Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with keybtc@inbox_com virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 armendunikat

armendunikat

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 18 November 2014 - 06:09 AM

Hello there,

Im infected with this virus keybtc@inbox_com and all my pictures are infected with this virus so i can not open the pictures.I tried to delete the extension on the end and put there .jpg but again the same problem.

Can you help me solve that please?

 

Respectfully 

Hamid Ajeti

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16384  BrowserJavaVersion: 10.25.2
Run by Armend M at 11:59:46 on 2014-11-18
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3909.1910 [GMT 1:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\RfBtnSvc64.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Users\Armend M\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files\BitComet\tools\BitCometService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\DAEMON Tools Pro\DiscSoftBusService.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\taskhost.exe
C:\WINDOWS\system32\taskhost.exe
C:\Program Files\Recuva\recuva64.exe
C:\WINDOWS\system32\wwahost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Users\Armend M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
C:\Users\Armend M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera_crashreporter.exe
C:\Users\Armend M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
C:\Users\Armend M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Armend M\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe
C:\Users\Armend M\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1416214795&from=smt&uid=WDCXWD3200BPVT-22JJ5T0_WD-WX41C42U7898U7898
uDefault_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1416214795&from=smt&uid=WDCXWD3200BPVT-22JJ5T0_WD-WX41C42U7898U7898
mStart Page = about:blank
mSearch Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
uURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
mURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [Google Update] "C:\Users\Armend M\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
uRun: [GenieoUpdaterService] "C:\Users\Armend M\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5
uRun: [GenieoSystemTray] "C:\Users\Armend M\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe"
uRun: [Viber] "C:\Users\Armend M\AppData\Local\Viber\Viber.exe" StartMinimized
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
mRun: [BakupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -k -h
mRun: [LManager] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\GATEWA~1.LNK - C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{DA5A1960-D3E4-473F-BEFC-0047E77B89D1} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{DA5A1960-D3E4-473F-BEFC-0047E77B89D1}\1427D656E646 : DHCPNameServer = 78.157.16.30 78.157.16.51 78.157.16.8
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-mSearch Page = about:blank
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = about:blank
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\Drivers\iaStorA.sys [2012-9-9 645952]
R1 avkmgr;avkmgr;C:\WINDOWS\System32\Drivers\avkmgr.sys [2014-11-17 28600]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-11-17 431920]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-11-17 431920]
R2 avgntflt;avgntflt;C:\WINDOWS\System32\Drivers\avgntflt.sys [2014-11-17 119272]
R2 Avira.OE.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-10-22 164656]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-8-22 348784]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-9 165760]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2012-8-23 259136]
R2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2012-9-9 93296]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-9 364416]
R2 WindowsMangerProtect;WindowsMangerProtect Service;C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service --> C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [?]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\WINDOWS\System32\Drivers\b57xdbd.sys [2012-6-15 72280]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\WINDOWS\System32\Drivers\b57xdmp.sys [2012-6-15 21080]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
R3 bScsiMSa;bScsiMSa;C:\WINDOWS\System32\Drivers\bScsiMSa.sys [2012-6-19 55384]
R3 bScsiSDa;bScsiSDa;C:\WINDOWS\System32\Drivers\bScsiSDa.sys [2012-6-19 70744]
R3 Disc Soft Bus Service;Disc Soft Bus Service;C:\Program Files (x86)\DAEMON Tools Pro\DiscSoftBusService.exe [2014-11-10 2216208]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;C:\WINDOWS\System32\Drivers\dtscsibus.sys [2014-11-17 29864]
R3 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-8-23 658576]
R3 ETD;ELAN PS/2 Port Input Device;C:\WINDOWS\System32\Drivers\ETD.sys [2012-8-11 315280]
R3 IntcDAud;Intel® Display Audio;C:\WINDOWS\System32\Drivers\IntcDAud.sys [2012-8-9 342528]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\WINDOWS\System32\Drivers\k57nd60a.sys [2012-6-2 425472]
R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\WINDOWS\System32\Drivers\aPs2Kb2Hid.sys [2012-9-9 26736]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\WINDOWS\System32\Drivers\rtwlane.sys [2012-6-30 1552016]
S2 EraserSvc11210;Symantec Eraser Service;"C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe" /h ccCommon --> C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe [?]
S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [2012-8-23 468624]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\WINDOWS\System32\Drivers\rtwlane.sys [2012-6-30 1552016]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-11-18 10:47:25 867240 ----a-w- C:\WINDOWS\SysWow64\npDeployJava1.dll
2014-11-18 10:47:25 789416 ----a-w- C:\WINDOWS\SysWow64\deployJava1.dll
2014-11-18 10:47:08 96168 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2014-11-18 02:44:07 -------- d-----w- C:\Program Files\CCleaner
2014-11-18 02:43:33 -------- d-----w- C:\Downloads
2014-11-18 02:43:20 -------- d-----w- C:\Users\Armend M\AppData\Roaming\SlimBrowser
2014-11-18 02:42:55 -------- d-----w- C:\Users\Armend M\AppData\Roaming\BitComet
2014-11-18 02:42:53 -------- d-----w- C:\Program Files\BitComet
2014-11-18 02:42:48 -------- d-----w- C:\Program Files (x86)\SlimBrowser
2014-11-18 02:35:59 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync
2014-11-18 02:34:31 -------- d-----w- C:\WINDOWS\PCHEALTH
2014-11-18 02:34:26 -------- d-----w- C:\Users\Armend M\AppData\Roaming\Opera Software
2014-11-18 02:34:26 -------- d-----w- C:\Users\Armend M\AppData\Local\Opera Software
2014-11-18 02:31:05 737280 ----a-w- C:\WINDOWS\iun6002.exe
2014-11-18 02:30:59 -------- d-----w- C:\Program Files (x86)\Codec Pack - All In 1
2014-11-18 02:30:38 -------- d-----w- C:\Program Files (x86)\Haali
2014-11-18 02:29:49 -------- d-----w- C:\Users\Armend M\AppData\Local\Google
2014-11-18 02:16:19 -------- d-----w- C:\Program Files (x86)\OEM
2014-11-18 02:15:59 -------- d-----w- C:\Program Files\Accessory Store
2014-11-18 02:15:59 -------- d-----r- C:\Users\Armend M\Searches
2014-11-18 02:15:59 -------- d-----r- C:\Users\Armend M\Contacts
2014-11-18 02:15:53 -------- d-----w- C:\ProgramData\OEM_E471269A730D
2014-11-18 02:15:49 -------- d-----w- C:\Users\Armend M\AppData\Roaming\lm
2014-11-17 23:39:37 -------- d-----w- C:\Users\Armend M\AppData\Local\Adobe
2014-11-17 23:14:55 -------- d-----w- C:\Users\Armend M\AppData\Roaming\FreeImageConverter
2014-11-17 23:13:10 -------- d-----w- C:\Users\Armend M\AppData\Roaming\Systweak
2014-11-17 23:13:07 20296 ----a-w- C:\WINDOWS\System32\roboot64.exe
2014-11-17 23:13:04 -------- d-----w- C:\Program Files (x86)\RCP
2014-11-17 23:12:13 -------- d-----w- C:\Program Files (x86)\FreeImageConverter
2014-11-17 23:12:09 -------- d-----w- C:\Program Files (x86)\RelevantKnowledge
2014-11-17 23:11:15 -------- d-----w- C:\Program Files (x86)\ZXT2007 Software
2014-11-17 22:22:02 43064 ----a-w- C:\WINDOWS\System32\drivers\avnetflt.sys
2014-11-17 21:09:03 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2014-11-17 21:08:09 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-11-17 10:31:54 -------- d-----w- C:\UpdateChromeLinksLogs
2014-11-17 10:31:48 1060864 ----a-w- C:\WINDOWS\SysWow64\mfc71.dll
2014-11-17 09:54:35 -------- d-----w- C:\ProgramData\Package Cache
2014-11-17 09:52:55 -------- d-----w- C:\Users\Armend M\AppData\Roaming\Avira
2014-11-17 09:48:57 28600 ----a-w- C:\WINDOWS\System32\drivers\avkmgr.sys
2014-11-17 09:48:57 119272 ----a-w- C:\WINDOWS\System32\drivers\avgntflt.sys
2014-11-17 09:47:50 -------- d-----w- C:\ProgramData\Avira
2014-11-17 09:47:50 -------- d-----w- C:\Program Files (x86)\Avira
2014-11-17 09:47:35 -------- d-----w- C:\Users\Armend M\AppData\Roaming\TuneUp Software
2014-11-17 09:47:35 -------- d-----w- C:\Users\Armend M\AppData\Local\TuneUp Software
2014-11-17 09:47:01 29864 ----a-w- C:\WINDOWS\System32\drivers\dtscsibus.sys
2014-11-17 09:46:50 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro
2014-11-17 09:43:14 -------- d-sh--w- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-11-17 09:43:00 -------- d--h--w- C:\ProgramData\Common Files
2014-11-17 09:43:00 -------- d-----w- C:\ProgramData\TuneUp Software
2014-11-17 09:41:43 -------- d-----w- C:\Users\Armend M\AppData\Roaming\DAEMON Tools Pro
2014-11-17 09:41:40 -------- d-----w- C:\Users\Armend M\AppData\Roaming\RHEng
2014-11-17 09:41:37 -------- d-----w- C:\Users\Armend M\AppData\Roaming\OpenCandy
2014-11-17 09:40:24 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
2014-11-17 09:29:28 -------- d-----w- C:\Users\Armend M\AppData\Roaming\ViberPC
2014-11-17 09:26:54 -------- d-----w- C:\Users\Armend M\AppData\Local\Viber
2014-11-17 09:05:28 -------- d-----w- C:\Users\Armend M\AppData\Roaming\Genieo
2014-11-17 09:05:08 839680 ----a-w- C:\WINDOWS\SysWow64\lameACM.acm
2014-11-17 09:05:08 217088 ----a-w- C:\WINDOWS\SysWow64\yv12vfw.dll
2014-11-17 09:05:08 118784 ----a-w- C:\WINDOWS\SysWow64\ac3acm.acm
2014-11-17 09:05:07 90112 ----a-w- C:\WINDOWS\SysWow64\dpl100.dll
2014-11-17 09:05:07 205824 ----a-w- C:\WINDOWS\SysWow64\xvidvfw.dll
2014-11-17 09:05:06 685056 ----a-w- C:\WINDOWS\SysWow64\divx.dll
2014-11-17 09:05:05 85504 ----a-w- C:\WINDOWS\SysWow64\ff_vfw.dll
2014-11-17 09:04:46 -------- d-----w- C:\Program Files (x86)\SupTab
2014-11-17 09:04:32 -------- d-----w- C:\ProgramData\WindowsMangerProtect
2014-11-17 09:04:25 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2014-11-17 09:04:10 -------- d-----w- C:\Users\Armend M\AppData\Roaming\omiga-plus
2014-11-17 09:02:38 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2014-11-17 09:01:19 -------- d-----w- C:\Users\Armend M\AppData\Local\Microsoft Help
2014-11-17 08:59:57 -------- d-----w- C:\Program Files (x86)\Conduit
2014-11-17 08:59:37 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2014-11-17 08:59:31 -------- d-----w- C:\Program Files (x86)\BS_Player
2014-11-17 08:58:31 -------- d-----w- C:\Users\Armend M\AppData\Roaming\BSplayer Pro
2014-11-17 08:58:31 -------- d-----w- C:\Users\Armend M\AppData\Roaming\BSplayer
2014-11-17 08:58:29 -------- d-----w- C:\Program Files (x86)\Webteh
2014-11-17 08:58:28 -------- d-----w- C:\Users\Armend M\AppData\Local\CrashDumps
2014-11-17 08:53:23 -------- d-----w- C:\Users\Armend M\AppData\Local\HP
2014-11-17 08:50:39 -------- d-----w- C:\Users\Armend M\AppData\Local\Comodo
2014-11-17 08:49:08 -------- d-----w- C:\Program Files\VideoLAN
2014-11-17 08:46:32 269992 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
2014-11-17 08:46:29 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2014-11-17 08:46:28 -------- d-----w- C:\Users\Armend M\AppData\Local\Programs
.
==================== Find3M  ====================
.
.
============= FINISH: 12:01:20.01 ===============

Edited by armendunikat, 18 November 2014 - 06:10 AM.


BC AdBot (Login to Remove)

 


#2 armendunikat

armendunikat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 18 November 2014 - 06:12 AM

Hello there,

Im infected with this virus keybtc@inbox_com and all my pictures are infected with this virus so i can not open the pictures.I tried to delete the extension on the end and put there .jpg but again the same problem.

Can you help me solve that please?

 

Respectfully 

Armend

 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16384  BrowserJavaVersion: 10.25.2
Run by Armend M at 11:59:46 on 2014-11-18
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3909.1910 [GMT 1:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\RfBtnSvc64.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Users\Armend M\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files\BitComet\tools\BitCometService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\DAEMON Tools Pro\DiscSoftBusService.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\taskhost.exe
C:\WINDOWS\system32\taskhost.exe
C:\Program Files\Recuva\recuva64.exe
C:\WINDOWS\system32\wwahost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Users\Armend M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
C:\Users\Armend M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera_crashreporter.exe
C:\Users\Armend M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
C:\Users\Armend M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Armend M\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe
C:\Users\Armend M\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
C:\Program Files (x86)\Opera\25.0.1614.68\opera.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1416214795&from=smt&uid=WDCXWD3200BPVT-22JJ5T0_WD-WX41C42U7898U7898
uDefault_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1416214795&from=smt&uid=WDCXWD3200BPVT-22JJ5T0_WD-WX41C42U7898U7898
mStart Page = about:blank
mSearch Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
uURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
mURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [Google Update] "C:\Users\Armend M\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
uRun: [GenieoUpdaterService] "C:\Users\Armend M\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5
uRun: [GenieoSystemTray] "C:\Users\Armend M\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe"
uRun: [Viber] "C:\Users\Armend M\AppData\Local\Viber\Viber.exe" StartMinimized
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
mRun: [BakupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -k -h
mRun: [LManager] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\GATEWA~1.LNK - C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{DA5A1960-D3E4-473F-BEFC-0047E77B89D1} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{DA5A1960-D3E4-473F-BEFC-0047E77B89D1}\1427D656E646 : DHCPNameServer = 78.157.16.30 78.157.16.51 78.157.16.8
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-mSearch Page = about:blank
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = about:blank
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\Drivers\iaStorA.sys [2012-9-9 645952]
R1 avkmgr;avkmgr;C:\WINDOWS\System32\Drivers\avkmgr.sys [2014-11-17 28600]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-11-17 431920]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-11-17 431920]
R2 avgntflt;avgntflt;C:\WINDOWS\System32\Drivers\avgntflt.sys [2014-11-17 119272]
R2 Avira.OE.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-10-22 164656]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-8-22 348784]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-9 165760]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2012-8-23 259136]
R2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2012-9-9 93296]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-9 364416]
R2 WindowsMangerProtect;WindowsMangerProtect Service;C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service --> C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [?]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\WINDOWS\System32\Drivers\b57xdbd.sys [2012-6-15 72280]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\WINDOWS\System32\Drivers\b57xdmp.sys [2012-6-15 21080]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
R3 bScsiMSa;bScsiMSa;C:\WINDOWS\System32\Drivers\bScsiMSa.sys [2012-6-19 55384]
R3 bScsiSDa;bScsiSDa;C:\WINDOWS\System32\Drivers\bScsiSDa.sys [2012-6-19 70744]
R3 Disc Soft Bus Service;Disc Soft Bus Service;C:\Program Files (x86)\DAEMON Tools Pro\DiscSoftBusService.exe [2014-11-10 2216208]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;C:\WINDOWS\System32\Drivers\dtscsibus.sys [2014-11-17 29864]
R3 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-8-23 658576]
R3 ETD;ELAN PS/2 Port Input Device;C:\WINDOWS\System32\Drivers\ETD.sys [2012-8-11 315280]
R3 IntcDAud;Intel® Display Audio;C:\WINDOWS\System32\Drivers\IntcDAud.sys [2012-8-9 342528]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\WINDOWS\System32\Drivers\k57nd60a.sys [2012-6-2 425472]
R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\WINDOWS\System32\Drivers\aPs2Kb2Hid.sys [2012-9-9 26736]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\WINDOWS\System32\Drivers\rtwlane.sys [2012-6-30 1552016]
S2 EraserSvc11210;Symantec Eraser Service;"C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe" /h ccCommon --> C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe [?]
S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [2012-8-23 468624]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\WINDOWS\System32\Drivers\rtwlane.sys [2012-6-30 1552016]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-11-18 10:47:25 867240 ----a-w- C:\WINDOWS\SysWow64\npDeployJava1.dll
2014-11-18 10:47:25 789416 ----a-w- C:\WINDOWS\SysWow64\deployJava1.dll
2014-11-18 10:47:08 96168 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2014-11-18 02:44:07 -------- d-----w- C:\Program Files\CCleaner
2014-11-18 02:43:33 -------- d-----w- C:\Downloads
2014-11-18 02:43:20 -------- d-----w- C:\Users\Armend M\AppData\Roaming\SlimBrowser
2014-11-18 02:42:55 -------- d-----w- C:\Users\Armend M\AppData\Roaming\BitComet
2014-11-18 02:42:53 -------- d-----w- C:\Program Files\BitComet
2014-11-18 02:42:48 -------- d-----w- C:\Program Files (x86)\SlimBrowser
2014-11-18 02:35:59 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync
2014-11-18 02:34:31 -------- d-----w- C:\WINDOWS\PCHEALTH
2014-11-18 02:34:26 -------- d-----w- C:\Users\Armend M\AppData\Roaming\Opera Software
2014-11-18 02:34:26 -------- d-----w- C:\Users\Armend M\AppData\Local\Opera Software
2014-11-18 02:31:05 737280 ----a-w- C:\WINDOWS\iun6002.exe
2014-11-18 02:30:59 -------- d-----w- C:\Program Files (x86)\Codec Pack - All In 1
2014-11-18 02:30:38 -------- d-----w- C:\Program Files (x86)\Haali
2014-11-18 02:29:49 -------- d-----w- C:\Users\Armend M\AppData\Local\Google
2014-11-18 02:16:19 -------- d-----w- C:\Program Files (x86)\OEM
2014-11-18 02:15:59 -------- d-----w- C:\Program Files\Accessory Store
2014-11-18 02:15:59 -------- d-----r- C:\Users\Armend M\Searches
2014-11-18 02:15:59 -------- d-----r- C:\Users\Armend M\Contacts
2014-11-18 02:15:53 -------- d-----w- C:\ProgramData\OEM_E471269A730D
2014-11-18 02:15:49 -------- d-----w- C:\Users\Armend M\AppData\Roaming\lm
2014-11-17 23:39:37 -------- d-----w- C:\Users\Armend M\AppData\Local\Adobe
2014-11-17 23:14:55 -------- d-----w- C:\Users\Armend M\AppData\Roaming\FreeImageConverter
2014-11-17 23:13:10 -------- d-----w- C:\Users\Armend M\AppData\Roaming\Systweak
2014-11-17 23:13:07 20296 ----a-w- C:\WINDOWS\System32\roboot64.exe
2014-11-17 23:13:04 -------- d-----w- C:\Program Files (x86)\RCP
2014-11-17 23:12:13 -------- d-----w- C:\Program Files (x86)\FreeImageConverter
2014-11-17 23:12:09 -------- d-----w- C:\Program Files (x86)\RelevantKnowledge
2014-11-17 23:11:15 -------- d-----w- C:\Program Files (x86)\ZXT2007 Software
2014-11-17 22:22:02 43064 ----a-w- C:\WINDOWS\System32\drivers\avnetflt.sys
2014-11-17 21:09:03 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2014-11-17 21:08:09 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-11-17 10:31:54 -------- d-----w- C:\UpdateChromeLinksLogs
2014-11-17 10:31:48 1060864 ----a-w- C:\WINDOWS\SysWow64\mfc71.dll
2014-11-17 09:54:35 -------- d-----w- C:\ProgramData\Package Cache
2014-11-17 09:52:55 -------- d-----w- C:\Users\Armend M\AppData\Roaming\Avira
2014-11-17 09:48:57 28600 ----a-w- C:\WINDOWS\System32\drivers\avkmgr.sys
2014-11-17 09:48:57 119272 ----a-w- C:\WINDOWS\System32\drivers\avgntflt.sys
2014-11-17 09:47:50 -------- d-----w- C:\ProgramData\Avira
2014-11-17 09:47:50 -------- d-----w- C:\Program Files (x86)\Avira
2014-11-17 09:47:35 -------- d-----w- C:\Users\Armend M\AppData\Roaming\TuneUp Software
2014-11-17 09:47:35 -------- d-----w- C:\Users\Armend M\AppData\Local\TuneUp Software
2014-11-17 09:47:01 29864 ----a-w- C:\WINDOWS\System32\drivers\dtscsibus.sys
2014-11-17 09:46:50 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro
2014-11-17 09:43:14 -------- d-sh--w- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-11-17 09:43:00 -------- d--h--w- C:\ProgramData\Common Files
2014-11-17 09:43:00 -------- d-----w- C:\ProgramData\TuneUp Software
2014-11-17 09:41:43 -------- d-----w- C:\Users\Armend M\AppData\Roaming\DAEMON Tools Pro
2014-11-17 09:41:40 -------- d-----w- C:\Users\Armend M\AppData\Roaming\RHEng
2014-11-17 09:41:37 -------- d-----w- C:\Users\Armend M\AppData\Roaming\OpenCandy
2014-11-17 09:40:24 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
2014-11-17 09:29:28 -------- d-----w- C:\Users\Armend M\AppData\Roaming\ViberPC
2014-11-17 09:26:54 -------- d-----w- C:\Users\Armend M\AppData\Local\Viber
2014-11-17 09:05:28 -------- d-----w- C:\Users\Armend M\AppData\Roaming\Genieo
2014-11-17 09:05:08 839680 ----a-w- C:\WINDOWS\SysWow64\lameACM.acm
2014-11-17 09:05:08 217088 ----a-w- C:\WINDOWS\SysWow64\yv12vfw.dll
2014-11-17 09:05:08 118784 ----a-w- C:\WINDOWS\SysWow64\ac3acm.acm
2014-11-17 09:05:07 90112 ----a-w- C:\WINDOWS\SysWow64\dpl100.dll
2014-11-17 09:05:07 205824 ----a-w- C:\WINDOWS\SysWow64\xvidvfw.dll
2014-11-17 09:05:06 685056 ----a-w- C:\WINDOWS\SysWow64\divx.dll
2014-11-17 09:05:05 85504 ----a-w- C:\WINDOWS\SysWow64\ff_vfw.dll
2014-11-17 09:04:46 -------- d-----w- C:\Program Files (x86)\SupTab
2014-11-17 09:04:32 -------- d-----w- C:\ProgramData\WindowsMangerProtect
2014-11-17 09:04:25 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2014-11-17 09:04:10 -------- d-----w- C:\Users\Armend M\AppData\Roaming\omiga-plus
2014-11-17 09:02:38 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2014-11-17 09:01:19 -------- d-----w- C:\Users\Armend M\AppData\Local\Microsoft Help
2014-11-17 08:59:57 -------- d-----w- C:\Program Files (x86)\Conduit
2014-11-17 08:59:37 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2014-11-17 08:59:31 -------- d-----w- C:\Program Files (x86)\BS_Player
2014-11-17 08:58:31 -------- d-----w- C:\Users\Armend M\AppData\Roaming\BSplayer Pro
2014-11-17 08:58:31 -------- d-----w- C:\Users\Armend M\AppData\Roaming\BSplayer
2014-11-17 08:58:29 -------- d-----w- C:\Program Files (x86)\Webteh
2014-11-17 08:58:28 -------- d-----w- C:\Users\Armend M\AppData\Local\CrashDumps
2014-11-17 08:53:23 -------- d-----w- C:\Users\Armend M\AppData\Local\HP
2014-11-17 08:50:39 -------- d-----w- C:\Users\Armend M\AppData\Local\Comodo
2014-11-17 08:49:08 -------- d-----w- C:\Program Files\VideoLAN
2014-11-17 08:46:32 269992 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
2014-11-17 08:46:29 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2014-11-17 08:46:28 -------- d-----w- C:\Users\Armend M\AppData\Local\Programs
.
==================== Find3M  ====================
.
.
============= FINISH: 12:01:20.01 ===============

Attached Files


Edited by hamluis, 18 November 2014 - 09:09 AM.


#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:02 PM

Posted 18 November 2014 - 07:29 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:02 PM

Posted 04 December 2014 - 07:44 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users