Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

combofix log help


  • This topic is locked This topic is locked
2 replies to this topic

#1 edmariskal

edmariskal

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 31 March 2017 - 09:30 AM

hi!!  yesterday i was using the pc and i noticed that my camera light was active. i downloaded combofix for the first time but im not quite sure what to do next so i created this post hoping someone could help me with this :))

 

 

this is the log that i got. what should i do next? am i infected? thanks in advance  !!

 

 

 

 

 

ComboFix 17-03-28.01 - Lenovo 31/03/2017  10:34:12.2.2 - x64
Microsoft Windows 8 Single Language  6.2.9200.0.1252.34.3082.18.3960.2718 [GMT -3:00]
Running from: c:\users\Lenovo\Downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Disabled* {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}
SP: Avira Antivirus *Disabled/Updated* {0897D159-75B7-14C4-2E4A-2FC449B26D32}
SP: Comodo Defense+ *Enabled/Updated* {6BAD9487-8DE8-D130-293E-C6A728B4104F}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2017-02-28 to 2017-03-31  )))))))))))))))))))))))))))))))
.
.
2017-03-31 13:38 . 2017-03-31 13:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-03-31 11:59 . 2017-03-31 11:59 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2017-03-31 03:55 . 2012-11-26 02:15 16114176 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2017-03-31 03:55 . 2012-11-26 02:14 15541248 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2017-03-31 03:07 . 2014-10-09 04:00 1484288 ----a-w- c:\windows\system32\VSSVC.exe
2017-03-31 03:07 . 2014-10-09 04:00 69632 ----a-w- c:\windows\system32\vsstrace.dll
2017-03-31 03:07 . 2014-10-09 04:00 1519104 ----a-w- c:\windows\system32\vssapi.dll
2017-03-31 03:07 . 2014-10-09 03:59 52224 ----a-w- c:\windows\SysWow64\vsstrace.dll
2017-03-31 03:07 . 2014-10-09 03:59 1195520 ----a-w- c:\windows\SysWow64\vssapi.dll
2017-03-31 02:31 . 2015-01-09 05:03 601088 ----a-w- c:\windows\SysWow64\Windows.Globalization.dll
2017-03-31 02:31 . 2015-01-09 06:43 951808 ----a-w- c:\windows\system32\Windows.Globalization.dll
2017-03-31 02:30 . 2014-07-15 22:51 71168 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2017-03-28 20:01 . 2017-03-28 20:04 -------- d-----w- c:\windows\system32\MRT
2017-03-28 19:52 . 2014-03-24 23:42 305152 ----a-w- c:\windows\SysWow64\wusa.exe
2017-03-28 19:52 . 2014-03-24 22:56 309760 ----a-w- c:\windows\system32\wusa.exe
2017-03-28 19:52 . 2014-01-27 03:39 1939288 ----a-w- c:\windows\system32\drivers\ntfs.sys
2017-03-28 19:52 . 2014-02-03 23:56 332632 ----a-w- c:\windows\system32\drivers\storport.sys
2017-03-28 19:52 . 2014-01-02 23:35 365568 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2017-03-28 19:52 . 2014-01-02 23:32 523264 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2017-03-28 19:52 . 2014-02-03 23:56 278872 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2017-03-28 19:52 . 2014-01-31 00:48 485888 ----a-w- c:\windows\SysWow64\WSDApi.dll
2017-03-28 19:52 . 2014-01-31 00:06 599040 ----a-w- c:\windows\system32\WSDApi.dll
2017-03-28 19:52 . 2014-01-15 23:42 118784 ----a-w- c:\windows\system32\drivers\dfsc.sys
2017-03-28 19:51 . 2013-07-24 23:07 13661696 ----a-w- c:\windows\system32\Windows.UI.Xaml.dll
2017-03-28 19:51 . 2013-07-24 23:10 10799104 ----a-w- c:\windows\SysWow64\Windows.UI.Xaml.dll
2017-03-28 19:51 . 2013-08-30 05:20 1173504 ----a-w- c:\windows\system32\UIAutomationCore.dll
2017-03-28 19:51 . 2013-08-29 23:48 914432 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2017-03-28 19:51 . 2013-08-21 06:39 465240 ----a-w- c:\windows\system32\drivers\fvevol.sys
2017-03-28 19:51 . 2013-08-10 06:30 151896 ----a-w- c:\windows\system32\drivers\tpm.sys
2017-03-28 19:51 . 2013-08-30 05:43 61784 ----a-w- c:\windows\system32\drivers\crashdmp.sys
2017-03-28 19:49 . 2013-08-30 05:18 374784 ----a-w- c:\windows\system32\clusapi.dll
2017-03-28 19:49 . 2013-08-30 05:19 626688 ----a-w- c:\windows\system32\resutils.dll
2017-03-28 19:49 . 2013-08-29 23:48 488960 ----a-w- c:\windows\SysWow64\resutils.dll
2017-03-28 19:49 . 2013-10-05 06:10 285016 ----a-w- c:\windows\system32\drivers\spaceport.sys
2017-03-28 19:49 . 2013-08-29 23:47 302080 ----a-w- c:\windows\SysWow64\clusapi.dll
2017-03-28 19:49 . 2013-06-16 22:41 997632 ----a-w- c:\windows\system32\drivers\ndis.sys
2017-03-28 19:46 . 2014-07-12 04:41 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2017-03-28 19:46 . 2014-07-12 04:41 8704 ----a-w- c:\windows\system32\KBDRUM.DLL
2017-03-28 19:46 . 2014-07-12 04:16 8192 ----a-w- c:\windows\SysWow64\KBDRUM.DLL
2017-03-28 19:46 . 2014-07-08 22:33 181248 ----a-w- c:\windows\system32\Defrag.exe
2017-03-28 19:46 . 2014-07-12 04:41 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2017-03-28 19:46 . 2014-07-12 04:41 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2017-03-28 19:46 . 2014-07-12 04:41 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2017-03-28 19:46 . 2014-07-12 04:41 6656 ----a-w- c:\windows\system32\KBDBASH.DLL
2017-03-28 19:46 . 2014-07-12 04:16 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2017-03-28 19:46 . 2014-07-12 04:15 6144 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2017-03-28 10:05 . 2017-03-28 10:05 -------- d-----w- c:\programdata\VS Revo Group
2017-03-28 10:05 . 2016-12-21 12:52 40240 ----a-w- c:\windows\system32\drivers\revoflt.sys
2017-03-28 10:04 . 2017-03-28 10:04 -------- d-----w- c:\program files\VS Revo Group
2017-03-28 08:54 . 2017-03-28 08:54 -------- d-----w- c:\program files\CCleaner
2017-03-28 07:51 . 2017-03-22 07:55 48584 ----a-w- c:\windows\system32\drivers\avusbflt.sys
2017-03-28 07:51 . 2017-03-22 07:55 88488 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2017-03-28 07:51 . 2017-03-22 07:55 44488 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2017-03-28 07:51 . 2017-03-22 07:55 163976 ----a-w- c:\windows\system32\drivers\avipbb.sys
2017-03-28 07:51 . 2017-03-22 07:55 161824 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2017-03-28 07:31 . 2017-03-31 12:07 -------- d-----w- c:\users\Public\Speedup Sessions
2017-03-28 07:29 . 2017-03-28 17:39 -------- d-----w- c:\program files (x86)\Avira
2017-03-28 07:29 . 2017-03-28 17:39 -------- d-----w- c:\programdata\Avira
2017-03-28 07:29 . 2017-03-28 07:29 -------- d-----w- c:\programdata\Package Cache
2017-03-28 07:28 . 2014-04-23 23:51 566784 ----a-w- c:\windows\SysWow64\WSShared.dll
2017-03-28 07:28 . 2014-04-23 23:38 693760 ----a-w- c:\windows\system32\WSShared.dll
2017-03-28 07:28 . 2014-04-29 22:32 126464 ----a-w- c:\windows\system32\Robocopy.exe
2017-03-28 07:28 . 2014-01-31 00:48 143872 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.dll
2017-03-28 07:28 . 2013-08-16 05:21 198656 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.dll
2017-03-28 07:28 . 2014-04-29 22:32 106496 ----a-w- c:\windows\SysWow64\Robocopy.exe
2017-03-28 07:28 . 2014-04-23 23:51 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-03-28 07:28 . 2014-04-23 23:38 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-03-28 07:09 . 2013-10-31 05:56 915968 ----a-w- c:\windows\system32\MPSSVC.dll
2017-03-28 07:09 . 2013-10-31 05:56 758784 ----a-w- c:\windows\system32\FirewallAPI.dll
2017-03-28 07:09 . 2013-10-31 04:01 550400 ----a-w- c:\windows\SysWow64\FirewallAPI.dll
2017-03-28 07:09 . 2013-10-13 20:49 100696 ----a-w- c:\windows\system32\drivers\disk.sys
2017-03-28 07:09 . 2013-10-31 03:42 74752 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2017-03-28 07:05 . 2017-03-31 11:59 186304 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-03-28 07:04 . 2017-03-31 11:59 92088 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-03-28 07:04 . 2017-03-31 11:59 111544 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-03-28 07:04 . 2017-03-31 11:59 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-03-28 07:04 . 2017-03-31 11:58 251840 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-03-28 07:04 . 2017-02-24 04:23 77408 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-03-28 07:04 . 2017-03-28 07:04 -------- d-----w- c:\programdata\Malwarebytes
2017-03-28 07:04 . 2017-03-28 07:04 -------- d-----w- c:\program files\Malwarebytes
2017-03-28 07:02 . 2017-03-30 03:10 307960 ----a-w- c:\windows\system32\iseguard64.dll
2017-03-28 07:02 . 2017-03-30 03:10 236792 ----a-w- c:\windows\SysWow64\iseguard32.dll
2017-03-28 07:02 . 2017-03-29 21:49 62208 ----a-w- c:\windows\system32\drivers\isedrv.sys
2017-03-28 07:02 . 2017-03-28 07:02 3858824 ----a-w- c:\windows\SysWow64\ise_installer.exe
2017-03-28 07:01 . 2017-03-28 08:18 -------- d-----w- c:\program files (x86)\Common Files\COMODO
2017-03-28 07:01 . 2017-03-28 07:27 -------- d-----w- c:\program files\COMODO
2017-03-28 07:01 . 2017-03-28 07:02 -------- d-----w- c:\program files (x86)\Comodo
2017-03-28 06:56 . 2017-03-31 12:04 -------- d-----w- c:\programdata\Comodo
2017-03-28 06:56 . 2017-03-28 06:56 -------- d-----w- c:\programdata\Comodo Downloader
2017-03-28 06:56 . 2017-03-28 06:56 -------- d-----w- c:\programdata\Shared Space
2017-03-28 06:48 . 2017-03-28 06:49 -------- d-----w- c:\program files (x86)\OpenOffice 4
2017-03-28 06:46 . 2013-07-31 00:42 1107968 ----a-w- c:\program files\Common Files\System\Ole DB\oledb32.dll
2017-03-28 06:46 . 2013-08-02 06:28 222208 ----a-w- c:\windows\system32\shdocvw.dll
2017-03-28 06:46 . 2013-07-31 00:50 941056 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\oledb32.dll
2017-03-28 06:46 . 2013-07-24 23:06 225280 ----a-w- c:\windows\system32\mbsmsapi.dll
2017-03-28 06:46 . 2013-07-24 23:10 158208 ----a-w- c:\windows\SysWow64\mbsmsapi.dll
2017-03-28 06:43 . 2013-08-03 06:40 462336 ----a-w- c:\windows\system32\sysmon.ocx
2017-03-28 06:43 . 2013-08-03 06:40 566784 ----a-w- c:\windows\system32\wvc.dll
2017-03-28 06:43 . 2013-08-03 06:40 1374208 ----a-w- c:\windows\system32\wdc.dll
2017-03-28 06:43 . 2013-08-03 05:14 399360 ----a-w- c:\windows\SysWow64\sysmon.ocx
2017-03-28 06:43 . 2013-08-03 05:13 437248 ----a-w- c:\windows\SysWow64\wvc.dll
2017-03-28 06:43 . 2013-08-03 05:13 1245696 ----a-w- c:\windows\SysWow64\wdc.dll
2017-03-28 06:37 . 2014-03-01 09:47 1258496 ----a-w- c:\windows\system32\kernel32.dll
2017-03-28 06:37 . 2014-03-01 09:47 1120768 ----a-w- c:\windows\system32\gpedit.dll
2017-03-28 06:37 . 2013-11-25 23:17 83968 ----a-w- c:\windows\system32\drivers\hidclass.sys
2017-03-28 06:37 . 2014-03-01 08:07 1075200 ----a-w- c:\windows\SysWow64\gpedit.dll
2017-03-28 06:37 . 2013-05-04 04:48 27648 ----a-w- c:\windows\system32\drivers\hidusb.sys
2017-03-28 06:37 . 2014-02-15 04:15 78336 ----a-w- c:\windows\system32\drivers\IPMIDrv.sys
2017-03-28 06:37 . 2013-06-29 03:08 32768 ----a-w- c:\windows\system32\drivers\hidparse.sys
2017-03-28 01:51 . 2016-01-05 20:16 176088 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-03-28 01:51 . 2016-01-05 20:16 826328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-03-28 01:46 . 2017-03-28 01:46 -------- d-s---w- c:\windows\system32\CompatTel
2017-03-28 01:46 . 2017-03-28 01:46 -------- d-----w- c:\windows\Migration
2017-03-28 01:46 . 2017-03-28 01:46 -------- d-----w- c:\windows\system32\appraiser
2017-03-28 01:33 . 2015-10-01 13:10 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2017-03-28 01:33 . 2015-10-01 13:09 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2017-03-28 01:07 . 2014-04-16 18:20 29888 ----a-w- c:\windows\system32\aspnet_counters.dll
2017-03-28 01:07 . 2014-04-16 18:20 28352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2017-03-28 01:04 . 2014-06-10 22:44 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2017-03-28 01:04 . 2014-06-10 22:43 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2017-03-27 15:15 . 2015-07-01 13:00 227328 ----a-w- c:\windows\system32\WebClnt.dll
2017-03-27 15:15 . 2015-07-01 12:58 104448 ----a-w- c:\windows\system32\davclnt.dll
2017-03-27 15:15 . 2015-07-01 11:42 198656 ----a-w- c:\windows\SysWow64\WebClnt.dll
2017-03-27 15:15 . 2015-07-01 11:41 86016 ----a-w- c:\windows\SysWow64\davclnt.dll
2017-03-27 15:14 . 2015-11-16 16:10 1821192 ----a-w- c:\windows\system32\ntdll.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-03-27 13:16 . 2012-07-26 08:13 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2017-02-10 10:36 . 2017-02-10 10:36 35784 ----a-w- c:\windows\system32\drivers\tap0901.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2017-03-03 9364696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2012-07-25 508656]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488]
"IseUI"="c:\program files (x86)\COMODO\Internet Security Essentials\vkise.exe" [2017-03-30 3386576]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2017-03-09 63432]
"Avira System Speedup User Starter"="c:\program files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe" [2017-03-14 64648]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2017-03-22 909744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R2 SpeedupService;Avira System Speedup;c:\program files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe;c:\program files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [x]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthLEEnum;Controlador de Bluetooth de bajo consumo;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 vm331avs;Digital Camera 1;c:\windows\System32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
S0 avusbflt;avusbflt;c:\windows\System32\Drivers\avusbflt.sys;c:\windows\SYSNATIVE\Drivers\avusbflt.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdhlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 isedrv;Internet Security Essentials;c:\windows\system32\drivers\isedrv.sys;c:\windows\SYSNATIVE\drivers\isedrv.sys [x]
S2 AntiVirSchedulerService;Avira Programador;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 isesrv;isesrv;c:\program files (x86)\COMODO\Internet Security Essentials\isesrv.exe;c:\program files (x86)\COMODO\Internet Security Essentials\isesrv.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 IntcDAud;Sonido Intel® para pantallas;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-25 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-25 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-25 441152]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-06-13 1647616]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-06-14 887968]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2013-07-24 17079376]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2013-07-24 191568]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-20 2780112]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo13.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Completion time: 2017-03-31  10:44:34
ComboFix-quarantined-files.txt  2017-03-31 13:44
ComboFix2.txt  2017-03-31 13:19
.
Pre-Run: 914.735.497.216 bytes libres
Post-Run: 914.672.189.440 bytes libres
.
- - End Of File - - 73B9151384154267E1DC0A125E185B4A
 


BC AdBot (Login to Remove)

 


#2 edmariskal

edmariskal
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 31 March 2017 - 10:26 AM

:/



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:06 AM

Posted 01 April 2017 - 08:06 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Wait for further instructions.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users