please help.. its automatically created a folder of aplikasi and microsoft.. and theres a shortcut folders.. and i didnt created that..is this cause by a virus?? please help me how to fix it and how to clean my Computer..
i use combofix and here is the log of combofix.. thank you so much..
=====================================================
ComboFix 14-05-10.01 - SERVER 05/07/2014 10:20:10.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2033.1422 [GMT 8:00]
Running from: c:\users\SERVER\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\Documents and Settings.lnk
c:\program files\autorun.inf
c:\programdata\Autorun.inf
c:\programdata\Microsoft\autorun.inf
c:\programdata\Microsoft\Windows\Templates\Aplikasi.lnk
c:\programdata\Microsoft\Windows\Templates\Microsoft.lnk
c:\users\Default\AUTORUN.INF
c:\users\Default\Cookies.lnk
c:\users\Public\AUTORUN.INF
c:\users\SERVER\AUTORUN.INF
c:\users\SERVER\Cookies.lnk
c:\windows\autorun.inf
c:\windows\Help\autorun.inf
c:\windows\inf\autorun.inf
c:\windows\media\autorun.inf
c:\windows\security\Autorun.inf
c:\windows\system\autorun.inf
c:\windows\system32\auto.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\Serv60d.dll
c:\windows\Tasks\autorun.inf
D:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2014-04-07 to 2014-05-07 )))))))))))))))))))))))))))))))
.
.
2014-05-07 02:29 . 2014-05-07 02:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-07 01:58 . 2014-05-07 01:58 7247 ----a-w- c:\windows\system32\rad67BDB.tmp
2014-05-07 01:51 . 2010-08-30 00:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-07 01:50 . 2014-05-07 01:56 -------- d-----w- C:\AdwCleaner
2014-05-07 01:15 . 2014-05-07 01:15 7247 ----a-w- c:\windows\system32\rad52120.tmp
2014-05-07 01:03 . 2006-02-04 10:30 11330 --sha-r- c:\windows\system32\rad7C8E1.tmp
2014-05-07 01:03 . 2006-02-04 10:30 11330 --sha-r- c:\windows\system32\rad2609F.tmp
2014-05-07 01:03 . 2014-05-07 01:03 7247 ----a-w- c:\windows\system32\rad70F8A.tmp
2014-05-07 00:29 . 2006-02-04 10:30 11330 --sha-r- c:\windows\system32\radA8AC0.tmp
2014-05-06 17:53 . 2014-05-07 01:16 -------- d-----w- c:\windows\Panther
2014-05-06 17:53 . 2014-05-07 01:15 -------- d-----w- C:\Boot
2014-05-06 10:27 . 2014-05-06 10:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2014-05-06 10:27 . 2014-05-07 01:15 -------- d-----w- c:\program files\Java
2014-05-06 05:37 . 2014-05-07 01:15 -------- d-----w- C:\cure
2014-05-06 05:36 . 2014-05-07 01:15 -------- d-----w- c:\program files\VirtualDJ
2014-05-06 05:10 . 2014-05-07 01:16 -------- dc-h--w- c:\programdata\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2014-05-06 05:10 . 2014-05-07 01:15 -------- d-----w- c:\program files\Stardock
2014-05-06 04:57 . 2014-05-07 01:16 -------- d-----w- c:\programdata\Zbshareware Lab
2014-05-06 04:57 . 2014-05-07 01:15 -------- d-----w- c:\program files\USB Disk Security
2014-05-06 04:34 . 2014-05-07 01:15 -------- d-----w- c:\program files\ASIO4ALL v2
2014-05-06 04:34 . 2014-05-07 01:15 -------- d-----w- c:\program files\VstPlugins
2014-05-06 04:34 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2014-05-06 04:34 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2014-05-06 04:34 . 2014-05-07 01:15 -------- d-----w- c:\program files\Outsim
2014-05-06 04:33 . 2014-05-07 01:15 -------- d-----w- c:\program files\Image-Line
2014-05-06 04:26 . 2014-05-07 01:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2014-05-06 04:25 . 2014-05-07 01:16 -------- d-----w- c:\programdata\zeon
2014-05-06 04:25 . 2014-05-07 01:16 -------- d-----w- c:\programdata\ScanSoft
2014-05-06 04:24 . 2014-05-07 01:16 -------- d-----w- c:\programdata\Nuance
2014-05-06 04:24 . 2014-05-07 01:16 -------- d-----w- c:\programdata\FLEXnet
2014-05-06 04:24 . 2014-05-07 01:15 -------- d-----w- c:\program files\Nuance
2014-05-06 04:24 . 2014-05-06 04:24 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2014-05-06 04:24 . 2014-05-06 04:24 -------- d-----w- c:\program files\Common Files\InstallShield
2014-05-06 04:23 . 2014-05-07 01:15 -------- d-----w- c:\program files\MSXML 4.0
2014-05-06 04:22 . 2014-05-07 01:16 -------- d-----w- c:\programdata\Brother
2014-05-06 04:21 . 2014-05-06 04:21 -------- d-----w- c:\program files\Common Files\EPSON
2014-05-06 04:21 . 2007-04-09 16:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2014-05-06 04:21 . 2011-04-18 18:03 95232 ----a-w- c:\windows\system32\E_TLBI3E.DLL
2014-05-06 04:21 . 2011-03-13 18:03 81408 ----a-w- c:\windows\system32\E_TD4BI3E.DLL
2014-05-06 04:20 . 2014-05-07 01:16 -------- d-----w- c:\programdata\EPSON
2014-05-06 04:10 . 2014-05-07 01:16 -------- d-----w- c:\programdata\CafeSuite
2014-05-06 04:10 . 2014-05-07 01:15 -------- d-----w- c:\program files\CafeSuite
2014-05-06 04:03 . 2014-04-16 21:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0A5525B-BE2E-48F8-9307-3E7D28F47E83}\mpengine.dll
2014-05-06 04:03 . 2014-03-31 01:35 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-05-06 03:30 . 2014-05-07 01:16 -------- d-----w- c:\program files\Youtube Downloader HD
2014-05-06 03:30 . 2014-05-07 01:15 -------- d-----w- c:\program files\VideoLAN
2014-05-06 03:26 . 2014-05-07 01:15 -------- d-----w- c:\program files\TeraCopy
2014-05-06 03:08 . 2014-05-07 01:16 -------- d-----w- c:\programdata\Nero
2014-05-06 03:08 . 2014-05-07 01:15 -------- d-----w- c:\program files\Nero
2014-05-06 03:08 . 2014-05-06 03:08 -------- d-----w- c:\program files\Common Files\Ahead
2014-05-06 02:59 . 2012-02-07 19:13 91936 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2014-05-06 02:59 . 2014-05-07 01:15 -------- d-----w- c:\program files\Internet Download Manager
2014-05-06 02:57 . 2014-05-07 01:16 -------- d-----w- c:\programdata\Apple
2014-05-06 02:57 . 2014-05-06 02:58 -------- d-----w- c:\program files\Common Files\Apple
2014-05-06 02:56 . 2014-05-06 04:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-06 02:56 . 2014-05-06 02:56 -------- d-----w- c:\windows\system32\Macromed
2014-05-06 02:55 . 2014-05-06 02:55 -------- d-----w- c:\program files\Common Files\Adobe
2014-05-06 02:52 . 2006-10-26 11:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2014-05-06 02:52 . 2006-10-26 11:58 30512 ----a-w- c:\windows\system32\mdimon.dll
2014-05-06 02:52 . 2006-10-26 11:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2014-05-06 02:52 . 2006-10-26 11:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2014-05-06 02:51 . 2014-05-07 01:15 -------- d-----w- c:\program files\Microsoft Works
2014-05-06 02:50 . 2014-05-07 01:16 -------- d-----w- c:\windows\PCHEALTH
2014-05-06 02:50 . 2014-05-07 01:15 -------- d-----w- c:\program files\Microsoft.NET
2014-05-06 02:49 . 2014-05-07 01:15 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2014-05-06 02:48 . 2014-05-07 01:16 -------- d-----w- c:\programdata\Microsoft Help
2014-05-06 02:48 . 2014-05-07 01:15 -------- d-----r- C:\MSOCache
2014-05-06 02:43 . 2010-01-28 21:57 163280 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-05-06 02:43 . 2010-01-28 21:54 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2014-05-06 02:43 . 2010-01-28 21:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-05-06 02:42 . 2010-01-28 21:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-05-06 02:42 . 2010-01-28 21:54 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-06 02:42 . 2010-01-28 22:09 38848 ----a-w- c:\windows\system32\avastSS.scr
2014-05-06 02:42 . 2010-01-28 22:09 152672 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-06 02:42 . 2014-05-07 01:16 -------- d-----w- c:\programdata\Alwil Software
2014-05-06 02:42 . 2014-05-07 01:15 -------- d-----w- c:\program files\Alwil Software
2014-05-06 02:40 . 2014-05-07 01:15 -------- d-----w- c:\program files\USBAntivirus
2014-05-06 02:31 . 2014-05-07 01:15 -------- d-----w- c:\program files\7-Zip
2014-05-06 02:31 . 2014-05-07 01:15 -------- d-----w- c:\program files\DellTPad
2014-05-06 02:31 . 2011-05-25 19:50 305488 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2014-05-06 02:31 . 2011-05-19 21:01 122104 ----a-w- c:\windows\system32\Vxdif.dll
2014-05-06 02:31 . 2009-07-13 21:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-05-06 02:30 . 2011-09-08 15:40 363112 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2014-05-06 02:30 . 2011-09-08 15:40 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2014-05-06 02:30 . 2011-09-08 15:40 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2014-05-06 02:30 . 2014-05-07 01:15 -------- d-----w- c:\program files\Realtek
2014-05-06 02:30 . 2014-05-06 02:30 -------- d-----w- c:\windows\system32\RTCOM
2014-05-06 02:17 . 2014-05-07 01:16 -------- d-----w- c:\programdata\ATI
2014-05-06 02:17 . 2014-05-06 02:17 0 ----a-w- c:\windows\ativpsrm.bin
2014-05-06 02:15 . 2014-05-07 01:15 -------- d-----w- c:\program files\AMD AVT
2014-05-06 02:15 . 2014-05-07 01:15 -------- d-----w- c:\program files\AMD APP
2014-05-06 02:15 . 2014-05-06 02:15 -------- d-----w- c:\program files\Common Files\ATI Technologies
2014-05-06 02:14 . 2014-05-07 01:16 -------- d-----w- c:\programdata\AMD
2014-05-06 02:14 . 2010-02-18 01:18 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys
2014-05-06 02:14 . 2012-05-14 06:12 86656 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
2014-05-06 02:14 . 2012-07-28 03:43 58880 ----a-w- c:\windows\system32\coinst_8.982.dll
2014-05-06 02:14 . 2012-07-28 02:10 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2014-05-06 02:13 . 2014-05-07 01:16 -------- d-sh--w- c:\windows\Installer
2014-05-06 02:12 . 2014-05-07 01:15 -------- d-----w- c:\program files\ATI Technologies
2014-05-06 02:12 . 2014-05-07 01:15 -------- d-----w- c:\program files\ATI
2014-05-06 02:06 . 2014-05-07 02:28 -------- d-----w- c:\users\SERVER
2014-05-06 02:06 . 2014-05-06 02:06 -------- d-----w- c:\windows\system32\Wat
2014-05-06 02:06 . 2014-05-07 01:16 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-07 02:17 . 2014-05-07 01:05 730 ----a-w- c:\windows\Fonts\Microsoft.lnk
2014-05-07 02:17 . 2014-05-07 01:05 728 ----a-w- c:\windows\Fonts\Aplikasi.lnk
2014-05-07 01:15 . 2014-05-07 01:16 246 --sha-r- c:\windows\Fonts\autorun.inf
2014-05-06 02:06 . 2010-11-20 21:29 409088 ----a-w- c:\windows\system32\systemcpl.dll
2014-05-06 02:06 . 2010-11-20 21:29 13824 ----a-w- c:\windows\system32\slwga.dll
2014-05-06 02:06 . 2010-11-20 21:29 811520 ----a-w- c:\windows\system32\user32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2014-05-06 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-07 18:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-02-23 3544472]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 221184]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATII3E.EXE" [2012-02-26 319072]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 304416]
"Df5serv"="Wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 711848]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-17 11430504]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 583544]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-01-28 2757512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 105368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 1006016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 491520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 411944]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 237568]
"USBAntivirus.exe"="c:\program files\USBAntivirus\USBAntivirus.exe" [2012-10-15 3790336]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 124192]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 406816]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 132384]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 217088]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2010-08-15 902048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2014-05-06 218912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-05-06 1343400]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 217600]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 291840]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-01-28 51792]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [2012-02-26 142432]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-07 91936]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-11-03 71424]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-11-03 11520]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1157799984-284160043-2277852996-1000Core.job
- c:\users\SERVER\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-06 05:57]
.
2014-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1157799984-284160043-2277852996-1000UA.job
- c:\users\SERVER\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-06 05:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bendot.co.nr
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-07 10:31:24
ComboFix-quarantined-files.txt 2014-05-07 02:31
.
Pre-Run: 102,411,214,848 bytes free
Post-Run: 102,766,632,960 bytes free
.
- - End Of File - - 48783029E2CCD1C5E4BEF3177F79AD03
A36C5E4F47E84449FF07ED3517B43A31
i use combofix and here is the log of combofix.. thank you so much..
=====================================================
ComboFix 14-05-10.01 - SERVER 05/07/2014 10:20:10.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2033.1422 [GMT 8:00]
Running from: c:\users\SERVER\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\Documents and Settings.lnk
c:\program files\autorun.inf
c:\programdata\Autorun.inf
c:\programdata\Microsoft\autorun.inf
c:\programdata\Microsoft\Windows\Templates\Aplikasi.lnk
c:\programdata\Microsoft\Windows\Templates\Microsoft.lnk
c:\users\Default\AUTORUN.INF
c:\users\Default\Cookies.lnk
c:\users\Public\AUTORUN.INF
c:\users\SERVER\AUTORUN.INF
c:\users\SERVER\Cookies.lnk
c:\windows\autorun.inf
c:\windows\Help\autorun.inf
c:\windows\inf\autorun.inf
c:\windows\media\autorun.inf
c:\windows\security\Autorun.inf
c:\windows\system\autorun.inf
c:\windows\system32\auto.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\Serv60d.dll
c:\windows\Tasks\autorun.inf
D:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2014-04-07 to 2014-05-07 )))))))))))))))))))))))))))))))
.
.
2014-05-07 02:29 . 2014-05-07 02:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-07 01:58 . 2014-05-07 01:58 7247 ----a-w- c:\windows\system32\rad67BDB.tmp
2014-05-07 01:51 . 2010-08-30 00:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-07 01:50 . 2014-05-07 01:56 -------- d-----w- C:\AdwCleaner
2014-05-07 01:15 . 2014-05-07 01:15 7247 ----a-w- c:\windows\system32\rad52120.tmp
2014-05-07 01:03 . 2006-02-04 10:30 11330 --sha-r- c:\windows\system32\rad7C8E1.tmp
2014-05-07 01:03 . 2006-02-04 10:30 11330 --sha-r- c:\windows\system32\rad2609F.tmp
2014-05-07 01:03 . 2014-05-07 01:03 7247 ----a-w- c:\windows\system32\rad70F8A.tmp
2014-05-07 00:29 . 2006-02-04 10:30 11330 --sha-r- c:\windows\system32\radA8AC0.tmp
2014-05-06 17:53 . 2014-05-07 01:16 -------- d-----w- c:\windows\Panther
2014-05-06 17:53 . 2014-05-07 01:15 -------- d-----w- C:\Boot
2014-05-06 10:27 . 2014-05-06 10:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2014-05-06 10:27 . 2014-05-07 01:15 -------- d-----w- c:\program files\Java
2014-05-06 05:37 . 2014-05-07 01:15 -------- d-----w- C:\cure
2014-05-06 05:36 . 2014-05-07 01:15 -------- d-----w- c:\program files\VirtualDJ
2014-05-06 05:10 . 2014-05-07 01:16 -------- dc-h--w- c:\programdata\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2014-05-06 05:10 . 2014-05-07 01:15 -------- d-----w- c:\program files\Stardock
2014-05-06 04:57 . 2014-05-07 01:16 -------- d-----w- c:\programdata\Zbshareware Lab
2014-05-06 04:57 . 2014-05-07 01:15 -------- d-----w- c:\program files\USB Disk Security
2014-05-06 04:34 . 2014-05-07 01:15 -------- d-----w- c:\program files\ASIO4ALL v2
2014-05-06 04:34 . 2014-05-07 01:15 -------- d-----w- c:\program files\VstPlugins
2014-05-06 04:34 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2014-05-06 04:34 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2014-05-06 04:34 . 2014-05-07 01:15 -------- d-----w- c:\program files\Outsim
2014-05-06 04:33 . 2014-05-07 01:15 -------- d-----w- c:\program files\Image-Line
2014-05-06 04:26 . 2014-05-07 01:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2014-05-06 04:25 . 2014-05-07 01:16 -------- d-----w- c:\programdata\zeon
2014-05-06 04:25 . 2014-05-07 01:16 -------- d-----w- c:\programdata\ScanSoft
2014-05-06 04:24 . 2014-05-07 01:16 -------- d-----w- c:\programdata\Nuance
2014-05-06 04:24 . 2014-05-07 01:16 -------- d-----w- c:\programdata\FLEXnet
2014-05-06 04:24 . 2014-05-07 01:15 -------- d-----w- c:\program files\Nuance
2014-05-06 04:24 . 2014-05-06 04:24 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2014-05-06 04:24 . 2014-05-06 04:24 -------- d-----w- c:\program files\Common Files\InstallShield
2014-05-06 04:23 . 2014-05-07 01:15 -------- d-----w- c:\program files\MSXML 4.0
2014-05-06 04:22 . 2014-05-07 01:16 -------- d-----w- c:\programdata\Brother
2014-05-06 04:21 . 2014-05-06 04:21 -------- d-----w- c:\program files\Common Files\EPSON
2014-05-06 04:21 . 2007-04-09 16:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2014-05-06 04:21 . 2011-04-18 18:03 95232 ----a-w- c:\windows\system32\E_TLBI3E.DLL
2014-05-06 04:21 . 2011-03-13 18:03 81408 ----a-w- c:\windows\system32\E_TD4BI3E.DLL
2014-05-06 04:20 . 2014-05-07 01:16 -------- d-----w- c:\programdata\EPSON
2014-05-06 04:10 . 2014-05-07 01:16 -------- d-----w- c:\programdata\CafeSuite
2014-05-06 04:10 . 2014-05-07 01:15 -------- d-----w- c:\program files\CafeSuite
2014-05-06 04:03 . 2014-04-16 21:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0A5525B-BE2E-48F8-9307-3E7D28F47E83}\mpengine.dll
2014-05-06 04:03 . 2014-03-31 01:35 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-05-06 03:30 . 2014-05-07 01:16 -------- d-----w- c:\program files\Youtube Downloader HD
2014-05-06 03:30 . 2014-05-07 01:15 -------- d-----w- c:\program files\VideoLAN
2014-05-06 03:26 . 2014-05-07 01:15 -------- d-----w- c:\program files\TeraCopy
2014-05-06 03:08 . 2014-05-07 01:16 -------- d-----w- c:\programdata\Nero
2014-05-06 03:08 . 2014-05-07 01:15 -------- d-----w- c:\program files\Nero
2014-05-06 03:08 . 2014-05-06 03:08 -------- d-----w- c:\program files\Common Files\Ahead
2014-05-06 02:59 . 2012-02-07 19:13 91936 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2014-05-06 02:59 . 2014-05-07 01:15 -------- d-----w- c:\program files\Internet Download Manager
2014-05-06 02:57 . 2014-05-07 01:16 -------- d-----w- c:\programdata\Apple
2014-05-06 02:57 . 2014-05-06 02:58 -------- d-----w- c:\program files\Common Files\Apple
2014-05-06 02:56 . 2014-05-06 04:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-06 02:56 . 2014-05-06 02:56 -------- d-----w- c:\windows\system32\Macromed
2014-05-06 02:55 . 2014-05-06 02:55 -------- d-----w- c:\program files\Common Files\Adobe
2014-05-06 02:52 . 2006-10-26 11:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2014-05-06 02:52 . 2006-10-26 11:58 30512 ----a-w- c:\windows\system32\mdimon.dll
2014-05-06 02:52 . 2006-10-26 11:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2014-05-06 02:52 . 2006-10-26 11:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2014-05-06 02:51 . 2014-05-07 01:15 -------- d-----w- c:\program files\Microsoft Works
2014-05-06 02:50 . 2014-05-07 01:16 -------- d-----w- c:\windows\PCHEALTH
2014-05-06 02:50 . 2014-05-07 01:15 -------- d-----w- c:\program files\Microsoft.NET
2014-05-06 02:49 . 2014-05-07 01:15 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2014-05-06 02:48 . 2014-05-07 01:16 -------- d-----w- c:\programdata\Microsoft Help
2014-05-06 02:48 . 2014-05-07 01:15 -------- d-----r- C:\MSOCache
2014-05-06 02:43 . 2010-01-28 21:57 163280 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-05-06 02:43 . 2010-01-28 21:54 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2014-05-06 02:43 . 2010-01-28 21:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-05-06 02:42 . 2010-01-28 21:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-05-06 02:42 . 2010-01-28 21:54 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-06 02:42 . 2010-01-28 22:09 38848 ----a-w- c:\windows\system32\avastSS.scr
2014-05-06 02:42 . 2010-01-28 22:09 152672 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-06 02:42 . 2014-05-07 01:16 -------- d-----w- c:\programdata\Alwil Software
2014-05-06 02:42 . 2014-05-07 01:15 -------- d-----w- c:\program files\Alwil Software
2014-05-06 02:40 . 2014-05-07 01:15 -------- d-----w- c:\program files\USBAntivirus
2014-05-06 02:31 . 2014-05-07 01:15 -------- d-----w- c:\program files\7-Zip
2014-05-06 02:31 . 2014-05-07 01:15 -------- d-----w- c:\program files\DellTPad
2014-05-06 02:31 . 2011-05-25 19:50 305488 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2014-05-06 02:31 . 2011-05-19 21:01 122104 ----a-w- c:\windows\system32\Vxdif.dll
2014-05-06 02:31 . 2009-07-13 21:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-05-06 02:30 . 2011-09-08 15:40 363112 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2014-05-06 02:30 . 2011-09-08 15:40 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2014-05-06 02:30 . 2011-09-08 15:40 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2014-05-06 02:30 . 2014-05-07 01:15 -------- d-----w- c:\program files\Realtek
2014-05-06 02:30 . 2014-05-06 02:30 -------- d-----w- c:\windows\system32\RTCOM
2014-05-06 02:17 . 2014-05-07 01:16 -------- d-----w- c:\programdata\ATI
2014-05-06 02:17 . 2014-05-06 02:17 0 ----a-w- c:\windows\ativpsrm.bin
2014-05-06 02:15 . 2014-05-07 01:15 -------- d-----w- c:\program files\AMD AVT
2014-05-06 02:15 . 2014-05-07 01:15 -------- d-----w- c:\program files\AMD APP
2014-05-06 02:15 . 2014-05-06 02:15 -------- d-----w- c:\program files\Common Files\ATI Technologies
2014-05-06 02:14 . 2014-05-07 01:16 -------- d-----w- c:\programdata\AMD
2014-05-06 02:14 . 2010-02-18 01:18 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys
2014-05-06 02:14 . 2012-05-14 06:12 86656 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
2014-05-06 02:14 . 2012-07-28 03:43 58880 ----a-w- c:\windows\system32\coinst_8.982.dll
2014-05-06 02:14 . 2012-07-28 02:10 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2014-05-06 02:13 . 2014-05-07 01:16 -------- d-sh--w- c:\windows\Installer
2014-05-06 02:12 . 2014-05-07 01:15 -------- d-----w- c:\program files\ATI Technologies
2014-05-06 02:12 . 2014-05-07 01:15 -------- d-----w- c:\program files\ATI
2014-05-06 02:06 . 2014-05-07 02:28 -------- d-----w- c:\users\SERVER
2014-05-06 02:06 . 2014-05-06 02:06 -------- d-----w- c:\windows\system32\Wat
2014-05-06 02:06 . 2014-05-07 01:16 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-07 02:17 . 2014-05-07 01:05 730 ----a-w- c:\windows\Fonts\Microsoft.lnk
2014-05-07 02:17 . 2014-05-07 01:05 728 ----a-w- c:\windows\Fonts\Aplikasi.lnk
2014-05-07 01:15 . 2014-05-07 01:16 246 --sha-r- c:\windows\Fonts\autorun.inf
2014-05-06 02:06 . 2010-11-20 21:29 409088 ----a-w- c:\windows\system32\systemcpl.dll
2014-05-06 02:06 . 2010-11-20 21:29 13824 ----a-w- c:\windows\system32\slwga.dll
2014-05-06 02:06 . 2010-11-20 21:29 811520 ----a-w- c:\windows\system32\user32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2014-05-06 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-07 18:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-02-23 3544472]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 221184]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATII3E.EXE" [2012-02-26 319072]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 304416]
"Df5serv"="Wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 711848]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-17 11430504]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 583544]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-01-28 2757512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 105368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 1006016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 491520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 411944]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 237568]
"USBAntivirus.exe"="c:\program files\USBAntivirus\USBAntivirus.exe" [2012-10-15 3790336]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 124192]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 406816]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 132384]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 217088]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2010-08-15 902048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2014-05-06 218912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-05-06 1343400]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 217600]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 291840]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-01-28 51792]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [2012-02-26 142432]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-07 91936]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-11-03 71424]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-11-03 11520]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1157799984-284160043-2277852996-1000Core.job
- c:\users\SERVER\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-06 05:57]
.
2014-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1157799984-284160043-2277852996-1000UA.job
- c:\users\SERVER\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-06 05:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bendot.co.nr
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-07 10:31:24
ComboFix-quarantined-files.txt 2014-05-07 02:31
.
Pre-Run: 102,411,214,848 bytes free
Post-Run: 102,766,632,960 bytes free
.
- - End Of File - - 48783029E2CCD1C5E4BEF3177F79AD03
A36C5E4F47E84449FF07ED3517B43A31