Jump to content

bouwew

Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by bouwew

  1. # DelFix v1.013 - Logfile created 08/07/2018 at 09:30:27 # Updated 17/04/2016 by Xplode # Username : bouwe - BOUWE-PC # Operating System : Windows 10 Enterprise (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\Users\bouwe\Downloads\Addition.txt Deleted : C:\Users\bouwe\Downloads\Fixlog.txt Deleted : C:\Users\bouwe\Downloads\FRST.txt Deleted : C:\Users\bouwe\Downloads\FRST64.exe ~ Creating registry backup ... OK ~ Cleaning system restore ... New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  2. First, thank you for your help, very much appreciated! Being a techie, I like to know details :) Do you have any idea what kind of infection was (maybe still is? because the popup was not showing itself anymore before the cleaning-action) present on my system? And how I picked it up?
  3. Hi Aura, Yesterday, when I started my PC for the first time since arriving home, the popup was not there. Then I followed you advice: run FRST with fixlist.txt. After that I also did not see the popup anymore. 3 starts happened after the cleaning action. About how many times the popup showed during the start, only once at each start.
  4. Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018 Ran by bouwe (28-06-2018 19:15:41) Run:1 Running from C:\Users\bouwe\Downloads Loaded Profiles: bouwe (Available Profiles: bouwe) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: VirusTotal: C:\Windows\system32\Windows.Management.Service.dll VirusTotal: C:\Windows\system32\MitigationClient.dll VirusTotal: C:\Windows\System32\NvAgent.dll VirusTotal: C:\Windows\System32\HostNetSvc.dll GroupPolicy: Restriction ? <==== ATTENTION BHO-x32: No Name -> {889D2FEB-5411-4565-8998-1DD2C5261283} -> No File CHR HKU\S-1-5-21-2300567208-3819779037-3924417142-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx Task: {00A0DF23-E096-48CC-89F2-29D09E6BCF4A} - \Microsoft\Windows\UNP\Campaigns\{3D2E6D6C-D655-43CB-B39B-D2B876D9E480}\ExperienceTargeted\Logon -> No File <==== ATTENTION Task: {71402D44-EE1D-45FB-8227-DECE09FAA70C} - \Microsoft\Windows\UNP\Campaigns\{3D2E6D6C-D655-43CB-B39B-D2B876D9E480}\ExperienceTargeted\Unlock -> No File <==== ATTENTION Task: {7485D0E9-727F-4B06-A1F8-701BAFB8D3D8} - \Microsoft\Windows\UNP\Campaigns\{3D2E6D6C-D655-43CB-B39B-D2B876D9E480}\ExperienceTargeted\OnIdle -> No File <==== ATTENTION Task: {8ECE3D46-EFDE-4AAA-9172-FEA72C3612D3} - \Microsoft\XblGameSave\XblGameSaveTask\Logon -> No File <==== ATTENTION Task: {E15D0692-401F-477B-A71E-D377FC1D0682} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {E7608BF9-5D90-4445-B224-54E6EAD718BC} - System32\Tasks\{D45CAAB9-6E26-4D1B-9366-F94FF9E25585} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Primal Pictures\Interactive Thorax and Abdomen\thorax.exe" -d "C:\Program Files (x86)\Primal Pictures\Interactive Thorax and Abdomen" FirewallRules: [{46CCD955-7D02-4812-A316-D7BB61DC7AA2}] => (Allow) C:\Users\bouwe\AppData\Local\Temp\nsj25A5.tmp\QQPCDetector.exe FirewallRules: [{73425C27-7EB3-4826-A2AB-5A785450D171}] => (Allow) C:\Users\bouwe\AppData\Local\Temp\nsj25A5.tmp\QQPCDetector.exe EmptyTemp: ***************** Processes closed successfully. Error: (0) Failed to create a restore point. VirusTotal: C:\Windows\system32\Windows.Management.Service.dll => https://www.virustotal.com/file/26c79610c914a17d85a834b90d524d1a37a8877af078af6390ffdc6caf83a6a1/analysis/1529178783/ VirusTotal: C:\Windows\system32\MitigationClient.dll => https://www.virustotal.com/file/4bcf6a6f16ecbe0c4a05bdba325a0f8d02042fc229079e7a7338835473d55970/analysis/1529262677/ VirusTotal: C:\Windows\System32\NvAgent.dll => https://www.virustotal.com/file/af274902db313367da5991fcfb383dbdcdd3d045cc7e32fb929fd66ecfb795f8/analysis/1529194982/ VirusTotal: C:\Windows\System32\HostNetSvc.dll => https://www.virustotal.com/file/3148f5342b758f483e7dbf6772ffd29c299cb7bf861b4c6b6c2be887b9b4cb8c/analysis/1530106623/ C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}" => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283} => not found "HKU\S-1-5-21-2300567208-3819779037-3924417142-1001\SOFTWARE\Google\Chrome\Extensions\hcjjaajflhellmcfcecojihhmdbjmmlm" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{00A0DF23-E096-48CC-89F2-29D09E6BCF4A}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00A0DF23-E096-48CC-89F2-29D09E6BCF4A}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{3D2E6D6C-D655-43CB-B39B-D2B876D9E480}\ExperienceTargeted\Logon" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71402D44-EE1D-45FB-8227-DECE09FAA70C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71402D44-EE1D-45FB-8227-DECE09FAA70C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{3D2E6D6C-D655-43CB-B39B-D2B876D9E480}\ExperienceTargeted\Unlock" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7485D0E9-727F-4B06-A1F8-701BAFB8D3D8}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7485D0E9-727F-4B06-A1F8-701BAFB8D3D8}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{3D2E6D6C-D655-43CB-B39B-D2B876D9E480}\ExperienceTargeted\OnIdle" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8ECE3D46-EFDE-4AAA-9172-FEA72C3612D3}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8ECE3D46-EFDE-4AAA-9172-FEA72C3612D3}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\XblGameSave\XblGameSaveTask\Logon" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E15D0692-401F-477B-A71E-D377FC1D0682}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E15D0692-401F-477B-A71E-D377FC1D0682}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7608BF9-5D90-4445-B224-54E6EAD718BC}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7608BF9-5D90-4445-B224-54E6EAD718BC}" => removed successfully C:\WINDOWS\System32\Tasks\{D45CAAB9-6E26-4D1B-9366-F94FF9E25585} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D45CAAB9-6E26-4D1B-9366-F94FF9E25585}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{46CCD955-7D02-4812-A316-D7BB61DC7AA2}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{73425C27-7EB3-4826-A2AB-5A785450D171}" => removed successfully =========== EmptyTemp: ========== BITS transfer queue => 8675328 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 59260315 B Java, Flash, Steam htmlcache => 43689 B Windows/system/drivers => 1257698 B Edge => 7501470 B Chrome => 21754373 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 7168 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B LocalService => 0 B NetworkService => 44566 B NetworkService => 0 B bouwe => 8570801 B RecycleBin => 0 B EmptyTemp: => 102.2 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 19:20:14 ====
  5. After some more reading I realize I have not attached the MWB Threat Scan log. I will include it when I'm back at home.
  6. Dear Aura, Yes, I am here :) I have been busy, now I finally have some free time, while I away from home, to check my topic. As I write this, I am away from home, I'm working too far away from home to travel back every day. For your information, I will be back at home on Friday or Saturday of this week, I don't know yet, it depends on my schedule. I will let you know when I know it for sure. I have read your post, I understand it and I will act accordingly. Sorry, I'm confused by your last remark; you are asking for my logs. But, these are attached to my initial post, correct? Or, am I missing something?
  7. Hi, Recently, during every startup of my PC, a message from Malwarebytes pops up. I have performed a system scan but no virus is found. I wonder, is my PC infected? This is the export: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/21/18 Protection Event Time: 7:35 PM Log File: 8080b34a-7579-11e8-8755-ac220b4cd7ab.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.374 Update Package Version: 1.0.5530 License: Premium -System Information- OS: Windows 10 (Build 17692.1000) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Phishing Domain: gen.xyz IP Address: 13.57.153.101 Port: [49732] Type: Outbound File: C:\Windows\System32\svchost.exe (end) Kind regards, Bouwe Westerdijk FRST.txt Addition.txt
  8. I can confirm this issue. I have encountered this issue repeatedly when running both Qbittorrent and Tixati (seperately). I was reading some posts on other forums describing the same issue before I arrived at this post in this forum. I've seen it happen when running 3.04 and now when running 3.05 (lifetime subscription).
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.