Jump to content

Jancu6

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

 Content Type 

Everything posted by Jancu6

  1. Jancu6

    thank you for being a genius and cleaning my computer :)

  2. Jancu6
    thank you for your support, I'll let you know when I have the possibility
  3. Jancu6
    RogueKiller V8.4.2 [Dec 31 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Michal [Admin rights] Mode : Scan -- Date : 01/06/2013 17:31:07 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 12 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{8E6653D6-5F6B-44D7-A31D-5EF05C3A1016} : NameServer (8.26.56.26,156.154.70.22) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{8E6653D6-5F6B-44D7-A31D-5EF05C3A1016} : NameServer (8.26.56.26,156.154.70.22) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD20EARX-00PASB0 +++++ --- User --- [MBR] 7b20f67738d1cca27d76cac5d12c3523 [bSP] 1200eaf1ec9ef500c1c3a9c1940672d7 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 499899 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1024000000 | Size: 1407728 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01062013_02d1731.txt >> RKreport[1]_S_01062013_02d1731.txt
  4. Jancu6
    ESET finds nothing. Is there anything else that could be done before I will plug the cable again?
  5. Jancu6
    i've got really slow connection speed, I'm already downloading virus database for 10 minutes and it is 03:34AM in my time zone, so I'm leaving the scan to go on and I will post the log tommorow. Thank you for your assistance, your knowledge on malware is great. Hope to hear from you tommorow as well.
  6. Jancu6
    ComboFix 13-01-05.01 - Michal 2013-01-06 2:56.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1033.18.16349.13945 [GMT 1:00] Uruchomiony z: c:\users\Michal\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\lsprst7.dll c:\windows\SysWow64\ssprs.dll . . ((((((((((((((((((((((((( Pliki utworzone od 2012-12-06 do 2013-01-06 ))))))))))))))))))))))))))))))) . . 2013-01-06 02:01 . 2013-01-06 02:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-05 21:06 . 2013-01-05 21:09 -------- d-----w- c:\program files (x86)\PCSX2 0.9.8 2013-01-05 17:40 . 2013-01-05 17:43 -------- d-----w- c:\program files (x86)\Unreal 3 2013-01-05 17:26 . 2013-01-05 17:26 -------- d-----w- c:\program files (x86)\Bethesda Softworks 2013-01-05 17:13 . 2013-01-05 17:13 -------- d-----w- c:\program files (x86)\SQUARE ENIX 2013-01-04 15:18 . 2013-01-04 15:18 -------- d-----w- c:\program files (x86)\LaunchLater 2013-01-03 19:34 . 2013-01-03 19:34 -------- d-s---w- c:\programdata\Shared Space 2013-01-03 19:33 . 2013-01-03 19:33 -------- d-----w- c:\program files\COMODO 2013-01-03 19:33 . 2013-01-03 19:34 -------- d-----w- c:\programdata\COMODO 2013-01-03 19:33 . 2013-01-03 19:33 -------- d-----w- c:\program files (x86)\Common Files\Comodo 2013-01-03 19:33 . 2013-01-04 14:54 -------- d-----w- c:\program files (x86)\Comodo 2013-01-03 19:33 . 2013-01-03 19:33 -------- d-----w- c:\programdata\Comodo Downloader 2013-01-03 18:57 . 2013-01-03 18:57 -------- d-----w- c:\programdata\Malwarebytes 2013-01-03 18:57 . 2013-01-03 18:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-03 18:57 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-03 17:14 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-01-03 17:14 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-01-03 17:14 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-01-03 17:14 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-01-03 17:14 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-01-03 17:14 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-01-03 17:14 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe 2013-01-03 17:13 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr 2013-01-03 17:13 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2013-01-03 17:13 . 2013-01-03 17:13 -------- d-----w- c:\programdata\AVAST Software 2013-01-03 17:13 . 2013-01-03 17:13 -------- d-----w- c:\program files\AVAST Software 2013-01-02 17:51 . 2013-01-02 17:59 -------- d-----w- c:\program files (x86)\Call of Duty Black Ops 2 2013-01-02 17:50 . 2013-01-02 17:50 -------- d-----w- c:\program files (x86)\GetDiz 2013-01-01 19:09 . 2013-01-01 19:09 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-01-01 18:55 . 2013-01-01 18:55 -------- d-----w- c:\program files (x86)\NAMCO BANDAI Games 2013-01-01 12:58 . 2013-01-01 15:19 -------- d-----w- c:\program files (x86)\Farming Simulator 2013 2012-12-31 22:46 . 2013-01-01 19:09 -------- d-----w- c:\programdata\Orbit 2012-12-31 13:53 . 2012-12-31 13:53 -------- d-----w- c:\program files (x86)\ChomikBox 2012-12-31 10:27 . 2010-06-02 03:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll 2012-12-31 10:27 . 2010-06-02 03:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll 2012-12-31 10:27 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll 2012-12-31 10:27 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll 2012-12-31 10:27 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll 2012-12-31 10:25 . 2012-12-31 10:25 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-12-31 10:14 . 2012-12-31 10:14 -------- d-----w- c:\program files (x86)\2K Games 2012-12-30 21:33 . 2012-12-30 21:33 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-30 21:33 . 2012-12-30 21:33 289768 ----a-w- c:\windows\system32\javaws.exe 2012-12-30 21:33 . 2012-12-30 21:33 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-12-30 21:33 . 2012-12-30 21:33 189416 ----a-w- c:\windows\system32\javaw.exe 2012-12-30 21:33 . 2012-12-30 21:33 188904 ----a-w- c:\windows\system32\java.exe 2012-12-30 21:33 . 2012-12-30 21:33 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2012-12-30 21:33 . 2012-12-30 21:33 -------- d-----w- c:\program files\Java 2012-12-30 14:44 . 2012-12-30 14:44 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll 2012-12-30 14:43 . 2013-01-01 18:55 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE 2012-12-30 14:43 . 2012-12-30 14:43 -------- d-----w- c:\windows\SysWow64\xlive 2012-12-30 13:59 . 2012-12-30 14:00 -------- d-----w- c:\program files (x86)\Rockstar Games 2012-12-26 21:35 . 2013-01-05 21:13 -------- d-----w- c:\program files\MotioninJoy 2012-12-26 21:35 . 2011-08-29 23:54 117520 ----a-w- c:\windows\system32\drivers\MijXfilt.sys 2012-12-26 21:35 . 2010-08-19 18:24 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys 2012-12-26 21:35 . 2010-08-19 18:24 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-12-26 21:35 . 2010-05-03 15:12 328712 ----a-w- c:\windows\system32\MijFrc.dll 2012-12-26 21:29 . 2012-12-26 21:30 -------- d-----w- c:\program files (x86)\Euro Truck Simulator 2 2012-12-25 13:02 . 2012-12-25 13:02 -------- d-----w- c:\program files\2C-Audio 2012-12-25 04:12 . 2012-12-25 04:12 -------- d-----w- c:\program files (x86)\apulSoft 2012-12-25 01:54 . 2009-12-03 21:40 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-12-25 01:44 . 2011-07-01 11:31 2181120 ----a-w- c:\windows\system32\ReWire.dll 2012-12-25 01:44 . 2012-12-25 01:44 -------- d-----w- c:\users\Public\Waves Audio 2012-12-25 01:41 . 2012-12-25 01:54 -------- d-----w- c:\program files (x86)\Waves 2012-12-25 01:20 . 2012-12-25 01:20 -------- d-----w- c:\program files (x86)\Common Files\reFX 2012-12-25 01:20 . 2012-12-25 01:20 1025 ----a-w- c:\windows\SysWow64\sysprs7.dll 2012-12-25 01:20 . 2012-12-25 01:20 1025 ----a-w- c:\windows\SysWow64\clauth2.dll 2012-12-25 01:20 . 2012-12-25 01:20 1025 ----a-w- c:\windows\SysWow64\clauth1.dll 2012-12-25 01:17 . 2009-10-24 20:15 1332224 ----a-w- c:\windows\SysWow64\SYNSOEMU.DLL 2012-12-25 01:13 . 2012-12-25 01:13 -------- d-----w- c:\program files (x86)\Common Files\SoundToys 2012-12-25 01:13 . 2012-12-25 01:13 -------- d-----w- c:\program files (x86)\SoundToys 2012-12-25 01:10 . 1999-12-17 08:13 86016 ----a-w- c:\windows\unvise32.exe 2012-12-25 01:09 . 2012-12-25 01:09 -------- dc-h--w- c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD} 2012-12-25 01:09 . 2012-12-25 01:09 -------- dc-h--w- c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B} 2012-12-25 01:08 . 2012-12-25 01:08 -------- dc-h--w- c:\programdata\{3006A797-CDFA-44FC-98EF-155579E2CDBF} 2012-12-25 01:08 . 2012-12-25 01:09 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments 2012-12-25 01:08 . 2012-12-25 01:08 -------- d-----w- c:\program files\Common Files\Native Instruments 2012-12-25 01:08 . 2012-12-25 01:08 -------- d-----w- c:\program files (x86)\Common Files\Digidesign 2012-12-25 01:08 . 2012-12-25 01:09 -------- d-----w- c:\program files\Native Instruments 2012-12-25 01:08 . 2012-12-25 01:08 -------- d-----w- c:\programdata\Native Instruments 2012-12-25 01:06 . 2012-12-25 01:06 -------- d-----w- c:\program files (x86)\LiquidSonics 2012-12-25 01:06 . 2012-12-25 01:06 -------- dc-h--w- c:\programdata\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB} 2012-12-25 01:02 . 2012-12-25 01:02 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-12-25 01:02 . 2012-12-25 01:02 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2012-12-25 01:02 . 2012-12-25 01:02 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2012-12-25 00:57 . 2012-12-25 00:57 -------- d-----w- c:\program files (x86)\Cakewalk 2012-12-25 00:57 . 2012-12-25 00:57 -------- d-----w- C:\Cakewalk Content 2012-12-25 00:56 . 2012-12-25 13:02 -------- d-----w- c:\program files (x86)\Vstplugins 2012-12-25 00:45 . 2012-12-25 00:45 -------- d-----w- c:\programdata\Ableton 2012-12-25 00:44 . 2010-10-08 16:57 368640 ----a-w- c:\windows\SysWow64\ReWire.dll 2012-12-25 00:44 . 2010-10-08 16:57 233472 ----a-w- c:\windows\SysWow64\REX Shared Library.dll 2012-12-25 00:43 . 2012-12-25 00:43 -------- d-----w- c:\program files (x86)\Ableton 2012-12-19 19:46 . 2012-12-19 19:46 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft 2012-12-19 19:46 . 2012-12-19 19:46 -------- d-----w- c:\program files (x86)\DVDVideoSoft 2012-12-18 18:08 . 2012-12-18 18:08 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2012-12-16 14:09 . 2012-12-16 14:46 -------- d-----w- c:\program files (x86)\Guild Wars 2 2012-12-16 13:58 . 2012-07-03 22:25 31080 ----a-w- c:\windows\system32\nvhdap64.dll 2012-12-16 13:58 . 2012-07-03 22:25 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2012-12-16 13:58 . 2012-07-03 14:37 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2012-12-16 13:56 . 2012-12-31 06:43 -------- d-----w- c:\users\UpdatusUser 2012-12-16 13:56 . 2013-01-06 02:01 -------- d-----w- c:\programdata\NVIDIA 2012-12-16 13:55 . 2012-12-01 05:49 3663213 ----a-w- c:\windows\system32\nvcoproc.bin 2012-12-16 13:55 . 2012-12-01 05:49 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-12-16 13:55 . 2012-12-01 05:49 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-12-16 13:55 . 2012-12-01 05:49 890216 ----a-w- c:\windows\system32\nvvsvc.exe 2012-12-16 13:55 . 2012-12-01 05:48 6223208 ----a-w- c:\windows\system32\nvcpl.dll 2012-12-16 13:55 . 2012-12-01 05:48 3311464 ----a-w- c:\windows\system32\nvsvc64.dll 2012-12-16 13:55 . 2012-08-30 16:18 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-12-16 13:55 . 2012-12-16 13:55 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-12-14 19:45 . 2012-12-14 19:45 95904 ----a-w- c:\windows\system32\drivers\inspect.sys 2012-12-14 19:45 . 2012-12-14 19:45 697960 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2012-12-14 19:45 . 2012-12-14 19:45 48512 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2012-12-14 19:45 . 2012-12-14 19:45 23328 ----a-w- c:\windows\system32\drivers\cmderd.sys 2012-12-14 19:45 . 2012-12-14 19:45 42856 ----a-w- c:\windows\system32\cmdcsr.dll 2012-12-14 19:45 . 2012-12-14 19:45 453808 ----a-w- c:\windows\system32\guard64.dll 2012-12-14 19:45 . 2012-12-14 19:45 350272 ----a-w- c:\windows\SysWow64\guard32.dll 2012-12-14 19:45 . 2012-12-14 19:45 321744 ----a-w- c:\windows\system32\cmdvrt64.dll 2012-12-14 19:45 . 2012-12-14 19:45 260304 ----a-w- c:\windows\SysWow64\cmdvrt32.dll 2012-12-09 21:03 . 2012-12-09 21:03 -------- d-----w- C:\NVIDIA 2012-12-09 15:18 . 2012-12-09 15:18 -------- d-----w- c:\program files\Nexus Mod Manager 2012-12-09 14:57 . 2012-12-09 14:57 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation 2012-12-09 14:43 . 2013-01-05 17:44 -------- d-----w- c:\program files (x86)\Common Files\Steam 2012-12-09 14:42 . 2013-01-06 02:02 -------- d-----w- c:\program files (x86)\Steam 2012-12-09 09:00 . 2012-12-09 09:00 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-12-09 08:57 . 2011-05-10 16:46 557848 ----a-w- c:\windows\system32\drivers\iaStor.sys 2012-12-09 08:54 . 2012-12-09 08:54 -------- d-----w- c:\windows\AsDmiHtm . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-04 08:41 . 2012-12-04 08:41 37976 ----a-w- c:\windows\SysWow64\drivers\CFRMD.sys 2012-12-04 08:41 . 2012-12-04 08:41 37976 ----a-w- c:\windows\inf\CFRMD\cfrmd.sys 2012-11-30 21:43 . 2012-11-30 21:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-11-21 13:10 . 2012-11-21 13:10 3123272 ----a-r- c:\windows\SysWow64\pbsvc.exe 2012-11-14 18:04 . 2012-11-14 18:04 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-11-14 18:04 . 2012-11-14 18:04 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-11-14 18:04 . 2012-11-14 18:04 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-11-14 18:04 . 2012-11-14 18:04 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-11-14 18:04 . 2012-11-14 18:04 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-11-14 18:03 . 2012-11-14 18:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-14 18:03 . 2012-11-14 18:03 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-14 18:03 . 2012-11-14 18:03 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-11-14 18:03 . 2012-11-14 18:03 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-11-14 18:03 . 2012-11-14 18:03 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll 2012-11-14 18:03 . 2012-11-14 18:03 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-11-14 18:03 . 2012-11-14 18:03 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-11-14 18:03 . 2012-11-14 18:03 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-11-14 18:03 . 2012-11-14 18:03 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-11-14 18:03 . 2012-11-14 18:03 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-11-14 18:03 . 2012-11-14 18:03 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-11-14 18:03 . 2012-11-14 18:03 18944 ----a-w- c:\windows\system32\netevent.dll 2012-11-14 18:03 . 2012-11-14 18:03 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-11-14 18:03 . 2012-11-14 18:03 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-11-14 18:02 . 2012-11-14 18:02 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-11-14 18:02 . 2012-11-14 18:02 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-11-14 18:02 . 2012-11-14 18:02 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-11-14 18:02 . 2012-11-14 18:02 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-11-14 18:02 . 2012-11-14 18:02 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-11-14 18:02 . 2012-11-14 18:02 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-11-14 18:01 . 2012-11-14 18:01 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-11-14 18:01 . 2012-11-14 18:01 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-11-14 18:01 . 2012-11-14 18:01 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-11-14 18:00 . 2012-11-14 18:00 503808 ----a-w- c:\windows\system32\srcore.dll 2012-11-14 18:00 . 2012-11-14 18:00 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-11-14 18:00 . 2012-11-14 18:00 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-11-14 17:59 . 2012-11-14 17:59 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2012-11-14 17:59 . 2012-11-14 17:59 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-11-14 17:59 . 2012-11-14 17:59 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 17:59 . 2012-11-14 17:59 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 338432 ----a-w- c:\windows\system32\conhost.exe 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-11-14 17:59 . 2012-11-14 17:59 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-11-14 17:59 . 2012-11-14 17:59 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2012-11-14 17:59 . 2012-11-14 17:59 243200 ----a-w- c:\windows\system32\wow64.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-09 1354736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-19 284440] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] . c:\users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Calc.lnk - c:\windows\System32\calc.exe [2009-7-14 918528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-19 13592] R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2012-12-14 158928] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-14 19456] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-11-14 29696] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-14 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-14 30208] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-14 1255736] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2012-12-14 23328] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-12-14 697960] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-12-14 48512] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-07 283200] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\Comodo\launcher_service.exe [2012-11-01 70352] S2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files (x86)\Common Files\Comodo\GeekBuddyRSP.exe [2012-10-31 1467088] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752] S3 MAUSBFASTTRACKULTRA;Service for M-Audio Fast Track Ultra;c:\windows\system32\DRIVERS\MAudioFastTrackUltra.sys [2011-01-11 197424] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-08-29 117520] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . Zawartość folderu 'Zaplanowane zadania' . 2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-07 20:12] . 2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-07 20:12] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2011-01-11 809264] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2012-12-14 1447632] . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Free YouTube to MP3 Converter - c:\users\Michal\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{8E6653D6-5F6B-44D7-A31D-5EF05C3A1016}: NameServer = 8.26.56.26,156.154.70.22 . - - - - USUNIĘTO PUSTE WPISY - - - - . Wow6432Node-HKLM-Run-tvncontrol - c:\program files (x86)\Common Files\Comodo\tvnserver.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe . ************************************************************************** . Czas ukończenia: 2013-01-06 03:05:23 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2013-01-06 02:05 . Przed: 247 139 655 680 bytes free Po: 246 849 077 248 bytes free . - - End Of File - - 0F6905A73A57E648C0EDBDECFA83CF56
  7. Jancu6
    I did those steps about the RogueKiller. Anitrootkit didnt find anything, same like before. However, I don't have possibility now to check if that problem still occurs. I am not in Netherlands and the malware seems to activate only there. But, before the anti-rootkit also didn't find any malware, so most probably, when I will plug the cable in Netherland, svchost will come back again. Is it a malware that reacts only with one IP? Or how can I understand that?
  8. Jancu6
    Okay I uninstalled uTorrent. Here is the report from RogueKiller RogueKiller V8.4.2 [Dec 31 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Michal [Admin rights] Mode : Scan -- Date : 01/06/2013 01:49:58 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Adobe (C:\ProgramData\Adobe\EFB01.vbe) -> FOUND [sTARTUP][sUSP PATH] LaunchLater.lnk @Michal : C:\Users\Michal\AppData\Roaming\Microsoft\Installer\{B16D2B97-0EAE-44A2-87EA-D6E34A18D4B2}\_DB477A4B1562BA9DC400CD.exe -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{8E6653D6-5F6B-44D7-A31D-5EF05C3A1016} : NameServer (8.26.56.26,156.154.70.22) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{8E6653D6-5F6B-44D7-A31D-5EF05C3A1016} : NameServer (8.26.56.26,156.154.70.22) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD20EARX-00PASB0 +++++ --- User --- [MBR] 7b20f67738d1cca27d76cac5d12c3523 [bSP] 1200eaf1ec9ef500c1c3a9c1940672d7 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 499899 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1024000000 | Size: 1407728 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01062013_02d0149.txt >> RKreport[1]_S_01062013_02d0149.txt
  9. Jancu6
    I am truly sorry that I attached the logs, really I forgot to not to do that due to the long post I made. I am sorry.
  10. Jancu6
    So, the initial problem was, that Windows Firewall turned itself off. I read in the internet, that this can be fixed by enabling it again in the services.msc, so I did that, and yeah, it worked. But the next time I started my computer I noticed, that it happened again, so I thought - virus. But even full scans with avast didn't find anything, so I read some articles in the internet, and I learned that this is a malware problem. I downloaded rKill, I downloaded Malwarebytes software. I found out, that rKill is terminating one svchost process, and this process doesnt have Microsoft copyrights and in the task manager it looks like this: svchost.exe*32 instead of the rest, which doesn't have the *32 tag. Then I run a scan with malwarebytes software and it removes the svchost.exe responsible for the suspicious process. It's located in C:/Users/[username]/AppData/Local/Temp/svchost.exe I was scared, so I installed a third party firewall from COMODO right away. I rebooted my computer with new firewall (take note that my network cable was then unplugged). The svchost.exe was no longer in the temp folder, so, with new firewall, I decided to put the cable back. Then I noticed, that after plugging it in, the file generated itself again, and the COMODO firewall showed me, that it is trying to connect to the internet. I blocked this, and made a rule for that. And it happens everytime. I tried also to remove the file manually, change its extension, everything that came to my mind, with no success. I installed some anti-rootkit soft from malware bytes, but it found nothing. I will make a quick summary of what I've done: - rKill, terminates the process only when connected to internet - malwarebytes scan, removes svchost.exe from appdata/temp only after rKill - anti-rootkit scan, nothing found - antivirus scan, through and before loading the system, nothing - TDSSKiller finds nothing (program I found somewhere that was supposed to help) all these steps where done in safemode with networking, with cable unplugged, with cable plugged, in normal windows mode, also both cable versions. I ended up with the rule that is blocking the connection and with a LaunchLater program, that launches rKill 10 seconds after booting, because with normal startup sometimes rKill was running too early, before the bad svchost had even started. And now the last thing - right now. I am using my desktop computer in another country, with a different internet provider, I connected the internet cable few minutes ago, and the bad svchost is NOT THERE. rKill finds nothing. And before I left, I checked one last time, and the problem was still there, the computer is 100% still infected. I didn't even turn on the computer since then (about 24 hours ago) But it activates only when I am connecting a cable at home in Netherlands, nowhere else. That's most strange to me. Please, any genius, help me with this. Sorry for my grammar, English is not my native language. dds.txt attach.txt
  11. Jancu6
    actually, there is nothing I can find in the task manager, what could be chewing up my resources. My processor is on 1%, and physical memory 14%. Nothing special happens there. I've got i5 2500k at 3,3Ghz and 16GB RAM. Always trying to keep startup as clean as possible to not run to many applications at once. There is one svchost that is taking betwen 287k - 320k of memory, changing randomly. None of these processes are detected as malware also.
  12. Jancu6
    Hi everyone. I'm having a strange problem here with my mouse. It's wireless Logitech M305. What I noticed since a couple of days, is that from time to time, mouse cursor stops for a split second, as I move it around the screen. For example, I move it to the right, is stops in one point, and as I continue to push it right, it eventually starts working again. What is the most strange thing in this problem, is that when that happens, it's only in one point in the screen. To explain it better, i will give an example: let's say there is a red dot in the centre of my desktop. I am moving the cursor left and right through that dot, and eventually the problem occurs - the mouse freezes on the red dot, I push it further, it works again, but when I go back with the cursor to the dot, it freezes again exactly in the same spot. Let's say, I will repeat it 3 or 4 times, and then suddenly mouse is working good in this spot, but after few minutes it happens again but in a different place on the screen. In the beggining I thought my batteries are empty, so I changed them to new. But it didnt help. I am not using any programs that change cursors, or skins, or anything else. No effects on cursor. Anyone any idea what could it be? Maybe hardware issue? But why it happens only in one spot on the screen?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.