Jump to content

I belive I have backdoor virus


Recommended Posts

Hello! 

 

When I start my computer malwarebytes always finds trojan.agent in svchost.exe and deletes it. This repeats everytime I start up computer so I did digging around internet and now it seems I have backdoor virus. I have run full scan on malwarebytes with rootkits enabled and full scan with MSE. Both found nothing. 

I runned this Farbar Recovery. Here are the logs:

 

 

 

Addition.txt

FRST.txt

Link to post
Share on other sites

Hi & :welcome:
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

 

 

 

malwarebytes always finds trojan.agent in svchost.exe and deletes it.

 

Could you please post up the MBAM-log?

How to get logs:
(Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
Link to post
Share on other sites

Hi,

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select "Run As Administrator"

  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.

    Copy and paste the contents of that logfile in your next reply.

Step 2

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).

    Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
Link to post
Share on other sites

Hi.

Adw:
 

# AdwCleaner v3.301 - Report created 29/07/2014 at 14:33:59
# Updated 28/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : B - B-PC
# Running from : C:\Users\B\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\B\OneDrive\Save
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7601.18487
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [822 octets] - [29/07/2014 14:32:27]
AdwCleaner[s0].txt - [746 octets] - [29/07/2014 14:33:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [805 octets] ##########
 
 
Combofix:

ComboFix 14-07-29.01 - B 29.07.2014  14:39:32.1.6 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.358.1035.18.8178.5953 [GMT 3:00]
Sijainti: c:\users\B\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((   Muut poistot   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
(((((   Tiedostot, jotka on luotu seuraavalla aikavälillä: 2014-06-28 to 2014-07-29  )))))))))))))))))
.
.
2014-07-29 11:42 . 2014-07-29 11:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-29 11:32 . 2010-08-30 05:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-29 11:29 . 2014-04-23 08:50 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1E806C7-2D5A-4951-8F28-8C52943B5337}\gapaengine.dll
2014-07-29 11:29 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DA3CB25-21BB-45F8-8B63-F9AE59EAB812}\mpengine.dll
2014-07-29 11:29 . 2014-07-29 11:34 -------- d-----w- C:\AdwCleaner
2014-07-29 08:43 . 2014-07-29 08:45 -------- d-----w- C:\FRST
2014-07-29 08:34 . 2014-07-29 08:39 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-07-28 20:59 . 2014-07-28 20:59 -------- d-----w- c:\program files (x86)\VideoLAN
2014-07-28 09:47 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-19 13:18 . 2014-07-19 13:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-07-18 18:18 . 2014-07-18 18:18 -------- d-----w- c:\programdata\Electronic Arts
2014-07-18 17:54 . 2014-07-18 17:54 -------- d-----w- c:\programdata\Origin
2014-07-18 17:24 . 2009-02-24 15:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2014-07-18 17:24 . 2009-02-24 15:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2014-07-18 17:24 . 2014-07-18 17:25 -------- d-----w- c:\program files (x86)\MagicDisc
2014-07-11 13:30 . 2014-04-23 08:50 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-07-09 19:41 . 2014-07-09 19:41 -------- d-s---w- c:\windows\system32\CompatTel
2014-07-09 16:52 . 2014-07-09 16:53 -------- d-----w- c:\windows\system32\MRT
2014-07-09 16:49 . 2014-05-28 10:17 64512 ----a-w- c:\windows\system32\jsproxy.dll
2014-07-09 16:48 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2014-07-09 14:42 . 2014-07-19 13:18 -------- d-----w- c:\programdata\Oracle
2014-07-09 14:40 . 2014-07-11 00:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-09 14:40 . 2014-07-19 13:18 -------- d-----w- c:\program files (x86)\Java
2014-07-08 19:57 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-07-08 19:57 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-07-08 19:57 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-07-08 19:57 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-07-08 19:57 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-07-08 19:22 . 2012-07-26 07:48 2560 ----a-w- c:\windows\system32\drivers\hu-HU\wdf01000.sys.mui
2014-07-08 19:22 . 2012-07-26 07:45 2560 ----a-w- c:\windows\system32\drivers\sv-SE\wdf01000.sys.mui
2014-07-08 19:22 . 2012-07-26 07:41 2560 ----a-w- c:\windows\system32\drivers\el-GR\wdf01000.sys.mui
2014-07-08 19:22 . 2012-07-26 07:31 2560 ----a-w- c:\windows\system32\drivers\da-DK\wdf01000.sys.mui
2014-07-08 19:22 . 2012-07-26 05:39 2560 ----a-w- c:\windows\system32\drivers\tr-TR\wdf01000.sys.mui
2014-07-08 19:22 . 2012-07-26 05:15 2560 ----a-w- c:\windows\system32\drivers\he-IL\wdf01000.sys.mui
2014-07-08 19:22 . 2012-07-26 05:05 2560 ----a-w- c:\windows\system32\drivers\pl-PL\wdf01000.sys.mui
2014-07-08 19:22 . 2012-07-26 05:04 2560 ----a-w- c:\windows\system32\drivers\nb-NO\wdf01000.sys.mui
2014-07-08 19:22 . 2012-07-26 05:04 2560 ----a-w- c:\windows\system32\drivers\fi-FI\wdf01000.sys.mui
2014-07-08 19:22 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-07-08 19:17 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2014-07-08 19:11 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-07-08 19:11 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-07-08 19:11 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-07-08 19:11 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-07-08 19:11 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-07-08 19:11 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-07-08 19:11 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-07-08 16:15 . 2014-07-08 16:15 -------- d-----w- c:\program files\Speccy
2014-07-07 21:24 . 2013-10-14 15:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-07-07 19:02 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2014-07-07 19:02 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-07-07 19:02 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-07-07 19:02 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-07-07 19:02 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2014-07-07 19:02 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2014-07-07 19:02 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2014-07-07 19:02 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2014-07-07 19:02 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2014-07-07 19:02 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2014-07-07 19:02 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2014-07-07 19:00 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2014-07-07 18:59 . 2014-04-12 02:19 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-07-07 18:58 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-07-07 18:46 . 2014-07-07 18:46 -------- d-----w- c:\windows\Migration
2014-07-06 19:23 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-07-06 19:23 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-07-06 19:15 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-07-06 19:15 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2014-07-06 19:15 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2014-07-06 18:19 . 2008-10-15 03:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2014-07-06 18:19 . 2008-10-15 03:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2014-07-06 18:19 . 2008-10-15 03:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2014-07-06 18:19 . 2008-10-15 03:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2014-07-06 18:19 . 2008-10-15 03:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2014-07-06 18:19 . 2008-10-15 03:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2014-07-06 18:15 . 2014-07-06 18:15 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2014-07-06 16:03 . 2014-07-06 16:03 -------- d-----w- c:\windows\system32\SPReview
2014-07-06 16:03 . 2014-07-06 16:03 -------- d-----w- c:\windows\system32\EventProviders
2014-07-06 11:55 . 2010-11-20 13:27 297984 ----a-w- c:\windows\system32\ws2_32.dll
2014-07-06 11:54 . 2010-11-20 13:28 3072 ----a-w- c:\windows\system32\drivers\el-GR\pnpmem.sys.mui
2014-07-06 00:24 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll
2014-07-06 00:23 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2014-07-06 00:22 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2014-07-06 00:21 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2014-07-06 00:21 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2014-07-06 00:21 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2014-07-06 00:21 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2014-07-06 00:21 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2014-07-06 00:21 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2014-07-06 00:20 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2014-07-06 00:20 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2014-07-06 00:20 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2014-07-06 00:20 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2014-07-06 00:20 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2014-07-06 00:20 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2014-07-06 00:20 . 2011-03-03 06:24 357888 ----a-w- c:\windows\system32\dnsapi.dll
2014-07-06 00:20 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2014-07-06 00:20 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll
2014-07-06 00:20 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2014-07-06 00:18 . 2012-12-07 11:20 23552 ----a-w- c:\windows\system32\oflc.rs
2014-07-06 00:17 . 2012-06-16 05:15 911360 ----a-w- c:\windows\system32\jscript.dll
2014-07-06 00:16 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2014-07-06 00:15 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2014-07-06 00:11 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-07-06 00:11 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-07-05 19:31 . 2014-07-05 08:37 -------- d-----w- c:\windows\Panther
2014-07-05 19:31 . 2014-07-06 18:02 -------- d-----w- C:\Boot
2014-07-05 19:31 . 2014-07-05 19:31 -------- d-----w- c:\windows\system32\OEM
2014-07-05 13:00 . 2014-07-05 13:00 -------- d-----w- c:\program files (x86)\Microsoft.NET
2014-07-05 11:48 . 2014-07-05 11:48 -------- d-----w- c:\program files\WinRAR
2014-07-05 11:41 . 2014-07-05 11:42 -------- d-----w- c:\program files\GIMP 2
2014-07-05 11:07 . 2009-03-16 11:18 24920 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2014-07-05 10:59 . 2014-07-05 10:59 -------- d-----w- c:\windows\SysWow64\Wat
2014-07-05 10:59 . 2014-07-05 10:59 -------- d-----w- c:\windows\system32\Wat
2014-07-05 09:43 . 2014-07-05 09:43 -------- d-----w- C:\OneDriveTemp
2014-07-05 09:40 . 2014-07-05 09:40 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2014-07-05 09:40 . 2014-07-05 09:40 -------- d-----w- c:\programdata\Microsoft OneDrive
2014-07-05 09:34 . 2014-07-06 01:30 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-07-05 09:34 . 2014-07-06 01:30 -------- d-----w- c:\program files\Microsoft Security Client
2014-07-05 09:25 . 2014-07-05 09:25 -------- d-----w- c:\users\UpdatusUser
2014-07-05 09:24 . 2013-06-16 17:47 31080 ----a-w- c:\windows\system32\nvhdap64.dll
2014-07-05 09:23 . 2014-06-16 23:57 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36765A92-1173-4328-847F-C1637B887AEA}\mpengine.dll
2014-07-05 09:23 . 2014-01-19 07:33 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-05 09:22 . 2014-07-05 09:25 -------- d-----w- c:\program files (x86)\Google
2014-07-05 09:21 . 2014-07-29 11:35 -------- d-----w- c:\program files (x86)\Steam
2014-07-05 09:21 . 2014-07-19 09:52 -------- d-----w- c:\program files (x86)\Common Files\Steam
.
.
((((((((((((((((((((((((((((((((((((   Find3M-raportti   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-06 17:55 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2014-07-06 17:55 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
((((((((((((((((((((((((((((((   Rekisterin käynnistyskohteet   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-07-05 09:40 223432 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-07-05 09:40 223432 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-07-05 09:40 223432 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-07-16 1753280]
"SkyDrive"="c:\users\B\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-07-05 257224]
"Spotify"="c:\users\B\AppData\Roaming\Spotify\Spotify.exe" [2014-07-10 6162488]
"Spotify Web Helper"="c:\users\B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-10 1178168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-10 256896]
.
c:\users\B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\B\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-22 35464216]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2014-7-18 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz136;cpuz136;c:\users\B\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\B\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoftin verkon tarkastus;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 4\LU4\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 4\LU4\NTIOLib_X64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 15:34 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
'Ajoitetut tehtävät'-kansion sisältö
.
2014-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-05 09:22]
.
2014-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-05 09:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-07-05 09:40 262344 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-07-05 09:40 262344 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-07-05 09:40 262344 ----a-w- c:\users\B\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\B\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-03 6628968]
"AtherosBtStack"="c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\btvstack.exe" [2012-06-28 1023104]
"AthBtTray"="c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\athbttray.exe" [2012-06-28 801920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
------- Täydentävä tarkistus -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.100.1
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
.
.
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Valmistumisajankohta: 2014-07-29  14:43:52
ComboFix-quarantined-files.txt  2014-07-29 11:43
.
Ennen ajoa: 65 293 590 528 tavua vapaana
Ajon jälkeen: 65 637 031 936 tavua vapaana
.
- - End Of File - - E91203E40CAEAC4EFEB4EB6AE30D0590
A36C5E4F47E84449FF07ED3517B43A31
 
Link to post
Share on other sites

Hi,

Download mbar.PNGMalwarebytes Anti-Rootkit to your desktop.

  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
Link to post
Share on other sites

Hi. 

Mbar found nothing


Log:

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
 
Database version: v2014.07.30.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
B :: B-PC [administrator]
 
30.7.2014 19:46:14
mbar-log-2014-07-30 (19-46-14).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 323372
Time elapsed: 5 minute(s), 11 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

Hi,

 

When I start my computer malwarebytes always finds trojan.agent in svchost.exe and deletes it. This repeats everytime I start up computer

 

Please disable temporarily "malwareprotection" and "start with windows" of Malwarebytes by right-clicking the icon in the systemtray.  Please reboot your computer and do the following fix:

 

Step 1

frst.pngfrstfix.png

Please download the attached fixlist txt.gif and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.

    Please copy and paste its contents in your next reply.

fixlist.txt
Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014

Ran by B at 2014-07-30 21:44:57 Run:1

Running from C:\Users\B\Desktop\frst

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Folder: C:\Windows\Temp\

File: C:\Windows\Temp\svchost.exe

 

 

*****************

 

 

========================= Folder: C:\Windows\Temp\ ========================

 

2014-07-30 21:42 - 2014-07-30 21:42 - 0000321 _____ () C:\Windows\Temp\1406745777_log.txt

2014-07-30 12:17 - 2014-07-30 21:42 - 0060684 _____ () C:\Windows\Temp\Data.bin

2014-07-30 16:59 - 2014-07-30 16:59 - 0000608 _____ () C:\Windows\Temp\fwtsqmfile00.sqm

2014-07-30 21:41 - 2014-07-30 21:41 - 0000608 _____ () C:\Windows\Temp\fwtsqmfile01.sqm

2014-07-29 15:42 - 2014-07-29 15:46 - 1883448 _____ () C:\Windows\Temp\lpksetup-20140729-154228-0.log

2014-07-30 16:00 - 2014-07-30 16:05 - 1883512 _____ () C:\Windows\Temp\lpksetup-20140730-160044-0.log

2014-07-29 14:45 - 2014-07-30 19:50 - 0007462 _____ () C:\Windows\Temp\MpCmdRun.log

2014-07-30 19:47 - 2014-07-30 19:50 - 0005320 _____ () C:\Windows\Temp\MpSigStub.log

2014-07-30 21:42 - 2014-07-30 21:42 - 1603584 _____ () C:\Windows\Temp\svchost.exe

2014-07-30 19:47 - 2014-07-30 19:50 - 0000000 ____D () C:\Windows\Temp\556C747BFB847E342BB8FB33486FA567-Sigs

2014-07-30 16:57 - 2014-07-30 16:57 - 0000000 ____D () C:\Windows\Temp\IEE766.tmp

2014-07-30 16:57 - 2014-07-30 16:57 - 1868205 _____ () C:\Windows\Temp\IEE766.tmp\Windows6.1-KB2888049-x64.cab

2014-07-05 12:16 - 2014-07-05 12:16 - 0000000 ____D () C:\Windows\Temp\Low

2014-07-05 12:16 - 2014-07-05 12:16 - 0000000 ____D () C:\Windows\Temp\Low\SkypeClickToCall

2014-07-05 12:16 - 2014-07-05 12:16 - 0000000 ____D () C:\Windows\Temp\Low\SkypeClickToCall\Logs

2014-07-05 12:16 - 2014-07-26 22:42 - 0002820 _____ () C:\Windows\Temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log

2014-07-30 02:02 - 2014-07-30 02:02 - 0000000 ____D () C:\Windows\Temp\MPInstrumentation

 

====== End of Folder: ======

 

 

========================= File: C:\Windows\Temp\svchost.exe ========================

 

MD5: 9FDEFAA3232AC9DD0608DB999D05381D

Creation and modification date: 2014-07-30 21:42 - 2014-07-30 21:42

Size: 1603584

Attributes: ----A

Company Name: 

Internal Name: 

Original Name: 

Product Name: 

Description: 

File Version: 

Product Version: 

Copyright: 

 

====== End Of File: ======

 

 

==== End of Fixlog ====

Link to post
Share on other sites

Fine... :D
 
Please activate "malwareprotection" and  "start with windows" of Malwarebytes again, and run the following fix:

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

fixlist.txt

After reboot:

Does Malwarebytes still detect "svchost.exe" ? ;)

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014

Ran by B at 2014-07-30 22:19:13 Run:2

Running from C:\Users\B\Desktop\frst

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Task: {3FB43551-603A-47B8-835F-405C0002AC47} - System32\Tasks\Origin => C:\Users\B\AppData\Roaming\Origin\update.vbe [2014-07-18] () <==== ATTENTION

C:\Users\B\AppData\Roaming\Origin\

Reboot:

*****************

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3FB43551-603A-47B8-835F-405C0002AC47}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FB43551-603A-47B8-835F-405C0002AC47}" => Key deleted successfully.

C:\Windows\System32\Tasks\Origin => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => Key deleted successfully.

C:\Users\B\AppData\Roaming\Origin => Moved successfully.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

Link to post
Share on other sites

I belive there is somekind of malware/virus/stupidthing on my second drive which is full of important stuff. I have used it since back I was stupid enough to go to suspicious sites and so on and I never have reformatted it. So I belive it has virus which can hide itself pretty well (like into Master boot section of drive or something?) I have just installed windows again couple weeks ago and now have repeating creation of virus in svchost.exe at startup. I noticed now that there is one update windows tries to push trough about IE11. It always fails that update. ('Epäonnistui' in pic means failed) I wonder if that is some shielding mechanism on that virus? or it infects that update and forces it to create new virus into svchost.exe.

As far as I understood is not possible to get Combofix to clean other drives than system drive. and I also belive this is the case in other programs as well (not including mbar and mbam)

post-170140-0-20347900-1406749599_thumb.

post-170140-0-38423400-1406749608_thumb.

Link to post
Share on other sites

:D

 

Next step:

Step 1

Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!
Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=5cde7b070245e348b1052418a47bacba

# engine=19424

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-07-30 11:12:45

# local_time=2014-07-31 02:12:45 (+0200, Suomen kesäaika)

# country="Finland"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 1316548 48078881 0 0

# scanned=639131

# found=18

# cleaned=0

# scan_time=10151

sh=9357AD524EC7D326F3FAEDB37BC88A2C99383120 ft=0 fh=0000000000000000 vn="VBS/CoinMiner.AD trojan" ac=I fn="C:\FRST\Quarantine\C\Users\B\AppData\Roaming\Origin\update.vbe"

sh=C331A1BAEB9D9E5C558A9E60D6CC4C1465DE5635 ft=1 fh=9846aa6c2493f694 vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="D:\Ladatut Tiedostot\DeviceDoctorPro.exe"

sh=7B728010B02F323611A5C0060C0638101AE0FC5B ft=1 fh=ec9e8d09f29fa913 vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="D:\Ladatut Tiedostot\DeviceDoctor_Bundle.exe"

sh=0019B16E4183DF28004DB503F2E3D2075A0FD541 ft=1 fh=dd9e6ee495e2b97d vn="Win32/InstallMonetizer.AF potentially unwanted application" ac=I fn="D:\Ladatut Tiedostot\Pazera_Free_MP4_to_AVI_Converter_v1.7.exe"

sh=5024A01FF7371C091F4EF6665F27C2CC98399A37 ft=1 fh=7efc120aeebb427e vn="a variant of Win32/AdWare.MultiPlug.AP application" ac=I fn="D:\Ladatut Tiedostot\SC-7415FF7415.rar"

sh=4214A591BD070047DB6B9142198F9AF43BEDC4AC ft=0 fh=0000000000000000 vn="a variant of Win32/SkypeLogView.A potentially unsafe application" ac=I fn="D:\Ladatut Tiedostot\skypelogview.zip"

sh=B6F7B1483088DF3F2E06A4FD4750F9A5998DD315 ft=1 fh=272dab65bf7b74d8 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="D:\Ladatut Tiedostot\spsetup121.exe"

sh=2F3FAFAC28D2A0191B524704ED6B8B0E533B3630 ft=1 fh=17a186c0e2f206d3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="D:\Ladatut Tiedostot\spsetup126.exe"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="D:\Ladatut Tiedostot\LEGO.Star.Wars.III.The.Clone.Wars-SKIDROW\sr-lsw3c.iso"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application" ac=I fn="D:\Ladatut Tiedostot\Saints.Row.IV-RELOADED\rld-saints4.iso"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="D:\Ladatut Tiedostot\The.Incredible.Adventures.of.Van.Helsing.II-CODEX\codex-the.incredible.adventures.of.van.helsing.ii.iso"

sh=C4962B5F9A118F0A3DFAF1D9E73AAA0DD19319FF ft=1 fh=45836b55521038c5 vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="D:\Ohjelmat\Device Doctor\DDSmartScan.exe"

sh=204530442D73013A195B789219A491ABA865C5E7 ft=1 fh=b8e681b79875ce9b vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\Ohjelmat\FL Studio 10.0.9c Producer Edition Final key [ChingLiu]\flstudio_10.0.9c.exe"

sh=695D5B402E29363E9906201C6E5DA84D9665CE6B ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AN potentially unwanted application" ac=I fn="D:\Ohjelmat\VST\ToneBytes_Lo-Fizer.zip"

sh=357CABA3D3F3D1894D7C698DD06CC1FF79849982 ft=1 fh=73b55166117b07c1 vn="Win32/InstallMonetizer.AN potentially unwanted application" ac=I fn="D:\Ohjelmat\VST\VST\Lo-Fizer VST Setup.exe"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="D:\Pelit\Fable.III-SKIDROW\sr-fable3.iso"

sh=7113D3A10D8722FE80A3717E87BC7354F55674B4 ft=1 fh=a654d788654f8e37 vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="D:\Pelit\LEGO Star Wars III The Clone Wars\paul.dll"

sh=357CABA3D3F3D1894D7C698DD06CC1FF79849982 ft=1 fh=73b55166117b07c1 vn="Win32/InstallMonetizer.AN potentially unwanted application" ac=I fn="D:\Reaper\Plugins\FX\muut\Lo-Fizer VST Setup.exe"
Link to post
Share on other sites

Hi,

P2P/Piracy Warning:

  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

    Please copy and paste these logs in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.