Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Flash player out of date problem.


  • Please log in to reply
10 replies to this topic

#1 anakinnsky

anakinnsky

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 23 March 2014 - 07:53 AM

Hi; 

 

Yesterday I had faced with a warning on Chrome browser while I was trying to enter Facebook site indicates that " Your Flash Player is out of date". Then I realized that I'm also facing with same thing at IE browser ans also even at youtube and google sites. I think my computer is infected by a virsu or malware. I had looked for other topics but couldn't find an universal solution. Could you please kindly help me with this manner? 



BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:28 PM

Posted 23 March 2014 - 08:11 AM

Hi anakinnshy and welcome to BleepingComputer! :)

 

First, don't click anything on that flash player site or you will get infected.

 

Second, read this: http://www.bleepingcomputer.com/forums/t/527794/google-public-dns-server-traffic-compromised/

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 anakinnsky

anakinnsky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 23 March 2014 - 08:19 AM

Hi Sirawit and thank you very much for your fast reply. I had read your link and also two other links that your link forwards me. Now, I had knowledge that it's a global problem coming along from Google DNS server; but is there any solution mehod? If there is solution in one of the links you gave, sorry for my uncarefullness and amaeurness about this issues.



#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:28 PM

Posted 23 March 2014 - 08:33 AM

Did your popup says like this?

 

 

WARNING! Your Flash Player may be out of date. Please update to continue

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 anakinnsky

anakinnsky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 23 March 2014 - 09:32 AM

Yes



#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:28 PM

Posted 23 March 2014 - 10:07 AM

:step1:
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

:step2:
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

:step3:
Please download Rkill by Grinler and save it to your desktop.

  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

:step4:
Please download Minitoolbox and save to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

What we need in your next reply:

  • Adwcleaner log
  • JRT log
  • rkill log
  • minitoolbox log

Thank you.


Edited by Sirawit, 23 March 2014 - 10:09 AM.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 anakinnsky

anakinnsky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 23 March 2014 - 11:12 AM

Thanks for your help; 

 

Here you can find logs: 

 

 

1) Adw log; 

 

# AdwCleaner v3.022 - Rapor olusturuldu 23/03/2014 tarihinde 17:49:38
# Guncellendi 13/03/2014 tarafindan Xplode
# Isletim sistemi : Windows 7 Ultimate Service Pack 1 (64 bits)
# Kullanici adi : pc - PC-BILGISAYAR
# Adwcleaner konumu : C:\Users\pc\Downloads\AdwCleaner.exe
# Tarama turu : Temizle
 
***** [ Servisler ] *****
 
[#] Servis Silindi : BackupStack
 
***** [ Dosyalar / Klasorler ] *****
 
Klasor Silindi : C:\ProgramData\ParetoLogic
Klasor Silindi : C:\ProgramData\QuickSet
Klasor Silindi : C:\ProgramData\SoftWarehouse
Klasor Silindi : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Klasor Silindi : C:\Program Files (x86)\MyPC Backup
Klasor Silindi : C:\Program Files (x86)\ParetoLogic
Klasor Silindi : C:\Program Files (x86)\Common Files\ParetoLogic
Klasor Silindi : C:\Users\pc\AppData\Local\Max Secure Software
Klasor Silindi : C:\Users\pc\AppData\Roaming\DriverCure
Klasor Silindi : C:\Users\pc\AppData\Roaming\ParetoLogic
Klasor Silindi : C:\Users\pc\AppData\Roaming\Systweak
Klasor Silindi : C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Klasor Silindi : C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Dosya Silindi : C:\Windows\System32\roboot64.exe
Dosya Silindi : C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Dosya Silindi : C:\Windows\Tasks\paretologic registration3.job
Dosya Silindi : C:\Windows\System32\Tasks\paretologic registration3
Dosya Silindi : C:\Windows\System32\Tasks\RegClean Pro
 
***** [ Kisayollar ] *****
 
 
***** [ Registry ] *****
 
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Deger Silindi : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DrvUpdater]
Registry Key Silindi : HKCU\Software\ParetoLogic
Registry Key Silindi : HKCU\Software\systweak
Registry Key Silindi : HKLM\Software\ParetoLogic
Registry Key Silindi : HKLM\Software\systweak
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}
Registry Key Silindi : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
 
***** [ Tarayicilar ] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
 
-\\ Google Chrome v
 
[ Dosya : C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2806 octets] - [23/03/2014 17:31:24]
AdwCleaner[S0].txt - [2646 octets] - [23/03/2014 17:49:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2706 octets] ##########
 
 
 
2) JRT log; 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x64
Ran by pc on 23.03.2014 at 17:54:47,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\pc\AppData\Roaming\getrighttogo"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.03.2014 at 18:00:31,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
3) Rkill log; 
 
 
Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/23/2014 06:02:37 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Possibly Patched Files.
 
 * C:\Windows\explorer.exe
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * C:\Windows\System32\UxTheme.dll : 332.288 : 02/20/2012 10:48 PM : 8bf20c54ffb37cfb960f708ffa813fa7 [NoSig]
 +-> C:\Windows\SysWOW64\uxtheme.dll : 245.760 : 07/14/2009 03:11 AM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll : 332.288 : 07/14/2009 03:41 AM : d29e998e8277666982b4f0303bf4e7af [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll : 245.760 : 07/14/2009 03:11 AM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]
 
 * C:\Windows\explorer.exe : 2.983.424 : 02/20/2012 07:59 PM : cdf9e6ffb9e6f0d5a7b2b21d250a445a [NoSig]
 +-> C:\Windows\SysWOW64\explorer.exe : 2.727.936 : 02/20/2012 09:23 PM : 9d267c63d5de604c38ff2078d7c784c2 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe : 2.872.320 : 11/21/2010 05:24 AM : ac4c51eb24aa95b77f705ab159189e24 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe : 2.871.808 : 11/12/2011 04:28 PM : 332feab1435662fc6c672e25beb37be3 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe : 2.871.808 : 11/12/2011 04:28 PM : 3b69712041f3d63605529bd66dc00c48 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe : 2.616.320 : 11/21/2010 05:24 AM : 40d777b7a95e00593eb1568c68514493 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe : 2.616.320 : 11/12/2011 04:28 PM : 8b88ebbb05a0e56b7dcc708498c02b3e [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe : 2.616.320 : 11/12/2011 04:28 PM : 0fb9c74046656d1579a64660ad67b746 [Pos Repl]
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 03/23/2014 06:02:58 PM
Execution time: 0 hours(s), 0 minute(s), and 20 seconds(s)
 
 
 
4) Minitool Box log; 
 
 
MiniToolBox by Farbar  Version: 23-01-2014
Ran by pc (administrator) on 23-03-2014 at 18:04:30
Running from "C:\Users\pc\Downloads"
XargraX Windows 7 Premier™ XargraX Edition  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Yaplandrmas
 
DNS €”zc ™nbelle§i baŸaryla temizlendi.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Intel® 82567V-2 Gigabit Ağ Bağlantısı = Yerel Ağ Bağlantısı (Connected)
 
 
# ----------------------------------
# IPv4 Yaplandrmas
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# IPv4 yaplandrmasnn sonu
 
 
 
Windows IP Yaplandrmas
 
   Ana Bilgisayar Ad  . . . . . . . : pc-Bilgisayar
   Birincil DNS Soneki . . . . . . . : 
   D§m Tr . . . . . . . . . . .  : Karma
   IP Y”nlendirme Etkin . . . . . .  : Hayr
   WINS Proxy Etkin . . . . . . . .  : Hayr
 
Ethernet ba§daŸtrc Yerel A§ Ba§lants:
 
   Ba§lantya ”zg DNS Soneki .  . . : 
   A‡klama  . . . . . . . . . . . . : Intel® 82567V-2 Gigabit A§ Ba§lants
   Fiziksel Adres. . . . . . . . . . : 00-24-81-86-56-6D
   Dhcp Etkin. . . . . . . . . . . . : Evet
   Otomatik Yaplandrma Etkin. . .  : Evet
   Ba§lant Yerel IPv6 Adresi . . . . . : fe80::c83e:e386:9ea8:16eb%11(Tercih Edilen) 
   IPv4 Adresi. . . . . . . . . . . : 192.168.1.4(Tercih Edilen) 
   Alt A§ Maskesi. . . . . . . . . . : 255.255.255.0
   Kira Sa§lanan. . . . . . . . . .  : 23 Mart 2014 Pazar 17:51:27
   Kira BitiŸi . . . . . . . . . . . : 26 Mart 2014 €arŸamba 17:51:27
   Varsaylan A§ Ge‡idi. . . . . . . : 192.168.1.1
   DHCP Sunucusu . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 234890369
   DHCPv6 ˜stemcisi DUID'si. . . . . . . . : 00-01-00-01-19-10-3F-AE-00-24-81-86-56-6D
   DNS Sunucusu. . . . . . . . . . . : 50.28.34.201
                                       8.8.8.8
   Tcpip zerinden NetBIOS. . . . . . . . : Etkin
 
Tunnel ba§daŸtrc isatap.{CE3A1D02-6595-4F8B-AE61-AE04843FAEE0}:
 
   Medya Durumu  . . . . . . . . . . : Medya Ba§lants kesildi
   Ba§lantya ”zg DNS Soneki .  . . : 
   A‡klama  . . . . . . . . . . . . : Microsoft ISATAP Ba§daŸtrcs
   Fiziksel Adres. . . . . . . . . . : 00-00-00-00-00-00-00-E0
   Dhcp Etkin. . . . . . . . . . . . : Hayr
   Otomatik Yaplandrma Etkin. . .  : Evet
 
Tunnel ba§daŸtrc Teredo Tunneling Pseudo-Interface:
 
   Ba§lantya ”zg DNS Soneki .  . . : 
   A‡klama  . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Fiziksel Adres. . . . . . . . . . : 00-00-00-00-00-00-00-E0
   Dhcp Etkin. . . . . . . . . . . . : Hayr
   Otomatik Yaplandrma Etkin. . .  : Evet
   IPv6 Adresi. . . . . . . . . . . : 2001:0:9d38:90d7:18b3:9f6:3f57:fefb(Tercih Edilen) 
   Ba§lant Yerel IPv6 Adresi . . . . . : fe80::18b3:9f6:3f57:fefb%13(Tercih Edilen) 
   Varsaylan A§ Ge‡idi. . . . . . . : ::
   Tcpip zerinden NetBIOS . . . . : Devre dŸ
DNS request timed out.
    timeout was 2 seconds.
Sunucu:  UnKnown
Address:  50.28.34.201
 
Ad:      google.com
Addresses:  2607:f8b0:4009:805::1007
 173.194.46.39
 173.194.46.40
 173.194.46.32
 173.194.46.36
 173.194.46.35
 173.194.46.41
 173.194.46.37
 173.194.46.38
 173.194.46.46
 173.194.46.34
 173.194.46.33
 
 
google.com [173.194.46.34] yoklanyor32 bayt veri ile:
˜stek zaman aŸmna u§rad.
173.194.46.34 cevab: bayt=32 sre=167ms TTL=47
 
173.194.46.34 i‡in Ping istatisti§i:
    Paket: Giden = 2, Gelen = 1, Kaybolan = 1 (%50 kayp),
Mili saniye trnden yaklaŸk tur sreleri:
    En Az = 167ms, En €ok = 167ms, Ortalama = 167ms
Sunucu:  UnKnown
Address:  50.28.34.201
 
Ad:      yahoo.com
Addresses:  98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
yahoo.com [206.190.36.45] yoklanyor32 bayt veri ile:
206.190.36.45 cevab: bayt=32 sre=232ms TTL=45
206.190.36.45 cevab: bayt=32 sre=229ms TTL=45
 
206.190.36.45 i‡in Ping istatisti§i:
    Paket: Giden = 2, Gelen = 2, Kaybolan = 0 (%0 kayp),
Mili saniye trnden yaklaŸk tur sreleri:
    En Az = 229ms, En €ok = 232ms, Ortalama = 230ms
 
127.0.0.1 yoklanyor 32 bayt veri ile:
127.0.0.1 cevab: bayt=32 sre<1ms TTL=128
127.0.0.1 cevab: bayt=32 sre<1ms TTL=128
 
127.0.0.1 i‡in Ping istatisti§i:
    Paket: Giden = 2, Gelen = 2, Kaybolan = 0 (%0 kayp),
Mili saniye trnden yaklaŸk tur sreleri:
    En Az = 0ms, En €ok = 0ms, Ortalama = 0ms
===========================================================================
Arabirim Listesi
 11...00 24 81 86 56 6d ......Intel® 82567V-2 Gigabit A§ Ba§lants
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Ba§daŸtrcs
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Yol Tablosu
===========================================================================
Etkin Yollar:
        A§ Hedefi       A§ Maskesi        A§ Ge‡idi        Arabirim   ™l‡t
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.4     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.4    276
      192.168.1.4  255.255.255.255         On-link       192.168.1.4    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.4    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.4    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.4    276
===========================================================================
Srekli Yollar:
  Yok
 
IPv6 Yol Tablosu
===========================================================================
Etkin Yollar:
 Metrik A§ Hedef A§      Ge‡idi
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:90d7:18b3:9f6:3f57:fefb/128
                                    On-link
 11    276 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::18b3:9f6:3f57:fefb/128
                                    On-link
 11    276 fe80::c83e:e386:9ea8:16eb/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Srekli Yollar:
  Yok
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
=========================== Installed Programs ============================
 
Adobe Reader 9.3 - Turkish (Version: 9.3.0)
AIMP2
BitTorrent (Version: 7.8.0.29626)
DriverPack Solution Updater (Version: 0.0.25)
GOM Player (Version: 2.1.37.5085)
Google Chrome (Version: 33.0.1750.154)
Java™ 6 Update 22 (Version: 6.0.220)
Lyrics Plugin for Windows Media Player (Version: 0.4)
Malwarebytes Anti-Malware 1.75.0.1300 sürümü (Version: 1.75.0.1300)
Microsoft Office Access MUI (Turkish) 2007 (Version: 12.0.4518.1027)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (Turkish) 2007 (Version: 12.0.4518.1027)
Microsoft Office Groove MUI (Turkish) 2007 (Version: 12.0.4518.1027)
Microsoft Office InfoPath MUI (Turkish) 2007 (Version: 12.0.4518.1027)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (Turkish) 2007 (Version: 12.0.4518.1027)
Microsoft Office Outlook MUI (Turkish) 2007 (Version: 12.0.4518.1027)
Microsoft Office PowerPoint MUI (Turkish) 2007 (Version: 12.0.4518.1027)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Turkish) 2007 (Version: 12.0.4518.1027)
Microsoft Office Proofing (Turkish) 2007 (Version: 12.0.4518.1027)
Microsoft Office Publisher MUI (Turkish) 2007 (Version: 12.0.4518.1027)
Microsoft Office Shared 64-bit MUI (Turkish) 2007 (Version: 12.0.4518.1027)
Microsoft Office Shared MUI (Turkish) 2007 (Version: 12.0.4518.1027)
Microsoft Office Word MUI (Turkish) 2007 (Version: 12.0.4518.1027)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Nero 8 Micro (Version: 8.3.13.0)
Win7codecs (Version: 3.0.6)
WinRAR arşiv yöneticisi
 
========================= Memory info: ===================================
 
Percentage of memory in use: 29%
Total physical RAM: 4095.18 MB
Available physical RAM: 2894.02 MB
Total Pagefile: 8188.55 MB
Available Pagefile: 6839.62 MB
Total Virtual: 4095.88 MB
Available Virtual: 3922.96 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:97.56 GB) (Free:50.48 GB) NTFS
2 Drive d: () (Fixed) (Total:195.31 GB) (Free:97.09 GB) NTFS
3 Drive e: () (Fixed) (Total:172.79 GB) (Free:172.7 GB) NTFS
 
========================= Users: ========================================
 
\\PC-BILGISAYAR Kullanc Hesaplar
 
Administrator            Guest                    pc                       
Komut baŸaryla tamamland.
 
 
**** End of log ****
 


#8 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:28 PM

Posted 23 March 2014 - 12:46 PM

Redirection still occur or not? Can you access google now?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#9 anakinnsky

anakinnsky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 23 March 2014 - 04:25 PM

I can connect to youtube for now but redirection to facebook and google still occurs



#10 anakinnsky

anakinnsky
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 24 March 2014 - 05:59 AM

What else to do for now? How can I fix my problem? 



#11 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:28 PM

Posted 24 March 2014 - 06:01 AM

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users