Jump to content

turms

Members
  • Content Count

    10
  • Joined

  • Last visited

About turms

  • Rank
    New Member
  1. here is the result of the second scan: RogueKiller V12.12.34.0 (x64) [Sep 3 2018] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.16299) 64 bits version Started in : Normal mode User : derpt [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Delete -- Date : 09/09/2018 15:34:12 (Duration : 00:42:18) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 4 ¤¤¤ [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-79b8868f -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-79b8868f -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.117.1.1 ([]) -> Replaced () [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ca44b5e-9e30-41b9-aa46-e96ff75db156} | DhcpNameServer : 10.117.1.1 ([]) -> Replaced () ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Corsair Force GT +++++ --- User --- [MBR] 5485fa03f966de3daa740c22e8ddae53 [BSP] 9d1b4a5b3cd8bbe8b8b919342d1fb12b : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 228434 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Corsair Force GT +++++ --- User --- [MBR] b261682398471cfeb620f27b21df2178 [BSP] fd34627641d0b175fbac24ac10e77f10 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 228934 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK
  2. yes sorry; here is the logs # ------------------------------- # Malwarebytes AdwCleaner 7.2.3.0 # ------------------------------- # Build: 08-30-2018 # Database: 2018-09-06.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 09-08-2018 # Duration: 00:00:07 # OS: Windows 10 Pro # Scanned: 41889 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. AdwCleaner[S00].txt - [1836 octets] - [30/08/2018 20:08:59] AdwCleaner[C00].txt - [1852 octets] - [30/08/2018 20:10:21] AdwCleaner[S01].txt - [1363 octets] - [30/08/2018 20:51:19] AdwCleaner[C01].txt - [1549 octets] - [30/08/2018 20:51:43] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ########## RogueKiller V12.12.34.0 (x64) [Sep 3 2018] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.16299) 64 bits version Started in : Normal mode User : derpt [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Delete -- Date : 09/08/2018 15:33:29 (Duration : 00:27:11) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 8 ¤¤¤ [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-79b8868f -> Not selected [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-79b8868f -> Not selected [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-880300940-2913678798-3607998448-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-79b8868f -> Not selected [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-880300940-2913678798-3607998448-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-79b8868f -> Not selected [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.117.1.1 ([]) -> Not selected [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ca44b5e-9e30-41b9-aa46-e96ff75db156} | DhcpNameServer : 10.117.1.1 ([]) -> Not selected [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{F864E34E-4489-483D-A524-2655756ECFCE}C:\programdata\oracle\java\javapath_target_15995046\java.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\programdata\oracle\java\javapath_target_15995046\java.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User| [x] -> Not selected [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{96C0731E-E399-4402-A83F-FD33063FE6E7}C:\programdata\oracle\java\javapath_target_15995046\java.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\programdata\oracle\java\javapath_target_15995046\java.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User| [x] -> Not selected ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 pagead2.googlesyndication.com [Hj.Hosts]Deleted ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 2 ¤¤¤ [PUM.SearchEngine][Firefox:Config] h1awqikx.default : user_pref("browser.search.selectedEngine", "Search Provided by Bing"); -> Not selected [PUM.SearchEngine][Firefox:Config] h1awqikx.default : user_pref("browser.search.defaultenginename", "Search Provided by Bing"); -> Not selected ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Corsair Force GT +++++ --- User --- [MBR] 5485fa03f966de3daa740c22e8ddae53 [BSP] 9d1b4a5b3cd8bbe8b8b919342d1fb12b : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 228434 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Corsair Force GT +++++ --- User --- [MBR] b261682398471cfeb620f27b21df2178 [BSP] fd34627641d0b175fbac24ac10e77f10 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 228934 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK
  3. sorry for the late reply; here is the export summary. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/4/18 Scan Time: 10:47 PM Log File: 0e68fb28-b0b6-11e8-9020-74d02b9dcad4.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.365 Update Package Version: 1.0.6645 License: Free -System Information- OS: Windows 10 (Build 16299.64) CPU: x64 File System: NTFS User: TURMSPC\derpt -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 303052 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 2 min, 17 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  4. after getting recovery mode back, the program seems to have disappeared from my computer even before i scanned. thank you for your help!
  5. following the other two guides, I created a FRST64 flash drive on a safe computer and ran a scan on the infected computer in recovery mode. here are the scan results on the infected computer: FRST.txt
  6. While following a guide on how to remove the smartservice virus; i could not boot into windows recovery environment to complete the removal process. I used these guides: I have scanned with Malwarebytes, Adwcleaner, and Farbarx64. after scanning I cannot enter windows recovery environment/ advanced startup options through the windows 10 settings, shift+restart, or from the command prompt. here are my scan results: malwarebytes_3.5.1_scanreport.txt malwarebytes_adwcleaner_report.txt FRST.txt Addition.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.