Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help i'm under attack

Started by EvgenyBorisov , Jun 25 2016 07:00 AM

  • Please log in to reply

#1
EvgenyBorisov
Posted 25 June 2016 - 07:00 AM

EvgenyBorisov

    New Member

  • Member
  • Pip
  • 1 posts

Hello! my book is infected. Please help/

tsnx

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by Sale (administrator) on DESKTOP-4FKEF7N (25-06-2016 15:29:56)
Running from C:\Users\Sale\Downloads
Loaded Profiles: Sale &  (Available Profiles: Sale)
Platform: Windows 10 Pro Version 1511 (X64) Language: Русский (Россия)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [571928 2015-09-03] (Vimicro)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{123d6be9-4142-41d8-822d-062a4696af5f}: [DhcpNameServer] 10.0.1.1
 
Internet Explorer:
==================
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-25] (Google Inc.)
 
Chrome:
=======
CHR Profile: C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Документы Google) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-25]
CHR Extension: (Диск Google) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-25]
CHR Extension: (YouTube) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-25]
CHR Extension: (Chromebleed) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2016-06-25]
CHR Extension: (Google Документы офлайн) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-25]
CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-25]
CHR Extension: (Gmail) - C:\Users\Sale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-25] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202032 2016-01-19] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [648872 2015-09-03] (Vimicro Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-25 15:24 - 2016-06-25 15:26 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-25 15:20 - 2016-06-25 15:20 - 00001197 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-25 15:20 - 2016-06-25 15:20 - 00000000 ____D C:\Users\Все пользователи\Malwarebytes
2016-06-25 15:20 - 2016-06-25 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-25 15:20 - 2016-06-25 15:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-25 15:20 - 2016-06-25 15:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-25 15:20 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-25 15:20 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-25 15:20 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-25 15:18 - 2016-06-25 15:19 - 22851472 _____ (Malwarebytes ) C:\Users\Sale\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-25 15:16 - 2016-06-25 15:16 - 00035604 _____ C:\Users\Sale\Downloads\Shortcut.txt
2016-06-25 15:16 - 2016-06-25 15:16 - 00000000 ____D C:\Users\Sale\AppData\Roaming\Macromedia
2016-06-25 15:15 - 2016-06-25 15:16 - 00017706 _____ C:\Users\Sale\Downloads\Addition.txt
2016-06-25 15:13 - 2016-06-25 15:33 - 00007232 _____ C:\Users\Sale\Downloads\FRST.txt
2016-06-25 15:13 - 2016-06-25 15:29 - 00000000 ____D C:\FRST
2016-06-25 15:12 - 2016-06-25 15:13 - 02387456 _____ (Farbar) C:\Users\Sale\Downloads\FRST64.exe
2016-06-25 15:08 - 2016-06-25 15:08 - 00000336 __RSH C:\Users\Все пользователи\ntuser.pol
2016-06-25 15:08 - 2016-06-25 15:08 - 00000336 __RSH C:\ProgramData\ntuser.pol
2016-06-25 14:46 - 2016-06-25 14:51 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-25 14:46 - 2016-06-25 14:51 - 00001004 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-25 14:45 - 2016-06-25 14:45 - 00000049 _____ C:\Users\Sale\Desktop\1.txt
2016-06-25 14:41 - 2016-06-25 14:41 - 00002352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-25 14:41 - 2016-06-25 14:41 - 00002340 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-25 14:40 - 2016-06-25 14:46 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-25 14:40 - 2016-06-25 14:46 - 00003834 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-25 14:40 - 2016-06-25 14:41 - 00000000 ____D C:\Users\Sale\AppData\Local\Google
2016-06-25 14:40 - 2016-06-25 14:40 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-25 14:39 - 2016-06-25 14:40 - 00987728 _____ (Google Inc.) C:\Users\Sale\Downloads\ChromeSetup.exe
2016-06-25 14:21 - 2016-06-15 23:40 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-25 14:19 - 2016-06-14 21:33 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-25 14:19 - 2016-06-14 21:33 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-25 14:16 - 2016-06-25 14:18 - 00000000 ____D C:\Windows\system32\MRT
2016-06-25 14:16 - 2016-06-25 14:16 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-25 13:57 - 2016-06-25 13:58 - 04729136 _____ (Phrozen SAS) C:\Users\Sale\Downloads\Windows Privacy Tweaker.exe
2016-06-25 13:57 - 2016-06-25 13:57 - 02199346 _____ C:\Users\Sale\Downloads\WindowsViewer.zip
2016-06-25 13:52 - 2016-06-25 13:52 - 00000000 ____D C:\Program Files\Elantech
2016-06-25 13:52 - 2016-06-25 13:52 - 00000000 ____D C:\Program Files (x86)\USB Camera
2016-06-25 13:51 - 2016-06-25 13:51 - 00000000 ____D C:\Program Files (x86)\Intel
2016-06-25 13:51 - 2016-06-25 13:51 - 00000000 ____D C:\Intel
2016-06-25 13:48 - 2016-06-25 13:49 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-06-25 13:48 - 2016-06-25 13:48 - 00000000 ____D C:\Users\Все пользователи\NVIDIA Corporation
2016-06-25 13:48 - 2016-06-25 13:48 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-06-25 13:48 - 2016-06-25 13:48 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-06-25 13:40 - 2016-06-25 13:40 - 00000000 ____D C:\Users\Sale\AppData\Local\Comms
2016-06-25 13:35 - 2016-06-25 13:35 - 00000000 ____D C:\Users\Sale\Downloads\RunPEDetector1-0-3
2016-06-25 13:31 - 2016-06-25 13:52 - 00000000 ____D C:\Users\Sale\AppData\Roaming\PhrozenWinja
2016-06-25 13:31 - 2016-06-25 13:35 - 06443256 _____ (Phrozen SAS) C:\Users\Sale\Downloads\Who Stalks My Cam.exe
2016-06-25 13:31 - 2016-06-25 13:31 - 00000870 _____ C:\Users\Public\Desktop\Winja.lnk
2016-06-25 13:31 - 2016-06-25 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winja
2016-06-25 13:31 - 2016-06-25 13:31 - 00000000 ____D C:\Program Files\PhrozenWinja
2016-06-25 13:30 - 2016-06-25 13:32 - 07006897 _____ C:\Users\Sale\Downloads\TerminalWings.zip
2016-06-25 13:30 - 2016-06-25 13:31 - 02627276 _____ C:\Users\Sale\Downloads\RunPEDetector1-0-3.zip
2016-06-25 13:30 - 2016-06-25 13:31 - 02540007 _____ C:\Users\Sale\Downloads\ADSRevealer1-0.zip
2016-06-25 13:29 - 2016-06-25 13:31 - 07102064 _____ (Phrozen SAS ) C:\Users\Sale\Downloads\Winja_1-5992-63035_setup.exe
2016-06-25 13:28 - 2016-06-25 13:28 - 00000000 ____D C:\Users\Sale\AppData\Local\MicrosoftEdge
2016-06-24 20:24 - 2016-06-24 20:24 - 00002379 _____ C:\Users\Sale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-24 20:24 - 2016-06-24 20:24 - 00000000 ___RD C:\Users\Sale\OneDrive
2016-06-24 20:23 - 2016-06-24 20:23 - 00000000 ____D C:\Users\Sale\AppData\Local\ActiveSync
2016-06-24 20:21 - 2016-06-25 14:24 - 00000000 ____D C:\Users\Sale\AppData\Local\Packages
2016-06-24 20:21 - 2016-06-24 20:24 - 00000000 ____D C:\Users\Sale
2016-06-24 20:21 - 2016-06-24 20:21 - 00000020 ___SH C:\Users\Sale\ntuser.ini
2016-06-24 20:21 - 2016-06-24 20:21 - 00000000 _SHDL C:\Users\Sale\Шаблоны
2016-06-24 20:21 - 2016-06-24 20:21 - 00000000 _SHDL C:\Users\Sale\Мои документы
2016-06-24 20:21 - 2016-06-24 20:21 - 00000000 _SHDL C:\Users\Sale\главное меню
2016-06-24 20:21 - 2016-06-24 20:21 - 00000000 _SHDL C:\Users\Sale\Documents\Моя музыка
2016-06-24 20:21 - 2016-06-24 20:21 - 00000000 _SHDL C:\Users\Sale\Documents\мои рисунки
2016-06-24 20:21 - 2016-06-24 20:21 - 00000000 _SHDL C:\Users\Sale\Documents\Мои видеозаписи
2016-06-24 20:21 - 2016-06-24 20:21 - 00000000 _SHDL C:\Users\Sale\AppData\Roaming\Microsoft\Windows\Start Menu\Программы
2016-06-24 20:21 - 2016-06-24 20:21 - 00000000 ____D C:\Users\Sale\AppData\Roaming\Adobe
2016-06-24 20:21 - 2016-06-24 20:21 - 00000000 ____D C:\Users\Sale\AppData\Local\VirtualStore
2016-06-24 20:21 - 2016-06-24 20:21 - 00000000 ____D C:\Users\Sale\AppData\Local\TileDataLayer
2016-06-24 20:21 - 2016-06-24 20:21 - 00000000 ____D C:\Users\Sale\AppData\Local\Publishers
2016-06-24 20:19 - 2016-06-24 20:19 - 00003704 _____ C:\Windows\System32\Tasks\KMSAuto
2016-06-24 20:19 - 2016-06-23 14:20 - 06686328 _____ C:\Windows\KMSAuto.exe
2016-06-24 20:19 - 2016-06-23 14:20 - 00002486 _____ C:\Windows\KMSAutoLite.ini
2016-06-24 20:15 - 2016-06-25 13:52 - 01830104 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-24 20:13 - 2016-06-24 20:13 - 00000000 ____D C:\Windows\CSC
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\Users\Все пользователи\Шаблоны
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\Users\Все пользователи\Рабочий стол
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\Users\Все пользователи\Документы
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\Users\Все пользователи\главное меню
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\Users\Все пользователи
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\Users\Public\Documents\Моя музыка
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\Users\Public\Documents\мои рисунки
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\Users\Public\Documents\Мои видеозаписи
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\Users\Default\Шаблоны
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\Users\Default\Мои документы
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\Users\Default\главное меню
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\Users\Default\Documents\Моя музыка
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\Users\Default\Documents\мои рисунки
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\Users\Default\Documents\Мои видеозаписи
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Программы
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\Users\Default User\Documents\Моя музыка
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\Users\Default User\Documents\мои рисунки
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\Users\Default User\Documents\Мои видеозаписи
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Программы
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\ProgramData\Шаблоны
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\ProgramData\Рабочий стол
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\ProgramData\Документы
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\ProgramData\главное меню
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Программы
2016-06-24 20:11 - 2016-06-24 20:11 - 00000000 _SHDL C:\Documents and Settings
2016-06-24 20:05 - 2016-06-24 20:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-06-24 20:02 - 2016-06-24 20:10 - 00000000 ____D C:\Windows\Panther
2016-06-24 20:02 - 2016-06-23 14:20 - 00001094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMS-Activator Lite.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-25 15:16 - 2015-10-30 10:21 - 00000000 ____D C:\Windows\INF
2016-06-25 15:03 - 2015-10-30 10:24 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-06-25 14:36 - 2015-10-30 10:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-25 14:36 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\AppReadiness
2016-06-25 14:21 - 2015-10-30 10:11 - 00000000 ____D C:\Windows\CbsTemp
2016-06-25 13:52 - 2016-04-27 08:10 - 00804088 _____ C:\Windows\system32\perfh019.dat
2016-06-25 13:52 - 2016-04-27 08:10 - 00157600 _____ C:\Windows\system32\perfc019.dat
2016-06-25 13:52 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\System
2016-06-24 20:21 - 2016-04-27 08:49 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-24 20:13 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\rescache
2016-06-24 20:11 - 2016-04-27 08:40 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-24 20:11 - 2015-10-30 10:24 - 00000000 ____D C:\Program Files\Windows NT
2016-06-24 20:10 - 2015-10-30 09:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-06-24 20:09 - 2015-10-30 09:28 - 00000000 ____D C:\Windows\system32\Sysprep
2016-06-24 20:02 - 2015-10-30 10:24 - 00028672 _____ C:\Windows\system32\config\BCD-Template
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2016-06-24 20:03
 
==================== End of FRST.txt ============================
 

 

 


  • 0

Advertisements

#2
RKinner
Posted 25 June 2016 - 10:53 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Nothing obvious in your logs.  See if you can run a free ESET online scan:

 

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  
 
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP