Jump to content

I1916

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

 Content Type 

Posts posted by I1916

    Need help removing Trojan

    in Resolved Malware Removal Logs

    Posted

    Before removing the trojan with Malwarebytes the computer did slow down to a crawl every now and then. Since yesterday there haven't been any problems yet. Hitman Pro Alert says the browser is free of issues and Hitman Pro 3 only found a few traces of adware I removed about a month ago. The Malwarebytes flash scan came up clean and I'll do a full scan later. So the Trojan is properly removed?

    Need help removing Trojan

    in Resolved Malware Removal Logs

    Posted

    Here you go:

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2014
    Ran by Astrid (administrator) on ASTRID-PC on 15-01-2014 11:39:55
    Running from C:\Users\Astrid\Downloads
    Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Dutch Standard
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official downoad link fo FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) ===================

    (SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
    () C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    (Teruten) C:\Windows\System32\FsUsbExService.Exe
    () C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    (Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\N360.exe
    (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    (Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    (Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    (Samsung) C:\Program Files\Samsung\Kies\Kies.exe
    (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    (Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\N360.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
    HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-17] (CANON INC.)
    HKLM\...\Run: [blackBerryAutoUpdate] - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [648536 2010-10-27] (Research In Motion Limited)
    HKLM\...\Run: [] - [x]
    HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [236016 2009-07-08] (Sonic Solutions)
    HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
    HKLM\...\Run: [Adobe Photo Downloader] - C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [57344 2005-09-16] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
    HKCU\...\Run: [iSUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
    HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
    HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
    HKCU\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
    HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-05-29] (Samsung)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE0D410762D74CB01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKLM - {FE99A758-BA97-47F9-846B-DBFFBCC1C4D7} URL = http://downloads.phpnuke.org/nl/index.php?rvs=google
    SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=NL&ver=20&locale=nl_NL&gct=kwd&qsrc=2869
    SearchScopes: HKCU - {FE99A758-BA97-47F9-846B-DBFFBCC1C4D7} URL = http://downloads.phpnuke.org/nl/index.php?rvs=google
    BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
    BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Astrid\AppData\Roaming\Mozilla\Firefox\Profiles\bgv51i0w.default
    FF Homepage: about:home
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @rim.com/npappworld - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
    FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\Astrid\AppData\Roaming\Mozilla\Firefox\Profiles\bgv51i0w.default\searchplugins\safesearch.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\bolcom-nl.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\marktplaats-nl.xml
    FF Extension: Ghostery - C:\Users\Astrid\AppData\Roaming\Mozilla\Firefox\Profiles\bgv51i0w.default\Extensions\firefox@ghostery.com.xpi [2013-08-17]
    FF Extension: NoScript - C:\Users\Astrid\AppData\Roaming\Mozilla\Firefox\Profiles\bgv51i0w.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-02-13]
    FF Extension: Adblock Plus - C:\Users\Astrid\AppData\Roaming\Mozilla\Firefox\Profiles\bgv51i0w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-01]
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-26]
    FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
    FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
    FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-19]

    ========================== Services (Whitelisted) =================

    R2 AdobeActiveFileMonitor4.0; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-10-03] ()
    R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [1830768 2014-01-14] (SurfRight B.V.)
    R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
    R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)

    ==================== Drivers (Whitelisted) ====================

    R1 BHDrvx86; C:\Program Files\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20140110.001\BHDrvx86.sys [1098968 2014-01-10] (Symantec Corporation)
    R1 ccSet_N360; C:\Windows\system32\drivers\N360\1501000.012\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-12] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-12] (Symantec Corporation)
    R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-04-18] ()
    R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [14376 2014-01-14] ()
    R1 IDSVix86; C:\Program Files\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20140114.001\IDSvix86.sys [394456 2014-01-13] (Symantec Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
    R3 NAVENG; C:\Program Files\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20140114.023\NAVENG.SYS [93272 2014-01-14] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20140114.023\NAVEX15.SYS [1612376 2014-01-14] (Symantec Corporation)
    R1 SRTSP; C:\Windows\System32\Drivers\N360\1501000.012\SRTSP.SYS [651352 2013-09-27] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360\1501000.012\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\N360\1501000.012\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\N360\1501000.012\SYMEFA.SYS [935512 2013-09-27] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-11-14] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360\1501000.012\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\N360\1501000.012\SYMNETS.SYS [446552 2013-09-26] (Symantec Corporation)
    S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
    S3 VGPU; System32\drivers\rdvgkmd.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-01-15 11:39 - 2014-01-15 11:40 - 00013619 _____ C:\Users\Astrid\Downloads\FRST.txt
    2014-01-15 11:39 - 2014-01-15 11:39 - 00000000 ____D C:\FRST
    2014-01-15 11:38 - 2014-01-15 11:38 - 01220608 _____ (Farbar) C:\Users\Astrid\Downloads\FRST.exe
    2014-01-14 19:09 - 2014-01-14 19:09 - 00065232 _____ (Malwarebytes) C:\Users\Astrid\Downloads\regassassin-setup-1.03.exe
    2014-01-14 19:08 - 2014-01-14 19:08 - 00564312 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
    2014-01-14 19:08 - 2014-01-14 19:08 - 00014376 _____ C:\Windows\system32\Drivers\hmpalert.sys
    2014-01-14 19:08 - 2014-01-14 19:08 - 00000000 ____D C:\Program Files\HitmanPro.Alert
    2014-01-14 19:07 - 2014-01-14 19:07 - 01830768 _____ (SurfRight B.V.) C:\Users\Astrid\Downloads\hmpalert.exe
    2014-01-14 19:07 - 2014-01-14 19:07 - 00003260 _____ C:\Users\Astrid\Documents\HitmanPro_20140114_1907.log
    2014-01-14 18:55 - 2014-01-14 18:55 - 09452704 _____ (SurfRight B.V.) C:\Users\Astrid\Downloads\HitmanPro(2).exe
    2014-01-14 13:11 - 2014-01-14 13:11 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-01-14 13:11 - 2014-01-14 13:11 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2014-01-14 13:11 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-01-14 13:10 - 2014-01-14 13:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Astrid\Downloads\mbam-setup-1.75.0.1300(1).exe
    2013-12-26 15:05 - 2013-12-26 15:05 - 00000000 ____D C:\Program Files\Mozilla Firefox

    ==================== One Month Modified Files and Folders =======

    2014-01-15 11:40 - 2014-01-15 11:39 - 00013619 _____ C:\Users\Astrid\Downloads\FRST.txt
    2014-01-15 11:39 - 2014-01-15 11:39 - 00000000 ____D C:\FRST
    2014-01-15 11:39 - 2010-10-25 14:12 - 00000000 ____D C:\Users\Astrid\AppData\Roaming\Skype
    2014-01-15 11:38 - 2014-01-15 11:38 - 01220608 _____ (Farbar) C:\Users\Astrid\Downloads\FRST.exe
    2014-01-15 11:31 - 2012-06-09 21:01 - 00000940 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-01-15 11:02 - 2009-07-14 05:34 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-15 11:02 - 2009-07-14 05:34 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-15 10:59 - 2010-10-20 12:35 - 01767543 _____ C:\Windows\WindowsUpdate.log
    2014-01-15 10:54 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2014-01-15 10:53 - 2009-07-14 05:39 - 00072518 _____ C:\Windows\setupact.log
    2014-01-14 21:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
    2014-01-14 19:09 - 2014-01-14 19:09 - 00065232 _____ (Malwarebytes) C:\Users\Astrid\Downloads\regassassin-setup-1.03.exe
    2014-01-14 19:08 - 2014-01-14 19:08 - 00564312 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
    2014-01-14 19:08 - 2014-01-14 19:08 - 00014376 _____ C:\Windows\system32\Drivers\hmpalert.sys
    2014-01-14 19:08 - 2014-01-14 19:08 - 00000000 ____D C:\Program Files\HitmanPro.Alert
    2014-01-14 19:07 - 2014-01-14 19:07 - 01830768 _____ (SurfRight B.V.) C:\Users\Astrid\Downloads\hmpalert.exe
    2014-01-14 19:07 - 2014-01-14 19:07 - 00003260 _____ C:\Users\Astrid\Documents\HitmanPro_20140114_1907.log
    2014-01-14 18:55 - 2014-01-14 18:55 - 09452704 _____ (SurfRight B.V.) C:\Users\Astrid\Downloads\HitmanPro(2).exe
    2014-01-14 18:27 - 2010-10-25 11:00 - 00534108 _____ C:\Windows\PFRO.log
    2014-01-14 13:11 - 2014-01-14 13:11 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-01-14 13:11 - 2014-01-14 13:11 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2014-01-14 13:10 - 2014-01-14 13:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Astrid\Downloads\mbam-setup-1.75.0.1300(1).exe
    2014-01-14 12:58 - 2011-01-19 15:33 - 00000000 ____D C:\ProgramData\CanonIJPLM
    2014-01-14 12:53 - 2011-01-19 15:58 - 00000000 ____D C:\ProgramData\CanonIJ
    2014-01-14 12:11 - 2010-10-20 12:55 - 01549498 _____ C:\Windows\system32\PerfStringBackup.INI
    2014-01-14 12:11 - 2009-07-14 09:27 - 00701798 _____ C:\Windows\system32\perfh013.dat
    2014-01-14 12:11 - 2009-07-14 09:27 - 00133798 _____ C:\Windows\system32\perfc013.dat
    2014-01-14 12:06 - 2012-05-28 15:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2013-12-26 15:15 - 2013-11-14 12:48 - 00000000 ____D C:\Users\Astrid\Documents\HLZ reunie
    2013-12-26 15:05 - 2013-12-26 15:05 - 00000000 ____D C:\Program Files\Mozilla Firefox

    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-01-14 21:13

    ==================== End Of Log ============================

    Addition.txt

    Need help removing Trojan

    in Resolved Malware Removal Logs

    Posted

    I scanned a laptop with malwarebytes today and during the RAM scan it detected the following (copied and pasted from the log file):

     

    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: c:\users\astrid\dxuvyikgu.exe -> Succesvol in quarantaine geplaatst en verwijderd.

     

    A full system scan gave 3 more errors:

     

    HKCR\AppID\{A2773ED4-83BD-488A-A186-73590706C916} (PUP.Optional.MixiDJToolbar.A) -> Succesvol in quarantaine geplaatst en verwijderd.

     

    C:\Acer\Empowering Technology\eLock\Service\eLock.Serv.Service.exe (Trojan.Downloader.FR) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\Astrid\Downloads\SoftonicDownloader_voor_samsung-kies(1).exe (PUP.Optional.Softonic) -> Succesvol in quarantaine geplaatst en verwijderd.

     

     

     

    I let Malwarebytes remove everything and did a scan using Hitman Pro as well, which found a few traces of Babylon and Claro software (traces, not actual infections), but I was unable to remove these, since I have already used the trial license on this machine (but I might get a key if necessary). It seems everything dangerous is removed, but I want to be sure. Could you help me?

    mbam-log-2014-01-14 (13-14-03).txt

    mbam-log-2014-01-14 (13-22-45).txt

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.