Jump to content

Puddlejumper2

Members
  • Posts

    9
  • Joined

  • Last visited

Everything posted by Puddlejumper2

  1. Logs mbar-log-2013-10-02 (21-57-12).txt mbar-log-2013-10-02 (22-14-39).txt JRT.txt AdwCleanerR0.txt FRST.txt ESET.txt
  2. I suppose Trojan. MISL comes pretty close to what I was dealing with. I'll post the logs in a bit.
  3. Sorry, triple-posting now. Did not see that I had to run DDS aswell, my bad . attach.txt dds.txt
  4. Sorry for double-posting again, but I forgot to mention that I'm using Windows 7 and I'd like to be sure that Erunt works for it aswell - because when it loads up it doesn't say that it will create backups for Windows 7. It did create a backup without any problems, but just to be sure that the program is still compatible with the version of Windows I'm using.
  5. RogueKiller V8.7.0 [sep 30 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Martin [Admin rights] Mode : Scan -- Date : 10/01/2013 17:22:48 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 11 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : script (wscript.exe //B "C:\Users\Martin\AppData\Local\Temp\script.vbs" [x][-]) -> FOUND [RUN][sUSP PATH] HKLM\[...]\Run : script (wscript.exe //B "C:\Users\Martin\AppData\Local\Temp\script.vbs" [x][-]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1380484448-3168604834-264916306-1000\[...]\Run : script (wscript.exe //B "C:\Users\Martin\AppData\Local\Temp\script.vbs" [x][-]) -> FOUND [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : script (wscript.exe //B "C:\Users\Martin\AppData\Local\Temp\script.vbs" [x][-]) -> FOUND [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [EXT RUN][sUSP PATH] HKLM\ON_D:\[...]\Run : prcpml (rundll32.exe "C:\Users\marit\AppData\Roaming\prcpml.dll",PszAllocA [x][x][x]) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ -> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\Users\Default User\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\Users\marit\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> D:\Users\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\Documents and Settings\Martin\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\Documents and Settings\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 159.253.18.161 account.tera-europe.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HDS721050CLA362 ATA Device +++++ --- User --- [MBR] 238d7cdc0787fe259dca27da2a0772a9 [bSP] 0f0f14228741eaa8417ca103d2a10910 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) (Standard disk drives) - Corsair Force 3 SSD ATA Device +++++ --- User --- [MBR] 2e838abac8dafd45214414e95a55935c [bSP] d55667d29865c142cac4d390ade31668 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 57139 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_10012013_172248.txt >>
  6. Sorry for double-posting. I'll also leave a Roguekiller log here. RKreport0_S_10012013_022230.txt
  7. So a couple of days ago my mouse started acting weird, and not the kind of weird when your mouse dies out or anything like that - it was moving as if controlled by somebody else. My first instinct was that yes, I've got some sort of spying malware on my PC and I probably should do a few scans. So far I've used both Security Essentials and MBAM, both of which have deleted quite a number of malware. After having run those scans I thought I was fine, but just about 10 minutes ago it started happening again - I immediately restarted the PC and on boot-up searched for any out of the ordinary processes, but no luck. (For some reason this hacker immediately wants to close all of my programs, not really sure why. He/she always goes for my Skype first and tries to log out o_o) So, is there anybody here who can help me find this RAT on my PC and help me delete it for good. Might aswell include my latest MBAM log: http://www35.zippyshare.com/v/46141340/file.html Thanks in advance!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.