ComboFix 15-03-01.01 - Departmant 03.03.2015 18:11:51.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1254.90.1055.18.4042.2585 [GMT 2:00]
Running from: c:usersDepartmantDownloadsComboFix.exe
AV: COMODO Antivirus *Enabled/Updated*
FW: COMODO Firewall *Enabled*
SP: COMODO Antivirus *Enabled/Updated*
SP: Windows Defender *Disabled/Outdated*
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:windowsmsdownld.tmp
.
Infected copy of c:windowsSysWow64userinit.exe was found and disinfected
Restored copy from - c:windowserdntcache86userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-02-03 to 2015-03-03 )))))))))))))))))))))))))))))))
.
.
2015-03-03 16:19 . 2015-03-03 16:19 -------- d-----w- c:usersPublicAppDataLocaltemp
2015-03-03 16:19 . 2015-03-03 16:19 -------- d-----w- c:usersDefaultAppDataLocaltemp
2015-02-26 16:54 . 2015-02-26 18:40 -------- d-----w- c
rogram files (x86)Google2015-02-26 16:54 . 2015-02-26 18:37 -------- d-----w- c:usersDepartmantAppDataLocalGoogle
2015-02-22 16:24 . 2015-02-28 13:47 -------- d-----w- c:usersDepartmantAppDataRoaming.minecraft
2015-02-22 15:20 . 2015-02-22 15:20 111016 ----a-w- c:windowssystem32WindowsAccessBridge-64.dll
2015-02-22 15:20 . 2015-02-22 15:20 -------- d-----w- c
rogram files (x86)Common FilesJava2015-02-22 15:20 . 2015-02-22 15:19 98216 ----a-w- c:windowsSysWow64WindowsAccessBridge-32.dll
2015-02-22 12:48 . 2015-02-22 12:48 -------- d-----w- c
rogram files (x86)PriceChoop2015-02-11 15:45 . 2015-02-11 15:45 -------- d-----w- c:usersDepartmantAppDataLocalSpoon
2015-02-11 15:45 . 2011-12-09 06:56 587768 ----a-w- c:windowsSysWow64Codejock.SkinFramework.Unicode .v15.2.1.ocx
2015-02-11 15:45 . 2011-12-09 06:56 1931256 ----a-w- c:windowsSysWow64Codejock.Controls.Unicode.v15. 2.1.ocx
2015-02-06 18:59 . 2015-02-06 18:59 -------- d-----w- c
rogram files (x86)Common FilesMcAfee2015-02-06 18:59 . 2015-02-24 21:27 -------- d-----w- c
rogram files (x86)McAfee.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2015-02-04 22:12 . 2014-08-31 01:31 71344 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl
2015-02-04 22:12 . 2014-08-31 01:31 701616 ----a-w- c:windowsSysWow64FlashPlayerApp.exe
2015-01-31 16:23 . 2015-01-31 16:23 42152 ----a-w- c:windowssystem32driverscnnctfy3.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurre ntVersionRun]
"DAEMON Tools Lite"="c
rogram files (x86)DAEMON Tools LiteDTLite.exe" [2014-03-04 3696912]"HydraVisionDesktopManager"="c
rogram files (x86)ATI TechnologiesHydraVisionHydraDM.exe" [2011-07-28 393216].
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoft WindowsCurrentVersionRun]
"SunJavaUpdateSched"="c
rogram files (x86)Common FilesJavaJava Updatejusched.exe" [2014-12-17 508800].
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurr entversionpoliciessystem]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AMD FUEL Service;AMD FUEL Service;c
rogram filesATI TechnologiesATI.ACEFuelFuel.Service.exe;crog ram filesATI TechnologiesATI.ACEFuelFuel.Service.exe [x]R2 AODDriver4.01;AODDriver4.01;c
rogram filesATI TechnologiesATI.ACEFuelamd64AODDriver2.sys;c: program filesATI TechnologiesATI.ACEFuelamd64AODDriver2.sys [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework6 4v4.0.30319mscorsvw.exe;c:windowsMicrosoft.NET Framework64v4.0.30319mscorsvw.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c
rogram filesCOMODOCOMODO Internet Securitycmdvirth.exe;crogram filesCOMODOCOMODO Internet Securitycmdvirth.exe [x]R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsus bflt.sys;c:windowsSYSNATIVEdriverstsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:windowssystem32driversTsUsbGD.sys;c: windowsSYSNATIVEdriversTsUsbGD.sys [x]
R3 xhunter1;xhunter1;c:windowsxhunter1.sys;c:windo wsxhunter1.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:windowssystem32DRIVERScmderd.sys;c:w indowsSYSNATIVEDRIVERScmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:windowssystem32DRIVERScmdguard.sys;c: windowsSYSNATIVEDRIVERScmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:windowssystem32DRIVERScmdhlp.sys;c:w indowsSYSNATIVEDRIVERScmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32DRIVERSdtsoftbus01.sys ;c:windowsSYSNATIVEDRIVERSdtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe;c:window sSYSNATIVEatiesrxx.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c
rogra~2mcafeeSITEAD~1mcsacore.exe;c rogra~2mcafeeSITEAD~1mcsacore.exe [x]S3 amdiox64;AMD IO Driver;c:windowssystem32DRIVERSamdiox64.sys;c: windowsSYSNATIVEDRIVERSamdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW76.sys;c :windowsSYSNATIVEdriversAtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys;c: windowsSYSNATIVEDRIVERSRt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-03 c:windowsTasksAdobe Flash Player Updater.job
- c:windowsSysWOW64MacromedFlashFlashPlayerUpda teService.exe [2014-08-31 22:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurr entVersionRun]
"COMODO Internet Security"="c
rogram filesCOMODOCOMODO Internet Securitycistray.exe" [2014-03-25 1275608].
------- Supplementary Scan -------
.
uLocal Page = c:windowssystem32blank.htm
mLocal Page = c:windowsSysWOW64blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:usersDepartmantAppDataRoamingMozillaFirefo xProfiles6nawjhrf.default-1407741121456
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.tr/?gws_rd=ssl
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers- - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINESOFTWARECOMODOCISInstallerS ym_CamCIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,6 7,00 ,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00 ,5c,00,53,00,4f,00,46,00,
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPC WSecurity]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001servicesC mdAgentModeConfigurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,6 7,00 ,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00 ,5c,00,53,00,59,00,53,00,
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001servicesC mdAgentModeData]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,6 7,00 ,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00 ,5c,00,53,00,4f,00,46,00,
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001servicesC mdAgentModeOptions]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,6 7,00 ,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00 ,5c,00,53,00,4f,00,46,00,
.
[HKEY_LOCAL_MACHINESYSTEMSoftwareCOMODOCam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,6 7,00 ,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00 ,5c,00,53,00,4f,00,46,00,
.
[HKEY_LOCAL_MACHINESYSTEMSoftwareCOMODOFirewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,6 7,00 ,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00 ,5c,00,53,00,59,00,53,00,
.
------------------------ Other Running Processes ------------------------
.
c
rogram files (x86)Common FilesAdobeARM1.0armsvc.exec:windowsSysWOW64rundll32.exe
c:windowsDAODx.exe
.
************************************************** ************************
.
Completion time: 2015-03-03 18:24:49 - machine was rebooted
ComboFix-quarantined-files.txt 2015-03-03 16:24
.
Pre-Run: 88.827.453.440 bayt boş
Post-Run: 88.509.378.560 bayt boş
.
- - End Of File - - 710EA149E3DC27F64536AC149A5F06B4
A36C5E4F47E84449FF07ED3517B43A31
__________________