API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 21st, 2018
607
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.18 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 18-02-16.01 - msi 21.02.2018 17:47:51.1.2 - x64
  2. Microsoft Windows 7 Professional 6.1.7601.1.1254.90.1055.18.3071.2239 [GMT 3:00]
  3. Running from: c:\users\msi\Desktop\ComboFix.exe
  4. SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  5. * Created a new restore point
  6. .
  7. .
  8. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  9. .
  10. .
  11. C:\dfinstall.log
  12. c:\programdata\ntuser.pol
  13. c:\windows\TEMP\DFLocker64.exe
  14. c:\windows\wininit.ini
  15. .
  16. c:\windows\SysWow64\Drivers\atapi.sys . . . is infected!!
  17. .
  18. .
  19. ((((((((((((((((((((((((( Files Created from 2018-01-21 to 2018-02-21 )))))))))))))))))))))))))))))))
  20. .
  21. .
  22. .
  23. .
  24. .
  25. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  26. .
  27. 2017-12-22 13:48 . 2017-12-22 14:05 5264040 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
  28. 2017-12-03 20:50 . 2017-12-03 20:50 83792 ----a-w- c:\windows\SysWow64\vcruntime140.dll
  29. 2017-12-03 20:50 . 2017-12-03 20:50 440128 ----a-w- c:\windows\SysWow64\msvcp140.dll
  30. 2017-12-03 20:50 . 2017-12-03 20:50 263856 ----a-w- c:\windows\SysWow64\vccorlib140.dll
  31. 2017-12-03 20:50 . 2017-12-03 20:50 242496 ----a-w- c:\windows\SysWow64\concrt140.dll
  32. 2017-12-03 20:38 . 2017-12-03 20:38 87728 ----a-w- c:\windows\system32\vcruntime140.dll
  33. 2017-12-03 20:38 . 2017-12-03 20:38 641696 ----a-w- c:\windows\system32\msvcp140.dll
  34. 2017-12-03 20:38 . 2017-12-03 20:38 389296 ----a-w- c:\windows\system32\vccorlib140.dll
  35. 2017-12-03 20:38 . 2017-12-03 20:38 331432 ----a-w- c:\windows\system32\concrt140.dll
  36. .
  37. .
  38. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  39. .
  40. .
  41. *Note* empty entries & legit default entries are not shown
  42. REGEDIT4
  43. .
  44. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
  45. @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
  46. [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
  47. 2017-12-22 14:12 2094304 ----a-w- c:\users\msi\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll
  48. .
  49. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
  50. @="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
  51. [HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
  52. 2017-12-22 14:12 2094304 ----a-w- c:\users\msi\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll
  53. .
  54. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
  55. @="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
  56. [HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
  57. 2017-12-22 14:12 2094304 ----a-w- c:\users\msi\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll
  58. .
  59. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
  60. @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
  61. [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
  62. 2017-12-22 14:12 2094304 ----a-w- c:\users\msi\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll
  63. .
  64. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
  65. @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
  66. [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
  67. 2017-12-22 14:12 2094304 ----a-w- c:\users\msi\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll
  68. .
  69. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive6]
  70. @="{9AA2F32D-362A-42D9-9328-24A483E2CCC3}"
  71. [HKEY_CLASSES_ROOT\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}]
  72. 2017-12-22 14:12 2094304 ----a-w- c:\users\msi\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll
  73. .
  74. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  75. "f.lux"="c:\users\msi\AppData\Local\FluxSoftware\Flux\flux.exe" [2017-08-04 1661432]
  76. .
  77. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  78. "ConsentPromptBehaviorAdmin"= 5 (0x5)
  79. "ConsentPromptBehaviorUser"= 3 (0x3)
  80. "EnableUIADesktopToggle"= 0 (0x0)
  81. .
  82. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
  83. "aux"=wdmaud.drv
  84. .
  85. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
  86. BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:D /k:E /k:F *
  87. .
  88. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DFServ]
  89. @="Service"
  90. .
  91. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
  92. R2 SetupARService;SetupARService;c:\program files (x86)\Realtek\Audio\SetupAfterRebootService.exe;c:\program files (x86)\Realtek\Audio\SetupAfterRebootService.exe [x]
  93. R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
  94. R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
  95. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
  96. R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
  97. R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
  98. R4 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [x]
  99. R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
  100. R4 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
  101. R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
  102. R4 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
  103. S0 DeepFrz;DeepFrz; [x]
  104. S0 DfDiskLo;DfDiskLo; [x]
  105. S0 FarDisk;FarDisk; [x]
  106. S0 FarSpace;FarSpace; [x]
  107. S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
  108. S0 vsock;vSockets Virtual Machine Communication Interface Sockets driver;c:\windows\system32\DRIVERS\vsock.sys;c:\windows\SYSNATIVE\DRIVERS\vsock.sys [x]
  109. S1 DFFilter;DFFilter; [x]
  110. S2 bckd;bckd;c:\windows\system32\drivers\bckd.sys;c:\windows\SYSNATIVE\drivers\bckd.sys [x]
  111. S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [x]
  112. S2 ClickToRunSvc;Microsoft Office Tıkla-Çalıştır Hizmeti;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
  113. S2 DFServ;DFServ;c:\program files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe;c:\program files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [x]
  114. S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
  115. S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
  116. S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi20-shared.sys;SysWOW64\drivers\vstor2-mntapi20-shared.sys [x]
  117. S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
  118. S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
  119. S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
  120. .
  121. .
  122. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
  123. LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
  124. .
  125. .
  126. --------- X64 Entries -----------
  127. .
  128. .
  129. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ YndCase0Sync]
  130. @="{63D48440-63AB-44D0-B323-4731DFCDE9E9}"
  131. [HKEY_CLASSES_ROOT\CLSID\{63D48440-63AB-44D0-B323-4731DFCDE9E9}]
  132. 2017-07-24 14:07 1305920 ----a-w- c:\users\msi\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll
  133. .
  134. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ YndCase1Modified]
  135. @="{7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0}"
  136. [HKEY_CLASSES_ROOT\CLSID\{7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0}]
  137. 2017-07-24 14:07 1305920 ----a-w- c:\users\msi\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll
  138. .
  139. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ YndCase2Error]
  140. @="{FB2FE984-05F5-4512-9D9B-69D3DE61F6D9}"
  141. [HKEY_CLASSES_ROOT\CLSID\{FB2FE984-05F5-4512-9D9B-69D3DE61F6D9}]
  142. 2017-07-24 14:07 1305920 ----a-w- c:\users\msi\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll
  143. .
  144. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ YndCase3Shared]
  145. @="{AF8D197E-7022-4c3d-BD88-68AD35C9C169}"
  146. [HKEY_CLASSES_ROOT\CLSID\{AF8D197E-7022-4c3d-BD88-68AD35C9C169}]
  147. 2017-07-24 14:07 1305920 ----a-w- c:\users\msi\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll
  148. .
  149. ------- Supplementary Scan -------
  150. .
  151. uLocal Page = c:\windows\system32\blank.htm
  152. IE: Adobe PDF'ye dönüştür - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
  153. IE: Bağ Hedefini PDF’ye Dönüştür - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
  154. IE: Bağ Hedefini PDF’ye Ekle - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
  155. IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
  156. IE: IDM ile indir - c:\program files (x86)\Internet Download Manager\IEExt.htm
  157. IE: Microsoft Excel'e &Ver - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
  158. IE: Se&nd to OneNote - c:\program files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
  159. IE: Tüm bağlantıları IDM ile indir - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
  160. IE: Varolan PDF’ye Ekle - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
  161. LSP: %windir%\system32\vsocklib.dll
  162. TCP: DhcpNameServer = 192.168.1.1
  163. Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
  164. Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
  165. Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
  166. Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
  167. FF - ProfilePath - c:\users\msi\AppData\Roaming\Mozilla\Firefox\Profiles\q8pg60i8.default\
  168. FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
  169. .
  170. - - - - ORPHANS REMOVED - - - -
  171. .
  172. {CDC95B92-E27C-4745-A8C5-64A52A78855D}"-IDM Shell Extension - ShellIconOverlayIdentifiers
  173. AddRemove-PESEdit.com 2013 Patch 6.0 - Update Summer Transfers 2016 2016.09.02 - c:\program files (x86)\KONAMI\Pro Evolution Soccer 2013\Uninstall.exe
  174. .
  175. .
  176. .
  177. --------------------- LOCKED REGISTRY KEYS ---------------------
  178. .
  179. [HKEY_USERS\S-1-5-21-3728210870-3773789139-3640819246-1000_Classes\Wow6432Node\CLSID\{72593caa-76a3-4c2f-9bf1-92e91eaa0ba7}]
  180. @Denied: (Full) (Everyone)
  181. @Allowed: (Read) (RestrictedCode)
  182. "Model"=dword:00000161
  183. "Therad"=dword:00000020
  184. "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
  185. 38,95,44,66,03,49,57,04,76,4a,36,a3,2a,03,a6,b5,e9,e6,69,74,f3,ab,98,82,ee,\
  186. .
  187. [HKEY_USERS\S-1-5-21-3728210870-3773789139-3640819246-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
  188. @Denied: (Full) (Everyone)
  189. "scansk"=hex(0):06,a9,fa,47,0f,17,48,0c,04,13,88,9e,c4,ac,85,47,b8,87,56,39,b0,
  190. 8c,ea,a8,9e,8f,f3,fd,f2,1a,55,85,ad,07,d3,55,4d,56,7f,98,00,00,00,00,00,00,\
  191. .
  192. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  193. @Denied: (Full) (Everyone)
  194. .
  195. Completion time: 2018-02-21 18:10:42
  196. ComboFix-quarantined-files.txt 2018-02-21 15:10
  197. .
  198. Pre-Run: 55.742.468.096 bayt boş
  199. Post-Run: 55.249.666.048 bayt boş
  200. .
  201. - - End Of File - - 255E5323F35C963DC61C5F48BD98E202
  202. A36C5E4F47E84449FF07ED3517B43A31
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!