[I belive I have backdoor virus]

Thank you so much!

 

I updated Adobe Reader and Java, but IE11 wont install at all. I previously posted that picture about how IE11 update always failed, so I went on and downloaded installer from microsofts page. That installer failed too. What if I just delete it? or should I start fighting whit that IE now? even though im not even using it.

[I belive I have backdoor virus]

Hi

 

 

I belive I deleted everything.

FRST Logs:

Addition.txt

FRST.txt

[I belive I have backdoor virus]

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=5cde7b070245e348b1052418a47bacba

# engine=19424

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-07-30 11:12:45

# local_time=2014-07-31 02:12:45 (+0200, Suomen kesäaika)

# country="Finland"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 1316548 48078881 0 0

# scanned=639131

# found=18

# cleaned=0

# scan_time=10151

sh=9357AD524EC7D326F3FAEDB37BC88A2C99383120 ft=0 fh=0000000000000000 vn="VBS/CoinMiner.AD trojan" ac=I fn="C:\FRST\Quarantine\C\Users\B\AppData\Roaming\Origin\update.vbe"

sh=C331A1BAEB9D9E5C558A9E60D6CC4C1465DE5635 ft=1 fh=9846aa6c2493f694 vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="D:\Ladatut Tiedostot\DeviceDoctorPro.exe"

sh=7B728010B02F323611A5C0060C0638101AE0FC5B ft=1 fh=ec9e8d09f29fa913 vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="D:\Ladatut Tiedostot\DeviceDoctor_Bundle.exe"

sh=0019B16E4183DF28004DB503F2E3D2075A0FD541 ft=1 fh=dd9e6ee495e2b97d vn="Win32/InstallMonetizer.AF potentially unwanted application" ac=I fn="D:\Ladatut Tiedostot\Pazera_Free_MP4_to_AVI_Converter_v1.7.exe"

sh=5024A01FF7371C091F4EF6665F27C2CC98399A37 ft=1 fh=7efc120aeebb427e vn="a variant of Win32/AdWare.MultiPlug.AP application" ac=I fn="D:\Ladatut Tiedostot\SC-7415FF7415.rar"

sh=4214A591BD070047DB6B9142198F9AF43BEDC4AC ft=0 fh=0000000000000000 vn="a variant of Win32/SkypeLogView.A potentially unsafe application" ac=I fn="D:\Ladatut Tiedostot\skypelogview.zip"

sh=B6F7B1483088DF3F2E06A4FD4750F9A5998DD315 ft=1 fh=272dab65bf7b74d8 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="D:\Ladatut Tiedostot\spsetup121.exe"

sh=2F3FAFAC28D2A0191B524704ED6B8B0E533B3630 ft=1 fh=17a186c0e2f206d3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="D:\Ladatut Tiedostot\spsetup126.exe"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="D:\Ladatut Tiedostot\LEGO.Star.Wars.III.The.Clone.Wars-SKIDROW\sr-lsw3c.iso"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application" ac=I fn="D:\Ladatut Tiedostot\Saints.Row.IV-RELOADED\rld-saints4.iso"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="D:\Ladatut Tiedostot\The.Incredible.Adventures.of.Van.Helsing.II-CODEX\codex-the.incredible.adventures.of.van.helsing.ii.iso"

sh=C4962B5F9A118F0A3DFAF1D9E73AAA0DD19319FF ft=1 fh=45836b55521038c5 vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="D:\Ohjelmat\Device Doctor\DDSmartScan.exe"

sh=204530442D73013A195B789219A491ABA865C5E7 ft=1 fh=b8e681b79875ce9b vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\Ohjelmat\FL Studio 10.0.9c Producer Edition Final key [ChingLiu]\flstudio_10.0.9c.exe"

sh=695D5B402E29363E9906201C6E5DA84D9665CE6B ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AN potentially unwanted application" ac=I fn="D:\Ohjelmat\VST\ToneBytes_Lo-Fizer.zip"

sh=357CABA3D3F3D1894D7C698DD06CC1FF79849982 ft=1 fh=73b55166117b07c1 vn="Win32/InstallMonetizer.AN potentially unwanted application" ac=I fn="D:\Ohjelmat\VST\VST\Lo-Fizer VST Setup.exe"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="D:\Pelit\Fable.III-SKIDROW\sr-fable3.iso"

sh=7113D3A10D8722FE80A3717E87BC7354F55674B4 ft=1 fh=a654d788654f8e37 vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="D:\Pelit\LEGO Star Wars III The Clone Wars\paul.dll"

sh=357CABA3D3F3D1894D7C698DD06CC1FF79849982 ft=1 fh=73b55166117b07c1 vn="Win32/InstallMonetizer.AN potentially unwanted application" ac=I fn="D:\Reaper\Plugins\FX\muut\Lo-Fizer VST Setup.exe"

[I belive I have backdoor virus]

Okay now it doesn't detect anything. Thanks!

[I belive I have backdoor virus]

I belive there is somekind of malware/virus/stupidthing on my second drive which is full of important stuff. I have used it since back I was stupid enough to go to suspicious sites and so on and I never have reformatted it. So I belive it has virus which can hide itself pretty well (like into Master boot section of drive or something?) I have just installed windows again couple weeks ago and now have repeating creation of virus in svchost.exe at startup. I noticed now that there is one update windows tries to push trough about IE11. It always fails that update. ('Epäonnistui' in pic means failed) I wonder if that is some shielding mechanism on that virus? or it infects that update and forces it to create new virus into svchost.exe.

As far as I understood is not possible to get Combofix to clean other drives than system drive. and I also belive this is the case in other programs as well (not including mbar and mbam)

[I belive I have backdoor virus]

One pic says more:

[I belive I have backdoor virus]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014

Ran by B at 2014-07-30 22:19:13 Run:2

Running from C:\Users\B\Desktop\frst

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Task: {3FB43551-603A-47B8-835F-405C0002AC47} - System32\Tasks\Origin => C:\Users\B\AppData\Roaming\Origin\update.vbe [2014-07-18] () <==== ATTENTION

C:\Users\B\AppData\Roaming\Origin\

Reboot:

*****************

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3FB43551-603A-47B8-835F-405C0002AC47}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FB43551-603A-47B8-835F-405C0002AC47}" => Key deleted successfully.

C:\Windows\System32\Tasks\Origin => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => Key deleted successfully.

C:\Users\B\AppData\Roaming\Origin => Moved successfully.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

[I belive I have backdoor virus]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014

Ran by B at 2014-07-30 21:44:57 Run:1

Running from C:\Users\B\Desktop\frst

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Folder: C:\Windows\Temp\

File: C:\Windows\Temp\svchost.exe

 

 

*****************

 

 

========================= Folder: C:\Windows\Temp\ ========================

 

2014-07-30 21:42 - 2014-07-30 21:42 - 0000321 _____ () C:\Windows\Temp\1406745777_log.txt

2014-07-30 12:17 - 2014-07-30 21:42 - 0060684 _____ () C:\Windows\Temp\Data.bin

2014-07-30 16:59 - 2014-07-30 16:59 - 0000608 _____ () C:\Windows\Temp\fwtsqmfile00.sqm

2014-07-30 21:41 - 2014-07-30 21:41 - 0000608 _____ () C:\Windows\Temp\fwtsqmfile01.sqm

2014-07-29 15:42 - 2014-07-29 15:46 - 1883448 _____ () C:\Windows\Temp\lpksetup-20140729-154228-0.log

2014-07-30 16:00 - 2014-07-30 16:05 - 1883512 _____ () C:\Windows\Temp\lpksetup-20140730-160044-0.log

2014-07-29 14:45 - 2014-07-30 19:50 - 0007462 _____ () C:\Windows\Temp\MpCmdRun.log

2014-07-30 19:47 - 2014-07-30 19:50 - 0005320 _____ () C:\Windows\Temp\MpSigStub.log

2014-07-30 21:42 - 2014-07-30 21:42 - 1603584 _____ () C:\Windows\Temp\svchost.exe

2014-07-30 19:47 - 2014-07-30 19:50 - 0000000 ____D () C:\Windows\Temp\556C747BFB847E342BB8FB33486FA567-Sigs

2014-07-30 16:57 - 2014-07-30 16:57 - 0000000 ____D () C:\Windows\Temp\IEE766.tmp

2014-07-30 16:57 - 2014-07-30 16:57 - 1868205 _____ () C:\Windows\Temp\IEE766.tmp\Windows6.1-KB2888049-x64.cab

2014-07-05 12:16 - 2014-07-05 12:16 - 0000000 ____D () C:\Windows\Temp\Low

2014-07-05 12:16 - 2014-07-05 12:16 - 0000000 ____D () C:\Windows\Temp\Low\SkypeClickToCall

2014-07-05 12:16 - 2014-07-05 12:16 - 0000000 ____D () C:\Windows\Temp\Low\SkypeClickToCall\Logs

2014-07-05 12:16 - 2014-07-26 22:42 - 0002820 _____ () C:\Windows\Temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log

2014-07-30 02:02 - 2014-07-30 02:02 - 0000000 ____D () C:\Windows\Temp\MPInstrumentation

 

====== End of Folder: ======

 

 

========================= File: C:\Windows\Temp\svchost.exe ========================

 

MD5: 9FDEFAA3232AC9DD0608DB999D05381D

Creation and modification date: 2014-07-30 21:42 - 2014-07-30 21:42

Size: 1603584

Attributes: ----A

Company Name: 

Internal Name: 

Original Name: 

Product Name: 

Description: 

File Version: 

Product Version: 

Copyright: 

 

====== End Of File: ======

 

 

==== End of Fixlog ====

[I belive I have backdoor virus]

I meant realtime protection. Sorry my typo.

[I belive I have backdoor virus]

Do I have to disable real time scan from MSE too?

[I belive I have backdoor virus]

Hi. 

Mbar found nothing


Log:

Malwarebytes Anti-Rootkit BETA 1.07.0.1012

www.malwarebytes.org

 

Database version: v2014.07.30.05

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

B :: B-PC [administrator]

 

30.7.2014 19:46:14

mbar-log-2014-07-30 (19-46-14).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 323372

Time elapsed: 5 minute(s), 11 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

[I belive I have backdoor virus]

Hi.

Last 24 hours I've come to conclusion that this virus must be located on my second drive. And that same mbam popup about svchost.exe keeps happening

 

I attached picture about it.

 

[I belive I have backdoor virus]

Hi.

Adw:
 

# AdwCleaner v3.301 - Report created 29/07/2014 at 14:33:59

# Updated 28/07/2014 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : B - B-PC

# Running from : C:\Users\B\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\B\OneDrive\Save

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.7601.18487

 

 

-\\ Google Chrome v36.0.1985.125

 

[ File : C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [822 octets] - [29/07/2014 14:32:27]

AdwCleaner[s0].txt - [746 octets] - [29/07/2014 14:33:59]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [805 octets] ##########

 

 

Combofix:

ComboFix 14-07-29.01 - B 29.07.2014  14:39:32.1.6 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.358.1035.18.8178.5953 [GMT 3:00]

Sijainti: c:\users\B\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((   Muut poistot   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

D:\install.exe

.

.

(((((   Tiedostot, jotka on luotu seuraavalla aikavälillä: 2014-06-28 to 2014-07-29  )))))))))))))))))

.

.

2014-07-29 11:42 . 2014-07-29 11:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-07-29 11:32 . 2010-08-30 05:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll

2014-07-29 11:29 . 2014-04-23 08:50 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1E806C7-2D5A-4951-8F28-8C52943B5337}\gapaengine.dll

2014-07-29 11:29 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DA3CB25-21BB-45F8-8B63-F9AE59EAB812}\mpengine.dll

2014-07-29 11:29 . 2014-07-29 11:34 -------- d-----w- C:\AdwCleaner

2014-07-29 08:43 . 2014-07-29 08:45 -------- d-----w- C:\FRST

2014-07-29 08:34 . 2014-07-29 08:39 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2014-07-28 20:59 . 2014-07-28 20:59 -------- d-----w- c:\program files (x86)\VideoLAN

2014-07-28 09:47 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-07-19 13:18 . 2014-07-19 13:18 -------- d-----w- c:\program files (x86)\Common Files\Java

2014-07-18 18:18 . 2014-07-18 18:18 -------- d-----w- c:\programdata\Electronic Arts

2014-07-18 17:54 . 2014-07-18 17:54 -------- d-----w- c:\programdata\Origin

2014-07-18 17:24 . 2009-02-24 15:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys

2014-07-18 17:24 . 2009-02-24 15:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2014-07-18 17:24 . 2014-07-18 17:25 -------- d-----w- c:\program files (x86)\MagicDisc

2014-07-11 13:30 . 2014-04-23 08:50 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2014-07-09 19:41 . 2014-07-09 19:41 -------- d-s---w- c:\windows\system32\CompatTel

2014-07-09 16:52 . 2014-07-09 16:53 -------- d-----w- c:\windows\system32\MRT

2014-07-09 16:49 . 2014-05-28 10:17 64512 ----a-w- c:\windows\system32\jsproxy.dll

2014-07-09 16:48 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2014-07-09 14:42 . 2014-07-19 13:18 -------- d-----w- c:\programdata\Oracle

2014-07-09 14:40 . 2014-07-11 00:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-07-09 14:40 . 2014-07-19 13:18 -------- d-----w- c:\program files (x86)\Java

2014-07-08 19:57 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2014-07-08 19:57 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2014-07-08 19:57 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2014-07-08 19:57 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL

2014-07-08 19:57 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll

2014-07-08 19:22 . 2012-07-26 07:48 2560 ----a-w- c:\windows\system32\drivers\hu-HU\wdf01000.sys.mui

2014-07-08 19:22 . 2012-07-26 07:45 2560 ----a-w- c:\windows\system32\drivers\sv-SE\wdf01000.sys.mui

2014-07-08 19:22 . 2012-07-26 07:41 2560 ----a-w- c:\windows\system32\drivers\el-GR\wdf01000.sys.mui

2014-07-08 19:22 . 2012-07-26 07:31 2560 ----a-w- c:\windows\system32\drivers\da-DK\wdf01000.sys.mui

2014-07-08 19:22 . 2012-07-26 05:39 2560 ----a-w- c:\windows\system32\drivers\tr-TR\wdf01000.sys.mui

2014-07-08 19:22 . 2012-07-26 05:15 2560 ----a-w- c:\windows\system32\drivers\he-IL\wdf01000.sys.mui

2014-07-08 19:22 . 2012-07-26 05:05 2560 ----a-w- c:\windows\system32\drivers\pl-PL\wdf01000.sys.mui

2014-07-08 19:22 . 2012-07-26 05:04 2560 ----a-w- c:\windows\system32\drivers\nb-NO\wdf01000.sys.mui

2014-07-08 19:22 . 2012-07-26 05:04 2560 ----a-w- c:\windows\system32\drivers\fi-FI\wdf01000.sys.mui

2014-07-08 19:22 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2014-07-08 19:17 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe

2014-07-08 19:11 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2014-07-08 19:11 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2014-07-08 19:11 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2014-07-08 19:11 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2014-07-08 19:11 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2014-07-08 19:11 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2014-07-08 19:11 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2014-07-08 16:15 . 2014-07-08 16:15 -------- d-----w- c:\program files\Speccy

2014-07-07 21:24 . 2013-10-14 15:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2014-07-07 19:02 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll

2014-07-07 19:02 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll

2014-07-07 19:02 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll

2014-07-07 19:02 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll

2014-07-07 19:02 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll

2014-07-07 19:02 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll

2014-07-07 19:02 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll

2014-07-07 19:02 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2014-07-07 19:02 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2014-07-07 19:02 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2014-07-07 19:02 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2014-07-07 19:00 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll

2014-07-07 18:59 . 2014-04-12 02:19 136192 ----a-w- c:\windows\system32\sspicli.dll

2014-07-07 18:58 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll

2014-07-07 18:46 . 2014-07-07 18:46 -------- d-----w- c:\windows\Migration

2014-07-06 19:23 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2014-07-06 19:23 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2014-07-06 19:15 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2014-07-06 19:15 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2014-07-06 19:15 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2014-07-06 18:19 . 2008-10-15 03:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll

2014-07-06 18:19 . 2008-10-15 03:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll

2014-07-06 18:19 . 2008-10-15 03:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll

2014-07-06 18:19 . 2008-10-15 03:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll

2014-07-06 18:19 . 2008-10-15 03:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2014-07-06 18:19 . 2008-10-15 03:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll

2014-07-06 18:15 . 2014-07-06 18:15 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories

2014-07-06 16:03 . 2014-07-06 16:03 -------- d-----w- c:\windows\system32\SPReview

2014-07-06 16:03 . 2014-07-06 16:03 -------- d-----w- c:\windows\system32\EventProviders

2014-07-06 11:55 . 2010-11-20 13:27 297984 ----a-w- c:\windows\system32\ws2_32.dll

2014-07-06 11:54 . 2010-11-20 13:28 3072 ----a-w- c:\windows\system32\drivers\el-GR\pnpmem.sys.mui

2014-07-06 00:24 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll

2014-07-06 00:23 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2014-07-06 00:22 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2014-07-06 00:21 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2014-07-06 00:21 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2014-07-06 00:21 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll

2014-07-06 00:21 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll

2014-07-06 00:21 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll

2014-07-06 00:21 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll

2014-07-06 00:20 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2014-07-06 00:20 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2014-07-06 00:20 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2014-07-06 00:20 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2014-07-06 00:20 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2014-07-06 00:20 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll

2014-07-06 00:20 . 2011-03-03 06:24 357888 ----a-w- c:\windows\system32\dnsapi.dll

2014-07-06 00:20 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe

2014-07-06 00:20 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll

2014-07-06 00:20 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe

2014-07-06 00:18 . 2012-12-07 11:20 23552 ----a-w- c:\windows\system32\oflc.rs

2014-07-06 00:17 . 2012-06-16 05:15 911360 ----a-w- c:\windows\system32\jscript.dll

2014-07-06 00:16 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2014-07-06 00:15 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys

2014-07-06 00:11 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2014-07-06 00:11 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2014-07-05 19:31 . 2014-07-05 08:37 -------- d-----w- c:\windows\Panther

2014-07-05 19:31 . 2014-07-06 18:02 -------- d-----w- C:\Boot

2014-07-05 19:31 . 2014-07-05 19:31 -------- d-----w- c:\windows\system32\OEM

2014-07-05 13:00 . 2014-07-05 13:00 -------- d-----w- c:\program files (x86)\Microsoft.NET

2014-07-05 11:48 . 2014-07-05 11:48 -------- d-----w- c:\program files\WinRAR

2014-07-05 11:41 . 2014-07-05 11:42 -------- d-----w- c:\program files\GIMP 2

2014-07-05 11:07 . 2009-03-16 11:18 24920 ----a-w- c:\windows\system32\X3DAudio1_6.dll

2014-07-05 10:59 . 2014-07-05 10:59 -------- d-----w- c:\windows\SysWow64\Wat

2014-07-05 10:59 . 2014-07-05 10:59 -------- d-----w- c:\windows\system32\Wat

2014-07-05 09:43 . 2014-07-05 09:43 -------- d-----w- C:\OneDriveTemp

2014-07-05 09:40 . 2014-07-05 09:40 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive

2014-07-05 09:40 . 2014-07-05 09:40 -------- d-----w- c:\programdata\Microsoft OneDrive

2014-07-05 09:34 . 2014-07-06 01:30 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2014-07-05 09:34 . 2014-07-06 01:30 -------- d-----w- c:\program files\Microsoft Security Client

2014-07-05 09:25 . 2014-07-05 09:25 -------- d-----w- c:\users\UpdatusUser

2014-07-05 09:24 . 2013-06-16 17:47 31080 ----a-w- c:\windows\system32\nvhdap64.dll

2014-07-05 09:23 . 2014-06-16 23:57 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36765A92-1173-4328-847F-C1637B887AEA}\mpengine.dll

2014-07-05 09:23 . 2014-01-19 07:33 270496 ------w- c:\windows\system32\MpSigStub.exe

2014-07-05 09:22 . 2014-07-05 09:25 -------- d-----w- c:\program files (x86)\Google

2014-07-05 09:21 . 2014-07-29 11:35 -------- d-----w- c:\program files (x86)\Steam

2014-07-05 09:21 . 2014-07-19 09:52 -------- d-----w- c:\program files (x86)\Common Files\Steam

.

.

((((((((((((((((((((((((((((((((((((   Find3M-raportti   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-07-06 17:55 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2014-07-06 17:55 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

.

.

((((((((((((((((((((((((((((((   Rekisterin käynnistyskohteet   )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2014-07-05 09:40 223432 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2014-07-05 09:40 223432 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2014-07-05 09:40 223432 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-07-16 1753280]

"SkyDrive"="c:\users\B\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-07-05 257224]

"Spotify"="c:\users\B\AppData\Roaming\Spotify\Spotify.exe" [2014-07-10 6162488]

"Spotify Web Helper"="c:\users\B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-10 1178168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-10 256896]

.

c:\users\B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\B\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-22 35464216]

MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2014-7-18 576000]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 cpuz136;cpuz136;c:\users\B\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\B\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]

R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoftin verkon tarkastus;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 4\LU4\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 4\LU4\NTIOLib_X64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [x]

S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-07-19 15:34 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe

.

'Ajoitetut tehtävät'-kansion sisältö

.

2014-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-05 09:22]

.

2014-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-05 09:22]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2014-07-05 09:40 262344 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2014-07-05 09:40 262344 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2014-07-05 09:40 262344 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-03 6628968]

"AtherosBtStack"="c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\btvstack.exe" [2012-06-28 1023104]

"AthBtTray"="c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\athbttray.exe" [2012-06-28 801920]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

.

------- Täydentävä tarkistus -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.100.1

.

- - - - POISTETUT JÄMÄRIVIT - - - -

.

Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe

.

.

.

--------------------- LUKITUT REKISTERIAVAIMET ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Valmistumisajankohta: 2014-07-29  14:43:52

ComboFix-quarantined-files.txt  2014-07-29 11:43

.

Ennen ajoa: 65 293 590 528 tavua vapaana

Ajon jälkeen: 65 637 031 936 tavua vapaana

.

- - End Of File - - E91203E40CAEAC4EFEB4EB6AE30D0590

A36C5E4F47E84449FF07ED3517B43A31

 

[I belive I have backdoor virus]

I noticed that Mbam doesn't make log about those actions and that virus cannot be found in quarantine section...

I attached two logs: First is lastest scan mbam made and second is older where it actually found this virus and saved scan log.

mbam2.txt

MBamfound.txt

[I belive I have backdoor virus]

Hello! 

 

When I start my computer malwarebytes always finds trojan.agent in svchost.exe and deletes it. This repeats everytime I start up computer so I did digging around internet and now it seems I have backdoor virus. I have run full scan on malwarebytes with rootkits enabled and full scan with MSE. Both found nothing. 

I runned this Farbar Recovery. Here are the logs:

 

 

 

Addition.txt

FRST.txt