Suspicious processes, nothing detected

[komolyalma]

I've had several problems with my pc lately, I've got a bunch of trojans and different kind of malicious cookies.I've managed to get rid of most of them however there are things that I can't get rid of.I've had problems with FBI moneypak before so when my eye tumbled upon the process lsass, I knew something is off, i digged a bit deeper and managed to find this


I belive smss.exe lsass.exe lsm.exe is infected for sure, I don't know about the others, but it's pretty suspicious for me.

I've scanned with SuperAntiSpyware, MBAM, Kasperksy yet neither of them could find anything.

 

.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 2013.06.12. 19:54:44System Uptime: 2013.07.20. 22:57:18 (1 hours ago).Motherboard: ASUSTeK Computer INC. |  | M4A785TD-M EVOProcessor: AMD Phenom(tm) II X4 B50 Processor | AM3 | 775/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 186 GiB total, 85,976 GiB free.D: is FIXED (NTFS) - 466 GiB total, 76,354 GiB free.E: is FIXED (NTFS) - 298 GiB total, 204,85 GiB free.G: is CDROM (CDFS).==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP25: 2013.07.03. 22:20:04 - Installed DirectXRP26: 2013.07.03. 22:22:31 - Installed SteamRP27: 2013.07.03. 22:31:57 - Installed DirectXRP28: 2013.07.03. 23:02:00 - Removed SteamRP29: 2013.07.03. 23:04:15 - Installed SteamRP30: 2013.07.03. 23:18:24 - Removed SteamRP31: 2013.07.03. 23:24:36 - Installed SteamRP32: 2013.07.05. 3:11:48 - Eszközillesztő-csomag telepítése: TAP-Win32 Provider V9 (Tunngle) Hálózati kártyákRP33: 2013.07.08. 10:20:31 - Installed Far Cry 3RP34: 2013.07.08. 10:22:35 - Installed Far Cry 3RP35: 2013.07.17. 16:02:00 - Telepítve: Microsoft Visual C++ 2005 Redistributable (x64)RP36: 2013.07.17. 16:03:17 - Telepítve: Microsoft Visual C++ 2005 RedistributableRP37: 2013.07.17. 16:04:04 - Installed League of LegendsRP38: 2013.07.17. 16:04:26 - Installed DirectXRP39: 2013.07.19. 10:43:16 - Eltávolítva Samsung AllShareRP40: 2013.07.20. 12:24:42 - Windows Update.==== Installed Programs ======================.A kiterjesztett Microsoft .NET-keretrendszer 4 HUN nyelvi csomagjaA Microsoft .NET-keretrendszer 4-es verziójához tartozó ügyfélprofil HUN nyelvi csomagjaAdobe AIRAdobe Flash Player 11 PluginAdobe Photoshop CS6Adobe Reader XI (11.0.03)AllShare Framework DMSAMD Accelerated Video TranscodingAMD Catalyst Control CenterAMD Catalyst Install ManagerAMD Drag and Drop TranscodingAMD FuelAMD Media Foundation DecodersAMD Steady Video Plug-In AMD Wireless Display v3.0µTorrentBamboo DockCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerCombined Community Codec Pack 2013-05-30DAEMON Tools LiteDeadpoolDmC Devil may Cry version 5.1Far Cry 3Google ChromeGoogle Update HelperHexChat (x64)Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)Java 7 Update 15 (64-bit)Java 7 Update 25Java Auto UpdaterKaspersky Internet Security 2013League of LegendsLogMeIn HamachiMalwarebytes Anti-Malware 1.75.0.1300 verzióMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 Client Profile HUN Language PackMicrosoft .NET Framework 4 ExtendedMicrosoft .NET Framework 4 Extended HUN Language PackMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727Microsoft XNA Framework Redistributable 4.0Microsoft_VC80_CRT_x86Microsoft_VC90_CRT_x86mIRCMozilla Firefox 22.0 (x86 en-US)Mozilla Maintenance ServiceNirSoft BlueScreenViewOpen Broadcaster SoftwareOriginosu!Pando Media BoosterPDF Settings CS6PlatformPunkBuster ServicespuushPython 2.7.5 (64-bit)Razer Synapse 2.0Realtek Ethernet Controller Driver For Windows Vista and LaterSamsung Link 1.6.0.1307111336Serious Sam Classic TFESid Meier's Civilization V - Game of the Year EditionSimCity™Skype™ 6.5SpeccySteamSUPERAntiSpywareTeamSpeak 3 ClientTerraria 1.1.2The Witcher 2The Witcher 2 Assassins of Kings version 1.0Tunngle betaUplayVIA Platform eszközkezelőWacomWarcraft IIIWarcraft III: All ProductsWebTablet FB Plugin 32 bitWebTablet FB Plugin 64 bitWinRAR 4.20 (64-bit)XChat 2 (remove only)«Sleeping Dogs - Limited Edition».==== End Of File ===========================

attach.txt

dds.txt

[CatByte]

Hello,

While I agree that any file can be patched by malware, what you have identified are legitimate files and until they can be positively identified as being infected, attempting to remove those core system files can do irrepairable harm to your computer.

Please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[komolyalma]

Thanks for reply.

I've attached the logs

FRST.txt

Addition.txt

[CatByte]

Please run the following

Refer to the ComboFix User's Guide

• Download ComboFix from the following location:

  Link

  * IMPORTANT !!! Place ComboFix.exe on your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

  You can get help on disabling your protection programs here

• Double click on ComboFix.exe & follow the prompts.
• Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
• When finished, it shall produce a log for you. Post that log in your next reply

  Note:

  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

  ---------------------------------------------------------------------------------------------

• Ensure your AntiVirus and AntiSpyware applications are re-enabled.

  ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[komolyalma]

[komolyalma]

Combofix log

log.txt

[CatByte]

please describe what symptoms you are experiencing at the moment

[komolyalma]

Overall slowness, lag during games, freeze after startup

[CatByte]

please run the following:

Please download Windows Repair (all in one) from here

Install the program then run it

Go to step 2 and allow it to run Disk check

Once that is done then go to step 3 and allow it to run SFC

On the the Start Repairs tab => Click the Start

Click on the select all check box and then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!