Provera

Provera

offline
  • Pridružio: 27 Avg 2005
  • Poruke: 542

Postavljam log od drugarovog kompa kaze da ima virusa
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2017
Ran by ComTech (administrator) on COMTECH-PC (15-05-2017 16:33:14)
Running from C:\Users\ComTech\Desktop
Loaded Profiles: ComTech (Available Profiles: ComTech)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16165632 2015-07-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-07-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-07-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-07-30] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [5060864 2015-07-31] (Realtek semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2986224 2013-06-20] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [675568 2013-06-20] (Synaptics)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-10] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1042645234-1658568069-2296401382-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
HKU\S-1-5-21-1042645234-1658568069-2296401382-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-11] (Piriform Ltd)
HKU\S-1-5-21-1042645234-1658568069-2296401382-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-10] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-10] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{3E6EC9DC-76FA-4E80-8734-E704E1001F95}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{882E274C-FADC-45E1-9323-CD525CBD30FD}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1042645234-1658568069-2296401382-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-04-26] (Intel Security)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-05] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-04-26] (Intel Security)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-27] (Oracle Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-04-26] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-04-26] (Intel Security)
Toolbar: HKU\S-1-5-21-1042645234-1658568069-2296401382-1000 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-04-26] (Intel Security)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\ComTech\AppData\Local\Google\Chrome\User Data\Default [2017-05-15]
CHR Extension: (Google Docs) - C:\Users\ComTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-24]
CHR Extension: (Google Drive) - C:\Users\ComTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-24]
CHR Extension: (CGN - Central Gazeta de Notícias) - C:\Users\ComTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeopplcfpohpdplnpoahkebkpiefmpb [2017-05-02]
CHR Extension: (YouTube) - C:\Users\ComTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-24]
CHR Extension: (Adobe Acrobat) - C:\Users\ComTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-13]
CHR Extension: (Google Docs Offline) - C:\Users\ComTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (AdBlock) - C:\Users\ComTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ComTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\ComTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-24]
CHR Extension: (Chrome Media Router) - C:\Users\ComTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
CHR HKU\S-1-5-21-1042645234-1658568069-2296401382-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-10] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-10] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-07-10] (Intel Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996736 2017-04-18] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16160 2017-04-18] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86776 2017-04-18] (McAfee, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49456 2014-11-24] (Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-10] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-10] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-10] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-10] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-13] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-10] (AVAST Software)
S3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [60928 2012-07-06] (GenesysLogic)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31144 2015-07-24] (Intel Corporation)
R3 int0800; C:\Windows\System32\DRIVERS\flashud.sys [51712 2009-09-09] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [178976 2015-07-07] (Intel Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [301784 2015-06-01] (Realtek Semiconductor Corp.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [3075328 2015-07-31] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2015-06-17] (Synaptics Incorporated)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-11-28] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-11-28] (Zemana Ltd.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-15 16:33 - 2017-05-15 16:33 - 00015834 _____ C:\Users\ComTech\Desktop\FRST.txt
2017-05-15 16:33 - 2017-05-15 16:33 - 00000000 ____D C:\FRST
2017-05-15 16:31 - 2017-05-15 16:32 - 02429952 _____ (Farbar) C:\Users\ComTech\Desktop\FRST64.exe
2017-05-15 16:28 - 2017-05-15 16:28 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-12 11:28 - 2017-05-12 11:28 - 00037346 _____ C:\Users\ComTech\Documents\cc_20170512_112813.reg
2017-05-12 11:27 - 2017-05-12 11:27 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-05-12 11:27 - 2017-05-12 11:27 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-12 11:27 - 2017-05-12 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-05-12 11:27 - 2017-05-12 11:27 - 00000000 ____D C:\Program Files\CCleaner
2017-05-12 11:26 - 2017-05-12 11:26 - 09390672 _____ (Piriform Ltd) C:\Users\ComTech\Downloads\ccsetup529.exe
2017-05-12 11:07 - 2017-05-12 11:07 - 00002066 _____ C:\Users\ComTech\Desktop\Counter-Strike 1.6.lnk
2017-05-12 11:07 - 2017-05-12 11:07 - 00000000 ____D C:\Users\ComTech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
2017-05-12 11:02 - 2017-05-12 11:06 - 219570826 _____ () C:\Users\ComTech\Downloads\counter-strike1.6s (1).exe
2017-05-12 11:02 - 2017-05-12 11:02 - 00017784 _____ C:\Users\ComTech\Downloads\Counter Strike 1.6 full game.torrent
2017-05-12 10:58 - 2017-05-12 10:58 - 00000000 ____D C:\Users\ComTech\Downloads\Syriana[2005].DvDrip[Eng]-aXXo - Copy
2017-05-12 10:58 - 2017-05-12 10:58 - 00000000 ____D C:\Users\ComTech\Downloads\DOPUNA PETAK 2 - Copy
2017-05-12 10:58 - 2017-05-12 10:58 - 00000000 ____D C:\Users\ComTech\Downloads\DOPUNA PETAK 1 - Copy
2017-05-12 10:58 - 2017-04-04 00:01 - 00030152 _____ C:\Users\ComTech\Downloads\137474-Syriana_2005_.DvDrip_Eng_aXXo - Copy.rar
2017-05-12 10:58 - 2017-02-28 00:02 - 00030764 _____ C:\Users\ComTech\Downloads\226025-the.lobster.2015.1080p.bluray.x264.ac3etrg - Copy.zip
2017-05-12 10:58 - 2017-02-27 23:56 - 00030423 _____ C:\Users\ComTech\Downloads\224693-thelobster - Copy.zip
2017-05-12 10:58 - 2017-02-20 00:14 - 00022312 _____ C:\Users\ComTech\Downloads\101696-The.Book.Of.Eli_2010_DvDripaXXo - Copy.zip
2017-05-12 10:58 - 2016-11-24 00:10 - 00034018 _____ C:\Users\ComTech\Downloads\211536-focus20151080pbrripx264dtsjyk - Copy.zip
2017-05-12 10:58 - 2016-10-27 14:27 - 00737344 _____ (Oracle Corporation) C:\Users\ComTech\Downloads\chromeinstall-8u111 - Copy.exe
2017-05-12 10:58 - 2016-10-13 22:05 - 37853246 _____ C:\Users\ComTech\Downloads\CoD_1.5_Patch - Copy.exe
2017-05-12 10:58 - 2016-10-06 00:34 - 00023400 _____ C:\Users\ComTech\Downloads\231353-wazir.2016.hindi.dvdrip.x264.aac.5.1hon3y_mrgsr - Copy.zip
2017-05-12 10:58 - 2016-10-02 23:46 - 00061255 _____ C:\Users\ComTech\Downloads\234828-13hoursthesecretsoldiersofbenghazi - Copy.zip
2017-05-12 10:58 - 2016-03-24 17:50 - 219570826 _____ () C:\Users\ComTech\Downloads\counter-strike1.6s - Copy.exe
2017-05-10 00:42 - 2017-05-10 00:42 - 00400456 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-01 19:45 - 2017-05-01 19:45 - 00305832 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2017-04-28 16:20 - 2017-04-28 16:21 - 69089656 _____ (TeamSpeak Systems GmbH) C:\Users\ComTech\Downloads\TeamSpeak3-Client-win32-3.1.4.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-15 16:33 - 2017-04-09 02:45 - 00070208 _____ C:\Windows\ZAM.krnl.trace
2017-05-15 16:33 - 2017-04-09 02:45 - 00039516 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-05-15 15:49 - 2016-03-24 17:51 - 00000000 ____D C:\Program Files (x86)\Counter-Strike 1.6 OMONAS
2017-05-15 13:36 - 2017-03-13 13:10 - 00000000 ____D C:\Users\ComTech\AppData\Local\CrashDumps
2017-05-15 11:51 - 2016-03-24 12:51 - 00000000 ____D C:\Users\ComTech\AppData\Roaming\Skype
2017-05-15 08:28 - 2009-07-14 07:13 - 00785302 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-15 08:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-05-15 08:23 - 2016-03-24 12:10 - 00000000 __SHD C:\Users\ComTech\IntelGraphicsProfiles
2017-05-15 08:23 - 2016-03-24 11:56 - 00000000 ____D C:\ProgramData\Validity
2017-05-15 08:23 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-14 12:56 - 2016-05-13 08:32 - 00000000 ____D C:\Windows\Minidump
2017-05-14 12:56 - 2016-03-25 02:43 - 00322512 ____N C:\Windows\Minidump\051417-6224-01.dmp
2017-05-13 00:42 - 2016-03-24 12:53 - 00158880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-05-12 11:27 - 2016-11-28 14:48 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-05-12 11:27 - 2016-03-25 03:43 - 00000000 ____D C:\Windows\Panther
2017-05-12 10:43 - 2016-11-28 14:05 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-12 10:43 - 2016-11-28 14:05 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-11 11:11 - 2017-03-15 22:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-11 11:11 - 2016-03-24 12:52 - 00000000 ____D C:\ProgramData\Skype
2017-05-10 00:43 - 2016-03-24 17:42 - 00003896 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458834162
2017-05-10 00:42 - 2017-04-05 12:17 - 00334576 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-05-10 00:42 - 2017-04-05 12:17 - 00311808 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-05-10 00:42 - 2017-04-05 12:17 - 00190256 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-05-10 00:42 - 2017-04-05 12:17 - 00049016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-05-10 00:42 - 2017-04-05 12:17 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-05-10 00:42 - 2016-03-24 12:57 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-05-10 00:42 - 2016-03-24 12:53 - 01007160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-10 00:42 - 2016-03-24 12:53 - 00569192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-10 00:42 - 2016-03-24 12:53 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-10 00:42 - 2016-03-24 12:53 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-10 00:42 - 2016-03-24 12:53 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-10 00:42 - 2016-03-24 12:53 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-10 00:42 - 2016-03-24 12:53 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-07 21:43 - 2016-07-19 01:12 - 00000000 ____D C:\Users\ComTech\AppData\Local\Popcorn-Time-CE
2017-05-05 08:27 - 2016-10-27 14:25 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-05-05 08:27 - 2016-10-27 14:15 - 00000000 ____D C:\Program Files\TrueKey
2017-05-04 22:41 - 2016-10-27 14:15 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-04 11:10 - 2016-10-27 14:27 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-05-04 11:10 - 2016-10-27 14:27 - 00001151 _____ C:\Users\Public\Desktop\True Key.lnk
2017-04-28 00:36 - 2016-03-24 12:57 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 00:36 - 2016-03-24 12:57 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-23 00:24 - 2016-06-23 09:02 - 00000000 ____D C:\Users\ComTech\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2017-03-03 18:57 - 2017-03-03 18:57 - 0000036 _____ () C:\Users\ComTech\AppData\Local\housecall.guid.cache
2016-03-24 11:59 - 2016-03-24 11:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-13 13:01

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by ComTech (15-05-2017 16:33:47)
Running from C:\Users\ComTech\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-03-24 09:47:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1042645234-1658568069-2296401382-500 - Administrator - Disabled)
ComTech (S-1-5-21-1042645234-1658568069-2296401382-1000 - Administrator - Enabled) => C:\Users\ComTech
Guest (S-1-5-21-1042645234-1658568069-2296401382-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
AIMP (HKLM-x32\...\AIMP) (Version: v4.00.1683, 29.12.2015 - AIMP DevTeam)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
Counter-Strike 1.6 (HKU\S-1-5-21-1042645234-1658568069-2296401382-1000\...\Counter-Strike 1.6) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.16.112.1 - Intel Security)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4251 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.3.1 - PandoraTV)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10120.11117 - Realtek Semiconductor Corp.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7572 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.4.19 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Uninstall Popcorn Time CE (HKU\S-1-5-21-1042645234-1658568069-2296401382-1000\...\{6C134338-8281-4CDC-A209-046EAE74C00A}}_is1) (Version: 0.3.9-12 - PopcornTimeCE)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.25 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1042645234-1658568069-2296401382-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {079B0E0B-321A-486C-89FC-8E8932A1B033} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-10] (AVAST Software)
Task: {759BA2DA-4653-44DF-8477-9B9FB0524542} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-24] (Google Inc.)
Task: {B07C5B8D-982F-4A58-8F83-8FAFAD65A5ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-24] (Google Inc.)
Task: {BD4B00F3-4D38-4502-AC8B-066237E79699} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-11] (Piriform Ltd)
Task: {CB118DF7-6E42-4BFC-AAD7-D950F404EC5D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {CD312AD5-FD0D-4FF7-810F-C87DE7A4757C} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-12-15] (McAfee, Inc.)
Task: {DB3374E7-E511-490E-B273-0EC79E66BEE8} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-14] (AVAST Software)
Task: {E99CF069-F181-4600-887C-1A51491810AC} - System32\Tasks\SafeZone scheduled Autoupdate 1458834162 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-24 11:58 - 2015-07-30 06:02 - 00133696 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2017-05-10 00:42 - 2017-05-10 00:42 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-10 00:42 - 2017-05-10 00:42 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-10 00:42 - 2017-05-10 00:42 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-14 12:56 - 2017-05-14 12:56 - 05978624 _____ () C:\Program Files\AVAST Software\Avast\defs\17051402\algo.dll
2017-05-10 00:42 - 2017-05-10 00:42 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-05-10 00:42 - 2017-05-10 00:42 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-05-10 00:42 - 2017-05-10 00:42 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-10 00:42 - 2017-05-10 00:42 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-10 00:42 - 2017-05-10 00:42 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-11-28 14:50 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1042645234-1658568069-2296401382-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ComTech\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{5302D2E5-D376-496C-B3F9-AA96ADFABDD8}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{A457CC40-D8AB-4CCD-B72C-09DEAB0CB8D9}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{0DBF4F29-2B41-4FAD-A6EC-B95978DB705B}] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{A6499B29-777C-4AD9-887B-6F8935543D7A}] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{59CAD552-D216-4B70-A166-B11B291AD449}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{39932C71-23BB-4469-B1D1-1221FD966F70}C:\program files (x86)\counter-strike 1.6 omonas\hl.exe] => (Block) C:\program files (x86)\counter-strike 1.6 omonas\hl.exe
FirewallRules: [UDP Query User{1A05B924-8648-47CD-BC02-3C15FFFCB93C}C:\program files (x86)\counter-strike 1.6 omonas\hl.exe] => (Block) C:\program files (x86)\counter-strike 1.6 omonas\hl.exe
FirewallRules: [{B9F2481C-D49B-4338-B571-591727973698}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{7C2D7C27-9417-46D6-A9A5-6A7E3C35EA77}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{EA75D191-FC06-4E08-B627-2989F84C11B6}C:\users\comtech\appdata\local\popcorn time ce\nw.exe] => (Allow) C:\users\comtech\appdata\local\popcorn time ce\nw.exe
FirewallRules: [UDP Query User{E3BEFAFA-F5D4-492D-8477-ABD455D5FA59}C:\users\comtech\appdata\local\popcorn time ce\nw.exe] => (Allow) C:\users\comtech\appdata\local\popcorn time ce\nw.exe
FirewallRules: [{FDCB2A65-367E-4893-BBD9-BB0195285F92}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F39033C7-053E-4F38-940B-C1670C651627}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D5981EDF-A06D-4882-BCAA-680652CDFE92}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{272E7991-41A1-447A-970A-AF76E965FF9F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5497C19C-10F3-45A9-BF76-BDAA789BD70D}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{6D552A5A-20FA-45BF-849C-B91244C32941}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{F1967183-3CE9-4160-B0B6-59D1E2E25E05}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

17-04-2017 16:01:54 Scheduled Checkpoint
25-04-2017 00:44:16 Scheduled Checkpoint
02-05-2017 18:43:02 Scheduled Checkpoint
09-05-2017 20:31:02 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2017 01:36:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hl.exe, version: 1.1.1.1, time stamp: 0x48feaf5a
Faulting module name: steamclient.dll, version: 0.0.0.0, time stamp: 0x4aa7bb95
Exception code: 0xc0000005
Fault offset: 0x0001d1a0
Faulting process id: 0x1138
Faulting application start time: 0x01d2cd6f52f1c5de
Faulting application path: C:\Program Files (x86)\Counter-Strike 1.6 OMONAS\hl.exe
Faulting module path: c:\program files (x86)\counter-strike 1.6 omonas\steamclient.dll
Report Id: abae31be-3962-11e7-a4d3-b8868756af5e

Error: (05/15/2017 08:23:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/14/2017 12:56:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/14/2017 10:47:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/13/2017 12:21:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/12/2017 06:54:14 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/12/2017 06:54:14 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/12/2017 06:54:14 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/12/2017 06:54:14 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (05/12/2017 06:54:14 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (05/14/2017 12:56:06 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff800030a6662). A dump was saved in: C:\Windows\Minidump\051417-6224-01.dmp. Report Id: 051417-6224-01.

Error: (05/14/2017 12:56:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:54:59 PM on ‎5/‎14/‎2017 was unexpected.

Error: (05/12/2017 06:54:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/12/2017 06:54:14 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (05/12/2017 10:32:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/12/2017 01:17:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/11/2017 10:44:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/10/2017 09:28:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/09/2017 08:40:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/09/2017 08:40:53 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff800030d3662). A dump was saved in: C:\Windows\Minidump\050917-6240-01.dmp. Report Id: 050917-6240-01.


CodeIntegrity:
===================================
Date: 2016-09-21 10:15:00.029
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-09-21 10:15:00.028
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) 3205U @ 1.50GHz
Percentage of memory in use: 35%
Total physical RAM: 4014.94 MB
Available physical RAM: 2588.27 MB
Total Virtual: 8028.08 MB
Available Virtual: 6414.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:81.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

CHR Extension: (CGN - Central Gazeta de Notícias) - C:\Users\ComTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeopplcfpohpdplnpoahkebkpiefmpb [2017-05-02]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • Pridružio: 27 Avg 2005
  • Poruke: 542

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by ComTech (16-05-2017 11:49:21) Run:1
Running from C:\Users\ComTech\Desktop
Loaded Profiles: ComTech (Available Profiles: ComTech)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CHR Extension: (CGN - Central Gazeta de Notícias) - C:\Users\ComTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeopplcfpohpdplnpoahkebkpiefmpb [2017-05-02]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
*****************

C:\Users\ComTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeopplcfpohpdplnpoahkebkpiefmpb => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully

==== End of Fixlog 11:49:21 ====

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kakvo je sad stanje?

offline
  • Pridružio: 27 Avg 2005
  • Poruke: 542

Popricao sam malo sa njim imao je problema sa protokom itd ali su ga danas zvali da dodje po neki novi ruter pa ce biti kao bolje ali hvala u svakom slucaju barem si mu resio koliko vidim neku zlonamernu ekstenziju

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 758 korisnika na forumu :: 31 registrovanih, 1 sakriven i 726 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, branko7, croato, dexter300, dragon986, Drug pukovnik, HrcAk47, ivica976, Koca Popovic, komkom, Markoni29, Mixelotti, mnn2, mushroom, pein, perko91, S2M, SerbFlippy, Singidunumac, Sirius, Smiljke, Srki94, stegonosa, Toni, Trpe Grozni, USSVoyager, vlvl, vukdra, willie, yrraf, |_MeD_|