Author Topic: Is my pc infected?? (Read 3233 times)

REDACTED · « **on:** September 27, 2014, 03:07:18 PM »

Can anyone have a look onto my frst log??

mikaelrask · « **Reply #1 on:** September 28, 2014, 10:07:48 AM »

hey what problem do you have with your computer?

REDACTED · « **Reply #2 on:** September 28, 2014, 10:16:12 AM »

Last night i do a scan with mbam, and i watch the file after 55 min hes scanning the same file.
CCE same thing 62 % after 7 hours of scanning.
(PM i disabled avast when scanning.

Asyn · « **Reply #3 on:** September 28, 2014, 10:35:47 AM »

Quote from: AVAST IS BEST!!! on September 28, 2014, 10:16:12 AM

Last night i do a scan with mbam, and i watch the file after 55 min hes scanning the same file.
CCE same thing 62 % after 7 hours of scanning.

Rather a question for the MBAM forum.

Did you scan the file with avast! yet..?

REDACTED · « **Reply #4 on:** September 28, 2014, 10:56:22 AM »

C:\Windows\Web\Wallpaper are the destination folder i cannot update it to virustotal

Asyn · « **Reply #5 on:** September 28, 2014, 11:10:44 AM »

Quote from: AVAST IS BEST!!! on September 28, 2014, 10:56:22 AM

C:\Windows\Web\Wallpaper are the destination folder i cannot update it to virustotal

Nobody said you should. So, did you scan the folder with avast!..?

REDACTED · « **Reply #6 on:** September 28, 2014, 01:20:37 PM »

yes avast found nothing

Eddy · « **Reply #7 on:** September 28, 2014, 01:38:42 PM »

As far as I can tell, these things need to be fixed:

Code: [Select]

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1927858775-3060844964-1957150837-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1927858775-3060844964-1957150837-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-1927858775-3060844964-1957150837-1000\...\MountPoints2: {7d103cd1-0135-11e4-92aa-e0cb4e03e5ca} - J:\INSTALL_ADB_RNDIS.exe
HKU\S-1-5-21-1927858775-3060844964-1957150837-1000\...\MountPoints2: {cc9bd510-3c7c-11e2-9152-e0cb4e03e5ca} - J:\LaunchU3.exe -a
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
ShellExecuteHooks-x32:  - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
EmptyTemp: 
CMD: bitsadmin /reset /allusers

REDACTED · « **Reply #8 on:** September 28, 2014, 02:33:10 PM »

Thanks eddy heres the fixlog
Another thing when he deleted the temporany files there are some avast folder like _avast_
he deleted too there folder

Eddy · « **Reply #9 on:** September 28, 2014, 02:35:41 PM »

Don't worry about the _avast_ folder.
Those are temporary folders/files.
avast will create them again when needed.

How is the system behaving now ?

REDACTED · « **Reply #10 on:** September 28, 2014, 02:39:12 PM »

much faster,
i haved a lot of temp file, 20.000+
thanks for helping me.
good day.

Author Topic: Is my pc infected?? (Read 3233 times)

REDACTED

Is my pc infected??

mikaelrask

Re: Is my pc infected??

REDACTED

Re: Is my pc infected??

Asyn

Re: Is my pc infected??

REDACTED

Re: Is my pc infected??

Asyn

Re: Is my pc infected??

REDACTED

Re: Is my pc infected??

Eddy

Re: Is my pc infected??

REDACTED

Re: Is my pc infected??

Eddy

Re: Is my pc infected??

REDACTED

Re: Is my pc infected??