Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've Combofix log file, What should I do now ?


  • This topic is locked This topic is locked
8 replies to this topic

#1 Asya

Asya

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 13 July 2016 - 08:16 AM

I used combofix. It deleted "c:\windows\PFRO.log". I read log file but i didn't understand much. Can you help me please ? 
ComboFix 16-07-10.01 - Ata Anıl 13.07.2016  14:53:20.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1254.90.1033.18.1917.1047 [GMT 3:00]
Running from: c:\users\Ata An²l\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
(((((((((((((((((((((((((   Files Created from 2016-06-13 to 2016-07-13  )))))))))))))))))))))))))))))))
.
.
2016-07-13 12:01 . 2016-07-13 12:01	--------	d-----w-	c:\users\Ata Anıl\AppData\Local\temp
2016-07-13 12:01 . 2016-07-13 12:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2016-07-13 10:45 . 2016-06-21 22:02	9507208	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7ABC7EA9-F82F-44A3-9ABF-D47B15C6C9F1}\mpengine.dll
2016-07-12 22:46 . 2016-06-25 19:54	497152	----a-w-	c:\windows\system32\win32spl.dll
2016-07-12 22:46 . 2016-06-25 19:53	297472	----a-w-	c:\windows\system32\ntprint.dll
2016-07-12 22:46 . 2016-06-25 19:53	779776	----a-w-	c:\windows\system32\localspl.dll
2016-07-12 22:46 . 2016-06-25 19:53	126464	----a-w-	c:\windows\system32\inetpp.dll
2016-07-12 22:46 . 2016-06-25 19:42	39424	----a-w-	c:\windows\system32\wpnpinst.exe
2016-07-12 22:46 . 2016-06-25 19:41	61952	----a-w-	c:\windows\system32\ntprint.exe
2016-07-12 22:46 . 2016-06-25 19:41	18944	----a-w-	c:\windows\system32\inetppui.dll
2016-07-12 22:46 . 2016-06-25 19:40	29696	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\winprint.dll
2016-07-12 22:46 . 2016-06-14 14:57	2398208	----a-w-	c:\windows\system32\win32k.sys
2016-07-12 21:56 . 2016-07-12 21:53	35096	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2016-07-12 21:55 . 2016-07-12 21:54	921280	----a-w-	c:\windows\ucrtbase.dll
2016-07-12 21:55 . 2016-07-12 21:54	319248	----a-w-	c:\windows\system32\aswBoot.exe
2016-07-12 21:54 . 2016-07-12 21:54	53208	----a-w-	c:\windows\avastSS.scr
2016-06-15 08:02 . 2016-05-11 15:19	206336	----a-w-	c:\windows\system32\ws2_32.dll
2016-06-15 08:02 . 2016-05-11 15:19	351744	----a-w-	c:\windows\system32\winhttp.dll
2016-06-15 08:02 . 2016-05-11 15:19	231424	----a-w-	c:\windows\system32\mswsock.dll
2016-06-15 08:02 . 2016-05-11 15:01	26624	----a-w-	c:\windows\system32\netbtugc.exe
2016-06-15 08:02 . 2016-05-11 14:52	188928	----a-w-	c:\windows\system32\drivers\netbt.sys
2016-06-15 07:59 . 2016-05-18 16:10	306688	----a-w-	c:\windows\system32\gdi32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-12 21:57 . 2015-08-27 18:56	438296	----a-w-	c:\windows\system32\drivers\aswsp.sys
2016-07-12 21:55 . 2015-08-27 18:56	118152	----a-w-	c:\windows\system32\drivers\aswStm.sys
2016-07-12 21:55 . 2015-08-27 18:56	222056	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2016-07-12 21:55 . 2015-08-27 18:56	91680	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2016-07-12 21:55 . 2015-08-27 18:56	60424	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2016-07-12 21:55 . 2015-08-27 18:56	91232	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2016-07-12 21:55 . 2015-08-27 18:56	34008	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2016-07-12 21:53 . 2015-08-27 18:56	816304	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2016-06-21 09:13 . 2015-08-27 18:53	400552	------w-	c:\windows\system32\MpSigStub.exe
2016-06-14 15:21 . 2016-07-12 22:46	2560	----a-w-	c:\windows\apppatch\AcRes.dll
2016-04-14 13:49 . 2016-05-11 17:47	603648	----a-w-	c:\windows\system32\d3d10level9.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-07-12 21:54	831464	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-07-12 8900328]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2015-06-18 12336856]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2010-12-15 557056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
2015-04-26 11:02	43816	----a-w-	c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-08-19 23:08	6490904	----a-w-	c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudDrive]
2015-04-26 11:01	43816	----a-w-	c:\program files\Common Files\Apple\Internet Services\iCloudDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2015-04-26 11:02	43816	----a-w-	c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-09-23 17:54	157456	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2015-08-06 08:43	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2015-08-27 19:04	7389752	----a-w-	c:\users\Ata Anıl\AppData\Roaming\Spotify\Spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2015-08-27 19:04	2018360	----a-w-	c:\users\Ata Anıl\AppData\Roaming\Spotify\SpotifyWebHelper.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2016-07-12 118152]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-06-10 102912]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2016-07-12 35096]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2016-07-12 816304]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2016-07-12 438296]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2016-07-12 34008]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2016-07-12 91680]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]
S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2010-12-15 466432]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-18 07:57	1245848	----a-w-	c:\program files\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-08-27 18:32]
.
2016-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-08-27 18:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.com.tr/?win=203&clid=1989273-001
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D681A907-7FD2-4751-B539-207257C499C1}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Ata Anıl\AppData\Roaming\Mozilla\Firefox\Profiles\np0py5dk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yandex.com.tr/?win=203&clid=2186617
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-EaseUS EPM tray - c:\program files\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe
MSConfigStartUp-EaseUS EPM Tray Agent - c:\program files\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-07-13  15:04:07
ComboFix-quarantined-files.txt  2016-07-13 12:04
.
Pre-Run: 93.580.587.008 bytes free
Post-Run: 93.464.059.904 bytes free
.
- - End Of File - - 486C0425EB54383BC80F3C14986B104C
8E734BD7AA1D4F7E9AF58DF495F6CF9E


Edited by Queen-Evie, 13 July 2016 - 08:34 AM.
moved from Am I Infected to Malware Removal Logs. Combofix logs are allowed on in MRL.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:01 PM

Posted 13 July 2016 - 12:39 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please explain what problems you are having with this computer.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Please post the logs.

Wait for further instructions.

#3 Asya

Asya
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 13 July 2016 - 01:07 PM

Thank you for the answer. FRST file here,  Addition in attach.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-07-2016 01Ran by Ata Anıl (administrator) on GÜMÜŞ (13-07-2016 20:55:34)
Running from C:\Users\Ata Anıl\Desktop\frst
Loaded Profiles: Ata Anıl (Available Profiles: Ata Anıl)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe




==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-07-13] (AVAST Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12336856 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [SiSTray] => C:\Program Files\SiS VGA Utilities\SiSTray.exe [557056 2010-12-15] (Silicon Integrated Systems Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-07-13] (AVAST Software)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D681A907-7FD2-4751-B539-207257C499C1}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{D681A907-7FD2-4751-B539-207257C499C1}: [DhcpNameServer] 192.168.2.1


Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4131805582-2086087969-1960315594-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4131805582-2086087969-1960315594-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4131805582-2086087969-1960315594-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yandex.com.tr/?win=203&clid=1989273-001
SearchScopes: HKU\S-1-5-21-4131805582-2086087969-1960315594-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.com.tr/search/?win=203&clid=1989274-001&text={searchTerms}
SearchScopes: HKU\S-1-5-21-4131805582-2086087969-1960315594-1001 -> 542281A4535A480EC3E5D9E3F96C12E9 URL = hxxp://gorsel.yandex.com.tr/search/?win=203&clid=1989274-001&text={searchTerms}
SearchScopes: HKU\S-1-5-21-4131805582-2086087969-1960315594-1001 -> 5E23A41E44A04F30C9E69DE1B073047C URL = hxxp://video.yandex.com.tr/#search?win=203&clid=1989274-001&text={searchTerms}
SearchScopes: HKU\S-1-5-21-4131805582-2086087969-1960315594-1001 -> 95EDE5B3A523F47146B118FB3B474A49 URL = hxxp://haber.yandex.com.tr/search/?rpt=nnews2&grhow=clutop&win=203&clid=1989274-001&text={searchTerms}
SearchScopes: HKU\S-1-5-21-4131805582-2086087969-1960315594-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.com.tr/search/?win=203&clid=1989274-001&text={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-13] (AVAST Software)


FireFox:
========
FF ProfilePath: C:\Users\Ata Anıl\AppData\Roaming\Mozilla\Firefox\Profiles\np0py5dk.default
FF Homepage: hxxp://www.yandex.com.tr/?win=203&clid=2186617
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF SearchPlugin: C:\Users\Ata Anıl\AppData\Roaming\Mozilla\Firefox\Profiles\np0py5dk.default\searchplugins\gorsel.yandex.com.tr-000852.xml [2015-11-21]
FF SearchPlugin: C:\Users\Ata Anıl\AppData\Roaming\Mozilla\Firefox\Profiles\np0py5dk.default\searchplugins\haber.yandex.com.tr-000852.xml [2015-11-21]
FF SearchPlugin: C:\Users\Ata Anıl\AppData\Roaming\Mozilla\Firefox\Profiles\np0py5dk.default\searchplugins\video.yandex.com.tr-000852.xml [2015-11-21]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-13]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-13]


Chrome: 
=======
CHR HomePage: Default -> yandex.com.tr/?__PARAM__from=chromehp
CHR DefaultSearchURL: Default -> hxxp://yandex.com.tr/yandsearch?__PARAM__from=chromesearch&text={searchTerms}
CHR DefaultSearchKeyword: Default -> yandex.com.tr
CHR DefaultSuggestURL: Default -> hxxp://suggest.yandex.net/suggest-ff.cgi?uil=com.tr&part={searchTerms}
CHR Profile: C:\Users\Ata Anıl\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adguard Reklam Engelleyici) - C:\Users\Ata Anıl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-07-13]
CHR Extension: (Chrome Web Mağazası Ödemeleri) - C:\Users\Ata Anıl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR HKLM\...\Chrome\Extension: [bejnpnkhfgfkcpgikiinojlmdcjimobi] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [bhjcgomkanpkpblokebecknhahgkcmoo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-08-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-27]
CHR HKLM\...\Chrome\Extension: [pjfkgjlnocfakoheoapicnknoglipapd] - hxxp://clients2.google.com/service/update2/crx


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-13] (AVAST Software)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-07-13] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-07-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91680 2016-07-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-07-13] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-07-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-07-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [438296 2016-07-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118152 2016-07-13] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [222056 2016-07-13] (AVAST Software)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [379904 2010-03-31] (Realtek Semiconductor Corporation                           )
R0 uagp35; C:\Windows\System32\DRIVERS\sisagpx.sys [58400 2009-08-01] (Silicon Integrated Systems Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\ATAANL~1\AppData\Local\Temp\catchme.sys [X]


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-07-13 20:55 - 2016-07-13 20:55 - 00000000 ____D C:\FRST
2016-07-13 20:53 - 2016-07-13 20:55 - 00000000 ____D C:\Users\Ata Anıl\Desktop\frst
2016-07-13 15:08 - 2016-07-13 15:09 - 00000000 ____D C:\Users\Ata Anıl\Desktop\DOSYALAR
2016-07-13 15:04 - 2016-07-13 15:04 - 00009204 _____ C:\ComboFix.txt
2016-07-13 14:50 - 2016-07-13 15:14 - 00000000 ____D C:\Windows\erdnt
2016-07-13 14:47 - 2016-07-13 14:47 - 03750399 _____ (Swearware) C:\Users\Ata Anıl\Downloads\262C.tmp
2016-07-13 11:15 - 2016-07-13 11:15 - 00001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-07-13 01:46 - 2016-06-25 22:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-13 01:46 - 2016-06-25 22:53 - 00779776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-13 01:46 - 2016-06-25 22:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-13 01:46 - 2016-06-25 22:53 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-13 01:46 - 2016-06-25 22:42 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-13 01:46 - 2016-06-25 22:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-13 01:46 - 2016-06-25 22:41 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-13 01:46 - 2016-06-14 17:57 - 02398208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-13 01:45 - 2016-06-11 07:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-13 01:45 - 2016-06-10 22:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-13 01:45 - 2016-06-10 22:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-13 01:45 - 2016-06-10 21:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-13 01:45 - 2016-06-10 21:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-13 01:45 - 2016-06-10 21:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-13 01:45 - 2016-06-10 21:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-13 01:45 - 2016-06-10 21:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-13 01:45 - 2016-06-10 21:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-13 01:45 - 2016-06-10 21:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-13 01:45 - 2016-06-10 21:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-13 01:45 - 2016-06-10 21:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-13 01:45 - 2016-06-10 21:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-13 01:45 - 2016-06-10 21:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-13 01:45 - 2016-06-10 21:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-13 01:45 - 2016-06-10 21:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-13 01:45 - 2016-06-10 21:41 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-13 01:45 - 2016-06-10 21:35 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-13 01:45 - 2016-06-10 21:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-13 01:45 - 2016-06-10 21:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-13 01:45 - 2016-06-10 21:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-13 01:45 - 2016-06-10 21:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-13 01:45 - 2016-06-10 21:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-13 01:45 - 2016-06-10 21:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-13 01:45 - 2016-06-10 21:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-13 01:45 - 2016-06-10 21:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-13 01:45 - 2016-06-10 21:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-13 01:45 - 2016-06-10 21:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-13 01:45 - 2016-06-10 21:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-13 01:45 - 2016-06-10 21:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-13 01:45 - 2016-06-10 21:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-13 01:45 - 2016-06-10 20:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-13 01:45 - 2016-06-10 20:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-13 01:45 - 2016-06-10 20:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-13 01:45 - 2016-06-10 20:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-13 00:56 - 2016-07-13 00:53 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-07-13 00:55 - 2016-07-13 00:54 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2016-07-13 00:55 - 2016-07-13 00:54 - 00319248 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-07-13 00:54 - 2016-07-13 00:54 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-15 11:03 - 2016-05-14 00:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 11:03 - 2016-05-14 00:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 11:03 - 2016-05-14 00:49 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 11:03 - 2016-05-14 00:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 11:03 - 2016-05-14 00:27 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 11:03 - 2016-05-12 18:22 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 11:03 - 2016-05-12 18:22 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 11:03 - 2016-05-12 18:18 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 11:03 - 2016-05-12 18:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 11:03 - 2016-05-12 18:18 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 11:03 - 2016-05-12 18:18 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 11:03 - 2016-05-12 18:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 11:03 - 2016-05-12 18:18 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 11:03 - 2016-05-12 18:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 11:03 - 2016-05-12 18:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 11:03 - 2016-05-12 18:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 11:03 - 2016-05-12 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 11:03 - 2016-05-12 18:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 11:03 - 2016-05-12 18:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 11:03 - 2016-05-12 18:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 11:03 - 2016-05-12 18:18 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 11:03 - 2016-05-12 18:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 11:03 - 2016-05-12 18:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 11:03 - 2016-05-12 18:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 11:03 - 2016-05-12 18:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 11:03 - 2016-05-12 18:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 11:03 - 2016-05-12 18:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 11:03 - 2016-05-12 18:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 11:03 - 2016-05-12 18:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 11:03 - 2016-05-12 17:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 11:03 - 2016-05-12 17:52 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 11:03 - 2016-05-12 17:52 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 11:03 - 2016-05-12 17:52 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 11:03 - 2016-05-12 17:52 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 11:03 - 2016-05-12 17:52 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 11:03 - 2016-05-12 17:52 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 11:03 - 2016-05-12 17:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 11:03 - 2016-05-12 17:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 11:03 - 2016-05-12 17:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 11:03 - 2016-05-12 16:04 - 00370784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 11:03 - 2016-05-12 16:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 11:03 - 2016-05-11 18:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 11:02 - 2016-05-11 18:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 11:02 - 2016-05-11 18:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 11:02 - 2016-05-11 18:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 11:02 - 2016-05-11 18:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 11:02 - 2016-05-11 17:52 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 10:59 - 2016-05-18 19:10 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-07-13 20:56 - 2015-08-27 21:32 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-13 20:56 - 2015-08-27 21:32 - 00001004 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-13 15:48 - 2009-07-14 07:34 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-13 15:48 - 2009-07-14 07:34 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-13 15:45 - 2015-08-27 21:56 - 00438296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-07-13 15:37 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-13 15:22 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\inf
2016-07-13 15:04 - 2015-09-08 14:27 - 00000000 ____D C:\Users\locales
2016-07-13 15:01 - 2009-07-14 05:04 - 00000215 _____ C:\Windows\system.ini
2016-07-13 14:43 - 2009-07-14 07:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-13 13:37 - 2009-07-14 07:33 - 00266392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-13 02:19 - 2015-08-27 23:38 - 00000000 ____D C:\Windows\system32\MRT
2016-07-13 02:18 - 2015-08-27 23:37 - 141983760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-13 00:55 - 2015-08-27 21:56 - 00222056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-07-13 00:55 - 2015-08-27 21:56 - 00118152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-07-13 00:55 - 2015-08-27 21:56 - 00091680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-07-13 00:55 - 2015-08-27 21:56 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-07-13 00:55 - 2015-08-27 21:56 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-07-13 00:55 - 2015-08-27 21:56 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-07-13 00:55 - 2015-08-27 21:46 - 00000000 ____D C:\ProgramData\AVAST Software
2016-07-13 00:53 - 2015-08-27 21:56 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-07-13 00:53 - 2015-08-27 21:47 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-24 23:20 - 2015-08-27 21:42 - 00000000 ____D C:\Users\Ata Anıl\AppData\Roaming\BitTorrent
2016-06-24 16:53 - 2015-08-27 22:33 - 00000000 ____D C:\Users\Ata Anıl\AppData\Roaming\vlc
2016-06-24 12:41 - 2015-10-04 21:22 - 00000000 ____D C:\Users\Ata Anıl\AppData\LocalLow\BitTorrent
2016-06-23 22:07 - 2015-12-19 22:08 - 00072704 ___SH C:\Users\Ata Anıl\Desktop\Thumbs.db
2016-06-23 22:02 - 2015-11-21 01:08 - 00000000 ____D C:\Users\Ata Anıl\AppData\Roaming\Yandex
2016-06-23 21:59 - 2015-11-08 18:27 - 00000000 ____D C:\Windows\Minidump
2016-06-21 12:13 - 2015-08-27 21:53 - 00400552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-18 11:00 - 2015-08-27 21:35 - 00002137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-18 10:56 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\rescache
2016-06-16 20:42 - 2015-08-27 21:32 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI


==================== Files in the root of some directories =======


2015-08-27 22:00 - 2016-02-21 14:08 - 0000628 _____ () C:\Users\Ata Anıl\AppData\Roaming\burnaware.ini
2015-08-27 23:16 - 2015-08-27 23:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl


==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2016-06-29 19:54


==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:01 PM

Posted 14 July 2016 - 07:28 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4131805582-2086087969-1960315594-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Chrome Web Magazasi Ödemeleri) - C:\Users\Ata Anil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR HKLM\...\Chrome\Extension: [bejnpnkhfgfkcpgikiinojlmdcjimobi] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [bhjcgomkanpkpblokebecknhahgkcmoo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-08-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-27]
CHR HKLM\...\Chrome\Extension: [pjfkgjlnocfakoheoapicnknoglipapd] - hxxp://clients2.google.com/service/update2/crx
S3 catchme; \??\C:\Users\ATAANL~1\AppData\Local\Temp\catchme.sys [X]


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.
==

p.s.
Your I cannot read your Addition.txt file.

Open the File with Notepad, select the Format function on the Tools menu.
Check the box marked Wordwrap.

The log should not have a Carriage and Line Feed after every lines.
Save the File and attach it for my review.

Let me know what problem persists with this computer.

#5 Asya

Asya
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 14 July 2016 - 07:56 AM

I will do what you say now. 

I don't have a problem with computer. I just wanted to know if there's malware on the my computer. 

 

Addition.txt file in attach. 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:01 PM

Posted 14 July 2016 - 09:48 AM

The log is clean.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#7 Asya

Asya
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 14 July 2016 - 10:09 AM

Thank you for help  :)

 

Then don't I need create Fixlog.txt and send you ?


Edited by Asya, 14 July 2016 - 10:13 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:01 PM

Posted 15 July 2016 - 06:57 AM

No all is well.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:01 PM

Posted 21 July 2016 - 07:33 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users