Jump to content

nanobrain

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

Reputation

0 Neutral
  1. nanobrain
    Not anything noticable at the moment, but MBAM still found a threat. I've done all the steps aswell. It's a register pup. Malwarebytes Anti-Malware www.malwarebytes.org Skanningsdatum: 2016-07-06 Skanningstid: 02:46 Loggfil: Administratör: Ja Version: 2.2.1.1043 Databas med skadliga program: v2016.07.05.14 Databas med rootkit: v2016.05.27.01 Licens: Utvärderingsversion Skydd mot skadliga program: Aktiverat Skydd mot skadliga webbplatser: Aktiverat Självförsvar: Inaktiverat OS: Windows 7 Service Pack 1 CPU: x64 Filsystem: NTFS Användare: Marcus Skanningstyp: Hotskanning Resultat: Slutförd Skannade objekt: 346086 Förfluten tid: 12 min, 12 sek Minne: Aktiverat Autostart: Aktiverat Filsystem: Aktiverat Arkivfiler: Aktiverat Rootkits: Aktiverat Heuristik: Aktiverat PUP: Aktiverat PUM: Aktiverat Processer: 0 (Inga skadliga poster upptäckta) Moduler: 0 (Inga skadliga poster upptäckta) Registernycklar: 0 (Inga skadliga poster upptäckta) Registervärden: 1 PUP.Optional.Youndoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{6710C780-E20E-4C49-A87D-321850ED3D7C}, , [6c06a0809dfd88ae3d573d3355adff01], Registerdata: 0 (Inga skadliga poster upptäckta) Mappar: 0 (Inga skadliga poster upptäckta) Filer: 0 (Inga skadliga poster upptäckta) Fysiska sektorer: 0 (Inga skadliga poster upptäckta) (end)
  2. nanobrain
    It's finished now. 2016-07-04 17:16:20.777 Sophos Virus Removal Tool version 2.5.5 2016-07-04 17:16:20.777 Copyright (c) 2009-2014 Sophos Limited. All rights reserved. 2016-07-04 17:16:20.777 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2016-07-04 17:16:20.777 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64 2016-07-04 17:16:20.777 Checking for updates... 2016-07-04 17:16:27.063 Option all = no 2016-07-04 17:16:27.063 Option recurse = yes 2016-07-04 17:16:27.063 Option archive = no 2016-07-04 17:16:27.063 Option service = yes 2016-07-04 17:16:27.063 Option confirm = yes 2016-07-04 17:16:27.063 Option sxl = yes 2016-07-04 17:16:27.063 Option max-data-age = 35 2016-07-04 17:16:27.063 Option EnableSafeClean = yes 2016-07-04 17:16:28.161 Option vdl-logging = yes 2016-07-04 17:16:28.169 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-07-04 17:16:28.169 Machine ID: 10868d32452847eaaa557abb84da0aaf 2016-07-04 17:16:28.169 Component SVRTcli.exe version 2.5.5 2016-07-04 17:16:28.170 Component control.dll version 2.5.5 2016-07-04 17:16:28.170 Component SVRTservice.exe version 2.5.5 2016-07-04 17:16:28.170 Component engine\osdp.dll version 1.44.1.2250 2016-07-04 17:16:28.170 Component engine\veex.dll version 3.65.0.2250 2016-07-04 17:16:28.170 Component engine\savi.dll version 9.0.1.2250 2016-07-04 17:16:28.170 Component rkdisk.dll version 1.5.30.0 2016-07-04 17:16:28.170 Version info: Product version 2.5.5 2016-07-04 17:16:28.171 Version info: Detection engine 3.65.0 2016-07-04 17:16:28.171 Version info: Detection data 5.26 2016-07-04 17:16:28.171 Version info: Build date 2016-04-05 2016-07-04 17:16:28.171 Version info: Data files added 574 2016-07-04 17:16:28.171 Version info: Last successful update (not yet updated) 2016-07-04 17:16:31.827 Update progress: proxy server not available 2016-07-04 17:16:47.558 Downloading updates... 2016-07-04 17:16:47.558 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 2016-07-04 17:16:47.558 Update progress: [I49502] Found supplement SAVIW32 LATEST 2016-07-04 17:16:47.558 Update progress: [I49502] Found supplement IDE527 LATEST 2016-07-04 17:16:47.558 Update progress: [I49502] Found supplement IDE528 LATEST 2016-07-04 17:16:47.558 Update progress: [I49502] Found supplement IDE529 LATEST 2016-07-04 17:16:47.558 Update progress: [I49502] Found supplement IDE530 LATEST 2016-07-04 17:16:47.558 Update progress: [I49502] Found supplement IDE531 LATEST 2016-07-04 17:16:47.558 Update progress: [I49502] Found supplement IDE532 LATEST 2016-07-04 17:16:47.558 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1 2016-07-04 17:16:47.558 Update progress: [I19463] Syncing product SAVIW32 70 2016-07-04 17:16:55.525 Update progress: [I19463] Syncing product IDE527 142 2016-07-04 17:16:58.036 Installing updates... 2016-07-04 17:16:58.647 Error level 1 2016-07-04 17:16:58.662 Update progress: [I19463] Syncing product IDE528 127 2016-07-04 17:16:58.662 Update progress: [I19463] Syncing product IDE529 135 2016-07-04 17:16:58.662 Update progress: [I19463] Syncing product IDE530 176 2016-07-04 17:16:58.662 Update progress: [I19463] Syncing product IDE531 1 2016-07-04 17:16:58.662 Update progress: [I19463] Syncing product IDE532 1 2016-07-04 17:17:04.528 Update successful 2016-07-04 17:17:11.224 Option all = no 2016-07-04 17:17:11.224 Option recurse = yes 2016-07-04 17:17:11.224 Option archive = no 2016-07-04 17:17:11.224 Option service = yes 2016-07-04 17:17:11.224 Option confirm = yes 2016-07-04 17:17:11.224 Option sxl = yes 2016-07-04 17:17:11.224 Option max-data-age = 35 2016-07-04 17:17:11.224 Option EnableSafeClean = yes 2016-07-04 17:17:11.255 Option vdl-logging = yes 2016-07-04 17:17:11.255 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-07-04 17:17:11.255 Machine ID: 10868d32452847eaaa557abb84da0aaf 2016-07-04 17:17:11.255 Component SVRTcli.exe version 2.5.5 2016-07-04 17:17:11.255 Component control.dll version 2.5.5 2016-07-04 17:17:11.255 Component SVRTservice.exe version 2.5.5 2016-07-04 17:17:11.255 Component engine\osdp.dll version 1.44.1.2250 2016-07-04 17:17:11.255 Component engine\veex.dll version 3.65.0.2250 2016-07-04 17:17:11.255 Component engine\savi.dll version 9.0.1.2250 2016-07-04 17:17:11.255 Component rkdisk.dll version 1.5.30.0 2016-07-04 17:17:11.255 Version info: Product version 2.5.5 2016-07-04 17:17:11.255 Version info: Detection engine 3.65.0 2016-07-04 17:17:11.255 Version info: Detection data 5.26 2016-07-04 17:17:11.255 Version info: Build date 2016-04-05 2016-07-04 17:17:11.255 Version info: Data files added 574 2016-07-04 17:17:11.255 Version info: Last successful update 2016-07-04 19:17:04 2016-07-04 19:09:00.919 Could not open C:\hiberfil.sys 2016-07-04 19:09:00.921 Could not open C:\pagefile.sys 2016-07-04 19:13:41.444 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-07-04 19:13:41.444 Could not open C:\System Volume Information\{4f110375-420a-11e6-9859-6c626d3b70c6}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-07-04 19:13:41.444 Could not open C:\System Volume Information\{9122430d-4141-11e6-84fb-6c626d3b70c6}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-07-04 19:13:59.009 Could not open C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Current Session 2016-07-04 19:13:59.010 Could not open C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Profile 1\Current Tabs 2016-07-04 19:21:25.418 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 2016-07-04 19:21:25.418 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 2016-07-04 19:21:26.484 Could not open C:\Windows\System32\config\COMPONENTS 2016-07-04 19:21:26.601 Could not open C:\Windows\System32\config\RegBack\DEFAULT 2016-07-04 19:21:26.605 Could not open C:\Windows\System32\config\RegBack\SAM 2016-07-04 19:21:26.607 Could not open C:\Windows\System32\config\RegBack\SECURITY 2016-07-04 19:21:26.609 Could not open C:\Windows\System32\config\RegBack\SOFTWARE 2016-07-04 19:21:26.610 Could not open C:\Windows\System32\config\RegBack\SYSTEM 2016-07-04 19:36:47.782 >>> Virus 'Troj/Agent-WFN' found in file F:\Maschine Install\Cracka\Native Instruments Kontakt 5.3.0 WiN x86x64 + Update [deepstatus][h33t][1337x]\Native Instruments Kontakt 5.3.0 WiN x86x64 VST & Standalone\N.i.K.5.3.0-CHi\RegPatch\RegPatch.exe 2016-07-04 19:36:51.029 >>> Virus 'Troj/Agent-WFN' found in file F:\Maschine Install\Cracka\Native Instruments Kontakt 5.3.0 WiN x86x64 + Update [deepstatus][h33t][1337x]\Native Instruments Kontakt 5.3.0 WiN x86x64 VST & Standalone\N.i.K.5.3.0-CHi\X64\X64 UniPatch.exe 2016-07-04 19:36:54.632 >>> Virus 'Troj/Agent-WFN' found in file F:\Maschine Install\Cracka\Native Instruments Kontakt 5.3.0 WiN x86x64 + Update [deepstatus][h33t][1337x]\Native Instruments Kontakt 5.3.0 WiN x86x64 VST & Standalone\N.i.K.5.3.0-CHi\X86\X86 UniPatch.exe 2016-07-04 19:37:03.165 >>> Virus 'Troj/Agent-WFN' found in file F:\Maschine Install\Kontakt 5 unlocked\Native Instruments Kontakt 5.3.0 WiN x86x64 + Update [deepstatus][h33t][1337x]\kontakt 5\N.i.K.5.3.0-CHi\RegPatch\RegPatch.exe 2016-07-04 19:37:06.345 >>> Virus 'Troj/Agent-WFN' found in file F:\Maschine Install\Kontakt 5 unlocked\Native Instruments Kontakt 5.3.0 WiN x86x64 + Update [deepstatus][h33t][1337x]\kontakt 5\N.i.K.5.3.0-CHi\X64\X64 UniPatch.exe 2016-07-04 19:37:09.609 >>> Virus 'Troj/Agent-WFN' found in file F:\Maschine Install\Kontakt 5 unlocked\Native Instruments Kontakt 5.3.0 WiN x86x64 + Update [deepstatus][h33t][1337x]\kontakt 5\N.i.K.5.3.0-CHi\X86\X86 UniPatch.exe 2016-07-04 19:37:29.590 >>> Virus 'Mal/Generic-S' found in file F:\Maschine Install\Working expansions\Native Instruments - Maschine Expansion Golden Kingdom HYBRID.READ.NFO [MATRiX][dada]\Golden Kindom v1.0.0\MATRiX\R2R Encryptor The Suppliers Tools\grpenc.exe 2016-07-04 19:37:29.590 >>> Virus 'Mal/Generic-S' found in file F:\Maschine Install\Working expansions\Native Instruments - Maschine Expansion Golden Kingdom HYBRID.READ.NFO [MATRiX][dada]\Golden Kindom v1.0.0\MATRiX\R2R Encryptor The Suppliers Tools\grpenc.exe 2016-07-04 19:37:29.590 >>> Virus 'Mal/Generic-S' found in file F:\Maschine Install\Working expansions\Native Instruments - Maschine Expansion Golden Kingdom HYBRID.READ.NFO [MATRiX][dada]\Golden Kindom v1.0.0\MATRiX\R2R Encryptor The Suppliers Tools\grpenc.exe 2016-07-04 19:37:40.488 >>> Virus 'Mal/Generic-S' found in file F:\Maschine Install\Working expansions\Native Instruments - Maschine Expansion Golden Kingdom HYBRID.READ.NFO [MATRiX][dada]\Golden Kindom v1.0.0\MATRiX\R2R Encryptor The Suppliers Tools\r2renc.exe 2016-07-04 19:37:40.488 >>> Virus 'Mal/Generic-S' found in file F:\Maschine Install\Working expansions\Native Instruments - Maschine Expansion Golden Kingdom HYBRID.READ.NFO [MATRiX][dada]\Golden Kindom v1.0.0\MATRiX\R2R Encryptor The Suppliers Tools\r2renc.exe 2016-07-04 19:37:40.488 >>> Virus 'Mal/Generic-S' found in file F:\Maschine Install\Working expansions\Native Instruments - Maschine Expansion Golden Kingdom HYBRID.READ.NFO [MATRiX][dada]\Golden Kindom v1.0.0\MATRiX\R2R Encryptor The Suppliers Tools\r2renc.exe 2016-07-04 19:38:03.182 >>> Virus 'Troj/Agent-WFN' found in file F:\Morphvox Pro\morphvox.pro.v4.4.9-patch.exe 2016-07-04 20:08:20.312 The following items will be cleaned up: 2016-07-04 20:08:20.312 Troj/Agent-WFN 2016-07-04 20:08:20.312 Mal/Generic-S
  3. nanobrain
    At the moment I don't seem to have any issues but I noticed that a couple more pups surfaced when I scanned just now. The "yessearch" to be exact, it wasn't there when I posted the thread. # AdwCleaner v5.201 - Logfile created 04/07/2016 at 19:10:13 # Updated 30/06/2016 by ToolsLib # Database : 2016-07-04.1 [Server] # Operating system : Windows 7 Home Premium Service Pack 1 (X64) # Username : Marcus - MARCUS-DATOR # Running from : C:\Users\Marcus\Desktop\AdwCleaner.exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\ProgramData\ytd video downloader [#] Folder Deleted : C:\ProgramData\Application Data\ytd video downloader [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader [-] Folder Deleted : C:\Program Files (x86)\GreenTree Applications ***** [ Files ] ***** [-] File Deleted : C:\Users\Public\Desktop\YTD Video Downloader.lnk ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKCU\Software\GreenTree Applications\YTD [-] Key Deleted : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [1446 bytes] - [04/07/2016 19:10:13] C:\AdwCleaner\AdwCleaner[S1].txt - [1554 bytes] - [04/07/2016 19:09:03] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1592 bytes] ########## Thanks,
  4. nanobrain
    Hello Kevin, thanks for responding. 1st update, the log from MBAM. Will update when completing further steps. Also, just realized it's in Swedish, any way to change this or will this suffice? Malwarebytes Anti-Malware www.malwarebytes.org Skanningsdatum: 2016-07-04 Skanningstid: 18:53 Loggfil: Administratör: Ja Version: 2.2.1.1043 Databas med skadliga program: v2016.07.04.06 Databas med rootkit: v2016.05.27.01 Licens: Utvärderingsversion Skydd mot skadliga program: Aktiverat Skydd mot skadliga webbplatser: Aktiverat Självförsvar: Inaktiverat OS: Windows 7 Service Pack 1 CPU: x64 Filsystem: NTFS Användare: Marcus Skanningstyp: Hotskanning Resultat: Slutförd Skannade objekt: 344972 Förfluten tid: 10 min, 29 sek Minne: Aktiverat Autostart: Aktiverat Filsystem: Aktiverat Arkivfiler: Aktiverat Rootkits: Aktiverat Heuristik: Aktiverat PUP: Aktiverat PUM: Aktiverat Processer: 0 (Inga skadliga poster upptäckta) Moduler: 0 (Inga skadliga poster upptäckta) Registernycklar: 2 PUP.Optional.YesSearches, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1560FE9B-D84C-4691-B4EB-C7120EBCB9C7}, Ta-bort-vid-omstart, [ff0765bb851574c22efdb9efcc38758b], PUP.Optional.YesSearches, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Anulient Cache, Ta-bort-vid-omstart, [d135a47ce9b146f0f337d4d4758fb54b], Registervärden: 2 PUP.Optional.Youndoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{6710C780-E20E-4C49-A87D-321850ED3D7C}, Flyttad till karantän, [8086df4133670e2860376e0216ec43bd], PUP.Optional.YesSearches, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1560FE9B-D84C-4691-B4EB-C7120EBCB9C7}|Path, \Anulient Cache, Ta-bort-vid-omstart, [ff0765bb851574c22efdb9efcc38758b] Registerdata: 0 (Inga skadliga poster upptäckta) Mappar: 0 (Inga skadliga poster upptäckta) Filer: 1 HackTool.Agent.Steam, C:\Users\Marcus\Desktop\Rensa skrivbordet and stuff\Ny mapp\steam_api64.dll, Flyttad till karantän, [b353948cebaf0234cb03422a20e2dc24], Fysiska sektorer: 0 (Inga skadliga poster upptäckta) (end)
  5. nanobrain
    Got a bad infection in the form of a hijacker in my chrome browser, but one problem remains. The youndoo registry thingey. I've read through the other forums posts and downloaded Farbar Recovery Scan Tool and scanned, attached the results. Any help I can recieve is greatly appriciated. Thank you. Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.