MkktCkkt
-
Posts
15 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by MkktCkkt
-
-
-
ESETSmartInstaller@High as downloader log:all ok# product=EOS# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.7623# api_version=3.0.2# EOSSerial=5cde7b070245e348b1052418a47bacba# engine=19424# end=finished# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2014-07-30 11:12:45# local_time=2014-07-31 02:12:45 (+0200, Suomen kesäaika)# country="Finland"# lang=1033# osver=6.1.7601 NT Service Pack 1# compatibility_mode_1='Microsoft Security Essentials'# compatibility_mode=5895 16777213 100 100 1316548 48078881 0 0# scanned=639131# found=18# cleaned=0# scan_time=10151sh=9357AD524EC7D326F3FAEDB37BC88A2C99383120 ft=0 fh=0000000000000000 vn="VBS/CoinMiner.AD trojan" ac=I fn="C:\FRST\Quarantine\C\Users\B\AppData\Roaming\Origin\update.vbe"sh=C331A1BAEB9D9E5C558A9E60D6CC4C1465DE5635 ft=1 fh=9846aa6c2493f694 vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="D:\Ladatut Tiedostot\DeviceDoctorPro.exe"sh=7B728010B02F323611A5C0060C0638101AE0FC5B ft=1 fh=ec9e8d09f29fa913 vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="D:\Ladatut Tiedostot\DeviceDoctor_Bundle.exe"sh=0019B16E4183DF28004DB503F2E3D2075A0FD541 ft=1 fh=dd9e6ee495e2b97d vn="Win32/InstallMonetizer.AF potentially unwanted application" ac=I fn="D:\Ladatut Tiedostot\Pazera_Free_MP4_to_AVI_Converter_v1.7.exe"sh=5024A01FF7371C091F4EF6665F27C2CC98399A37 ft=1 fh=7efc120aeebb427e vn="a variant of Win32/AdWare.MultiPlug.AP application" ac=I fn="D:\Ladatut Tiedostot\SC-7415FF7415.rar"sh=4214A591BD070047DB6B9142198F9AF43BEDC4AC ft=0 fh=0000000000000000 vn="a variant of Win32/SkypeLogView.A potentially unsafe application" ac=I fn="D:\Ladatut Tiedostot\skypelogview.zip"sh=B6F7B1483088DF3F2E06A4FD4750F9A5998DD315 ft=1 fh=272dab65bf7b74d8 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="D:\Ladatut Tiedostot\spsetup121.exe"sh=2F3FAFAC28D2A0191B524704ED6B8B0E533B3630 ft=1 fh=17a186c0e2f206d3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="D:\Ladatut Tiedostot\spsetup126.exe"sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="D:\Ladatut Tiedostot\LEGO.Star.Wars.III.The.Clone.Wars-SKIDROW\sr-lsw3c.iso"sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application" ac=I fn="D:\Ladatut Tiedostot\Saints.Row.IV-RELOADED\rld-saints4.iso"sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="D:\Ladatut Tiedostot\The.Incredible.Adventures.of.Van.Helsing.II-CODEX\codex-the.incredible.adventures.of.van.helsing.ii.iso"sh=C4962B5F9A118F0A3DFAF1D9E73AAA0DD19319FF ft=1 fh=45836b55521038c5 vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="D:\Ohjelmat\Device Doctor\DDSmartScan.exe"sh=204530442D73013A195B789219A491ABA865C5E7 ft=1 fh=b8e681b79875ce9b vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\Ohjelmat\FL Studio 10.0.9c Producer Edition Final key [ChingLiu]\flstudio_10.0.9c.exe"sh=695D5B402E29363E9906201C6E5DA84D9665CE6B ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AN potentially unwanted application" ac=I fn="D:\Ohjelmat\VST\ToneBytes_Lo-Fizer.zip"sh=357CABA3D3F3D1894D7C698DD06CC1FF79849982 ft=1 fh=73b55166117b07c1 vn="Win32/InstallMonetizer.AN potentially unwanted application" ac=I fn="D:\Ohjelmat\VST\VST\Lo-Fizer VST Setup.exe"sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="D:\Pelit\Fable.III-SKIDROW\sr-fable3.iso"sh=7113D3A10D8722FE80A3717E87BC7354F55674B4 ft=1 fh=a654d788654f8e37 vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="D:\Pelit\LEGO Star Wars III The Clone Wars\paul.dll"sh=357CABA3D3F3D1894D7C698DD06CC1FF79849982 ft=1 fh=73b55166117b07c1 vn="Win32/InstallMonetizer.AN potentially unwanted application" ac=I fn="D:\Reaper\Plugins\FX\muut\Lo-Fizer VST Setup.exe"
-
Okay now it doesn't detect anything. Thanks!
-
I belive there is somekind of malware/virus/stupidthing on my second drive which is full of important stuff. I have used it since back I was stupid enough to go to suspicious sites and so on and I never have reformatted it. So I belive it has virus which can hide itself pretty well (like into Master boot section of drive or something?) I have just installed windows again couple weeks ago and now have repeating creation of virus in svchost.exe at startup. I noticed now that there is one update windows tries to push trough about IE11. It always fails that update. ('Epäonnistui' in pic means failed) I wonder if that is some shielding mechanism on that virus? or it infects that update and forces it to create new virus into svchost.exe.
As far as I understood is not possible to get Combofix to clean other drives than system drive. and I also belive this is the case in other programs as well (not including mbar and mbam) -
-
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014Ran by B at 2014-07-30 22:19:13 Run:2Running from C:\Users\B\Desktop\frstBoot Mode: Normal==============================================Content of fixlist:*****************Task: {3FB43551-603A-47B8-835F-405C0002AC47} - System32\Tasks\Origin => C:\Users\B\AppData\Roaming\Origin\update.vbe [2014-07-18] () <==== ATTENTIONC:\Users\B\AppData\Roaming\Origin\Reboot:*****************"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3FB43551-603A-47B8-835F-405C0002AC47}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FB43551-603A-47B8-835F-405C0002AC47}" => Key deleted successfully.C:\Windows\System32\Tasks\Origin => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => Key deleted successfully.C:\Users\B\AppData\Roaming\Origin => Moved successfully.The system needed a reboot.==== End of Fixlog ====
-
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014Ran by B at 2014-07-30 21:44:57 Run:1Running from C:\Users\B\Desktop\frstBoot Mode: Normal==============================================Content of fixlist:*****************Folder: C:\Windows\Temp\File: C:\Windows\Temp\svchost.exe*****************========================= Folder: C:\Windows\Temp\ ========================2014-07-30 21:42 - 2014-07-30 21:42 - 0000321 _____ () C:\Windows\Temp\1406745777_log.txt2014-07-30 12:17 - 2014-07-30 21:42 - 0060684 _____ () C:\Windows\Temp\Data.bin2014-07-30 16:59 - 2014-07-30 16:59 - 0000608 _____ () C:\Windows\Temp\fwtsqmfile00.sqm2014-07-30 21:41 - 2014-07-30 21:41 - 0000608 _____ () C:\Windows\Temp\fwtsqmfile01.sqm2014-07-29 15:42 - 2014-07-29 15:46 - 1883448 _____ () C:\Windows\Temp\lpksetup-20140729-154228-0.log2014-07-30 16:00 - 2014-07-30 16:05 - 1883512 _____ () C:\Windows\Temp\lpksetup-20140730-160044-0.log2014-07-29 14:45 - 2014-07-30 19:50 - 0007462 _____ () C:\Windows\Temp\MpCmdRun.log2014-07-30 19:47 - 2014-07-30 19:50 - 0005320 _____ () C:\Windows\Temp\MpSigStub.log2014-07-30 21:42 - 2014-07-30 21:42 - 1603584 _____ () C:\Windows\Temp\svchost.exe2014-07-30 19:47 - 2014-07-30 19:50 - 0000000 ____D () C:\Windows\Temp\556C747BFB847E342BB8FB33486FA567-Sigs2014-07-30 16:57 - 2014-07-30 16:57 - 0000000 ____D () C:\Windows\Temp\IEE766.tmp2014-07-30 16:57 - 2014-07-30 16:57 - 1868205 _____ () C:\Windows\Temp\IEE766.tmp\Windows6.1-KB2888049-x64.cab2014-07-05 12:16 - 2014-07-05 12:16 - 0000000 ____D () C:\Windows\Temp\Low2014-07-05 12:16 - 2014-07-05 12:16 - 0000000 ____D () C:\Windows\Temp\Low\SkypeClickToCall2014-07-05 12:16 - 2014-07-05 12:16 - 0000000 ____D () C:\Windows\Temp\Low\SkypeClickToCall\Logs2014-07-05 12:16 - 2014-07-26 22:42 - 0002820 _____ () C:\Windows\Temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log2014-07-30 02:02 - 2014-07-30 02:02 - 0000000 ____D () C:\Windows\Temp\MPInstrumentation====== End of Folder: =============================== File: C:\Windows\Temp\svchost.exe ========================MD5: 9FDEFAA3232AC9DD0608DB999D05381DCreation and modification date: 2014-07-30 21:42 - 2014-07-30 21:42Size: 1603584Attributes: ----ACompany Name:Internal Name:Original Name:Product Name:Description:File Version:Product Version:Copyright:====== End Of File: ========== End of Fixlog ====
-
I meant realtime protection. Sorry my typo.
-
Do I have to disable real time scan from MSE too?
-
Hi.
Mbar found nothing
Log:Malwarebytes Anti-Rootkit BETA 1.07.0.1012www.malwarebytes.orgDatabase version: v2014.07.30.05Windows 7 Service Pack 1 x64 NTFSInternet Explorer 8.0.7601.17514B :: B-PC [administrator]30.7.2014 19:46:14mbar-log-2014-07-30 (19-46-14).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled:Objects scanned: 323372Time elapsed: 5 minute(s), 11 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)Physical Sectors Detected: 0(No malicious items detected)(end) -
-
Hi.
Adw:
# AdwCleaner v3.301 - Report created 29/07/2014 at 14:33:59# Updated 28/07/2014 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : B - B-PC# Running from : C:\Users\B\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\Users\B\OneDrive\Save***** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] ********** [ Browsers ] *****-\\ Internet Explorer v8.0.7601.18487-\\ Google Chrome v36.0.1985.125[ File : C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\preferences ]*************************AdwCleaner[R0].txt - [822 octets] - [29/07/2014 14:32:27]AdwCleaner[s0].txt - [746 octets] - [29/07/2014 14:33:59]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [805 octets] ##########Combofix:ComboFix 14-07-29.01 - B 29.07.2014 14:39:32.1.6 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.358.1035.18.8178.5953 [GMT 3:00]Sijainti: c:\users\B\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))..D:\install.exe..((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2014-06-28 to 2014-07-29 )))))))))))))))))..2014-07-29 11:42 . 2014-07-29 11:42 -------- d-----w- c:\users\Default\AppData\Local\temp2014-07-29 11:32 . 2010-08-30 05:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll2014-07-29 11:29 . 2014-04-23 08:50 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1E806C7-2D5A-4951-8F28-8C52943B5337}\gapaengine.dll2014-07-29 11:29 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DA3CB25-21BB-45F8-8B63-F9AE59EAB812}\mpengine.dll2014-07-29 11:29 . 2014-07-29 11:34 -------- d-----w- C:\AdwCleaner2014-07-29 08:43 . 2014-07-29 08:45 -------- d-----w- C:\FRST2014-07-29 08:34 . 2014-07-29 08:39 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2014-07-28 20:59 . 2014-07-28 20:59 -------- d-----w- c:\program files (x86)\VideoLAN2014-07-28 09:47 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-07-19 13:18 . 2014-07-19 13:18 -------- d-----w- c:\program files (x86)\Common Files\Java2014-07-18 18:18 . 2014-07-18 18:18 -------- d-----w- c:\programdata\Electronic Arts2014-07-18 17:54 . 2014-07-18 17:54 -------- d-----w- c:\programdata\Origin2014-07-18 17:24 . 2009-02-24 15:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys2014-07-18 17:24 . 2009-02-24 15:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys2014-07-18 17:24 . 2014-07-18 17:25 -------- d-----w- c:\program files (x86)\MagicDisc2014-07-11 13:30 . 2014-04-23 08:50 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2014-07-09 19:41 . 2014-07-09 19:41 -------- d-s---w- c:\windows\system32\CompatTel2014-07-09 16:52 . 2014-07-09 16:53 -------- d-----w- c:\windows\system32\MRT2014-07-09 16:49 . 2014-05-28 10:17 64512 ----a-w- c:\windows\system32\jsproxy.dll2014-07-09 16:48 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys2014-07-09 14:42 . 2014-07-19 13:18 -------- d-----w- c:\programdata\Oracle2014-07-09 14:40 . 2014-07-11 00:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-07-09 14:40 . 2014-07-19 13:18 -------- d-----w- c:\program files (x86)\Java2014-07-08 19:57 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe2014-07-08 19:57 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe2014-07-08 19:57 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL2014-07-08 19:57 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL2014-07-08 19:57 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll2014-07-08 19:22 . 2012-07-26 07:48 2560 ----a-w- c:\windows\system32\drivers\hu-HU\wdf01000.sys.mui2014-07-08 19:22 . 2012-07-26 07:45 2560 ----a-w- c:\windows\system32\drivers\sv-SE\wdf01000.sys.mui2014-07-08 19:22 . 2012-07-26 07:41 2560 ----a-w- c:\windows\system32\drivers\el-GR\wdf01000.sys.mui2014-07-08 19:22 . 2012-07-26 07:31 2560 ----a-w- c:\windows\system32\drivers\da-DK\wdf01000.sys.mui2014-07-08 19:22 . 2012-07-26 05:39 2560 ----a-w- c:\windows\system32\drivers\tr-TR\wdf01000.sys.mui2014-07-08 19:22 . 2012-07-26 05:15 2560 ----a-w- c:\windows\system32\drivers\he-IL\wdf01000.sys.mui2014-07-08 19:22 . 2012-07-26 05:05 2560 ----a-w- c:\windows\system32\drivers\pl-PL\wdf01000.sys.mui2014-07-08 19:22 . 2012-07-26 05:04 2560 ----a-w- c:\windows\system32\drivers\nb-NO\wdf01000.sys.mui2014-07-08 19:22 . 2012-07-26 05:04 2560 ----a-w- c:\windows\system32\drivers\fi-FI\wdf01000.sys.mui2014-07-08 19:22 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui2014-07-08 19:17 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe2014-07-08 19:11 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys2014-07-08 19:11 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys2014-07-08 19:11 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll2014-07-08 19:11 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll2014-07-08 19:11 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe2014-07-08 19:11 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll2014-07-08 19:11 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll2014-07-08 16:15 . 2014-07-08 16:15 -------- d-----w- c:\program files\Speccy2014-07-07 21:24 . 2013-10-14 15:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE2014-07-07 19:02 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll2014-07-07 19:02 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll2014-07-07 19:02 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll2014-07-07 19:02 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll2014-07-07 19:02 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll2014-07-07 19:02 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll2014-07-07 19:02 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll2014-07-07 19:02 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll2014-07-07 19:02 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll2014-07-07 19:02 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll2014-07-07 19:02 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll2014-07-07 19:00 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll2014-07-07 18:59 . 2014-04-12 02:19 136192 ----a-w- c:\windows\system32\sspicli.dll2014-07-07 18:58 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll2014-07-07 18:46 . 2014-07-07 18:46 -------- d-----w- c:\windows\Migration2014-07-06 19:23 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys2014-07-06 19:23 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll2014-07-06 19:15 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys2014-07-06 19:15 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll2014-07-06 19:15 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll2014-07-06 18:19 . 2008-10-15 03:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll2014-07-06 18:19 . 2008-10-15 03:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll2014-07-06 18:19 . 2008-10-15 03:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll2014-07-06 18:19 . 2008-10-15 03:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll2014-07-06 18:19 . 2008-10-15 03:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll2014-07-06 18:19 . 2008-10-15 03:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll2014-07-06 18:15 . 2014-07-06 18:15 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories2014-07-06 16:03 . 2014-07-06 16:03 -------- d-----w- c:\windows\system32\SPReview2014-07-06 16:03 . 2014-07-06 16:03 -------- d-----w- c:\windows\system32\EventProviders2014-07-06 11:55 . 2010-11-20 13:27 297984 ----a-w- c:\windows\system32\ws2_32.dll2014-07-06 11:54 . 2010-11-20 13:28 3072 ----a-w- c:\windows\system32\drivers\el-GR\pnpmem.sys.mui2014-07-06 00:24 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll2014-07-06 00:23 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe2014-07-06 00:22 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll2014-07-06 00:21 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl2014-07-06 00:21 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl2014-07-06 00:21 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll2014-07-06 00:21 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll2014-07-06 00:21 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll2014-07-06 00:21 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll2014-07-06 00:20 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys2014-07-06 00:20 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll2014-07-06 00:20 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll2014-07-06 00:20 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe2014-07-06 00:20 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll2014-07-06 00:20 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll2014-07-06 00:20 . 2011-03-03 06:24 357888 ----a-w- c:\windows\system32\dnsapi.dll2014-07-06 00:20 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe2014-07-06 00:20 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll2014-07-06 00:20 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe2014-07-06 00:18 . 2012-12-07 11:20 23552 ----a-w- c:\windows\system32\oflc.rs2014-07-06 00:17 . 2012-06-16 05:15 911360 ----a-w- c:\windows\system32\jscript.dll2014-07-06 00:16 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll2014-07-06 00:15 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys2014-07-06 00:11 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll2014-07-06 00:11 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll2014-07-05 19:31 . 2014-07-05 08:37 -------- d-----w- c:\windows\Panther2014-07-05 19:31 . 2014-07-06 18:02 -------- d-----w- C:\Boot2014-07-05 19:31 . 2014-07-05 19:31 -------- d-----w- c:\windows\system32\OEM2014-07-05 13:00 . 2014-07-05 13:00 -------- d-----w- c:\program files (x86)\Microsoft.NET2014-07-05 11:48 . 2014-07-05 11:48 -------- d-----w- c:\program files\WinRAR2014-07-05 11:41 . 2014-07-05 11:42 -------- d-----w- c:\program files\GIMP 22014-07-05 11:07 . 2009-03-16 11:18 24920 ----a-w- c:\windows\system32\X3DAudio1_6.dll2014-07-05 10:59 . 2014-07-05 10:59 -------- d-----w- c:\windows\SysWow64\Wat2014-07-05 10:59 . 2014-07-05 10:59 -------- d-----w- c:\windows\system32\Wat2014-07-05 09:43 . 2014-07-05 09:43 -------- d-----w- C:\OneDriveTemp2014-07-05 09:40 . 2014-07-05 09:40 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive2014-07-05 09:40 . 2014-07-05 09:40 -------- d-----w- c:\programdata\Microsoft OneDrive2014-07-05 09:34 . 2014-07-06 01:30 -------- d-----w- c:\program files (x86)\Microsoft Security Client2014-07-05 09:34 . 2014-07-06 01:30 -------- d-----w- c:\program files\Microsoft Security Client2014-07-05 09:25 . 2014-07-05 09:25 -------- d-----w- c:\users\UpdatusUser2014-07-05 09:24 . 2013-06-16 17:47 31080 ----a-w- c:\windows\system32\nvhdap64.dll2014-07-05 09:23 . 2014-06-16 23:57 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36765A92-1173-4328-847F-C1637B887AEA}\mpengine.dll2014-07-05 09:23 . 2014-01-19 07:33 270496 ------w- c:\windows\system32\MpSigStub.exe2014-07-05 09:22 . 2014-07-05 09:25 -------- d-----w- c:\program files (x86)\Google2014-07-05 09:21 . 2014-07-29 11:35 -------- d-----w- c:\program files (x86)\Steam2014-07-05 09:21 . 2014-07-19 09:52 -------- d-----w- c:\program files (x86)\Common Files\Steam..(((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))).2014-07-06 17:55 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll2014-07-06 17:55 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll..(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))..*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetäREGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2014-07-05 09:40 223432 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2014-07-05 09:40 223432 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2014-07-05 09:40 223432 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 131480 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 131480 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 131480 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-07-16 1753280]"SkyDrive"="c:\users\B\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-07-05 257224]"Spotify"="c:\users\B\AppData\Roaming\Spotify\Spotify.exe" [2014-07-10 6162488]"Spotify Web Helper"="c:\users\B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-10 1178168].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-10 256896].c:\users\B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\B\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-22 35464216]MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2014-7-18 576000].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 cpuz136;cpuz136;c:\users\B\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\B\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoftin verkon tarkastus;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 4\LU4\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 4\LU4\NTIOLib_X64.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [x]S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-07-19 15:34 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe.'Ajoitetut tehtävät'-kansion sisältö.2014-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-05 09:22].2014-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-05 09:22]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2014-07-05 09:40 262344 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2014-07-05 09:40 262344 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2014-07-05 09:40 262344 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 164760 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 164760 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 164760 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 164760 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-03 6628968]"AtherosBtStack"="c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\btvstack.exe" [2012-06-28 1023104]"AthBtTray"="c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\athbttray.exe" [2012-06-28 801920]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184].------- Täydentävä tarkistus -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: DhcpNameServer = 192.168.100.1.- - - - POISTETUT JÄMÄRIVIT - - - -.Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe...--------------------- LUKITUT REKISTERIAVAIMET ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Valmistumisajankohta: 2014-07-29 14:43:52ComboFix-quarantined-files.txt 2014-07-29 11:43.Ennen ajoa: 65 293 590 528 tavua vapaanaAjon jälkeen: 65 637 031 936 tavua vapaana.- - End Of File - - E91203E40CAEAC4EFEB4EB6AE30D0590A36C5E4F47E84449FF07ED3517B43A31 -
I noticed that Mbam doesn't make log about those actions and that virus cannot be found in quarantine section...
I attached two logs: First is lastest scan mbam made and second is older where it actually found this virus and saved scan log. -
Hello!
When I start my computer malwarebytes always finds trojan.agent in svchost.exe and deletes it. This repeats everytime I start up computer so I did digging around internet and now it seems I have backdoor virus. I have run full scan on malwarebytes with rootkits enabled and full scan with MSE. Both found nothing.
I runned this Farbar Recovery. Here are the logs:
I belive I have backdoor virus
in Resolved Malware Removal Logs
Posted
Thank you so much!
I updated Adobe Reader and Java, but IE11 wont install at all. I previously posted that picture about how IE11 update always failed, so I went on and downloaded installer from microsofts page. That installer failed too. What if I just delete it? or should I start fighting whit that IE now? even though im not even using it.