Jump to content

I1916

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. The file got removed and I did another scan with both Malwarebytes and ESET and both came up clean. Thanks for all the help!
  2. While I was waiting for your reply I did a scan with MBAR which didn't find anything. ESET found one infected file. I have attached the file to this post. So what's next? ESET Scan.txt
  3. Before removing the trojan with Malwarebytes the computer did slow down to a crawl every now and then. Since yesterday there haven't been any problems yet. Hitman Pro Alert says the browser is free of issues and Hitman Pro 3 only found a few traces of adware I removed about a month ago. The Malwarebytes flash scan came up clean and I'll do a full scan later. So the Trojan is properly removed?
  4. Here you go: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2014 Ran by Astrid (administrator) on ASTRID-PC on 15-01-2014 11:39:55 Running from C:\Users\Astrid\Downloads Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Dutch Standard Internet Explorer Version 11 Boot Mode: Normal The only official downoad link fo FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe () C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe () C:\Program Files\Canon\IJPLM\ijplmsvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\N360.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Samsung) C:\Program Files\Samsung\Kies\Kies.exe (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\N360.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-17] (CANON INC.) HKLM\...\Run: [blackBerryAutoUpdate] - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [648536 2010-10-27] (Research In Motion Limited) HKLM\...\Run: [] - [x] HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [236016 2009-07-08] (Sonic Solutions) HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited) HKLM\...\Run: [Adobe Photo Downloader] - C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [57344 2005-09-16] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.) HKCU\...\Run: [iSUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation) HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.) HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung) HKCU\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-05-29] (Samsung) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE0D410762D74CB01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {FE99A758-BA97-47F9-846B-DBFFBCC1C4D7} URL = http://downloads.phpnuke.org/nl/index.php?rvs=google SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=NL&ver=20&locale=nl_NL&gct=kwd&qsrc=2869 SearchScopes: HKCU - {FE99A758-BA97-47F9-846B-DBFFBCC1C4D7} URL = http://downloads.phpnuke.org/nl/index.php?rvs=google BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation) BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Astrid\AppData\Roaming\Mozilla\Firefox\Profiles\bgv51i0w.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @rim.com/npappworld - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll () FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Astrid\AppData\Roaming\Mozilla\Firefox\Profiles\bgv51i0w.default\searchplugins\safesearch.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\bolcom-nl.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\marktplaats-nl.xml FF Extension: Ghostery - C:\Users\Astrid\AppData\Roaming\Mozilla\Firefox\Profiles\bgv51i0w.default\Extensions\firefox@ghostery.com.xpi [2013-08-17] FF Extension: NoScript - C:\Users\Astrid\AppData\Roaming\Mozilla\Firefox\Profiles\bgv51i0w.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-02-13] FF Extension: Adblock Plus - C:\Users\Astrid\AppData\Roaming\Mozilla\Firefox\Profiles\bgv51i0w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-01] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-26] FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [] FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-19] ========================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor4.0; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-10-03] () R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [1830768 2014-01-14] (SurfRight B.V.) R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] () R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== R1 BHDrvx86; C:\Program Files\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20140110.001\BHDrvx86.sys [1098968 2014-01-10] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360\1501000.012\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-12] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-12] (Symantec Corporation) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-04-18] () R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [14376 2014-01-14] () R1 IDSVix86; C:\Program Files\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20140114.001\IDSvix86.sys [394456 2014-01-13] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20140114.023\NAVENG.SYS [93272 2014-01-14] (Symantec Corporation) R3 NAVEX15; C:\Program Files\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20140114.023\NAVEX15.SYS [1612376 2014-01-14] (Symantec Corporation) R1 SRTSP; C:\Windows\System32\Drivers\N360\1501000.012\SRTSP.SYS [651352 2013-09-27] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360\1501000.012\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360\1501000.012\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360\1501000.012\SYMEFA.SYS [935512 2013-09-27] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-11-14] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360\1501000.012\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360\1501000.012\SYMNETS.SYS [446552 2013-09-26] (Symantec Corporation) S3 dgderdrv; System32\drivers\dgderdrv.sys [x] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-15 11:39 - 2014-01-15 11:40 - 00013619 _____ C:\Users\Astrid\Downloads\FRST.txt 2014-01-15 11:39 - 2014-01-15 11:39 - 00000000 ____D C:\FRST 2014-01-15 11:38 - 2014-01-15 11:38 - 01220608 _____ (Farbar) C:\Users\Astrid\Downloads\FRST.exe 2014-01-14 19:09 - 2014-01-14 19:09 - 00065232 _____ (Malwarebytes) C:\Users\Astrid\Downloads\regassassin-setup-1.03.exe 2014-01-14 19:08 - 2014-01-14 19:08 - 00564312 _____ (SurfRight) C:\Windows\system32\hmpalert.dll 2014-01-14 19:08 - 2014-01-14 19:08 - 00014376 _____ C:\Windows\system32\Drivers\hmpalert.sys 2014-01-14 19:08 - 2014-01-14 19:08 - 00000000 ____D C:\Program Files\HitmanPro.Alert 2014-01-14 19:07 - 2014-01-14 19:07 - 01830768 _____ (SurfRight B.V.) C:\Users\Astrid\Downloads\hmpalert.exe 2014-01-14 19:07 - 2014-01-14 19:07 - 00003260 _____ C:\Users\Astrid\Documents\HitmanPro_20140114_1907.log 2014-01-14 18:55 - 2014-01-14 18:55 - 09452704 _____ (SurfRight B.V.) C:\Users\Astrid\Downloads\HitmanPro(2).exe 2014-01-14 13:11 - 2014-01-14 13:11 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-01-14 13:11 - 2014-01-14 13:11 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2014-01-14 13:11 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-01-14 13:10 - 2014-01-14 13:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Astrid\Downloads\mbam-setup-1.75.0.1300(1).exe 2013-12-26 15:05 - 2013-12-26 15:05 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-01-15 11:40 - 2014-01-15 11:39 - 00013619 _____ C:\Users\Astrid\Downloads\FRST.txt 2014-01-15 11:39 - 2014-01-15 11:39 - 00000000 ____D C:\FRST 2014-01-15 11:39 - 2010-10-25 14:12 - 00000000 ____D C:\Users\Astrid\AppData\Roaming\Skype 2014-01-15 11:38 - 2014-01-15 11:38 - 01220608 _____ (Farbar) C:\Users\Astrid\Downloads\FRST.exe 2014-01-15 11:31 - 2012-06-09 21:01 - 00000940 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-15 11:02 - 2009-07-14 05:34 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-15 11:02 - 2009-07-14 05:34 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-15 10:59 - 2010-10-20 12:35 - 01767543 _____ C:\Windows\WindowsUpdate.log 2014-01-15 10:54 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-15 10:53 - 2009-07-14 05:39 - 00072518 _____ C:\Windows\setupact.log 2014-01-14 21:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache 2014-01-14 19:09 - 2014-01-14 19:09 - 00065232 _____ (Malwarebytes) C:\Users\Astrid\Downloads\regassassin-setup-1.03.exe 2014-01-14 19:08 - 2014-01-14 19:08 - 00564312 _____ (SurfRight) C:\Windows\system32\hmpalert.dll 2014-01-14 19:08 - 2014-01-14 19:08 - 00014376 _____ C:\Windows\system32\Drivers\hmpalert.sys 2014-01-14 19:08 - 2014-01-14 19:08 - 00000000 ____D C:\Program Files\HitmanPro.Alert 2014-01-14 19:07 - 2014-01-14 19:07 - 01830768 _____ (SurfRight B.V.) C:\Users\Astrid\Downloads\hmpalert.exe 2014-01-14 19:07 - 2014-01-14 19:07 - 00003260 _____ C:\Users\Astrid\Documents\HitmanPro_20140114_1907.log 2014-01-14 18:55 - 2014-01-14 18:55 - 09452704 _____ (SurfRight B.V.) C:\Users\Astrid\Downloads\HitmanPro(2).exe 2014-01-14 18:27 - 2010-10-25 11:00 - 00534108 _____ C:\Windows\PFRO.log 2014-01-14 13:11 - 2014-01-14 13:11 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-01-14 13:11 - 2014-01-14 13:11 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2014-01-14 13:10 - 2014-01-14 13:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Astrid\Downloads\mbam-setup-1.75.0.1300(1).exe 2014-01-14 12:58 - 2011-01-19 15:33 - 00000000 ____D C:\ProgramData\CanonIJPLM 2014-01-14 12:53 - 2011-01-19 15:58 - 00000000 ____D C:\ProgramData\CanonIJ 2014-01-14 12:11 - 2010-10-20 12:55 - 01549498 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-14 12:11 - 2009-07-14 09:27 - 00701798 _____ C:\Windows\system32\perfh013.dat 2014-01-14 12:11 - 2009-07-14 09:27 - 00133798 _____ C:\Windows\system32\perfc013.dat 2014-01-14 12:06 - 2012-05-28 15:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-12-26 15:15 - 2013-11-14 12:48 - 00000000 ____D C:\Users\Astrid\Documents\HLZ reunie 2013-12-26 15:05 - 2013-12-26 15:05 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-14 21:13 ==================== End Of Log ============================ Addition.txt
  5. I did another flash scan today, which came up clean and doing another full scan now, will post back when I have the results. It appears Malwarebytes got everything, but can you help me make sure of this?
  6. I scanned a laptop with malwarebytes today and during the RAM scan it detected the following (copied and pasted from the log file): HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: c:\users\astrid\dxuvyikgu.exe -> Succesvol in quarantaine geplaatst en verwijderd. A full system scan gave 3 more errors: HKCR\AppID\{A2773ED4-83BD-488A-A186-73590706C916} (PUP.Optional.MixiDJToolbar.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Acer\Empowering Technology\eLock\Service\eLock.Serv.Service.exe (Trojan.Downloader.FR) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Astrid\Downloads\SoftonicDownloader_voor_samsung-kies(1).exe (PUP.Optional.Softonic) -> Succesvol in quarantaine geplaatst en verwijderd. I let Malwarebytes remove everything and did a scan using Hitman Pro as well, which found a few traces of Babylon and Claro software (traces, not actual infections), but I was unable to remove these, since I have already used the trial license on this machine (but I might get a key if necessary). It seems everything dangerous is removed, but I want to be sure. Could you help me? mbam-log-2014-01-14 (13-14-03).txt mbam-log-2014-01-14 (13-22-45).txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.