Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspect my pc is hacked


  • This topic is locked This topic is locked
4 replies to this topic

#1 Marielz

Marielz

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 15 October 2017 - 05:25 PM

Here is the logs that was asked of me in the previous thread I made.


Also suspiciously so... FRST produced 2 more logs.

It is like that because I know FRST produces 2 not 4...

Mod Edit:  Merged posts - Hamluis.

Attached Files


Edited by hamluis, 15 October 2017 - 07:21 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 AM

Posted 16 October 2017 - 07:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [997568 2014-06-29] (@ByELDI) [File not signed]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]
Task: {91A55349-813D-4579-AFC7-E3DB07BC8602} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-06-29] (@ByELDI)
FirewallRules: [{C000EAEB-583C-40A3-B43A-54EC76720E96}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{0F1A56CF-BF4C-4893-A335-99669EA9FF50}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{E918A396-C5D2-4201-8C01-343765FDBDC6}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{0F918226-66A1-477F-A796-2AE23C1809C3}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{4D45B6F2-1325-4208-924F-68CB2DBCDF67}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{F3300980-FA41-49C1-8CEB-0E8EDA4246A9}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{F7532B02-B4A3-400E-BDA4-2B7FB968AEAD}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{35C437ED-0A2D-4CCD-B8D5-E48942B46894}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{48CA8B20-C63F-4203-B867-68DA0131F567}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{B36C3747-B14C-418F-966B-E4482137B6F2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
C:\Windows\System32\Tasks\AutoPico Daily Restart
C:\Program Files\KMSpico
C:\Program Files\KMSpico

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and let me know what problem persists with this computer.

#3 Marielz

Marielz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 16 October 2017 - 07:23 PM

Also, I've just heard a typing sound thru my pc a while ago after the black out.
Electricity came back so when I turned it on, I heard it.

It scared me and I will do as you say sir.


Edited by Marielz, 17 October 2017 - 01:30 AM.


#4 Marielz

Marielz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 16 October 2017 - 11:35 PM

The fixlog 



Also sir may i ask if i should attached the 2nd set of logs from FRST that i mentioned in my OT?

The one I sent are has 6.13.59 and the second sets are 6.14.46

Attached Files


Edited by Marielz, 16 October 2017 - 11:39 PM.


#5 Marielz

Marielz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 16 October 2017 - 11:38 PM

Pls delete this post thank you


Edited by Marielz, 16 October 2017 - 11:39 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users