Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected with malware (Cyber)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected with malware (Cyber)

Unread postby baftafrate11 » November 6th, 2013, 9:41 am

Hello, my name is Daniel and i'm infected with malware.
I have windows 7 Service Pack 1 updated.
This happened to me: http://www.bleepingcomputer.com/virus-r ... ransomware
I'm no expert and I turn to you.
The antivirus does not detect anything.
Symptoms: slow pc, slow internet, use the internet without my permission, ecc.
Please help me. QQ
I do not know how to attach multiple files and place here.

I'm post HiJackThis and Combofix log file.

HiJackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:12:43, on 06/11/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

--
End of file - 3306 bytes


ComboFix

ComboFix 13-11-04.01 - pcmeu 06/11/2013 13:36:00.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.3062.2220 [GMT 1:00]
Eseguito da: c:\users\pcmeu\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WinRAR\Leggimi.Txt
c:\program files\WinRAR\Leggimi_1a.Txt
c:\program files\WinRAR\Licenza.Txt
c:\program files\WinRAR\Ordin.htm
c:\program files\WinRAR\Ordina.htm
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Creati Da 2013-10-06 al 2013-11-06 )))))))))))))))))))))))))))))))))))
.
.
2013-11-06 12:42 . 2013-11-06 12:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-05 18:30 . 2013-10-15 23:20 7796464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA89A63B-70F1-4367-B300-43BBD96A083E}\mpengine.dll
2013-11-01 09:06 . 2013-11-01 09:06 -------- d-----w- c:\programdata\InterAction studios
2013-10-30 22:07 . 2013-10-30 22:07 -------- d-----w- c:\program files\AIMP3
2013-10-29 17:19 . 2013-09-22 23:27 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-29 17:19 . 2013-09-21 02:39 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-10-29 17:19 . 2013-09-22 23:28 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-10-29 17:19 . 2013-09-22 23:54 770648 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-10-29 17:19 . 2013-09-22 23:28 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 17:13 . 2013-10-29 17:18 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-10-29 17:12 . 2013-10-29 17:12 -------- d-----w- c:\programdata\Malwarebytes
2013-10-29 15:46 . 2013-10-29 15:46 -------- d-----w- c:\program files\HitmanPro
2013-10-29 13:23 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-10-28 22:13 . 2013-10-28 22:13 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-10-28 16:14 . 2013-10-28 17:38 -------- d-----w- c:\programdata\HitmanPro
2013-10-28 15:25 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-10-28 15:24 . 2013-08-28 01:04 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-10-28 15:23 . 2013-08-02 01:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-10-27 18:18 . 2012-05-09 11:43 74752 ----a-w- c:\windows\system32\drivers\lgvzandnetndis.sys
2013-10-27 18:17 . 2012-05-09 11:46 28032 ----a-w- c:\windows\system32\drivers\lgvzandnetmdm.sys
2013-10-27 18:17 . 2012-05-09 11:46 23168 ----a-w- c:\windows\system32\drivers\lgvzandnetdiag.sys
2013-10-27 18:17 . 2012-05-09 11:46 22400 ----a-w- c:\windows\system32\drivers\lgvzandnetgps.sys
2013-10-27 18:16 . 2010-01-25 05:11 19968 ----a-w- c:\windows\system32\drivers\lgandgps.sys
2013-10-27 18:16 . 2010-01-25 05:11 20864 ----a-w- c:\windows\system32\drivers\lganddiag.sys
2013-10-27 18:16 . 2010-01-25 05:11 24960 ----a-w- c:\windows\system32\drivers\lgandmodem.sys
2013-10-27 18:16 . 2010-01-25 05:11 14336 ----a-w- c:\windows\system32\drivers\lgandbus.sys
2013-10-27 18:07 . 2013-10-27 22:32 -------- d-----w- c:\program files\LG Electronics
2013-10-27 11:07 . 2013-10-27 11:07 -------- d-----w- c:\windows\system32\SPReview
2013-10-27 11:06 . 2013-10-27 11:06 -------- d-----w- c:\windows\system32\EventProviders
2013-10-27 11:04 . 2010-11-20 12:36 1077248 ----a-w- c:\windows\system32\Narrator.exe
2013-10-27 11:03 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2013-10-27 11:03 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-10-27 11:03 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-10-27 11:03 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2013-10-26 18:42 . 2013-10-26 18:42 -------- d-----w- c:\windows\system32\Wat
2013-10-26 18:26 . 2013-10-26 18:26 -------- d-----w- c:\windows\system32\wbem\en-US
2013-10-26 17:04 . 2013-10-26 17:04 -------- d-----w- c:\program files\Synaptics
2013-10-26 17:04 . 2013-10-26 17:04 -------- d-----w- c:\program files\alaplaya
2013-10-26 17:04 . 2013-10-27 18:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2013-10-26 17:02 . 2013-10-26 17:04 -------- d-----w- c:\program files\Common Files\InstallShield
2013-10-26 16:50 . 2013-10-26 16:51 -------- d-----w- c:\windows\system32\MRT
2013-10-26 16:43 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-10-26 16:43 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-26 16:43 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2013-10-26 16:42 . 2013-10-26 17:04 -------- d-----w- c:\programdata\Solid State Networks
2013-10-26 16:41 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2013-10-26 16:36 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-10-26 16:33 . 2011-06-15 08:55 86016 ----a-w- c:\windows\system32\odbccu32.dll
2013-10-26 16:33 . 2011-06-15 08:55 81920 ----a-w- c:\windows\system32\odbccr32.dll
2013-10-26 16:33 . 2011-06-15 08:55 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2013-10-26 16:33 . 2011-06-15 08:55 163840 ----a-w- c:\windows\system32\odbctrac.dll
2013-10-26 16:33 . 2011-06-15 08:55 122880 ----a-w- c:\windows\system32\odbccp32.dll
2013-10-26 16:33 . 2011-06-15 08:54 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2013-10-26 16:32 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-10-26 16:32 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-10-26 16:32 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2013-10-26 16:32 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2013-10-26 16:32 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2013-10-26 16:32 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2013-10-26 16:32 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2013-10-26 16:30 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-10-26 16:30 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2013-10-26 16:30 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2013-10-26 16:30 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2013-10-26 16:30 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
2013-10-26 16:30 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2013-10-26 16:30 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2013-10-26 16:30 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2013-10-26 16:30 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2013-10-26 16:30 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2013-10-26 16:30 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2013-10-26 16:30 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2013-10-26 16:29 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-10-26 16:29 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2013-10-26 16:29 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-10-26 16:27 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2013-10-26 16:27 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-10-26 16:27 . 2010-11-20 12:18 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2013-10-26 16:24 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2013-10-26 16:24 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2013-10-26 16:21 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-10-26 14:26 . 2013-10-26 13:33 -------- d-----w- c:\windows\Panther
2013-10-26 14:18 . 2013-10-26 14:18 -------- d-----w- c:\program files\VideoLAN
2013-10-26 14:10 . 2013-10-26 14:11 -------- d-----w- c:\program files\Google
2013-10-26 14:10 . 2013-10-26 14:09 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-10-26 14:10 . 2013-10-26 14:09 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-10-26 14:10 . 2013-10-26 14:09 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-26 14:10 . 2013-10-26 14:09 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-26 14:10 . 2013-10-26 14:09 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-26 14:10 . 2013-10-26 14:09 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-26 14:10 . 2013-10-26 14:09 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-10-26 14:10 . 2013-10-26 14:09 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-10-26 14:10 . 2013-10-26 14:09 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-10-26 14:09 . 2013-10-26 14:09 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-26 14:09 . 2013-10-26 14:09 43152 ----a-w- c:\windows\avastSS.scr
2013-10-26 14:09 . 2013-10-26 14:09 259928 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2013-10-26 14:09 . 2013-10-26 14:09 -------- d-----w- c:\program files\AVAST Software
2013-10-26 14:07 . 2013-10-26 14:07 -------- d-----w- c:\programdata\AVAST Software
2013-10-26 14:02 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2013-10-26 14:02 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-10-26 14:02 . 2010-11-20 10:24 134656 ----a-w- c:\windows\system32\rdpudd.dll
2013-10-26 14:02 . 2010-11-20 10:21 15872 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-10-26 14:02 . 2010-11-20 10:21 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2013-10-26 13:58 . 2013-10-26 13:58 -------- d-----w- c:\programdata\ATI
2013-10-26 13:57 . 2013-10-26 13:57 0 ----a-w- c:\windows\ativpsrm.bin
2013-10-26 13:52 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-10-26 13:52 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-10-26 13:52 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-10-26 13:52 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-10-26 13:52 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-10-26 13:52 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-10-26 13:52 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-10-26 13:52 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-10-26 13:52 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-10-26 13:50 . 2013-10-26 16:15 -------- d-sh--w- c:\windows\Installer
2013-10-26 13:50 . 2013-10-26 13:50 -------- d-----w- c:\program files\ATI
2013-10-26 13:49 . 2013-10-26 13:52 -------- d-----w- c:\program files\ATI Technologies
2013-10-26 13:39 . 2013-10-26 13:39 -------- d-----w- C:\swsetup
2013-10-26 13:37 . 2013-11-06 12:31 -------- d-----w- c:\windows\system32\wbem\Performance
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-27 11:11 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-26 14:09 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 98304]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-10-26 3567800]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-10-27 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R3 Andbus;LGE Android Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-01-25 14336]
R3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2010-01-25 20864]
R3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2010-01-25 19968]
R3 ANDModem;LGE Android USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2010-01-25 24960]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-10-29 40776]
R3 netr28u;Driver scheda LAN wireless USB RT2870 per Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag.sys [2012-05-09 23168]
R3 vzandnetgps;LGE AndroidNet for VZW USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgvzandnetgps.sys [2012-05-09 22400]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm.sys [2012-05-09 28032]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis.sys [2012-05-09 74752]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2013-10-26 1343400]
R3 XDva405;XDva405;c:\windows\system32\XDva405.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-10-26 26136]
S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys [2013-10-26 259928]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-10-26 774392]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-10-26 403440]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-10-26 35656]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-26 70384]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2013-10-26 179088]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-16 101392]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2012-12-06 2046560]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-26 14:11 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-26 14:10]
.
2013-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-26 14:10]
.
.
------- Scansione supplementare -------
.
TCP: DhcpNameServer = 192.168.43.1
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2013-11-06 13:43:45
ComboFix-quarantined-files.txt 2013-11-06 12:43
.
Pre-Run: 83.197.747.200 byte disponibili
Post-Run: 83.087.659.008 byte disponibili
.
- - End Of File - - C1C6248175D8A4EA0680D6CB2893F40D
A36C5E4F47E84449FF07ED3517B43A31
baftafrate11
Active Member
 
Posts: 4
Joined: November 6th, 2013, 9:03 am
Advertisement
Register to Remove

Re: Infected with malware (Cyber)

Unread postby baftafrate11 » November 9th, 2013, 12:31 pm

I'm post DDS log file.

DDS

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by pcmeu at 18:32:20,18 on 09/11/2013
Internet Explorer: 9.10.9200.16721
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.3062.2188 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Users\pcmeu\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: avast! Online Security: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! Online Security: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-10-26 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-10-26 178304]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-10-26 26136]
R1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswNdisFlt.sys [2013-10-26 259928]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-10-26 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-10-26 403440]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-26 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-10-26 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-26 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-10-26 50344]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-10-26 179088]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 6380544]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 222208]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-16 101392]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2012-12-6 2046560]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\drivers\lgvzandnetdiag.sys [2013-10-27 23168]
R3 vzandnetgps;LGE AndroidNet for VZW USB GPS NMEA Port;c:\windows\system32\drivers\lgvzandnetgps.sys [2013-10-27 22400]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\drivers\lgvzandnetmdm.sys [2013-10-27 28032]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\drivers\lgvzandnetndis.sys [2013-10-27 74752]
S2 gupdate;Servizio Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2013-10-26 116648]
S3 Andbus;LGE Android Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2013-10-27 14336]
S3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2013-10-27 20864]
S3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2013-10-27 19968]
S3 ANDModem;LGE Android USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2013-10-27 24960]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Servizio Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2013-10-26 116648]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-10-29 40776]
S3 netr28u;Driver scheda LAN wireless USB RT2870 per Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-10-26 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-10-27 52224]
S3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2013-10-26 1343400]
.
=============== Created Last 30 ================
.
2013-11-08 11:55:56 7796464 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{98025cfe-28ee-43e1-a138-1ef1e006499c}\mpengine.dll
2013-11-06 13:12:03 388096 ----a-r- c:\users\pcmeu\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-11-06 13:12:03 -------- d-----w- c:\program files\Trend Micro
2013-11-06 12:43:51 -------- d-sh--w- C:\$RECYCLE.BIN
2013-11-06 12:43:47 -------- d-----w- c:\users\pcmeu\appdata\local\temp
2013-11-06 12:34:41 98816 ----a-w- c:\windows\sed.exe
2013-11-06 12:34:41 518144 ----a-w- c:\windows\SWREG.exe
2013-11-06 12:34:41 256000 ----a-w- c:\windows\PEV.exe
2013-11-06 12:34:41 208896 ----a-w- c:\windows\MBR.exe
2013-11-03 16:14:20 -------- d-----w- c:\users\pcmeu\appdata\local\CrashRpt
2013-11-01 09:06:41 -------- d-----w- c:\progra~2\InterAction studios
2013-10-30 22:08:06 -------- d-----w- c:\users\pcmeu\appdata\roaming\AIMP3
2013-10-30 22:07:55 -------- d-----w- c:\program files\AIMP3
2013-10-29 17:19:59 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-10-29 17:19:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-29 17:19:58 817664 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-10-29 17:19:57 770648 ----a-w- c:\program files\internet explorer\iexplore.exe
2013-10-29 17:19:57 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 17:13:07 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-10-29 17:13:07 -------- d-----w- c:\users\pcmeu\appdata\roaming\Malwarebytes
2013-10-29 17:12:49 -------- d-----w- c:\progra~2\Malwarebytes
2013-10-29 17:12:40 -------- d-----w- c:\users\pcmeu\appdata\local\Programs
2013-10-29 16:33:23 7796464 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-10-29 13:23:59 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-10-28 22:13:37 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-10-28 16:14:28 -------- d-----w- c:\progra~2\HitmanPro
2013-10-28 15:25:53 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-10-28 15:24:56 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-10-28 15:23:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-10-27 18:18:00 74752 ----a-w- c:\windows\system32\drivers\lgvzandnetndis.sys
2013-10-27 18:17:58 28032 ----a-w- c:\windows\system32\drivers\lgvzandnetmdm.sys
2013-10-27 18:17:58 23168 ----a-w- c:\windows\system32\drivers\lgvzandnetdiag.sys
2013-10-27 18:17:58 22400 ----a-w- c:\windows\system32\drivers\lgvzandnetgps.sys
2013-10-27 18:16:33 24960 ----a-w- c:\windows\system32\drivers\lgandmodem.sys
2013-10-27 18:16:33 20864 ----a-w- c:\windows\system32\drivers\lganddiag.sys
2013-10-27 18:16:33 19968 ----a-w- c:\windows\system32\drivers\lgandgps.sys
2013-10-27 18:16:33 14336 ----a-w- c:\windows\system32\drivers\lgandbus.sys
2013-10-27 18:07:44 -------- d-----w- c:\program files\LG Electronics
2013-10-27 17:22:22 -------- d-----w- c:\users\pcmeu\appdata\local\ElevatedDiagnostics
2013-10-27 13:46:26 -------- d-----w- c:\users\pcmeu\appdata\local\Diagnostics
2013-10-27 11:07:51 -------- d-----w- c:\windows\system32\SPReview
2013-10-27 11:06:58 -------- d-----w- c:\windows\system32\EventProviders
2013-10-27 11:04:59 82944 ----a-w- c:\windows\system32\thumbcache.dll
2013-10-27 11:03:57 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-10-27 11:03:57 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2013-10-27 11:03:57 189952 ----a-w- c:\program files\windows portable devices\sqmapi.dll
2013-10-27 11:03:53 189952 ----a-w- c:\windows\system32\sqmapi.dll
2013-10-26 20:49:03 -------- d-----w- c:\users\pcmeu\appdata\local\Microsoft Games
2013-10-26 18:42:12 -------- d-----w- c:\windows\system32\Wat
2013-10-26 18:26:16 -------- d-----w- c:\windows\system32\wbem\en-US
2013-10-26 17:04:46 -------- d-----w- c:\program files\Synaptics
2013-10-26 17:04:38 69632 ------w- c:\program files\common files\installshield\updateservice\issch.exe
2013-10-26 17:04:38 -------- d-----w- c:\program files\alaplaya
2013-10-26 17:04:37 380928 ------w- c:\program files\common files\installshield\updateservice\agent.exe
2013-10-26 17:04:37 212992 ------w- c:\program files\common files\installshield\updateservice\ISDM.exe
2013-10-26 17:02:12 724992 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iKernel.dll
2013-10-26 17:02:12 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\ctor.dll
2013-10-26 17:02:12 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\DotNetInstaller.exe
2013-10-26 17:02:12 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2013-10-26 17:02:12 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iscript.dll
2013-10-26 17:02:12 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iuser.dll
2013-10-26 17:02:10 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\Setup.dll
2013-10-26 17:02:10 184452 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iGdi.dll
2013-10-26 16:50:44 -------- d-----w- c:\windows\system32\MRT
2013-10-26 16:43:38 5120 ----a-w- c:\windows\system32\wmi.dll
2013-10-26 16:43:38 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-10-26 16:43:38 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-26 16:42:07 -------- d-----w- c:\progra~2\Solid State Networks
2013-10-26 16:41:24 293376 ----a-w- c:\windows\system32\browserchoice.exe
2013-10-26 16:36:02 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-10-26 16:33:38 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2013-10-26 16:33:38 86016 ----a-w- c:\windows\system32\odbccu32.dll
2013-10-26 16:33:38 81920 ----a-w- c:\windows\system32\odbccr32.dll
2013-10-26 16:33:38 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2013-10-26 16:33:38 163840 ----a-w- c:\windows\system32\odbctrac.dll
2013-10-26 16:33:38 122880 ----a-w- c:\windows\system32\odbccp32.dll
2013-10-26 16:32:12 69632 ----a-w- c:\windows\system32\smss.exe
2013-10-26 16:32:12 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-10-26 16:32:08 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2013-10-26 16:32:08 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2013-10-26 16:32:08 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2013-10-26 16:32:00 2048 ----a-w- c:\windows\system32\msxml3r.dll
2013-10-26 16:32:00 1236992 ----a-w- c:\windows\system32\msxml3.dll
2013-10-26 16:30:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-10-26 16:30:48 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2013-10-26 16:30:48 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2013-10-26 16:30:47 571904 ----a-w- c:\windows\system32\oleaut32.dll
2013-10-26 16:30:47 233472 ----a-w- c:\windows\system32\oleacc.dll
2013-10-26 16:30:01 805376 ----a-w- c:\windows\system32\cdosys.dll
2013-10-26 16:30:01 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2013-10-26 16:30:01 1019904 ----a-w- c:\program files\common files\system\ado\msado15.dll
2013-10-26 16:30:00 57344 ----a-w- c:\program files\common files\system\ado\msador15.dll
2013-10-26 16:30:00 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll
2013-10-26 16:30:00 212992 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2013-10-26 16:30:00 143360 ----a-w- c:\program files\common files\system\ado\msjro.dll
2013-10-26 16:29:49 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-10-26 16:29:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2013-10-26 16:29:15 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-10-26 16:27:41 741376 ----a-w- c:\windows\system32\inetcomm.dll
2013-10-26 16:27:31 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-10-26 16:27:31 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2013-10-26 16:24:31 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2013-10-26 16:24:31 1137664 ----a-w- c:\windows\system32\mfc42.dll
2013-10-26 16:21:04 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-10-26 14:26:14 -------- d-----w- c:\windows\Panther
2013-10-26 14:18:16 -------- d-----w- c:\program files\VideoLAN
2013-10-26 14:13:35 -------- d-----w- c:\users\pcmeu\appdata\roaming\AVAST Software
2013-10-26 14:10:13 -------- d-----w- c:\users\pcmeu\appdata\local\Google
2013-10-26 14:10:06 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-26 14:10:05 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-26 14:10:05 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-26 14:10:04 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-26 14:10:03 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-10-26 14:10:00 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-10-26 14:09:57 43152 ----a-w- c:\windows\avastSS.scr
2013-10-26 14:09:51 259928 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2013-10-26 14:09:36 -------- d-----w- c:\program files\AVAST Software
2013-10-26 14:07:41 -------- d-----w- c:\progra~2\AVAST Software
2013-10-26 14:02:14 826880 ----a-w- c:\windows\system32\rdpcore.dll
2013-10-26 14:02:14 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-10-26 14:02:14 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2013-10-26 14:02:14 15872 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-10-26 14:02:14 134656 ----a-w- c:\windows\system32\rdpudd.dll
2013-10-26 13:58:57 -------- d-----w- c:\users\pcmeu\appdata\local\ATI
2013-10-26 13:57:20 0 ----a-w- c:\windows\ativpsrm.bin
2013-10-26 13:52:50 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-10-26 13:52:43 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-10-26 13:52:30 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-10-26 13:52:30 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-10-26 13:50:04 -------- d-sh--w- c:\windows\Installer
2013-10-26 13:50:04 -------- d-----w- c:\program files\ATI
2013-10-26 13:49:34 -------- d-----w- c:\program files\ATI Technologies
2013-10-26 13:39:11 -------- d-----w- C:\swsetup
2013-10-26 13:37:19 -------- d-----w- c:\windows\system32\wbem\Performance
.
==================== Find3M ====================
.
2013-10-28 22:13:06 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-27 11:11:14 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-09-22 23:27:49 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-09-21 03:30:24 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-03 12:35:12 238872 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 18:33:13,79 ===============
baftafrate11
Active Member
 
Posts: 4
Joined: November 6th, 2013, 9:03 am

Re: Infected with malware (Cyber)

Unread postby Cypher » November 10th, 2013, 6:35 am

Bumping or Replying to Your Own Topic

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why you should not reply to or try to bump your topic.
Please submit a new log and wait for a helper to reply. Thank you for your understanding.

This topic is now closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 130 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware