Jump to content

MkktCkkt

Members
  • Posts

    15
  • Joined

  • Last visited

Everything posted by MkktCkkt

  1. Thank you so much! I updated Adobe Reader and Java, but IE11 wont install at all. I previously posted that picture about how IE11 update always failed, so I went on and downloaded installer from microsofts page. That installer failed too. What if I just delete it? or should I start fighting whit that IE now? even though im not even using it.
  2. Hi I belive I deleted everything. FRST Logs: Addition.txt FRST.txt
  3. ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=5cde7b070245e348b1052418a47bacba # engine=19424 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-07-30 11:12:45 # local_time=2014-07-31 02:12:45 (+0200, Suomen kesäaika) # country="Finland" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 1316548 48078881 0 0 # scanned=639131 # found=18 # cleaned=0 # scan_time=10151 sh=9357AD524EC7D326F3FAEDB37BC88A2C99383120 ft=0 fh=0000000000000000 vn="VBS/CoinMiner.AD trojan" ac=I fn="C:\FRST\Quarantine\C\Users\B\AppData\Roaming\Origin\update.vbe" sh=C331A1BAEB9D9E5C558A9E60D6CC4C1465DE5635 ft=1 fh=9846aa6c2493f694 vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="D:\Ladatut Tiedostot\DeviceDoctorPro.exe" sh=7B728010B02F323611A5C0060C0638101AE0FC5B ft=1 fh=ec9e8d09f29fa913 vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="D:\Ladatut Tiedostot\DeviceDoctor_Bundle.exe" sh=0019B16E4183DF28004DB503F2E3D2075A0FD541 ft=1 fh=dd9e6ee495e2b97d vn="Win32/InstallMonetizer.AF potentially unwanted application" ac=I fn="D:\Ladatut Tiedostot\Pazera_Free_MP4_to_AVI_Converter_v1.7.exe" sh=5024A01FF7371C091F4EF6665F27C2CC98399A37 ft=1 fh=7efc120aeebb427e vn="a variant of Win32/AdWare.MultiPlug.AP application" ac=I fn="D:\Ladatut Tiedostot\SC-7415FF7415.rar" sh=4214A591BD070047DB6B9142198F9AF43BEDC4AC ft=0 fh=0000000000000000 vn="a variant of Win32/SkypeLogView.A potentially unsafe application" ac=I fn="D:\Ladatut Tiedostot\skypelogview.zip" sh=B6F7B1483088DF3F2E06A4FD4750F9A5998DD315 ft=1 fh=272dab65bf7b74d8 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="D:\Ladatut Tiedostot\spsetup121.exe" sh=2F3FAFAC28D2A0191B524704ED6B8B0E533B3630 ft=1 fh=17a186c0e2f206d3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="D:\Ladatut Tiedostot\spsetup126.exe" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="D:\Ladatut Tiedostot\LEGO.Star.Wars.III.The.Clone.Wars-SKIDROW\sr-lsw3c.iso" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application" ac=I fn="D:\Ladatut Tiedostot\Saints.Row.IV-RELOADED\rld-saints4.iso" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="D:\Ladatut Tiedostot\The.Incredible.Adventures.of.Van.Helsing.II-CODEX\codex-the.incredible.adventures.of.van.helsing.ii.iso" sh=C4962B5F9A118F0A3DFAF1D9E73AAA0DD19319FF ft=1 fh=45836b55521038c5 vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="D:\Ohjelmat\Device Doctor\DDSmartScan.exe" sh=204530442D73013A195B789219A491ABA865C5E7 ft=1 fh=b8e681b79875ce9b vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\Ohjelmat\FL Studio 10.0.9c Producer Edition Final key [ChingLiu]\flstudio_10.0.9c.exe" sh=695D5B402E29363E9906201C6E5DA84D9665CE6B ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AN potentially unwanted application" ac=I fn="D:\Ohjelmat\VST\ToneBytes_Lo-Fizer.zip" sh=357CABA3D3F3D1894D7C698DD06CC1FF79849982 ft=1 fh=73b55166117b07c1 vn="Win32/InstallMonetizer.AN potentially unwanted application" ac=I fn="D:\Ohjelmat\VST\VST\Lo-Fizer VST Setup.exe" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="D:\Pelit\Fable.III-SKIDROW\sr-fable3.iso" sh=7113D3A10D8722FE80A3717E87BC7354F55674B4 ft=1 fh=a654d788654f8e37 vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="D:\Pelit\LEGO Star Wars III The Clone Wars\paul.dll" sh=357CABA3D3F3D1894D7C698DD06CC1FF79849982 ft=1 fh=73b55166117b07c1 vn="Win32/InstallMonetizer.AN potentially unwanted application" ac=I fn="D:\Reaper\Plugins\FX\muut\Lo-Fizer VST Setup.exe"
  4. Okay now it doesn't detect anything. Thanks!
  5. I belive there is somekind of malware/virus/stupidthing on my second drive which is full of important stuff. I have used it since back I was stupid enough to go to suspicious sites and so on and I never have reformatted it. So I belive it has virus which can hide itself pretty well (like into Master boot section of drive or something?) I have just installed windows again couple weeks ago and now have repeating creation of virus in svchost.exe at startup. I noticed now that there is one update windows tries to push trough about IE11. It always fails that update. ('Epäonnistui' in pic means failed) I wonder if that is some shielding mechanism on that virus? or it infects that update and forces it to create new virus into svchost.exe. As far as I understood is not possible to get Combofix to clean other drives than system drive. and I also belive this is the case in other programs as well (not including mbar and mbam)
  6. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014 Ran by B at 2014-07-30 22:19:13 Run:2 Running from C:\Users\B\Desktop\frst Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {3FB43551-603A-47B8-835F-405C0002AC47} - System32\Tasks\Origin => C:\Users\B\AppData\Roaming\Origin\update.vbe [2014-07-18] () <==== ATTENTION C:\Users\B\AppData\Roaming\Origin\ Reboot: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3FB43551-603A-47B8-835F-405C0002AC47}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FB43551-603A-47B8-835F-405C0002AC47}" => Key deleted successfully. C:\Windows\System32\Tasks\Origin => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => Key deleted successfully. C:\Users\B\AppData\Roaming\Origin => Moved successfully. The system needed a reboot. ==== End of Fixlog ====
  7. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014 Ran by B at 2014-07-30 21:44:57 Run:1 Running from C:\Users\B\Desktop\frst Boot Mode: Normal ============================================== Content of fixlist: ***************** Folder: C:\Windows\Temp\ File: C:\Windows\Temp\svchost.exe ***************** ========================= Folder: C:\Windows\Temp\ ======================== 2014-07-30 21:42 - 2014-07-30 21:42 - 0000321 _____ () C:\Windows\Temp\1406745777_log.txt 2014-07-30 12:17 - 2014-07-30 21:42 - 0060684 _____ () C:\Windows\Temp\Data.bin 2014-07-30 16:59 - 2014-07-30 16:59 - 0000608 _____ () C:\Windows\Temp\fwtsqmfile00.sqm 2014-07-30 21:41 - 2014-07-30 21:41 - 0000608 _____ () C:\Windows\Temp\fwtsqmfile01.sqm 2014-07-29 15:42 - 2014-07-29 15:46 - 1883448 _____ () C:\Windows\Temp\lpksetup-20140729-154228-0.log 2014-07-30 16:00 - 2014-07-30 16:05 - 1883512 _____ () C:\Windows\Temp\lpksetup-20140730-160044-0.log 2014-07-29 14:45 - 2014-07-30 19:50 - 0007462 _____ () C:\Windows\Temp\MpCmdRun.log 2014-07-30 19:47 - 2014-07-30 19:50 - 0005320 _____ () C:\Windows\Temp\MpSigStub.log 2014-07-30 21:42 - 2014-07-30 21:42 - 1603584 _____ () C:\Windows\Temp\svchost.exe 2014-07-30 19:47 - 2014-07-30 19:50 - 0000000 ____D () C:\Windows\Temp\556C747BFB847E342BB8FB33486FA567-Sigs 2014-07-30 16:57 - 2014-07-30 16:57 - 0000000 ____D () C:\Windows\Temp\IEE766.tmp 2014-07-30 16:57 - 2014-07-30 16:57 - 1868205 _____ () C:\Windows\Temp\IEE766.tmp\Windows6.1-KB2888049-x64.cab 2014-07-05 12:16 - 2014-07-05 12:16 - 0000000 ____D () C:\Windows\Temp\Low 2014-07-05 12:16 - 2014-07-05 12:16 - 0000000 ____D () C:\Windows\Temp\Low\SkypeClickToCall 2014-07-05 12:16 - 2014-07-05 12:16 - 0000000 ____D () C:\Windows\Temp\Low\SkypeClickToCall\Logs 2014-07-05 12:16 - 2014-07-26 22:42 - 0002820 _____ () C:\Windows\Temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log 2014-07-30 02:02 - 2014-07-30 02:02 - 0000000 ____D () C:\Windows\Temp\MPInstrumentation ====== End of Folder: ====== ========================= File: C:\Windows\Temp\svchost.exe ======================== MD5: 9FDEFAA3232AC9DD0608DB999D05381D Creation and modification date: 2014-07-30 21:42 - 2014-07-30 21:42 Size: 1603584 Attributes: ----A Company Name: Internal Name: Original Name: Product Name: Description: File Version: Product Version: Copyright: ====== End Of File: ====== ==== End of Fixlog ====
  8. I meant realtime protection. Sorry my typo.
  9. Do I have to disable real time scan from MSE too?
  10. Hi. Mbar found nothing Log: Malwarebytes Anti-Rootkit BETA 1.07.0.1012www.malwarebytes.org Database version: v2014.07.30.05 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 8.0.7601.17514B :: B-PC [administrator] 30.7.2014 19:46:14mbar-log-2014-07-30 (19-46-14).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 323372Time elapsed: 5 minute(s), 11 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end)
  11. Hi. Last 24 hours I've come to conclusion that this virus must be located on my second drive. And that same mbam popup about svchost.exe keeps happening I attached picture about it.
  12. Hi. Adw: # AdwCleaner v3.301 - Report created 29/07/2014 at 14:33:59# Updated 28/07/2014 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : B - B-PC# Running from : C:\Users\B\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\B\OneDrive\Save ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.7601.18487 -\\ Google Chrome v36.0.1985.125 [ File : C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [822 octets] - [29/07/2014 14:32:27]AdwCleaner[s0].txt - [746 octets] - [29/07/2014 14:33:59] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [805 octets] ########## Combofix: ComboFix 14-07-29.01 - B 29.07.2014 14:39:32.1.6 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.358.1035.18.8178.5953 [GMT 3:00]Sijainti: c:\users\B\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))..D:\install.exe..((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2014-06-28 to 2014-07-29 )))))))))))))))))..2014-07-29 11:42 . 2014-07-29 11:42 -------- d-----w- c:\users\Default\AppData\Local\temp2014-07-29 11:32 . 2010-08-30 05:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll2014-07-29 11:29 . 2014-04-23 08:50 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1E806C7-2D5A-4951-8F28-8C52943B5337}\gapaengine.dll2014-07-29 11:29 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DA3CB25-21BB-45F8-8B63-F9AE59EAB812}\mpengine.dll2014-07-29 11:29 . 2014-07-29 11:34 -------- d-----w- C:\AdwCleaner2014-07-29 08:43 . 2014-07-29 08:45 -------- d-----w- C:\FRST2014-07-29 08:34 . 2014-07-29 08:39 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2014-07-28 20:59 . 2014-07-28 20:59 -------- d-----w- c:\program files (x86)\VideoLAN2014-07-28 09:47 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-07-19 13:18 . 2014-07-19 13:18 -------- d-----w- c:\program files (x86)\Common Files\Java2014-07-18 18:18 . 2014-07-18 18:18 -------- d-----w- c:\programdata\Electronic Arts2014-07-18 17:54 . 2014-07-18 17:54 -------- d-----w- c:\programdata\Origin2014-07-18 17:24 . 2009-02-24 15:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys2014-07-18 17:24 . 2009-02-24 15:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys2014-07-18 17:24 . 2014-07-18 17:25 -------- d-----w- c:\program files (x86)\MagicDisc2014-07-11 13:30 . 2014-04-23 08:50 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2014-07-09 19:41 . 2014-07-09 19:41 -------- d-s---w- c:\windows\system32\CompatTel2014-07-09 16:52 . 2014-07-09 16:53 -------- d-----w- c:\windows\system32\MRT2014-07-09 16:49 . 2014-05-28 10:17 64512 ----a-w- c:\windows\system32\jsproxy.dll2014-07-09 16:48 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys2014-07-09 14:42 . 2014-07-19 13:18 -------- d-----w- c:\programdata\Oracle2014-07-09 14:40 . 2014-07-11 00:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-07-09 14:40 . 2014-07-19 13:18 -------- d-----w- c:\program files (x86)\Java2014-07-08 19:57 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe2014-07-08 19:57 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe2014-07-08 19:57 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL2014-07-08 19:57 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL2014-07-08 19:57 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll2014-07-08 19:22 . 2012-07-26 07:48 2560 ----a-w- c:\windows\system32\drivers\hu-HU\wdf01000.sys.mui2014-07-08 19:22 . 2012-07-26 07:45 2560 ----a-w- c:\windows\system32\drivers\sv-SE\wdf01000.sys.mui2014-07-08 19:22 . 2012-07-26 07:41 2560 ----a-w- c:\windows\system32\drivers\el-GR\wdf01000.sys.mui2014-07-08 19:22 . 2012-07-26 07:31 2560 ----a-w- c:\windows\system32\drivers\da-DK\wdf01000.sys.mui2014-07-08 19:22 . 2012-07-26 05:39 2560 ----a-w- c:\windows\system32\drivers\tr-TR\wdf01000.sys.mui2014-07-08 19:22 . 2012-07-26 05:15 2560 ----a-w- c:\windows\system32\drivers\he-IL\wdf01000.sys.mui2014-07-08 19:22 . 2012-07-26 05:05 2560 ----a-w- c:\windows\system32\drivers\pl-PL\wdf01000.sys.mui2014-07-08 19:22 . 2012-07-26 05:04 2560 ----a-w- c:\windows\system32\drivers\nb-NO\wdf01000.sys.mui2014-07-08 19:22 . 2012-07-26 05:04 2560 ----a-w- c:\windows\system32\drivers\fi-FI\wdf01000.sys.mui2014-07-08 19:22 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui2014-07-08 19:17 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe2014-07-08 19:11 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys2014-07-08 19:11 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys2014-07-08 19:11 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll2014-07-08 19:11 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll2014-07-08 19:11 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe2014-07-08 19:11 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll2014-07-08 19:11 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll2014-07-08 16:15 . 2014-07-08 16:15 -------- d-----w- c:\program files\Speccy2014-07-07 21:24 . 2013-10-14 15:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE2014-07-07 19:02 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll2014-07-07 19:02 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll2014-07-07 19:02 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll2014-07-07 19:02 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll2014-07-07 19:02 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll2014-07-07 19:02 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll2014-07-07 19:02 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll2014-07-07 19:02 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll2014-07-07 19:02 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll2014-07-07 19:02 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll2014-07-07 19:02 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll2014-07-07 19:00 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll2014-07-07 18:59 . 2014-04-12 02:19 136192 ----a-w- c:\windows\system32\sspicli.dll2014-07-07 18:58 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll2014-07-07 18:46 . 2014-07-07 18:46 -------- d-----w- c:\windows\Migration2014-07-06 19:23 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys2014-07-06 19:23 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll2014-07-06 19:15 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys2014-07-06 19:15 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll2014-07-06 19:15 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll2014-07-06 18:19 . 2008-10-15 03:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll2014-07-06 18:19 . 2008-10-15 03:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll2014-07-06 18:19 . 2008-10-15 03:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll2014-07-06 18:19 . 2008-10-15 03:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll2014-07-06 18:19 . 2008-10-15 03:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll2014-07-06 18:19 . 2008-10-15 03:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll2014-07-06 18:15 . 2014-07-06 18:15 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories2014-07-06 16:03 . 2014-07-06 16:03 -------- d-----w- c:\windows\system32\SPReview2014-07-06 16:03 . 2014-07-06 16:03 -------- d-----w- c:\windows\system32\EventProviders2014-07-06 11:55 . 2010-11-20 13:27 297984 ----a-w- c:\windows\system32\ws2_32.dll2014-07-06 11:54 . 2010-11-20 13:28 3072 ----a-w- c:\windows\system32\drivers\el-GR\pnpmem.sys.mui2014-07-06 00:24 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll2014-07-06 00:23 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe2014-07-06 00:22 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll2014-07-06 00:21 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl2014-07-06 00:21 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl2014-07-06 00:21 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll2014-07-06 00:21 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll2014-07-06 00:21 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll2014-07-06 00:21 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll2014-07-06 00:20 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys2014-07-06 00:20 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll2014-07-06 00:20 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll2014-07-06 00:20 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe2014-07-06 00:20 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll2014-07-06 00:20 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll2014-07-06 00:20 . 2011-03-03 06:24 357888 ----a-w- c:\windows\system32\dnsapi.dll2014-07-06 00:20 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe2014-07-06 00:20 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll2014-07-06 00:20 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe2014-07-06 00:18 . 2012-12-07 11:20 23552 ----a-w- c:\windows\system32\oflc.rs2014-07-06 00:17 . 2012-06-16 05:15 911360 ----a-w- c:\windows\system32\jscript.dll2014-07-06 00:16 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll2014-07-06 00:15 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys2014-07-06 00:11 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll2014-07-06 00:11 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll2014-07-05 19:31 . 2014-07-05 08:37 -------- d-----w- c:\windows\Panther2014-07-05 19:31 . 2014-07-06 18:02 -------- d-----w- C:\Boot2014-07-05 19:31 . 2014-07-05 19:31 -------- d-----w- c:\windows\system32\OEM2014-07-05 13:00 . 2014-07-05 13:00 -------- d-----w- c:\program files (x86)\Microsoft.NET2014-07-05 11:48 . 2014-07-05 11:48 -------- d-----w- c:\program files\WinRAR2014-07-05 11:41 . 2014-07-05 11:42 -------- d-----w- c:\program files\GIMP 22014-07-05 11:07 . 2009-03-16 11:18 24920 ----a-w- c:\windows\system32\X3DAudio1_6.dll2014-07-05 10:59 . 2014-07-05 10:59 -------- d-----w- c:\windows\SysWow64\Wat2014-07-05 10:59 . 2014-07-05 10:59 -------- d-----w- c:\windows\system32\Wat2014-07-05 09:43 . 2014-07-05 09:43 -------- d-----w- C:\OneDriveTemp2014-07-05 09:40 . 2014-07-05 09:40 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive2014-07-05 09:40 . 2014-07-05 09:40 -------- d-----w- c:\programdata\Microsoft OneDrive2014-07-05 09:34 . 2014-07-06 01:30 -------- d-----w- c:\program files (x86)\Microsoft Security Client2014-07-05 09:34 . 2014-07-06 01:30 -------- d-----w- c:\program files\Microsoft Security Client2014-07-05 09:25 . 2014-07-05 09:25 -------- d-----w- c:\users\UpdatusUser2014-07-05 09:24 . 2013-06-16 17:47 31080 ----a-w- c:\windows\system32\nvhdap64.dll2014-07-05 09:23 . 2014-06-16 23:57 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36765A92-1173-4328-847F-C1637B887AEA}\mpengine.dll2014-07-05 09:23 . 2014-01-19 07:33 270496 ------w- c:\windows\system32\MpSigStub.exe2014-07-05 09:22 . 2014-07-05 09:25 -------- d-----w- c:\program files (x86)\Google2014-07-05 09:21 . 2014-07-29 11:35 -------- d-----w- c:\program files (x86)\Steam2014-07-05 09:21 . 2014-07-19 09:52 -------- d-----w- c:\program files (x86)\Common Files\Steam..(((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))).2014-07-06 17:55 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll2014-07-06 17:55 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll..(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))..*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2014-07-05 09:40 223432 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2014-07-05 09:40 223432 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2014-07-05 09:40 223432 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 131480 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 131480 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 131480 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-07-16 1753280]"SkyDrive"="c:\users\B\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-07-05 257224]"Spotify"="c:\users\B\AppData\Roaming\Spotify\Spotify.exe" [2014-07-10 6162488]"Spotify Web Helper"="c:\users\B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-10 1178168].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-10 256896].c:\users\B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\B\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-22 35464216]MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2014-7-18 576000].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 cpuz136;cpuz136;c:\users\B\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\B\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoftin verkon tarkastus;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 4\LU4\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 4\LU4\NTIOLib_X64.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [x]S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-07-19 15:34 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe.'Ajoitetut tehtävät'-kansion sisältö.2014-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-05 09:22].2014-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-05 09:22]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2014-07-05 09:40 262344 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2014-07-05 09:40 262344 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2014-07-05 09:40 262344 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 164760 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 164760 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 164760 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 164760 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-03 6628968]"AtherosBtStack"="c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\btvstack.exe" [2012-06-28 1023104]"AthBtTray"="c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\athbttray.exe" [2012-06-28 801920]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184].------- Täydentävä tarkistus -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: DhcpNameServer = 192.168.100.1.- - - - POISTETUT JÄMÄRIVIT - - - -.Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe...--------------------- LUKITUT REKISTERIAVAIMET ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Valmistumisajankohta: 2014-07-29 14:43:52ComboFix-quarantined-files.txt 2014-07-29 11:43.Ennen ajoa: 65 293 590 528 tavua vapaanaAjon jälkeen: 65 637 031 936 tavua vapaana.- - End Of File - - E91203E40CAEAC4EFEB4EB6AE30D0590A36C5E4F47E84449FF07ED3517B43A31
  13. I noticed that Mbam doesn't make log about those actions and that virus cannot be found in quarantine section... I attached two logs: First is lastest scan mbam made and second is older where it actually found this virus and saved scan log. mbam2.txt MBamfound.txt
  14. Hello! When I start my computer malwarebytes always finds trojan.agent in svchost.exe and deletes it. This repeats everytime I start up computer so I did digging around internet and now it seems I have backdoor virus. I have run full scan on malwarebytes with rootkits enabled and full scan with MSE. Both found nothing. I runned this Farbar Recovery. Here are the logs: Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.