Slyfur
-
Posts
24 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Slyfur
-
-
I was able to hold the power button and shut it off, when i turned it back on it was able to shut off again
-
Uh i cant shut off my pc
-
I am using adblocker
So i dont think ill be able to see the popups
-
-
ComboFix 18-08-08.01 - Administrator 3/2018 Thu 19:30:40.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.936.86.1033.18.8158.5135 [GMT -4:00]
执行位置: c:\users\Administrator\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功创造新还原点
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\logs\scecomp.log
.
.
((((((((((((((((((((((((( 2018-08-13 至 2018-09-13 的新的档案 )))))))))))))))))))))))))))))))
.
.
2018-09-13 23:36 . 2018-09-13 23:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-09-13 23:29 . 2018-09-13 23:29 58120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17F72C6-5F14-483D-9683-CF1E5B1547C2}\MpKslebaad46f.sys
2018-09-13 22:30 . 2018-09-13 22:36 98616 ----a-w- c:\windows\system32\drivers\mwac.sys
2018-09-13 18:51 . 2018-08-21 18:04 14821528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17F72C6-5F14-483D-9683-CF1E5B1547C2}\mpengine.dll
2018-09-12 00:10 . 2018-08-21 18:04 14821528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2018-09-11 23:51 . 2018-09-13 22:30 117472 ----a-w- c:\windows\system32\drivers\farflt.sys
2018-09-11 18:53 . 2018-08-23 22:00 15283712 ----a-w- c:\windows\system32\ieframe.dll
2018-09-10 23:42 . 2018-09-13 22:30 259360 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2018-09-05 23:56 . 2018-09-05 23:56 -------- d-----w- C:\KVRT_Data
2018-09-05 21:33 . 2018-09-05 21:33 255928 ----a-w- c:\windows\system32\drivers\7141A5F8.sys
2018-09-05 21:22 . 2018-09-05 21:22 255928 ----a-w- c:\windows\system32\drivers\45439380.sys
2018-09-05 21:21 . 2018-09-05 21:42 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2018-09-05 18:57 . 2018-09-13 19:11 -------- d-----w- C:\FRST
2018-09-05 18:42 . 2018-09-13 22:30 52328 ----a-w- c:\windows\system32\drivers\mbam.sys
2018-09-05 18:42 . 2018-09-07 00:10 193256 ----a-w- c:\windows\system32\drivers\MbamChameleon.sys
2018-09-05 18:42 . 2018-07-12 12:42 152688 ----a-w- c:\windows\system32\drivers\mbae64.sys
2018-09-05 18:42 . 2018-09-05 21:22 -------- d-----w- c:\programdata\Malwarebytes
2018-09-05 04:01 . 2018-09-05 04:01 -------- d-----w- c:\program files\Malwarebytes
2018-09-04 03:12 . 2018-09-04 18:59 -------- d-----w- C:\AdwCleaner
2018-09-03 22:23 . 2018-09-03 22:23 -------- d-----w- c:\users\Administrator\AppData\Local\mbam
2018-08-26 21:33 . 2018-09-06 18:47 -------- d-----w- c:\users\Administrator\AppData\Local\PrimeQuintaUpdateSoftware
2018-08-26 21:33 . 2018-08-26 21:33 -------- d-----w- c:\program files (x86)\Common Files\EastCharonHCS
2018-08-26 21:32 . 2018-08-26 21:32 -------- d-----w- c:\program files (x86)\AutoicousMarasmusAutoicousMarasmus
2018-08-26 21:27 . 2018-08-29 19:36 -------- d-----w- c:\users\Administrator\AppData\Roaming\PokeMMO
2018-08-21 01:14 . 2018-09-02 03:21 -------- d-----w- c:\users\Administrator\AppData\Local\Roblox
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-09-13 22:29 . 2018-04-15 18:33 65536 ----a-w- c:\windows\system32\spu_storage.bin
2018-09-11 20:12 . 2017-02-09 05:49 139184408 -c--a-w- c:\windows\system32\MRT.exe
2018-08-10 15:39 . 2018-09-11 18:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2018-08-03 15:55 . 2018-08-14 18:25 109568 ----a-w- c:\windows\system32\hlink.dll
2018-08-03 15:39 . 2018-08-14 18:25 84992 ----a-w- c:\windows\SysWow64\hlink.dll
2018-07-16 22:02 . 2010-11-21 03:27 563832 ------w- c:\windows\system32\MpSigStub.exe
2018-07-07 16:01 . 2018-09-11 18:54 316928 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2018-07-07 15:46 . 2018-09-11 18:53 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2018-07-07 15:46 . 2018-09-11 18:54 2182656 ----a-w- c:\windows\apppatch\AcGenral.dll
2018-07-07 15:24 . 2018-08-14 18:25 3226112 ----a-w- c:\windows\system32\win32k.sys
2018-07-06 16:09 . 2018-08-14 18:25 947904 ----a-w- c:\windows\system32\drivers\ndis.sys
2018-06-29 15:55 . 2018-08-14 18:25 695808 ----a-w- c:\windows\system32\cscsvc.dll
2018-06-29 15:55 . 2018-08-14 18:25 137728 ----a-w- c:\windows\system32\CscMig.dll
2018-06-29 15:55 . 2018-08-14 18:25 45568 ----a-w- c:\windows\system32\cscapi.dll
2018-06-29 15:55 . 2018-08-14 18:25 30208 ----a-w- c:\windows\system32\cscdll.dll
2018-06-29 15:40 . 2018-08-14 18:25 23040 ----a-w- c:\windows\SysWow64\cscdll.dll
2018-06-29 15:14 . 2018-08-14 18:25 516096 ----a-w- c:\windows\system32\drivers\csc.sys
2018-06-29 15:09 . 2018-08-14 18:25 34304 ----a-w- c:\windows\SysWow64\cscapi.dll
2018-06-27 16:01 . 2018-08-14 18:25 114368 ----a-w- c:\windows\system32\consent.exe
2018-06-27 15:55 . 2018-08-14 18:25 484864 ----a-w- c:\windows\system32\StructuredQuery.dll
2018-06-27 15:55 . 2018-08-14 18:25 3246592 ----a-w- c:\windows\system32\msi.dll
2018-06-27 15:55 . 2018-08-14 18:25 504320 ----a-w- c:\windows\system32\msihnd.dll
2018-06-27 15:55 . 2018-08-14 18:25 25088 ----a-w- c:\windows\system32\msimsg.dll
2018-06-27 15:54 . 2018-08-14 18:25 1942016 ----a-w- c:\windows\system32\authui.dll
2018-06-27 15:54 . 2018-08-14 18:25 70144 ----a-w- c:\windows\system32\appinfo.dll
2018-06-27 15:43 . 2018-08-14 18:25 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
2018-06-27 15:42 . 2018-08-14 18:25 2366464 ----a-w- c:\windows\SysWow64\msi.dll
2018-06-27 15:42 . 2018-08-14 18:25 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2018-06-27 15:42 . 2018-08-14 18:25 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2018-06-27 15:41 . 2018-08-14 18:25 1806848 ----a-w- c:\windows\SysWow64\authui.dll
2018-06-27 15:21 . 2018-08-14 18:25 128512 ----a-w- c:\windows\system32\msiexec.exe
2018-06-27 15:16 . 2018-08-14 18:25 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2018-06-21 03:33 . 2018-08-14 18:25 2048 ----a-w- c:\windows\system32\tzres.dll
2018-06-21 03:09 . 2018-08-14 18:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Discord"="c:\users\Administrator\AppData\Local\Discord\app-0.0.301\Discord.exe" [2018-05-01 57816920]
"Steam"="c:\users\Administrator\Desktop\New folder\steam.exe" [2018-09-08 3207968]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2018-08-08 1384840]
"Spotify"="c:\users\Administrator\AppData\Roaming\Spotify\Spotify.exe" [2018-08-23 24453008]
"EpicGamesLauncher"="c:\program files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" [2018-09-11 32993168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"AlwaysShowClassicMenu"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 PNPMEM;Microsoft Memory Module Driver;c:\windows\system32\DRIVERS\pnpmem.sys;c:\windows\SYSNATIVE\DRIVERS\pnpmem.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 stornvme;stornvme;c:\windows\system32\drivers\stornvme.sys;c:\windows\SYSNATIVE\drivers\stornvme.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WiaRpc;Still Image Acquisition Events;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae64.sys;c:\windows\SYSNATIVE\drivers\mbae64.sys [x]
S1 MpKslebaad46f;MpKslebaad46f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17F72C6-5F14-483D-9683-CF1E5B1547C2}\MpKslebaad46f.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17F72C6-5F14-483D-9683-CF1E5B1547C2}\MpKslebaad46f.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 MBAMChameleon;MBAMChameleon;c:\windows\System32\Drivers\MbamChameleon.sys;c:\windows\SYSNATIVE\Drivers\MbamChameleon.sys [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMFarflt;MBAMFarflt;c:\windows\system32\DRIVERS\farflt.sys;c:\windows\SYSNATIVE\DRIVERS\farflt.sys [x]
S3 MBAMProtection;MBAMProtection;c:\windows\system32\DRIVERS\mbam.sys;c:\windows\SYSNATIVE\DRIVERS\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
S3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\DRIVERS\mwac.sys;c:\windows\SYSNATIVE\DRIVERS\mwac.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 98635395
*NewlyCreated* - MBAMFARFLT
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBPROTECTION
*NewlyCreated* - MPKSLEBAAD46F
*Deregistered* - 29124B04
*Deregistered* - 98635395
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
WiaRpc
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-11-15 1353680]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-31 11855976]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
WiaRpc
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,5e,89,40,7f,18,05,4b,b1,5b,af,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,5e,89,40,7f,18,05,4b,b1,5b,af,\
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-539798574-3385549975-3504005029-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2018-09-13 19:37:42
ComboFix-quarantined-files.txt 2018-09-13 23:37
.
Pre-Run: 106,273,267,712 bytes free
Post-Run: 106,685,374,464 bytes free
.
- - End Of File - - 8DA21D926EC635DC3AAE5EC7517EE7F5
-
I sent the clean mode hopefully it's what you needed but here is also the scan logs
# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build: 09-03-2018
# Database: 2018-09-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-13-2018
# Duration: 00:00:25
# OS: Windows 7 Ultimate
# Scanned: 41915
# Detected: 2
***** [ Services ] *****No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
PUP.Optional.Legacy Ask
PUP.Optional.Legacy AOL***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
AdwCleaner[S00].txt - [1971 octets] - [04/09/2018 14:59:33]
AdwCleaner[C00].txt - [1991 octets] - [04/09/2018 14:59:55]
AdwCleaner[S01].txt - [1375 octets] - [04/09/2018 15:05:12]
AdwCleaner[S02].txt - [1436 octets] - [04/09/2018 15:39:13]
AdwCleaner[S03].txt - [1497 octets] - [04/09/2018 15:40:17]
AdwCleaner[S04].txt - [1558 octets] - [05/09/2018 14:50:33]
AdwCleaner[S05].txt - [1619 octets] - [05/09/2018 17:00:14]
AdwCleaner[S06].txt - [1680 octets] - [05/09/2018 17:44:47]
AdwCleaner[S07].txt - [1741 octets] - [07/09/2018 21:08:13]
AdwCleaner[S08].txt - [1802 octets] - [09/09/2018 17:03:55]########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S09].txt ##########
-
# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build: 09-03-2018
# Database: 2018-09-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-13-2018
# Duration: 00:00:02
# OS: Windows 7 Ultimate
# Cleaned: 1
# Failed: 1
***** [ Services ] *****No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted Ask
Not Deleted AOL***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************[+] Delete Tracing Keys
[+] Reset Winsock*************************
AdwCleaner[S00].txt - [1971 octets] - [04/09/2018 14:59:33]
AdwCleaner[C00].txt - [1991 octets] - [04/09/2018 14:59:55]
AdwCleaner[S01].txt - [1375 octets] - [04/09/2018 15:05:12]
AdwCleaner[S02].txt - [1436 octets] - [04/09/2018 15:39:13]
AdwCleaner[S03].txt - [1497 octets] - [04/09/2018 15:40:17]
AdwCleaner[S04].txt - [1558 octets] - [05/09/2018 14:50:33]
AdwCleaner[S05].txt - [1619 octets] - [05/09/2018 17:00:14]
AdwCleaner[S06].txt - [1680 octets] - [05/09/2018 17:44:47]
AdwCleaner[S07].txt - [1741 octets] - [07/09/2018 21:08:13]
AdwCleaner[S08].txt - [1802 octets] - [09/09/2018 17:03:55]
AdwCleaner[S09].txt - [1902 octets] - [13/09/2018 15:00:02]########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C09].txt ##########
FRST.txt -
Also when i run a game the ping is very high 100-1000
can you please figure out if my computer is infected or is there something wrong with it in general?
-
Nothing came up, thank you so much for helping me remove them. I'm going to delete them from quarantine once and for and never have to worry about them again.
-
It didnt detect the trojan so i think, im alright. But what should i do about the trojans that are in quarantine, should i delete them from the quarantine?
-
# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build: 09-03-2018
# Database: 2018-09-05.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-05-2018
# Duration: 00:00:11
# OS: Windows 7 Ultimate
# Scanned: 41877
# Detected: 0
***** [ Services ] *****No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
AdwCleaner[S00].txt - [1971 octets] - [04/09/2018 14:59:33]
AdwCleaner[C00].txt - [1991 octets] - [04/09/2018 14:59:55]
AdwCleaner[S01].txt - [1375 octets] - [04/09/2018 15:05:12]
AdwCleaner[S02].txt - [1436 octets] - [04/09/2018 15:39:13]
AdwCleaner[S03].txt - [1497 octets] - [04/09/2018 15:40:17]########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########
FRST.txt -
It finished scanning and said there was no malware found
-
I still see the trojan in the scan did i do something wrong?
-
# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build: 09-03-2018
# Database: 2018-09-05.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-05-2018
# Duration: 00:00:11
# OS: Windows 7 Ultimate
# Scanned: 41877
# Detected: 0
***** [ Services ] *****No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
AdwCleaner[S00].txt - [1971 octets] - [04/09/2018 14:59:33]
AdwCleaner[C00].txt - [1991 octets] - [04/09/2018 14:59:55]
AdwCleaner[S01].txt - [1375 octets] - [04/09/2018 15:05:12]
AdwCleaner[S02].txt - [1436 octets] - [04/09/2018 15:39:13]
AdwCleaner[S03].txt - [1497 octets] - [04/09/2018 15:40:17]########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########
-
I ran the fix, but how do i know if the fix really worked? And here's your datetime zip. Should i delete it after you've received the file?
-
Sorry but im a bit confused where do i run the fix?
-
I see, thank you. And im sorry if i may have came across as rude. I've been stressed out for the past two days.
-
Thank you, but im more concerned about the virus atm please tell me you can remove it
-
I thought it just stored game data, but anyways is there any way to get rid of trojan or should i run another scan?
And im not running a cheat or hack against steam
-
When i ran adwcleaner it failed to reboot even though it said nothing was detected. After i was done restarting homegroup appeared as a shortcut
-
# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build: 09-03-2018
# Database: 2018-09-05.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-05-2018
# Duration: 00:00:11
# OS: Windows 7 Ultimate
# Scanned: 41877
# Detected: 0
***** [ Services ] *****No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
AdwCleaner[S00].txt - [1971 octets] - [04/09/2018 14:59:33]
AdwCleaner[C00].txt - [1991 octets] - [04/09/2018 14:59:55]
AdwCleaner[S01].txt - [1375 octets] - [04/09/2018 15:05:12]
AdwCleaner[S02].txt - [1436 octets] - [04/09/2018 15:39:13]
AdwCleaner[S03].txt - [1497 octets] - [04/09/2018 15:40:17]########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########
Addition.txt FRST.txt -
Nothing suspicious has popped up either, no pop up adds, and the web slowing down
-
I've tried to remove trojan.rorracoon using malwarebytes but it didnt seem to work ive tried three times already and it popped up six times on my quarantine. Im a newbie at using a computer but can you please help me.
Malware keeps popping up when i havent downloaded anything
in Resolved Malware Removal Logs
Posted
But it looks like everything is fine