Премини към съдържанието

Препоръчан отговор


Здравейте, въпросният лаптоп се използва от майка ми за ежедневни дейности и то рядко. При стартирането на системата ESET засича PUP.Optional.Reimage, позволих си да сканирам с Malwarebytes, БЕЗ да предприемам действия. Каква е тази папка и има ли нещо притеснително ? Благодаря предварително. 

Addition.txt

FRST.txt

malwarebytes.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте ..! Това е потенциално нежелан софтуер...! Препоръчвам:

Деинсталирайте следната програма по стандартния метод:

Цитат

Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.5.8 - Reimage) <==== ATTENTION

 

....след което стартирайте отново Malwarebytes  ..но този път премахнете всичко което програмата открие и публикувайте дневник с резултата.

 

След тази процедура моля отново да направите свежо сканиране с:

 

Сканиране с Farbar Recovery Scan

  • Моля изтеглете icon1337953436.pngFarbar Recovery Scan Tool (според версията на Windows изберете 32 битовата или 64 битовата версия) и го запазете на десктопа.
  • Стартирайте файла FRST.exe (или FRST64.exe)
  • Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
  • Натиснете бутона YClYkft.jpg.
  • Изчакайте търпеливо проверката да приключи.
  • Ще се създадат два лог файла с името - FRST.txt и Addition.txt на десктопа.
  • Копирайте съдържанието на файла FRST.txt в следващия си пост.Прикачете Addition.txt в коментар си (погледнете опцията Прикачване на файлове, когато публикувате мнение).

 

 Дневници
 
В следващия си отговор, моля да включите (като копирате целите съдържания ) следните дневници:

  • Дневник от Malwarebytes Anti -Malware
  • FRST.txt (копирате цялото съдържание)
  • Addition.txt (прикачате..) 
  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Програмата не я виждам в Programs and Features. Да продължавам ли със следващите стъпки ?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
Цитат

...след което стартирайте отново Malwarebytes  ..но този път премахнете всичко което програмата открие и публикувайте дневник с резултата.

Да, продължете първо с Malwarebytes ..след това с FRST..!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Malwarebytes:

 

-Детайли за регистъра-
Дата на сканиране: 12.01.19 г.
Час на сканиране: 18:02
Файл на регистъра: 8359824e-1683-11e9-904d-000df05c5714.json

-Информация за софтуера-
Версия: 3.6.1.2711
Версия на компонентите: 1.0.519
Актуализирай версията на пакета: 1.0.8744
Лиценз: Пробен период

-Системна информация-
OS: Windows 7 Service Pack 1
CPU: x86
Файлова система: NTFS
Потребител: user-PC\user

-Резюме на сканирането-
Тип сканиране: Threat Scan
Сканирането е стартирано от: Ръчно
Резултат: Завършено
Сканирани обекти: 187817
Открити заплахи: 76
Заплахи под карантина: 76
Изтекло време: 4 мин, 39 сек

-Опции за сканиране-
Памет: Разрешено
Стартиране: Разрешено
Файлова система: Разрешено
Архиви: Разрешено
руткитове: Забранено
Евристика: Разрешено
PUP: Открий
PUM: Открий

-Детайли за сканирането-
Процес: 0
(Не бяха открити зловредни елементи)

Модул: 0
(Не бяха открити зловредни елементи)

Ключ на регистъра: 16
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Под карантина, [333], [327197],1.0.8744
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1, Под карантина, [333], [327197],1.0.8744
PUP.Optional.Reimage, HKU\S-1-5-21-856370633-3077922244-2168785184-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Под карантина, [333], [327197],1.0.8744
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Под карантина, [333], [327197],1.0.8744
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Под карантина, [333], [327197],1.0.8744
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Под карантина, [333], [327197],1.0.8744
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine, Под карантина, [333], [327197],1.0.8744
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, Под карантина, [333], [327193],1.0.8744
PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\REIMAGE PROTECTOR, Под карантина, [333], [332504],1.0.8744
PUP.Optional.Reimage, HKU\S-1-5-21-856370633-3077922244-2168785184-1000\SOFTWARE\REIMAGE\PC REPAIR, Под карантина, [333], [327204],1.0.8744
PUP.Optional.Reimage, HKU\S-1-5-21-856370633-3077922244-2168785184-1000\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., Под карантина, [333], [327203],1.0.8744
PUP.Optional.Reimage, HKU\S-1-5-21-856370633-3077922244-2168785184-1000\SOFTWARE\Reimage, Под карантина, [333], [357494],1.0.8744
PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, Под карантина, [333], [336077],1.0.8744
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Reimage Repair, Под карантина, [333], [327201],1.0.8744
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Под карантина, [333], [332494],1.0.8744
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}, Под карантина, [333], [327206],1.0.8744

Стойност на регистъра: 2
PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\REIMAGE PROTECTOR|CFLPATH, Под карантина, [333], [332504],1.0.8744
PUP.Optional.Reimage, HKU\S-1-5-21-856370633-3077922244-2168785184-1000\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE, Под карантина, [333], [327204],1.0.8744

Данни на регистъра: 0
(Не бяха открити зловредни елементи)

Поток данни: 0
(Не бяха открити зловредни елементи)

Папка: 10
PUP.Optional.APNToolBar.Gen, C:\PROGRAMDATA\APN\APN-STUB, Под карантина, [801], [175062],1.0.8744
PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Protector, Под карантина, [333], [327184],1.0.8744
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170607_1314, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\Temp\20170607_1314\DownloaderTemp, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\Temp\20170607_1314, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\Results, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\Temp, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results, Под карантина, [333], [327186],1.0.8744
PUP.Optional.Reimage, C:\PROGRAMDATA\REIMAGE PROTECTOR, Под карантина, [333], [327186],1.0.8744

Файл: 48
PUP.Optional.Reimage, C:\PROGRAM FILES\REIMAGE\REIMAGE REPAIR\REIMAGEICON.ICO, Под карантина, [333], [327184],1.0.8744
PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest, Под карантина, [333], [327184],1.0.8744
PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\Reimage Repair.url, Под карантина, [333], [327184],1.0.8744
PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\Reimage_SafeMode.ico, Под карантина, [333], [327184],1.0.8744
PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\Reimage_uninstall.ico, Под карантина, [333], [327184],1.0.8744
PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\Reimage_website.ico, Под карантина, [333], [327184],1.0.8744
PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\REI_AxControl.inf, Под карантина, [333], [327184],1.0.8744
PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.lza, Под карантина, [333], [327184],1.0.8744
PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\REI_Engine.lza, Под карантина, [333], [327184],1.0.8744
PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\version.rei, Под карантина, [333], [327184],1.0.8744
PUP.Optional.Reimage, C:\REI\AV\HBEDV.KEY, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\AV\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\AV\avupdate.conf, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\AV\avupdate.exe, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\AV\avupdate_msg.avr, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\AV\savapi3_restart.exe, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\AV\savapi3_start.exe, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\AV\savapi3_stop.exe, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170607_1314\debug-repair-2.log, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170607_1314\debug-repair.log, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170607_1314\Info_EnvironmentVars.res, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170607_1314\Info_Installed.rec, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170607_1314\out.log, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.5.8\RUN20170607_1314\StabilityScanRes.xml, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\Temp\20170607_1314\ApplicationList.ini, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\About.txt, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\cfl.rei, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\rei1858nvt.ini, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\reimage.qsr, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\rei\SupportInfoTool.ini, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\USERS\USER\APPDATA\ROAMING\Microsoft\Windows\Recent\reimage.qsr.lnk, Под карантина, [333], [327187],1.0.8744
PUP.Optional.Reimage, C:\USERS\USER\APPDATA\LOCAL\TEMP\REIMAGE.LOG, Под карантина, [333], [334717],1.0.8744
PUP.Optional.Reimage, C:\PROGRAMDATA\REIMAGE PROTECTOR\CFL.REI, Под карантина, [333], [327186],1.0.8744
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\ProtectorPackage.log, Под карантина, [333], [327186],1.0.8744
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\ProtectorUpdater.log, Под карантина, [333], [327186],1.0.8744
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\ScanAgent.log, Под карантина, [333], [327186],1.0.8744
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\ScanAgentDebugRepair.log, Под карантина, [333], [327186],1.0.8744
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\scan_agent_result_log.txt, Под карантина, [333], [327186],1.0.8744
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\active_protection.txt, Под карантина, [333], [327186],1.0.8744
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\aps.rei, Под карантина, [333], [327186],1.0.8744
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\scan_agent_result_log.txt, Под карантина, [333], [327186],1.0.8744
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\urldb0.rei, Под карантина, [333], [327186],1.0.8744
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\urldb1.rei, Под карантина, [333], [327186],1.0.8744
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\urldb2.rei, Под карантина, [333], [327186],1.0.8744
PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\url_setting_definitions.txt, Под карантина, [333], [327186],1.0.8744
PUP.Optional.Reimage, C:\WINDOWS\TEMP\REIMAGE.LOG, Под карантина, [333], [334717],1.0.8744
PUP.Optional.Reimage, C:\WINDOWS\REIMAGE.INI, Под карантина, [333], [412667],1.0.8744
PUP.Optional.Reimage, C:\WINDOWS\TEMP\REIMAGEDEFINITIONUPDATE2018.EXE, Под карантина, [333], [327181],1.0.8744

Физически сектор: 0
(Не бяха открити зловредни елементи)

WMI: 0
(Не бяха открити зловредни елементи)


(end)

FRST: 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-01-2019 01
Ran by user (administrator) on USER-PC (12-01-2019 18:10:29)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & Administrator)
Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
() C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE
() C:\Program Files\Mtel NetAgent\MtelNetAgent_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [307200 2011-06-15] (PowerISO Computing, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\ecmds.exe [169616 2018-12-24] (ESET)
HKU\S-1-5-21-856370633-3077922244-2168785184-1000\...\MountPoints2: G - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-856370633-3077922244-2168785184-1000\...\MountPoints2: {0356ca84-bb98-11e7-b310-000df05c5714} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-856370633-3077922244-2168785184-1000\...\MountPoints2: {29d2a587-2a92-11e4-b355-000df05c5714} - G:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-856370633-3077922244-2168785184-1000\...\MountPoints2: {29d2a5a1-2a92-11e4-b355-000df05c5714} - G:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-856370633-3077922244-2168785184-1000\...\MountPoints2: {ef9a2ee5-f563-11e4-aedb-000df05c5714} - G:\Startme.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\...\Drivers32: [msacm.l3codecp] => C:\Windows\system32\l3codecp.acm [220672 2009-07-14] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] ( )
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw.dll [3649536 2013-03-17] (x264vfw project)
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [243200 2011-06-24] ()
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [112640 2014-05-16] ()
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [122880 2012-07-21] (fccHandler)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-24] (Google Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-11-06] (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BD1956DB-31B6-426A-BE07-CD6FB83CBE58}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F7D91C16-38E1-41B9-B168-A9FF47152060}: [DhcpNameServer] 10.0.40.236 212.122.184.193

Internet Explorer:
==================
HKU\S-1-5-21-856370633-3077922244-2168785184-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-856370633-3077922244-2168785184-1000 -> {DA9C9090-A76E-4051-93E1-8DDDC4652BF6} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-05-19] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-19] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6dwn57uf.default [2019-01-12]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll [2013-11-13] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-05-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-24] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-24] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2019-01-12]
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-21]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1833552 2018-12-24] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1833552 2018-12-24] (ESET)
R2 HuaweiHiSuiteService.exe; C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe [155848 2017-07-26] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 TAG_Service; C:\Program Files\Mtel NetAgent\MtelNetAgent_Service.exe [338488 2013-09-03] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3236864 2013-09-24] (Qualcomm Atheros Communications, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [124776 2018-11-16] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [92176 2018-11-16] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [149192 2018-11-16] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [43816 2018-11-16] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [72912 2018-11-16] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [54240 2018-11-16] (ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [94712 2018-11-16] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-12-04] (Malwarebytes)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-07-17] (Intel Corporation)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [23136 2012-07-16] (JMicron Technology Corp.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2013-05-23] (Logitech, Inc.)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-04-13] (MBB Incorporated)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2019-01-12] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [106144 2019-01-12] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63760 2019-01-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2019-01-12] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [83648 2019-01-12] (Malwarebytes)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [60156 2011-06-15] (PowerISO Computing, Inc.) [File not signed]
R3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [116736 2012-10-05] (Unibrain)
R2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [17408 2012-10-05] (Unibrain)
R2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [46592 2012-10-05] (Unibrain)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2017-07-26] (Huawei Technologies Co., Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-12 18:10 - 2019-01-12 18:11 - 000011041 _____ C:\Users\user\Desktop\FRST.txt
2019-01-12 18:09 - 2019-01-12 18:09 - 000011674 _____ C:\Users\user\Desktop\mbam.txt
2019-01-12 14:22 - 2019-01-12 18:10 - 000000000 ____D C:\FRST
2019-01-12 14:21 - 2019-01-12 14:21 - 001785344 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2019-01-12 14:10 - 2019-01-12 14:10 - 000063760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-01-12 14:10 - 2019-01-12 14:10 - 000000000 ____D C:\Users\user\AppData\Local\mbam
2019-01-12 14:09 - 2019-01-12 17:13 - 000083648 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-01-12 14:09 - 2019-01-12 14:09 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-01-12 14:09 - 2019-01-12 14:09 - 000172280 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-01-12 14:09 - 2019-01-12 14:09 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-01-12 14:09 - 2019-01-12 14:09 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-12 14:09 - 2019-01-12 14:09 - 000000000 ____D C:\Users\user\AppData\Local\mbamtray
2019-01-12 14:09 - 2019-01-12 14:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-12 14:09 - 2019-01-12 14:09 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-12 14:09 - 2019-01-12 14:09 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-12 14:09 - 2018-12-04 08:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-01-12 14:07 - 2019-01-12 14:08 - 082227336 _____ (Malwarebytes ) C:\Users\user\Desktop\mb3-setup-consumer-3.6.1.2711-1.0.519-1.0.8728.exe
2018-12-24 12:44 - 2018-12-06 04:35 - 002405376 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-12-24 12:44 - 2018-11-28 23:50 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-12-24 12:44 - 2018-11-28 23:50 - 011411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-12-24 12:44 - 2018-11-28 23:38 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-12-24 12:44 - 2018-11-28 23:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-12-24 12:44 - 2018-11-28 23:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-12-24 12:44 - 2018-11-11 18:50 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-12-24 12:44 - 2018-11-11 18:50 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-12-24 12:44 - 2018-11-11 18:49 - 004054760 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-12-24 12:44 - 2018-11-11 18:49 - 003960040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-12-24 12:44 - 2018-11-11 18:49 - 000162536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-12-24 12:44 - 2018-11-11 18:49 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-12-24 12:44 - 2018-11-11 18:49 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-12-24 12:44 - 2018-11-11 18:49 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-12-24 12:44 - 2018-11-11 18:47 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-12-24 12:44 - 2018-11-11 18:45 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-12-24 12:44 - 2018-11-11 18:45 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-12-24 12:44 - 2018-11-11 18:45 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-12-24 12:44 - 2018-11-11 18:45 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-12-24 12:44 - 2018-11-11 18:45 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-12-24 12:44 - 2018-11-11 18:45 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-12-24 12:44 - 2018-11-11 18:45 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-12-24 12:44 - 2018-11-11 18:45 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-12-24 12:44 - 2018-11-11 18:45 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-12-24 12:44 - 2018-11-11 18:45 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-12-24 12:44 - 2018-11-11 18:45 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-12-24 12:44 - 2018-11-11 18:45 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-12-24 12:44 - 2018-11-11 18:45 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-12-24 12:44 - 2018-11-11 18:45 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-12-24 12:44 - 2018-11-11 18:45 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-12-24 12:44 - 2018-11-11 18:45 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-12-24 12:44 - 2018-11-11 18:44 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-12-24 12:44 - 2018-11-11 18:44 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-12-24 12:44 - 2018-11-11 18:44 - 000307200 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-12-24 12:44 - 2018-11-11 18:44 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-12-24 12:44 - 2018-11-11 18:44 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-12-24 12:44 - 2018-11-11 18:44 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-12-24 12:44 - 2018-11-11 18:44 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-12-24 12:44 - 2018-11-11 18:44 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-12-24 12:44 - 2018-11-11 18:20 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-12-24 12:44 - 2018-11-11 18:20 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-12-24 12:44 - 2018-11-11 18:20 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-12-24 12:44 - 2018-11-11 18:20 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-12-24 12:44 - 2018-11-11 18:19 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-12-24 12:44 - 2018-11-11 18:17 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-12-24 12:44 - 2018-11-11 18:17 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-12-24 12:44 - 2018-11-11 18:15 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-12-24 12:44 - 2018-11-11 18:14 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-12-24 12:44 - 2018-11-11 18:14 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-12-24 12:44 - 2018-11-11 18:14 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-12-24 12:44 - 2018-11-11 18:14 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-12-24 12:44 - 2018-11-11 18:14 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-12-24 12:44 - 2018-11-11 18:14 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-12-24 12:44 - 2018-11-11 18:13 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-12-24 12:44 - 2018-11-11 18:13 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-12-24 12:44 - 2018-11-11 18:13 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-12-24 12:44 - 2018-11-11 18:13 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-12-24 12:44 - 2018-11-11 18:13 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-12-24 12:44 - 2018-11-08 18:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-12-24 12:44 - 2018-11-08 18:43 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-12-24 12:44 - 2018-11-08 18:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-12-24 12:44 - 2018-11-08 18:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-12-24 12:44 - 2018-11-06 06:20 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-12-24 12:44 - 2018-10-06 17:50 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-12-24 12:44 - 2018-10-06 17:44 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-12-24 12:44 - 2018-10-06 17:43 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-12-24 12:44 - 2018-10-06 17:43 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-12-24 12:44 - 2018-10-06 17:43 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-12-24 12:44 - 2018-10-06 17:16 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-12-24 12:43 - 2018-12-15 01:14 - 000348760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-12-24 12:43 - 2018-12-14 08:58 - 020280832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-12-24 12:43 - 2018-12-14 08:51 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-12-24 12:43 - 2018-12-14 08:51 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-12-24 12:43 - 2018-12-14 08:41 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-12-24 12:43 - 2018-12-14 08:41 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-12-24 12:43 - 2018-12-14 08:40 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-12-24 12:43 - 2018-12-14 08:40 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-12-24 12:43 - 2018-12-14 08:39 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-12-24 12:43 - 2018-12-14 08:38 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-12-24 12:43 - 2018-12-14 08:35 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-12-24 12:43 - 2018-12-14 08:35 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-12-24 12:43 - 2018-12-14 08:34 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-12-24 12:43 - 2018-12-14 08:33 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-12-24 12:43 - 2018-12-14 08:33 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-12-24 12:43 - 2018-12-14 08:32 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-12-24 12:43 - 2018-12-14 08:29 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-12-24 12:43 - 2018-12-14 08:26 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-12-24 12:43 - 2018-12-14 08:23 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-12-24 12:43 - 2018-12-14 08:22 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-12-24 12:43 - 2018-12-14 08:22 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-12-24 12:43 - 2018-12-14 08:20 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-12-24 12:43 - 2018-12-14 08:19 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-12-24 12:43 - 2018-12-14 08:19 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-12-24 12:43 - 2018-12-14 08:18 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-12-24 12:43 - 2018-12-14 08:18 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-12-24 12:43 - 2018-12-14 08:14 - 013681152 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-12-24 12:43 - 2018-12-14 08:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-12-24 12:43 - 2018-12-14 08:11 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-12-24 12:43 - 2018-12-14 08:11 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-12-24 12:43 - 2018-12-14 08:11 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-12-24 12:43 - 2018-12-14 08:10 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-12-24 12:43 - 2018-12-14 07:58 - 004386816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-12-24 12:43 - 2018-12-14 07:54 - 001330176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-12-24 12:43 - 2018-12-14 07:52 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-12-24 12:42 - 2018-12-14 08:33 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-12 18:08 - 2017-06-07 12:12 - 000000000 ____D C:\rei
2019-01-12 18:08 - 2017-06-07 12:12 - 000000000 ____D C:\Program Files\Reimage
2019-01-12 18:08 - 2014-05-19 09:16 - 000000000 ____D C:\ProgramData\APN
2019-01-12 14:51 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\rescache
2019-01-12 14:24 - 2009-07-14 06:34 - 000020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-12 14:24 - 2009-07-14 06:34 - 000020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-12 13:51 - 2017-06-07 12:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2019-01-12 13:50 - 2017-12-03 21:58 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-01-10 18:24 - 2014-05-19 08:18 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-10 18:24 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2019-01-10 18:18 - 2014-06-13 19:02 - 000000982 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2019-01-10 18:18 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-24 20:14 - 2009-07-14 06:33 - 000405968 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-24 14:27 - 2017-03-18 21:52 - 000000000 ____D C:\Windows\system32\MRT
2018-12-24 14:22 - 2017-03-18 09:27 - 134209608 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-12-24 12:52 - 2014-06-13 19:03 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-24 12:52 - 2014-06-13 19:03 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2014-05-19 10:08 - 2014-05-19 10:08 - 000031804 _____ () C:\Users\user\ffdshow.reg
2013-02-07 14:22 - 2013-02-07 14:22 - 000050330 _____ () C:\Program Files\AntiDust.exe
2017-04-21 06:05 - 2017-04-21 06:05 - 007639040 _____ () C:\Program Files\GUT18DE.tmp
2014-03-21 09:51 - 2014-03-21 09:51 - 013205104 _____ (Driver-Soft Inc.                                            ) C:\Users\user\AppData\Roaming\drvgenpro.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-12 14:43

==================== End of FRST.txt ============================

Addition.txt


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не виждам някакви проблеми по дневниците ... Reimage   е в карантина...! Нещо друго да наблюдавате което да ви притеснява..?

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не, благодаря за помощта. В случая мога ли да изтрия самата папка Reimage от Program Files ? 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 5 минути, legolas69 написа:

Не, благодаря за помощта. В случая мога ли да изтрия самата папка Reimage от Program Files ? 

Да ...може да я изтриете ръчно :

Цитат

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair

Освен това може да си изчистите и карантината на Malwarebytes ...!

 

За да премахнете правилно инструмента Farbar Recovery Scan Tool  , преименувайте изпълнимия файл FRST64.exe (или FRST.exe) в Uninstall.exe..!

image.png.9cf9e0ab76b122782aff3552f54c5829.png     =>     image.png.44f957ce25ef61c76206655a46425152.png

Стартирайте  файла Uninstall.exe. Ще бъдете уведомени, че трябва да рестартирате системата, за да изтриете инструмента ..!

image.png.abcc20b28654d54fae08e7451bb5dc3b.png

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от sv3tlio
      Здравейте на всички! Ще гледам да съм максимално кратък и ще карам направо. Както виждате от заглавието на темата имам проблем с Хромиум. Като цяло проблемът ми е доста сходен с този : https://www.kaldata.com/forums/topic/270658-след-зареждане-на-windows-се-стартира-chromium/ . Същата работа е при мен. Преди около седмица си изтеглих BS Player, и от тогава се появи и този Chromium. BS Player-ът го изтеглих баш от сайта им, не от някакво измислено място, но явно и от там няма гаранция. Както и да е. Всеки път като се включи компютъра, било то след рестарт, или обикновено включване (това е само след пълно изключване на компютъра, когато го включа след "режим на готовност", този проблем го няма) веднага ми отваря Chromium и по-точно раздела history. На пръв поглед е все едно гледам Chrome, но не е. Отначало когато за пръв път се появи имаше историята от Chrome + каквито видео файлове съм пускал. Примерно влизал съм в еди си кой сайт, гледал съм еди си кой филм. Помъчих се да го деинсталирам обаче не става (ще приложа снимки какво точно ми излиза). 

      След като щракна върху Промени/премахни, пък ми излиза това: 

       И така до безкрайност. Писах "Chromium" в търсачката на компютъра (едно кученце). То търси, търси, чете някакви книжки, гледа с една лупа и накрая ми показа къде стоят файловете на този ми ти Chromium. Изтрих ги, нямаше никакъв ефект. После с Ctrl+alt+del влязох в "Процеси" и от там изтрих редовете на които пишеше chromium.exe. Тук беше и най-големият ми напредък, щото историята от Chrome + видео файловете отваряни откакто този компютър е станал компютър ги нямаше. Обаче остана това, че всеки път като включа компютъра и ми изкача нов прозорец в Chromium, ами освен това усещам как ми бави и самият Chrome - той е браузърът ми по подразбиране. Само да вметна, деинсталирах BS Player, Google Chrome, Mozilla Firefox, Avast също махнах за малко, барем се оправи, но не постигнах желаният от мен ефект. В темата която постнах по-горе от човека със същия проблем, пробвах да изтегля препоръчаният му fixlist, обаче ми дава грешка в страницата. Аз даже първо мислех, да си постна проблема там като коментар, ама викам айде да не спамя на човека темата, по-добре сякаш да отворя нова. Пък ако модераторите решат, че темата ми нещо е извън правилата, моля да бъда извинен за невежеството си. Та общо взето това е, бих се радвал на всякаква помощ. Лека вечер от мен!
       
    • от Fabry
      През няколко минути се появява странно съобщение от системата - на прикачената снимка е . Ако някой помогне, ще съм задължен !

    • от jega96
      Здр-те на всички от форома,можели да ми кажете заразен ли съм със някакъв вирус,защото преди няколко седмици ми излезе грешка на декстапа ми изтрих я и сега неми се явява вече общо казано,принципно не ползвам антивирусни програми,не влизам кой знае каде,за да хвана вирус,ама все пак да ми отговорите,как съм със ОС,като цяло мерси предварително.

      FRST.txt
      Addition.txt
    • от The Negative One
      Та пуснах вече една тема - хората ме пратиха тук.Ситуацията е следната - При всяко включване на компютъра Google Chrome автоматично се е пуснал и е отворил някакъв сайт с глупости на руски език."Получи предсказание от Ванга" и прочие простотии.Та опитах да изчистя кеша и да рестартирам настройките на браузъра, но не постигнах ефект.Ще се радвам ако някой може да помогне!
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
      Ran by SHANOVr (administrator) on DESKTOP-4AUH82I (13-12-2018 12:11:15)
      Running from D:\Camera\downloads D
      Loaded Profiles: SHANOVr (Available Profiles: defaultuser0 & SHANOVr)
      Platform: Windows 10 Pro Version 1709 16299.125 (X64) Language: English (United States)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
      (Hi-Rez Studios) D:\SteamGammEZ\HiPatchService.exe
      (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
      (Intel Corporation) C:\Windows\System32\igfxEM.exe
      (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
      () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
      (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      (f.lux Software LLC) C:\Users\SHANOVr\AppData\Local\FluxSoftware\Flux\flux.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (ASUSTek) C:\Program Files (x86)\ASUS\GPU TweakII\ASUSGPUFanService.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
      HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
      HKLM-x32\...\Run: [VirtualCloneDrive] => D:\CloneDrive\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
      HKU\S-1-5-21-392342708-715023771-1080359625-1001\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3131680 2018-11-26] (Valve Corporation)
      HKU\S-1-5-21-392342708-715023771-1080359625-1001\...\Run: [f.lux] => C:\Users\SHANOVr\AppData\Local\FluxSoftware\Flux\flux.exe [1820168 2018-10-24] (f.lux Software LLC)
      HKU\S-1-5-21-392342708-715023771-1080359625-1001\...\Run: [EpicGamesLauncher] => D:\boiii\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32973712 2018-07-26] (Epic Games, Inc.)
      HKU\S-1-5-21-392342708-715023771-1080359625-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49803328 2018-09-10] (Skype Technologies S.A.)
      HKU\S-1-5-21-392342708-715023771-1080359625-1001\...\Run: [SHANOVr] => explorer.exe hxxp://dipladoks.org <==== ATTENTION
      HKU\S-1-5-21-392342708-715023771-1080359625-1001\...\MountPoints2: {5911fcb2-a851-11e8-a4da-fcaa14184561} - "F:\EuroTruckSimulator2_setup.exe" 
      GroupPolicy: Restriction ? <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 66.117.6.114 180.76.76.76
      Tcpip\..\Interfaces\{b2172693-d883-4ed3-8b20-1cd27a17c8d4}: [DhcpNameServer] 192.168.42.129
      Tcpip\..\Interfaces\{ed733950-9206-4498-b0d2-848e150b2288}: [NameServer] 8.8.8.8,8.8.4.4
      Tcpip\..\Interfaces\{ed733950-9206-4498-b0d2-848e150b2288}: [DhcpNameServer] 66.117.6.114 180.76.76.76
      Internet Explorer:
      ==================
      SearchScopes: HKU\S-1-5-21-392342708-715023771-1080359625-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
      FireFox:
      ========
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll [2017-05-20] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll [2017-05-20] ()
      FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-10-11] (NVIDIA Corporation)
      FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-10-11] (NVIDIA Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
      Chrome: 
      =======
      CHR Profile: C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default [2018-12-13]
      CHR Extension: (Slides) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Docs) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Drive) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-22]
      CHR Extension: (YouTube) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-22]
      CHR Extension: (Adblock Plus) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-12]
      CHR Extension: (Block Site - Website Blocker for Chrome™) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2018-11-19]
      CHR Extension: (Sheets) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Google Docs Offline) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
      CHR Extension: (AdBlock) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-12-11]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
      CHR Extension: (Gmail) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-22]
      CHR Extension: (Chrome Media Router) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-20]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7211968 2018-08-07] ()
      S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-04-16] (EasyAntiCheat Ltd)
      U2 HiPatchService; D:\SteamGammEZ\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [File not signed]
      R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
      R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773160 2018-10-10] (NVIDIA Corporation)
      S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773160 2018-10-10] (NVIDIA Corporation)
      S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-14] (Microsoft Corporation)
      R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-10] (Microsoft Corporation)
      R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-10] (Microsoft Corporation)
      R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
      R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
      R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [35352 2017-01-11] (ASUSTeK Computer Inc.)
      R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f4187dc256a67a6b\nvlddmkm.sys [20337064 2018-10-12] (NVIDIA Corporation)
      S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation)
      R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69544 2018-06-08] (NVIDIA Corporation)
      R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [65792 2018-04-24] (NVIDIA Corporation)
      R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
      S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
      S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2017-09-29] (Microsoft Corporation)
      S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-10] (Microsoft Corporation)
      R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-10] (Microsoft Corporation)
      R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-10] (Microsoft Corporation)
      R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-12-12 15:59 - 2018-12-12 15:59 - 000000000 ____D C:\Users\SHANOVr\AppData\Roaming\Google
      2018-11-28 00:07 - 2018-11-21 15:41 - 000715172 _____ C:\Users\SHANOVr\Desktop\Scan2.TIF
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-12-13 12:11 - 2017-04-22 22:42 - 000000000 ____D C:\FRST
      2018-12-13 12:10 - 2018-01-20 22:10 - 001425282 _____ C:\WINDOWS\system32\PerfStringBackup.INI
      2018-12-13 12:07 - 2017-01-22 20:01 - 000000000 ____D C:\ProgramData\NVIDIA
      2018-12-13 12:06 - 2018-01-20 22:09 - 000003098 _____ C:\WINDOWS\System32\Tasks\GPU Tweak II
      2018-12-13 12:05 - 2018-01-20 21:57 - 000000000 ____D C:\Users\SHANOVr
      2018-12-13 12:05 - 2017-01-22 20:15 - 000000000 __SHD C:\Users\SHANOVr\IntelGraphicsProfiles
      2018-12-13 12:05 - 2017-01-22 19:52 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
      2018-12-13 12:04 - 2018-01-20 22:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2018-12-13 12:04 - 2018-01-20 21:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
      2018-12-13 09:26 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
      2018-12-13 09:26 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\AppReadiness
      2018-12-13 09:25 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
      2018-12-12 22:54 - 2017-01-22 20:18 - 000000000 ____D C:\Program Files\Steam
      2018-12-12 09:13 - 2017-02-28 08:33 - 000000000 ____D C:\Users\SHANOVr\AppData\Roaming\AIMP3
      2018-12-12 08:46 - 2017-01-23 13:27 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
      2018-12-10 22:50 - 2018-02-04 12:48 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
      2018-12-06 09:16 - 2018-01-20 21:58 - 000000000 ____D C:\Users\SHANOVr\AppData\Local\Packages
      2018-12-03 10:25 - 2018-01-20 22:09 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-392342708-715023771-1080359625-1001
      2018-12-03 10:25 - 2017-01-22 19:50 - 000002369 _____ C:\Users\SHANOVr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      2018-11-29 08:12 - 2017-01-27 15:27 - 000000000 ____D C:\Users\SHANOVr\AppData\Local\CrashDumps
      2018-11-27 23:57 - 2017-01-22 19:52 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-11-27 23:57 - 2017-01-22 19:52 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-11-23 12:33 - 2018-10-19 09:15 - 000000000 ____D C:\Users\SHANOVr\AppData\Local\ElevatedDiagnostics
      ==================== Files in the root of some directories =======
      2017-02-06 20:32 - 2017-02-06 20:32 - 000000017 _____ () C:\Users\SHANOVr\AppData\Local\resmon.resmoncfg
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-12-08 22:12
      ==================== End of FRST.txt ============================
       
      Addition.txt
    • от roggoto
      Здравейте!
      Ползвам Google Chrome, но от известно време, докато не ми стана трън в очите и не ми пречеше, се появиха едни и същи реклами/банери на руски, показващи някакви абсолютни глупости, понякога и порнографски снимки върху оригиналните реклами, за които е платено да се появят в интернет пространството! Който и сайт да отворя те веднага покриват местата за платените реклами върху оригиналните, които трябва да се появят там! Докато днес си пуснах видео в един сайт на БГ телевизия и видях, че се появяват върху самото видео като по този начин ми блокират и функциите на видеото за спиране , пускане, увеличаване на екрана (прикачил съм снимка)! Някой, ако знае как да спра/премахна тази досада, ще съм благодарен да сподели!

      Addition.txt
      FRST.txt
  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.