Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix log


  • This topic is locked This topic is locked
6 replies to this topic

#1 slovena

slovena

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:06 PM

Posted 04 February 2018 - 08:49 AM

After using new programm - NCH software — PhotoPad - desapeared Working table. 3 antiviruses found nothing; NOD32, MBAM, AVZ. I use Combofix. All Working table back. Analize my Combofix log, please, and tell what i must do next?

 

ComboFix 18-01-10.01 - hhgfv 03.02.2018  21:05:47.1.2 - x86

Microsoft Windows 7 Ìàêñèìàëüíàÿ   6.1.7601.1.1251.7.1049.18.2047.643 [GMT 2:00]

Running from: c:\users\hhgfv\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}

SP: ESET NOD32 Antivirus *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\hhgfv\Documents\~WRL0995.tmp

c:\users\hhgfv\Documents\~WRL2441.tmp

c:\users\hhgfv\Documents\~WRL3036.tmp

c:\windows\XSxS

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Pragma6Serv

.

.

(((((((((((((((((((((((((   Files Created from 2018-01-03 to 2018-02-03  )))))))))))))))))))))))))))))))

.

.

2018-02-03 20:30 . 2018-02-03 20:32 --------    d-----w-    c:\users\hhgfv\AppData\Local\temp

2018-02-03 20:30 . 2018-02-03 20:30 --------    d-----w-      c:\users\Default\AppData\Local\temp

2018-02-03 18:52 . 2018-02-03 18:52 --------    d-----w-      c:\users\hhgfv\AppData\Local\TeamViewer

2018-02-03 18:35 . 2018-02-03 18:36 19315456    ----a-w-    C:\TeamViewer_Setup.exe

2018-02-03 18:17 . 2018-02-03 18:17 2557488     ----a-w-    C:\kav18.0.0.405abcuk_ru_13191.exe

2018-02-03 17:42 . 2018-02-03 17:42 --------    d-----w-    c:\programdata\Doctor Web

2018-02-03 17:40 . 2018-02-03 17:41 165164768   ----a-w-    C:\tmzcfs4z.exe

2018-02-02 09:03 . 2018-02-02 09:03 --------    d--h--w-    c:\users\hhgfv\AppData\Local\Viber

2018-01-30 06:04 . 2018-01-11 00:48 11469352    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{074E3BAE-0899-4BAF-BAD7-5513F570A06F}\mpengine.dll

2018-01-26 13:01 . 2018-02-03 16:42 --------    d--h--w-      c:\users\hhgfv\AppData\Roaming\EpicPen

2018-01-26 13:00 . 2018-01-26 13:01 --------    d-----w-    c:\program files\Epic Pen

2018-01-22 11:19 . 2018-01-22 11:19 43344 ----a-w-    c:\windows\system32\DbxSvc.exe

2018-01-22 11:19 . 2018-01-22 11:19 35432 ----a-w-    c:\windows\system32\drivers\dbx-dev.sys

2018-01-22 11:19 . 2018-01-22 11:19 35408 ----a-w-    c:\windows\system32\drivers\dbx-stable.sys

2018-01-22 11:19 . 2018-01-22 11:19 35408 ----a-w-    c:\windows\system32\drivers\dbx-canary.sys

2018-01-18 14:15 . 2018-01-18 14:15 --------    d--h--w-      c:\users\hhgfv\AppData\Roaming\BANDISOFT

2018-01-18 14:15 . 2018-01-18 14:17 --------    d-----w-    c:\program files\Bandicut

2018-01-18 12:25 . 2018-02-03 16:45 --------    d--h--w-    c:\users\hhgfv\AppData\Roaming\NCH Software

2018-01-18 12:25 . 2018-02-03 16:45 --------    d-----w-    c:\programdata\NCH Software

2018-01-18 12:25 . 2018-02-03 16:45 --------    d-----w-    c:\program files\NCH Software

2018-01-18 12:14 . 2018-01-18 12:14 --------    d--h--w-      c:\users\hhgfv\AppData\Local\VideoEditor

2018-01-18 12:11 . 2018-01-18 12:11 --------    d-----w-    c:\programdata\Movavi Video Editor 14

2018-01-17 06:57 . 2018-01-17 06:57 --------    d--h--w-      c:\users\hhgfv\AppData\Roaming\Apple Computer

2018-01-16 16:49 . 2018-01-16 16:49 --------    d--h--w-      c:\users\hhgfv\AppData\Roaming\MPC-HC

2018-01-16 14:52 . 2018-01-16 14:52 --------    d--h--w-      c:\users\hhgfv\AppData\Roaming\Bandicam Company

2018-01-16 14:46 . 2018-01-16 14:46 --------    d-----w-    c:\program files\Bandicam

2018-01-16 14:46 . 2018-01-16 14:46 --------    d-----w-    c:\program files\BandiMPEG1

2018-01-16 12:42 . 2012-07-21 11:54 122880      ----a-w-    c:\windows\system32\ac3acm.acm

2018-01-16 12:42 . 2011-12-07 18:32 216064      ----a-w-    c:\windows\system32\lagarith.dll

2018-01-16 12:42 . 2017-07-30 11:50 3850240     ----a-w-    c:\windows\system32\x264vfw.dll

2018-01-16 12:42 . 2015-12-18 10:00 674816      ----a-w-    c:\windows\system32\xvidcore.dll

2018-01-16 12:42 . 2015-12-18 10:00 282112      ----a-w-    c:\windows\system32\xvidvfw.dll

2018-01-16 12:42 . 2015-10-24 17:00 112128      ----a-w-    c:\windows\system32\ff_vfw.dll

2018-01-16 12:15 . 2018-01-16 12:16 --------    d-----w-    c:\program files\QuickTime

2018-01-16 12:15 . 2018-01-16 12:15 --------    d-----w-    c:\programdata\Apple Computer

2018-01-16 12:14 . 2018-01-16 12:14 --------    d--h--w-    c:\users\hhgfv\AppData\Local\Apple

2018-01-16 12:14 . 2018-01-16 12:14 --------    d-----w-    c:\program files\Apple Software Update

2018-01-16 12:14 . 2018-01-16 12:14 --------    d-----w-    c:\programdata\Apple

2018-01-16 12:14 . 2018-01-16 12:14 --------    d-----w-    c:\program files\Common Files\Apple

2018-01-11 12:52 . 2018-01-11 12:52 --------    d--h--w-      c:\users\hhgfv\AppData\Roaming\HyperCam

2018-01-11 12:50 . 2018-01-11 12:51 --------    d-----w-    c:\program files\HyperCam 4

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2018-02-03 20:32 . 2015-03-30 12:48 28160 ----a-w-    c:\windows\system32\drivers\oem-drv86.sys

2018-02-03 18:05 . 2018-02-03 18:04 10112832    ----a-w-    C:\avz4.zip

2018-02-03 17:14 . 2015-10-01 19:56 170200      ----a-w-      c:\windows\system32\drivers\mbamswissarmy.sys

2018-01-15 08:00 . 2017-11-19 15:47 126487616   -c--a-w-    c:\windows\system32\MRT-KB890830.exe

2018-01-02 15:54 . 2018-01-02 15:54 1752432     ----a-w-    C:\cpu-z_1.82-en.exe

2018-01-01 16:12 . 2018-01-15 07:53 2560  ----a-w-    c:\windows\apppatch\AcRes.dll

2017-12-23 13:36 . 2015-07-14 12:29 68224 ----a-w-    c:\windows\system32\drivers\epfwwfpr.sys

2017-12-23 13:36 . 2015-07-14 12:29 141480      ----a-w-      c:\windows\system32\drivers\ehdrv.sys

2017-12-23 13:36 . 2015-07-14 12:29 113544      ----a-w-      c:\windows\system32\drivers\eamonm.sys

2017-11-07 16:13 . 2017-12-13 11:41 2048  ----a-w-    c:\windows\system32\tzres.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt01]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2018-01-22 11:13  289104      ----a-w-    c:\program files\Dropbox\Client\DropboxExt.19.0.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt02]

@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]

2018-01-22 11:13  289104      ----a-w-    c:\program files\Dropbox\Client\DropboxExt.19.0.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt03]

@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]

2018-01-22 11:13  289104      ----a-w-    c:\program files\Dropbox\Client\DropboxExt.19.0.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt04]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2018-01-22 11:13  289104      ----a-w-    c:\program files\Dropbox\Client\DropboxExt.19.0.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt05]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2018-01-22 11:13  289104      ----a-w-    c:\program files\Dropbox\Client\DropboxExt.19.0.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt06]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2018-01-22 11:13  289104      ----a-w-    c:\program files\Dropbox\Client\DropboxExt.19.0.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt07]

@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]

2018-01-22 11:13  289104      ----a-w-    c:\program files\Dropbox\Client\DropboxExt.19.0.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt08]

@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]

2018-01-22 11:13  289104      ----a-w-    c:\program files\Dropbox\Client\DropboxExt.19.0.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt09]

@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]

2018-01-22 11:13  289104      ----a-w-    c:\program files\Dropbox\Client\DropboxExt.19.0.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt10]

@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]

2018-01-22 11:13  289104      ----a-w-    c:\program files\Dropbox\Client\DropboxExt.19.0.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-04-23 6278424]

"Viber"="c:\users\hhgfv\AppData\Local\Viber\Viber.exe" [2018-01-30 35581000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pragma6"="c:\program files\Trident Software\Pragma6\pkernel.exe" [2015-06-06 176128]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"Dropbox"="c:\program files\Dropbox\Client\Dropbox.exe" [2018-01-22 3567936]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2014-05-14 6688472]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\ecmdS.exe" [2017-12-23 297592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux8"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2017-09-27 09:27  1171480     ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2013-09-13 17:51  59720 ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR11]

2011-09-04 21:58  925960      ----a-w-    c:\program files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2017-10-10 12:56  27832264    ----a-r-    c:\program files\Skype\Phone\Skype.exe

.

R2 dbupdate;Îáíîâëåíèå Dropbox (dbupdate);c:\program files\Dropbox\Update\DropboxUpdate.exe [2016-04-27 143144]

R3 cpuz135;cpuz135;c:\users\hhgfv\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]

R3 dbupdatem;Îáíîâëåíèå Dropbox (dbupdatem);c:\program files\Dropbox\Update\DropboxUpdate.exe [2016-04-27 143144]

R3 dbx;dbx;c:\windows\system32\DRIVERS\dbx.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2017-12-29 104960]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2017-08-13 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]

R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2015-08-18 25088]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2015-04-29 20256]

R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys [2016-08-16 128704]

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-17 176128]

S0 oem-drv86;OEM-SLP2.1 Driver (HPD86);c:\windows\system32\DRIVERS\oem-drv86.sys [2018-02-03 28160]

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2017-12-23 113544]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2017-12-23 141480]

S1 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2017-12-23 68224]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2016-04-18 772656]

S1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service;c:\windows\system32\DRIVERS\VBoxNetAdp6.sys [2016-04-18 103544]

S1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetLwf.sys [2016-04-18 165880]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2016-04-18 119144]

S2 DbxSvc;DbxSvc;c:\windows\system32\DbxSvc.exe [2018-01-22 43344]

S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2017-12-23 2089176]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2017-07-18 317408]

S3 ALSysIO;ALSysIO;c:\users\hhgfv\AppData\Local\Temp\ALSysIO.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2015-08-12 78848]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2010-08-24 67184]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ALSYSIO

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation     REG_MULTI_SZ      SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc

utcsvc      REG_MULTI_SZ      DiagTrack

WindowsMobile     REG_MULTI_SZ      wcescomm rapimgr

LocalServiceRestricted  REG_MULTI_SZ      WcesComm RapiMgr

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2018-01-05 08:56  1538904     ----a-w-    c:\program files\Google\Chrome\Application\63.0.3239.132\Installer\chrmstp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]

2017-07-31 22:31  324080      ----a-w-    c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll

.

Contents of the 'Scheduled Tasks' folder

.

2018-02-03 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job

- c:\program files\Dropbox\Update\DropboxUpdate.exe [2016-04-27 18:04]

.

2018-02-03 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job

- c:\program files\Dropbox\Update\DropboxUpdate.exe [2016-04-27 18:04]

.

.

------- Supplementary Scan -------

.

IE: &Ýêñïîðò â Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: c:\windows\plspnt.dll

Trusted Zone: eset.com\help

TCP: DhcpNameServer = 192.168.31.1

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(5224)

c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\conhost.exe

c:\program files\TeamViewer\TeamViewer_Service.exe

c:\core temp 1.0 rc5 portable\CoreTemp32.exe

c:\program files\ESET\ESET NOD32 Antivirus\egui.exe

c:\windows\servicing\TrustedInstaller.exe

c:\program files\Google\Update\1.3.33.7\GoogleCrashHandler.exe

c:\program files\TeamViewer\TeamViewer.exe

c:\program files\TeamViewer\tv_w32.exe

.

**************************************************************************

.

Completion time: 2018-02-03  22:39:39 - machine was rebooted

ComboFix-quarantined-files.txt  2018-02-03 20:39

.

Pre-Run: 4 256 468 992 áàéò ñâîáîäíî

Post-Run: 4 464 902 144 áàéò ñâîáîäíî

.

- - End Of File - - 866F8349F750E82BCDCAA54E24D5603A

A36C5E4F47E84449FF07ED3517B43A31


Edited by slovena, 04 February 2018 - 08:53 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:06 PM

Posted 04 February 2018 - 11:01 AM


Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
:step1:
Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2:
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

:step3:
Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs for my review.

Let me know what problems persists.
==============================

#3 slovena

slovena
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:06 PM

Posted 05 February 2018 - 06:06 AM

Thank you for your help.

I finished step 1. Mbam log

Malwarebytes

www.malwarebytes.com

 

-Данные журнала-

Дата проверки: 05.02.18

Время проверки: 12:33

Файл журнала: fbd00544-0a5f-11e8-80c3-20cf3082a30e.json

Администратор: Да

 

-Информация о ПО-

Версия: 3.3.1.2183

Версия компонентов: 1.0.262

Версия пакета обновления: 1.0.3871

Лицензия: Ознакомительная версия

 

-Информация о системе-

ОС: Windows 7 Service Pack 1

Процессор: x86

Файловая система: NTFS

Пользователь: hhgfv-PC\hhgfv

 

-Отчет о проверке-

Тип проверки: Полная проверка

Результат: Завершено

Проверено объектов: 192471

Обнаружено угроз: 7

Помещено в карантин: 5

Затраченное время: 16 мин, 54 с

 

-Настройки проверки-

Память: Включено

Автозагрузка: Включено

Файловая система: Включено

Архивы: Включено

Руткиты: Включено

Эвристика: Включено

PUP: Обнаружение

PUM: Обнаружение

 

-Данные проверки-

Процесс: 0

(Вредоносные программы не обнаружены)

 

Модуль: 0

(Вредоносные программы не обнаружены)

 

Раздел реестра: 0

(Вредоносные программы не обнаружены)

 

Значение реестра: 0

(Вредоносные программы не обнаружены)

 

Данные реестра: 0

(Вредоносные программы не обнаружены)

 

Поток данных: 0

(Вредоносные программы не обнаружены)

 

Папка: 0

(Вредоносные программы не обнаружены)

 

Файл: 7

RiskWare.Tool.HCK, C:\USERS\HHGFV\DESKTOP\програми\бандікам\KEYMAKER.EXE, Проигнорировано пользователем, [1961], [64690],1.0.3871

RiskWare.Tool.HCK, C:\USERS\HHGFV\DESKTOP\програми\KEYMAKER.EXE, Удалить при перезагрузке, [1961], [64690],1.0.3871

PUP.Optional.Babylon, C:\USERS\HHGFV\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Перезаписано, [1651], [455059],1.0.3871

PUP.Optional.Babylon, C:\USERS\HHGFV\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Перезаписано, [1651], [455059],1.0.3871

PUP.Optional.MailRu, C:\USERS\HHGFV\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Перезаписано, [614], [454830],1.0.3871

PUP.Optional.MailRu, C:\USERS\HHGFV\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Перезаписано, [614], [454830],1.0.3871

PUP.Optional.MailRu, C:\USERS\HHGFV\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Guest Profile\Web Data, Удаление не удалось, [614], [454830],1.0.3871

 

Физический сектор: 0

(Вредоносные программы не обнаружены)

 

 

(end)



#4 slovena

slovena
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:06 PM

Posted 05 February 2018 - 06:07 AM

It is in Russian - or do it again in English?



#5 slovena

slovena
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:06 PM

Posted 05 February 2018 - 06:11 AM

I must do all stages (AdwCleaner and Farbar Recovery Scan Tool (32 bit))? Or MBAM is enough? Computer is working OK. Or something bad is in Combofix log?

Sorry if my questions are stupid. Thank you for your help.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:06 PM

Posted 05 February 2018 - 08:32 AM

Hi,

I trust Malwarebytes so I would delete all items found.
It's your call to do it or not.

If all is well then no need to do the other scan.

#7 slovena

slovena
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:06 PM

Posted 05 February 2018 - 10:41 AM

I delete all found items. Thank you for your help!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users