 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2018-12-24 12:44 - 2018-11-28 23:50 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2018-12-24 12:44 - 2018-11-28 23:50 - 011411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2018-12-24 12:44 - 2018-11-28 23:38 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2018-12-24 12:44 - 2018-11-28 23:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2018-12-24 12:44 - 2018-11-28 23:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2018-12-24 12:44 - 2018-11-11 18:50 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
    2018-12-24 12:44 - 2018-11-11 18:50 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
    2018-12-24 12:44 - 2018-11-11 18:49 - 004054760 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2018-12-24 12:44 - 2018-11-11 18:49 - 003960040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2018-12-24 12:44 - 2018-11-11 18:49 - 000162536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
    2018-12-24 12:44 - 2018-11-11 18:49 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2018-12-24 12:44 - 2018-11-11 18:49 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
    2018-12-24 12:44 - 2018-11-11 18:49 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2018-12-24 12:44 - 2018-11-11 18:47 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2018-12-24 12:44 - 2018-11-11 18:45 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2018-12-24 12:44 - 2018-11-11 18:45 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2018-12-24 12:44 - 2018-11-11 18:45 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2018-12-24 12:44 - 2018-11-11 18:45 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2018-12-24 12:44 - 2018-11-11 18:45 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2018-12-24 12:44 - 2018-11-11 18:45 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2018-12-24 12:44 - 2018-11-11 18:45 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2018-12-24 12:44 - 2018-11-11 18:45 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2018-12-24 12:44 - 2018-11-11 18:45 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2018-12-24 12:44 - 2018-11-11 18:45 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2018-12-24 12:44 - 2018-11-11 18:45 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2018-12-24 12:44 - 2018-11-11 18:45 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2018-12-24 12:44 - 2018-11-11 18:45 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2018-12-24 12:44 - 2018-11-11 18:45 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2018-12-24 12:44 - 2018-11-11 18:45 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2018-12-24 12:44 - 2018-11-11 18:45 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2018-12-24 12:44 - 2018-11-11 18:44 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2018-12-24 12:44 - 2018-11-11 18:44 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2018-12-24 12:44 - 2018-11-11 18:44 - 000307200 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2018-12-24 12:44 - 2018-11-11 18:44 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2018-12-24 12:44 - 2018-11-11 18:44 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2018-12-24 12:44 - 2018-11-11 18:44 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2018-12-24 12:44 - 2018-11-11 18:44 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2018-12-24 12:44 - 2018-11-11 18:44 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2018-12-24 12:44 - 2018-11-11 18:20 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2018-12-24 12:44 - 2018-11-11 18:20 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2018-12-24 12:44 - 2018-11-11 18:20 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2018-12-24 12:44 - 2018-11-11 18:20 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2018-12-24 12:44 - 2018-11-11 18:19 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2018-12-24 12:44 - 2018-11-11 18:17 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2018-12-24 12:44 - 2018-11-11 18:17 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
    2018-12-24 12:44 - 2018-11-11 18:15 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2018-12-24 12:44 - 2018-11-11 18:14 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2018-12-24 12:44 - 2018-11-11 18:14 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2018-12-24 12:44 - 2018-11-11 18:14 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2018-12-24 12:44 - 2018-11-11 18:14 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2018-12-24 12:44 - 2018-11-11 18:14 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2018-12-24 12:44 - 2018-11-11 18:14 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2018-12-24 12:44 - 2018-11-11 18:13 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
    2018-12-24 12:44 - 2018-11-11 18:13 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
    2018-12-24 12:44 - 2018-11-11 18:13 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
    2018-12-24 12:44 - 2018-11-11 18:13 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
    2018-12-24 12:44 - 2018-11-11 18:13 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
    2018-12-24 12:44 - 2018-11-08 18:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2018-12-24 12:44 - 2018-11-08 18:43 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2018-12-24 12:44 - 2018-11-08 18:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2018-12-24 12:44 - 2018-11-08 18:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2018-12-24 12:44 - 2018-11-06 06:20 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2018-12-24 12:44 - 2018-10-06 17:50 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2018-12-24 12:44 - 2018-10-06 17:44 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
    2018-12-24 12:44 - 2018-10-06 17:43 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2018-12-24 12:44 - 2018-10-06 17:43 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2018-12-24 12:44 - 2018-10-06 17:43 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2018-12-24 12:44 - 2018-10-06 17:16 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2018-12-24 12:43 - 2018-12-15 01:14 - 000348760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2018-12-24 12:43 - 2018-12-14 08:58 - 020280832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2018-12-24 12:43 - 2018-12-14 08:51 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2018-12-24 12:43 - 2018-12-14 08:51 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2018-12-24 12:43 - 2018-12-14 08:41 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2018-12-24 12:43 - 2018-12-14 08:41 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2018-12-24 12:43 - 2018-12-14 08:40 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2018-12-24 12:43 - 2018-12-14 08:40 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2018-12-24 12:43 - 2018-12-14 08:39 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2018-12-24 12:43 - 2018-12-14 08:38 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2018-12-24 12:43 - 2018-12-14 08:35 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2018-12-24 12:43 - 2018-12-14 08:35 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2018-12-24 12:43 - 2018-12-14 08:34 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2018-12-24 12:43 - 2018-12-14 08:33 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2018-12-24 12:43 - 2018-12-14 08:33 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2018-12-24 12:43 - 2018-12-14 08:32 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2018-12-24 12:43 - 2018-12-14 08:29 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2018-12-24 12:43 - 2018-12-14 08:26 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2018-12-24 12:43 - 2018-12-14 08:23 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2018-12-24 12:43 - 2018-12-14 08:22 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2018-12-24 12:43 - 2018-12-14 08:22 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2018-12-24 12:43 - 2018-12-14 08:20 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2018-12-24 12:43 - 2018-12-14 08:19 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2018-12-24 12:43 - 2018-12-14 08:19 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2018-12-24 12:43 - 2018-12-14 08:18 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2018-12-24 12:43 - 2018-12-14 08:18 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2018-12-24 12:43 - 2018-12-14 08:14 - 013681152 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2018-12-24 12:43 - 2018-12-14 08:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2018-12-24 12:43 - 2018-12-14 08:11 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2018-12-24 12:43 - 2018-12-14 08:11 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2018-12-24 12:43 - 2018-12-14 08:11 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2018-12-24 12:43 - 2018-12-14 08:10 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2018-12-24 12:43 - 2018-12-14 07:58 - 004386816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2018-12-24 12:43 - 2018-12-14 07:54 - 001330176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2018-12-24 12:43 - 2018-12-14 07:52 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2018-12-24 12:42 - 2018-12-14 08:33 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-01-12 18:08 - 2017-06-07 12:12 - 000000000 ____D C:\rei
    2019-01-12 18:08 - 2017-06-07 12:12 - 000000000 ____D C:\Program Files\Reimage
    2019-01-12 18:08 - 2014-05-19 09:16 - 000000000 ____D C:\ProgramData\APN
    2019-01-12 14:51 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\rescache
    2019-01-12 14:24 - 2009-07-14 06:34 - 000020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2019-01-12 14:24 - 2009-07-14 06:34 - 000020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2019-01-12 13:51 - 2017-06-07 12:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
    2019-01-12 13:50 - 2017-12-03 21:58 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2019-01-10 18:24 - 2014-05-19 08:18 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
    2019-01-10 18:24 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
    2019-01-10 18:18 - 2014-06-13 19:02 - 000000982 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2019-01-10 18:18 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2018-12-24 20:14 - 2009-07-14 06:33 - 000405968 _____ C:\Windows\system32\FNTCACHE.DAT
    2018-12-24 14:27 - 2017-03-18 21:52 - 000000000 ____D C:\Windows\system32\MRT
    2018-12-24 14:22 - 2017-03-18 09:27 - 134209608 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2018-12-24 12:52 - 2014-06-13 19:03 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-12-24 12:52 - 2014-06-13 19:03 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk

    ==================== Files in the root of some directories =======

    2014-05-19 10:08 - 2014-05-19 10:08 - 000031804 _____ () C:\Users\user\ffdshow.reg
    2013-02-07 14:22 - 2013-02-07 14:22 - 000050330 _____ () C:\Program Files\AntiDust.exe
    2017-04-21 06:05 - 2017-04-21 06:05 - 007639040 _____ () C:\Program Files\GUT18DE.tmp
    2014-03-21 09:51 - 2014-03-21 09:51 - 013205104 _____ (Driver-Soft Inc.                                            ) C:\Users\user\AppData\Roaming\drvgenpro.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2019-01-12 14:43

    ==================== End of FRST.txt ============================

    Addition.txt

  • Цитирай

    Не виждам някакви проблеми по дневниците ... Reimage   е в карантина...! Нещо друго да наблюдавате което да ви притеснява..?

     

  • Цитирай
    • Автор

    Не, благодаря за помощта. В случая мога ли да изтрия самата папка Reimage от Program Files ? 

  • Цитирай
    преди 5 минути, legolas69 написа:

    Не, благодаря за помощта. В случая мога ли да изтрия самата папка Reimage от Program Files ? 

    Да ...може да я изтриете ръчно :

    Цитат

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair

    Освен това може да си изчистите и карантината на Malwarebytes ...!

     

    За да премахнете правилно инструмента Farbar Recovery Scan Tool  , преименувайте изпълнимия файл FRST64.exe (или FRST.exe) в Uninstall.exe..!

    image.png.9cf9e0ab76b122782aff3552f54c5829.png     =>     image.png.44f957ce25ef61c76206655a46425152.png

    Стартирайте  файла Uninstall.exe. Ще бъдете уведомени, че трябва да рестартирате системата, за да изтриете инструмента ..!

    image.png.abcc20b28654d54fae08e7451bb5dc3b.png

  • Цитирай

    • Архивирана тема

    Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

    Назад

    Разглеждащи това в момента 0

    • Няма регистрирани потребители разглеждащи тази страница.

    Дарение

    • Подкрепи съществуването на форума - направи дарение
      26%
      Дарени 256.00 EUR от нужните 1,000.00 EUR

    Бюлетин

    Получавайте известие, когато има важна промяна или новина свързана с форума.
    Абонирайте се

    Профил

    Навигация

    Търсене

    Търсене

    Конфигуриране на push известия в браузъра
    Chrome (Android)
    1. Докоснете иконата на катинар до адресната лента.
    2. Докоснете Разрешения → Известия.
    3. Променете предпочитанията си.
    Chrome (Desktop)
    1. Кликнете върху иконата на катинар в адресната лента.
    2. Изберете Настройки на сайта.
    3. Намерете Известия и коригирайте предпочитанията си.