Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help me my logs


  • This topic is locked This topic is locked
2 replies to this topic

#1 uzoist

uzoist

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 12 February 2015 - 05:01 AM

ComboFix 15-02-09.01 - asus 12.02.2015  11:17:22.2.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1254.90.1033.18.3071.2189 [GMT 2:00]
Running from: c:\users\asus\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 128 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\0df2461e-f5f3-4e70-a94f-50f78efd5edc\a4f97249-a081-4c88-b69e-d92d3806528b.dll
c:\program files\5aafebdd-5773-42b2-9ca9-75390eee8775\619f7c30-5fc5-4fa9-afcc-42f9b1fc4509.dll
c:\program files\5aafebdd-5773-42b2-9ca9-75390eee8775\db9ca2d0-808c-4bb4-948c-778929ce5b52.dll
c:\program files\7-Zip\a87e9d11-6285-4e03-b0f8-1bb5bf26a04c.dll
c:\program files\Alawar\cabb6b77-6477-4771-aa32-116a78c0d854.dll
c:\program files\eb928127-8f2c-4177-921d-1177aa92f254\a2ec2cf8-d25c-4690-96a9-c3be0a55413f.dll
c:\users\asus\AppData\Local\amK.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SPDRIVER_1493.0.0.0
-------\Service_SPDRIVER_1493.0.0.0
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-12 to 2015-02-12  )))))))))))))))))))))))))))))))
.
.
2015-02-12 09:25 . 2015-02-12 09:28    --------    d-----w-    c:\users\asus\AppData\Local\temp
2015-02-12 09:25 . 2015-02-12 09:25    --------    d-----w-    c:\users\Public\AppData\Local\temp
2015-02-12 09:25 . 2015-02-12 09:25    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-02-11 12:07 . 2015-02-11 18:20    --------    d-sh--w-    c:\windows\system32\AI_RecycleBin
2015-02-11 11:20 . 2014-09-16 17:07    908840    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECDB1862-88F3-4A63-B0C8-9881AF5A7DE6}\gapaengine.dll
2015-02-11 11:18 . 2014-12-02 11:01    9054624    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C7B49DD-922D-4ECE-BA1A-2CB4D2E15791}\mpengine.dll
2015-02-10 08:46 . 2014-12-02 11:01    9054624    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-08 16:28 . 2015-02-08 17:00    --------    d-----w-    c:\users\asus\AppData\Local\Yandex
2015-02-08 16:27 . 2015-02-08 16:27    --------    d-----w-    c:\users\asus\AppData\Roaming\Opera Software
2015-02-08 16:27 . 2015-02-08 16:27    --------    d-----w-    c:\users\asus\AppData\Local\Chromium
2015-02-08 16:27 . 2015-02-10 08:29    --------    d-----w-    c:\users\asus\AppData\Roaming\Yandex
2015-02-05 22:00 . 2015-02-05 22:05    --------    d-----w-    C:\AdwCleaner
2015-02-05 09:35 . 2015-02-05 09:40    --------    d-----w-    c:\users\asus\AppData\Local\BrowserHelper
2015-02-05 09:34 . 2015-02-12 09:24    --------    d-----w-    c:\program files\5aafebdd-5773-42b2-9ca9-75390eee8775
2015-02-05 09:34 . 2015-02-12 09:24    --------    d-----w-    c:\program files\eb928127-8f2c-4177-921d-1177aa92f254
2015-02-05 09:33 . 2015-02-12 09:24    --------    d-----w-    c:\program files\0df2461e-f5f3-4e70-a94f-50f78efd5edc
2015-02-04 16:18 . 2015-02-05 21:15    73840    ----a-w-    c:\program files\Mozilla Firefox\wow_helper.exe
2015-02-04 10:56 . 2015-02-04 10:56    651112    ----a-w-    c:\program files\Common Files\System\SysMenu.dll
2015-02-03 02:01 . 2015-02-03 02:01    --------    d-----w-    c:\users\asus\AppData\Roaming\LolClient
2015-02-01 21:56 . 2015-02-01 21:56    --------    d-----w-    c:\programdata\Riot Games
2015-02-01 21:53 . 2008-07-31 08:41    68616    ----a-w-    c:\windows\system32\XAPOFX1_1.dll
2015-02-01 21:53 . 2008-07-31 08:40    509448    ----a-w-    c:\windows\system32\XAudio2_2.dll
2015-02-01 21:53 . 2008-07-12 06:18    467984    ----a-w-    c:\windows\system32\d3dx10_39.dll
2015-02-01 21:53 . 2008-07-12 06:18    3851784    ----a-w-    c:\windows\system32\D3DX9_39.dll
2015-02-01 21:53 . 2008-07-12 06:18    1493528    ----a-w-    c:\windows\system32\D3DCompiler_39.dll
2015-02-01 21:52 . 2015-02-01 21:52    --------    d-----w-    C:\Riot Games
2015-02-01 21:51 . 2015-02-01 21:53    --------    d-----w-    c:\users\asus\AppData\Roaming\Riot Games
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-31 11:13 . 2013-02-09 14:18    249488    ------w-    c:\windows\system32\MpSigStub.exe
2014-12-06 11:40 . 2014-12-06 11:40    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-12-06 11:40 . 2014-12-06 11:40    645120    ----a-w-    c:\windows\system32\jsIntl.dll
2014-12-06 11:40 . 2014-12-06 11:40    194048    ----a-w-    c:\windows\system32\elshyph.dll
2014-12-06 11:40 . 2014-12-06 11:40    182272    ----a-w-    c:\windows\system32\msls31.dll
2014-12-06 11:40 . 2014-12-06 11:40    62464    ----a-w-    c:\windows\system32\tdc.ocx
2014-12-06 11:40 . 2014-12-06 11:40    337408    ----a-w-    c:\windows\system32\html.iec
2014-12-06 11:40 . 2014-12-06 11:40    24576    ----a-w-    c:\windows\system32\licmgr10.dll
2014-12-06 11:40 . 2014-12-06 11:40    151552    ----a-w-    c:\windows\system32\iexpress.exe
2014-12-06 11:40 . 2014-12-06 11:40    139264    ----a-w-    c:\windows\system32\wextract.exe
2014-12-06 11:40 . 2014-12-06 11:40    36352    ----a-w-    c:\windows\system32\imgutil.dll
2014-12-06 11:40 . 2014-12-06 11:40    13312    ----a-w-    c:\windows\system32\mshta.exe
2014-12-06 11:40 . 2014-12-06 11:40    86016    ----a-w-    c:\windows\system32\iesysprep.dll
2014-12-06 11:40 . 2014-12-06 11:40    74240    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-12-06 11:40 . 2014-12-06 11:40    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-12-06 11:40 . 2014-12-06 11:40    111616    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-12-06 11:39 . 2014-12-06 11:39    640512    ----a-w-    c:\windows\system32\advapi32.dll
2014-12-06 11:39 . 2014-12-06 11:39    619520    ----a-w-    c:\windows\system32\tdh.dll
2014-12-06 11:39 . 2014-12-06 11:39    1293216    ----a-w-    c:\windows\system32\ntdll.dll
2014-12-06 11:38 . 2014-12-06 11:38    231424    ----a-w-    c:\windows\system32\mswsock.dll
2014-12-06 11:38 . 2014-12-06 11:38    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-12-06 11:38 . 2014-12-06 11:38    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-12-06 11:38 . 2014-12-06 11:38    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-12-06 11:38 . 2014-12-06 11:38    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-12-06 11:38 . 2014-12-06 11:38    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-12-06 11:38 . 2014-12-06 11:38    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-12-06 11:38 . 2014-12-06 11:38    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-12-06 11:38 . 2014-12-06 11:38    906240    ----a-w-    c:\windows\system32\FntCache.dll
2014-12-06 11:38 . 2014-12-06 11:38    604160    ----a-w-    c:\windows\system32\d3d10level9.dll
2014-12-06 11:38 . 2014-12-06 11:38    364544    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2014-12-06 11:38 . 2014-12-06 11:38    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-12-06 11:38 . 2014-12-06 11:38    293376    ----a-w-    c:\windows\system32\dxgi.dll
2014-12-06 11:38 . 2014-12-06 11:38    249856    ----a-w-    c:\windows\system32\d3d10_1core.dll
2014-12-06 11:38 . 2014-12-06 11:38    220160    ----a-w-    c:\windows\system32\d3d10core.dll
2014-12-06 11:38 . 2014-12-06 11:38    207872    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2014-12-06 11:38 . 2014-12-06 11:38    187392    ----a-w-    c:\windows\system32\UIAnimation.dll
2014-12-06 11:38 . 2014-12-06 11:38    161792    ----a-w-    c:\windows\system32\d3d10_1.dll
2014-12-06 11:38 . 2014-12-06 11:38    1158144    ----a-w-    c:\windows\system32\XpsPrint.dll
2014-12-06 11:38 . 2014-12-06 11:38    1080832    ----a-w-    c:\windows\system32\d3d10.dll
2014-12-06 11:38 . 2014-12-06 11:38    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-12-06 11:35 . 2014-12-06 11:35    1505280    ----a-w-    c:\windows\system32\d3d11.dll
2014-11-22 02:20 . 2014-12-14 13:02    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-11-22 02:20 . 2014-12-14 13:02    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07 . 2014-12-14 13:02    501248    ----a-w-    c:\windows\system32\vbscript.dll
2014-11-22 02:07 . 2014-12-14 13:02    62464    ----a-w-    c:\windows\system32\iesetup.dll
2014-11-22 02:06 . 2014-12-14 13:02    47616    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-14 13:02    64000    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55 . 2014-12-14 13:02    115712    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-11-22 01:55 . 2014-12-14 13:02    102912    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54 . 2014-12-14 13:02    620032    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-11-22 01:48 . 2014-12-14 13:02    667648    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40 . 2014-12-14 13:02    60416    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-14 13:02    4299264    ----a-w-    c:\windows\system32\jscript9.dll
2014-11-22 01:22 . 2014-12-14 13:02    2052096    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-11-22 01:21 . 2014-12-14 13:02    1155072    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00 . 2014-12-14 13:02    1888256    ----a-w-    c:\windows\system32\wininet.dll
2009-08-11 14:48 . 2009-08-11 14:48    777320    ----a-w-    c:\program files\Setup.exe
2009-01-23 11:55 . 2009-01-23 11:55    184320    ----a-w-    c:\program files\SecSNMP.dll
2006-09-01 15:05 . 2006-09-01 15:05    4218880    ----a-w-    c:\program files\Ssres.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-07-24 21650016]
"uTorrent"="c:\users\asus\AppData\Roaming\uTorrent\uTorrent.exe" [2015-02-05 1454416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2013-03-05 76288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_3C776F0E4C9D4C175BD7848BC811E09D]
2015-02-04 09:02    843592    ----a-w-    c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
2013-03-05 06:36    76288    ----a-w-    c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2014-08-22 10:41    974432    ----a-w-    c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIM PeerManager]
2014-05-07 10:00    4493824    ----a-w-    c:\program files\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2014-02-07 08:24    443408    ----a-w-    c:\program files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 06:16    254336    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 BrsHelper;BrsHelper;c:\progra~1\YTDOWN~1\BROWSE~2.EXE [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2014-01-21 585728]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-27 9216]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Microsoft Ağ İnceleme;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-14 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-11-14 24064]
R3 TsUsbFlt;TsUsbFlt; [x]
R4 MyPublicWiFiService;MyPublicWiFi Service;c:\program files\MyPublicWiFi\PublicWiFiService.exe [2013-04-03 756224]
R4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2010-09-30 196928]
R4 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-09-30 67904]
R4 RIM MDNS;RIM MDNS;c:\program files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [2014-05-07 389632]
R4 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service [x]
R4 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [2011-06-24 238960]
S1 ndiskhaz;Azzouzi HotSpot LightWeight Filter;c:\windows\system32\DRIVERS\ndiskhaz.sys [2012-12-07 25416]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 5120]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2013-02-27 77696]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\Drivers\rimvndis6.sys [2014-05-07 14336]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-07 07:57    1086280    ----a-w-    c:\program files\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-12 13:16]
.
2015-02-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2632155026-3250115548-4013480880-1000Core.job
- c:\users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-14 17:48]
.
2015-02-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2632155026-3250115548-4013480880-1000UA.job
- c:\users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-14 17:48]
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-09 15:38]
.
2015-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-09 15:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.com.tr/?win=162&clid=2130685
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{08ACEADC-87EE-4D0C-A1D7-4C1211EE97B1}: NameServer = 77.88.8.1,77.88.8.8
TCP: Interfaces\{7169C191-66B3-4696-A4B4-6F92660613CF}: NameServer = 77.88.8.1,77.88.8.8
TCP: Interfaces\{8AC249D4-624B-41AD-8D2F-F8D04B9F12FF}: NameServer = 77.88.8.1,77.88.8.8
TCP: Interfaces\{90C42F89-F819-4179-AA59-CBF7B8AFD235}: NameServer = 77.88.8.1,77.88.8.8
FF - ProfilePath - c:\users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\xf0llkte.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.tr/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
HKLM-Run-Bonus.SSR.FR11 - c:\program files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-Bonus.SSR - c:\program files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe
MSConfigStartUp-CyberGhost - c:\program files\CyberGhost 5\CyberGhost.EXE
AddRemove-Ge-Force - c:\program files\Ge-Force\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2015-02-12  11:32:45 - machine was rebooted
ComboFix-quarantined-files.txt  2015-02-12 09:32
ComboFix2.txt  2013-04-09 07:33
.
Pre-Run: 82.179.235.840 bayt boş
Post-Run: 83.542.573.056 bayt boş
.
- - End Of File - - 5F5DA42DCFD664F49D9CF965A2FBD94A
A36C5E4F47E84449FF07ED3517B43A31
 



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:30 PM

Posted 15 February 2015 - 02:34 PM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
  • My Help is completely free of charge!
    Just if you like to donate me some money you can do it and I'd appreciate it. :)
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:30 PM

Posted 19 February 2015 - 04:44 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users