This is my report and I need help since my PC is infected 2016-04-02T06:39:56+00:00

Home Forums Virus, Trojan, Spyware, and Malware Removal Logs This is my report and I need help since my PC is infected

  • Author
    Posts
  • krishken801
    Participant
    Post count: 1
    #1661 |

    ############################## | UsbFix V 8.211 | [Clean]

    User: KENKRISH801 (Administrator) # KENKRISH801-PC
    Updated 01/04/2016 by SOSVirus
    Started at 14:33:33 | 02/04/2016

    Website : https://www.usb-antivirus.com/
    Tutorial : https://www.usb-antivirus.com/tutorial/
    Support : http://www.sosvirus.org/
    Live detection : http://www.sosmalware.com/usbfix/
    Contact : https://www.usb-antivirus.com/contact/

    ################## | System information |

    MB: ASUSTeK Computer Inc. (K43SD)
    CPU: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
    RAM -> [Total : 1952 Mo | Free : 293 Mo]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft™ Windows 10 Home (6.3.10240 64-Bit)
    WB: Internet Explorer : 11.00.10240.16384
    WB: Microsoft Edge : 11.00.10240.16603 (th1_st1.151124-1750)
    WB: Google Chrome : 48.0.2564.103

    ################## | Security Information |

    AV: Avira Antivirus [Enabled |Updated]
    AV: Windows Defender [(!) Disabled |Updated]
    AS: Avira Antivirus [Enabled |Updated]
    AS: Windows Defender [(!) Disabled |Updated]
    FW: Windows Firewall [Enabled]
    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Fixed disk # 300 Gb (224 Gb free – 75%) [OS] # NTFS
    D: -> Fixed disk # 374 Gb (363 Gb free – 97%) [DATA] # NTFS
    E: -> CD-ROM # 1 Gb (0 Mb free – 0%) [Unknown] # UDF

    ################## | Generic Research |

    (!) Temporary files deleted. (2.07054901123047 MB)

    ################## | Startup |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Userinit] C:WINDOWSSystem32Userinit.exe,
    04 – HKCU..Run : [KiesPreload] C:Program Files (x86)SamsungKiesKies.exe /preload
    04 – HKCU..Run : [KiesAirMessage] C:Program Files (x86)SamsungKiesKiesAirMessage.exe -startup
    04 – HKCU..Run : [OneDrive] “C:UsersKENKRISH801AppDataLocalMicrosoftOneDriveOneDrive.exe” /background
    04 – HKCU..RunOnce : [Uninstall C:UsersKENKRISH801AppDataLocalMicrosoftOneDrive17.3.5892.0626amd64] C:WINDOWSsystem32cmd.exe /q /c rmdir /s /q “C:UsersKENKRISH801AppDataLocalMicrosoftOneDrive17.3.5892.0626amd64”
    04 – HKCU..RunOnce : [Uninstall C:UsersKENKRISH801AppDataLocalMicrosoftOneDrive17.3.6201.1019amd64] C:WINDOWSsystem32cmd.exe /q /c rmdir /s /q “C:UsersKENKRISH801AppDataLocalMicrosoftOneDrive17.3.6201.1019amd64”
    04 – HKCU..RunOnce : [Uninstall C:UsersKENKRISH801AppDataLocalMicrosoftOneDrive17.3.6281.1202amd64] C:WINDOWSsystem32cmd.exe /q /c rmdir /s /q “C:UsersKENKRISH801AppDataLocalMicrosoftOneDrive17.3.6281.1202amd64”
    04 – HKCU..RunOnce : [Uninstall C:UsersKENKRISH801AppDataLocalMicrosoftOneDrive17.3.6301.0127amd64] C:WINDOWSsystem32cmd.exe /q /c rmdir /s /q “C:UsersKENKRISH801AppDataLocalMicrosoftOneDrive17.3.6301.0127amd64”
    04 – HKLM..Run : [ASUSPRP] “C:Program Files (x86)ASUSAPRPAPRP.EXE”
    04 – HKLM..Run : [ASUSWebStorage] C:Program Files (x86)ASUSASUS WebStorage3.0.108.222AsusWSPanel.exe /S
    04 – HKLM..Run : [ATKOSD2] C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
    04 – HKLM..Run : [ATKMEDIA] C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
    04 – HKLM..Run : [HControlUser] C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
    04 – HKLM..Run : [Wireless Console 3] C:Program Files (x86)ASUSWireless Console 3wcourier.exe
    04 – HKLM..Run : [hpqSRMon] C:Program Files (x86)HPDigital ImagingbinhpqSRMon.exe
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLM..Run : [SonicMasterTray] C:Program Files (x86)ASUSASUS Sonic FocusSonicFocusTray.exe
    04 – HKLM..Run : [RIMBBLaunchAgent.exe] C:Program Files (x86)Common FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe
    04 – HKLM..Run : [RemoteControl10] “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
    04 – HKLM..Run : [KiesTrayAgent] C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
    04 – HKLM..Run : [HP Software Update] C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
    04 – HKLM..Run : [avgnt] “C:Program Files (x86)AviraAntivirusavgnt.exe” /min
    04 – HKLM..Run : [MalwareProtectionLive] C:UsersKENKRISH801AppDataLocalMalwareProtectionLiveMalwareProtectionClient.exe
    04 – HKLM..Run : [Avira System Speedup User Starter] C:Program Files (x86)AviraAviraSpeedupAvira.SystemSpeedup.Core.Common.Starter.exe
    04 – HKLM..Run : [Avira SystrayStartTrigger] C:Program Files (x86)AviraLauncherAvira.SystrayStartTrigger.exe
    04 – [x64] HKLM..Run : [IgfxTray] “C:WINDOWSsystem32igfxtray.exe”
    04 – [x64] HKLM..Run : [HotKeysCmds] “C:WINDOWSsystem32hkcmd.exe”
    04 – [x64] HKLM..Run : [Persistence] “C:WINDOWSsystem32igfxpers.exe”
    04 – [x64] HKLM..Run : [SynTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe
    04 – [x64] HKLM..Run : [AmIcoSinglun64] C:Program Files (x86)AmIcoSingLunAmIcoSinglun64.exe
    04 – [x64] HKLM..Run : [RtHDVBg] C:Program FilesRealtekAudioHDARAVBg64.exe /SF3
    04 – [x64] HKLM..Run : [SynAsusAcpi] %ProgramFiles%SynapticsSynTPSynAsusAcpi.exe
    04 – [x64] HKLM..Run : [AtherosBtStack] “C:Program Files (x86)Bluetooth SuiteBtvStack.exe”
    04 – [x64] HKLM..Run : [AthBtTray] “C:Program Files (x86)Bluetooth SuiteAthBtTray.exe”
    04 – [x64] HKLM..Run : [iTunesHelper] “C:Program FilesiTunesiTunesHelper.exe”
    04 – HKUS-1-5-19..Run : [OneDriveSetup] C:WindowsSysWOW64OneDriveSetup.exe /thfirstsetup
    04 – HKUS-1-5-20..Run : [OneDriveSetup] C:WindowsSysWOW64OneDriveSetup.exe /thfirstsetup
    04 – HKUS-1-5-21-3090085254-911498367-3922075278-1001..Run : [KiesPreload] C:Program Files (x86)SamsungKiesKies.exe /preload
    04 – HKUS-1-5-21-3090085254-911498367-3922075278-1001..Run : [KiesAirMessage] C:Program Files (x86)SamsungKiesKiesAirMessage.exe -startup
    04 – HKUS-1-5-21-3090085254-911498367-3922075278-1001..Run : [OneDrive] “C:UsersKENKRISH801AppDataLocalMicrosoftOneDriveOneDrive.exe” /background
    04 – HKUS-1-5-21-3090085254-911498367-3922075278-1001..RunOnce : [Uninstall C:UsersKENKRISH801AppDataLocalMicrosoftOneDrive17.3.5892.0626amd64] C:WINDOWSsystem32cmd.exe /q /c rmdir /s /q “C:UsersKENKRISH801AppDataLocalMicrosoftOneDrive17.3.5892.0626amd64”
    04 – HKUS-1-5-21-3090085254-911498367-3922075278-1001..RunOnce : [Uninstall C:UsersKENKRISH801AppDataLocalMicrosoftOneDrive17.3.6201.1019amd64] C:WINDOWSsystem32cmd.exe /q /c rmdir /s /q “C:UsersKENKRISH801AppDataLocalMicrosoftOneDrive17.3.6201.1019amd64”
    04 – HKUS-1-5-21-3090085254-911498367-3922075278-1001..RunOnce : [Uninstall C:UsersKENKRISH801AppDataLocalMicrosoftOneDrive17.3.6281.1202amd64] C:WINDOWSsystem32cmd.exe /q /c rmdir /s /q “C:UsersKENKRISH801AppDataLocalMicrosoftOneDrive17.3.6281.1202amd64”
    04 – HKUS-1-5-21-3090085254-911498367-3922075278-1001..RunOnce : [Uninstall C:UsersKENKRISH801AppDataLocalMicrosoftOneDrive17.3.6301.0127amd64] C:WINDOWSsystem32cmd.exe /q /c rmdir /s /q “C:UsersKENKRISH801AppDataLocalMicrosoftOneDrive17.3.6301.0127amd64”
    04GS – AsusVibeLauncher.lnk : C:Program Files (x86)ASUSAsusVibeAsusVibeLauncher.exe
    04GS – HP Digital Imaging Monitor.lnk : C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe

    ################## | UsbFix – Information |

    Info : How to remove shortcut virus on flash disk (Video)
    Info : Shortcut virus on flash disk, What is it ?
    Live detection : http://www.sosmalware.com/usbfix/

    ################## | C: %SystemDrive% – Fixed drive (NTFS) |

    [02/04/2016 – 13:07:47 | ASH | 1499176 Ko] – C:hiberfil.sys
    [02/04/2016 – 13:07:56 | ASH | 262144 Ko] – C:swapfile.sys
    [02/04/2016 – 14:26:03 | ASH | 3210564 Ko] – C:pagefile.sys
    [21/03/2016 – 14:54:23 | D] – C:Config.Msi
    [30/01/2012 – 10:16:44 | N | 2560 Ko] – C:K53SD.BIN
    [30/01/2012 – 10:17:03 | N | 2560 Ko] – C:K43SD.BIN
    [25/11/2015 – 15:53:37 | SHD] – C:$Recycle.Bin
    [25/11/2015 – 14:51:08 | RASH | 8 Ko] – C:BOOTSECT.BAK
    [13/07/2015 – 13:33:25 | SHD] – C:found.000
    [31/12/2015 – 08:14:59 | D] – C:$WINDOWS.~BT
    [10/03/2012 – 03:51:05 | D] – C:AsusVibeData
    [22/05/2012 – 22:11:45 | D] – C:Intel
    [22/05/2012 – 22:31:28 | D] – C:eSupport
    [27/08/2012 – 21:26:26 | RHD] – C:MSOCache
    [26/10/2013 – 16:02:21 | D] – C:GarenaDownload
    [13/04/2014 – 12:34:22 | D] – C:history
    [28/03/2015 – 05:33:13 | N | 0 Ko] – C:BOOTNXT
    [10/07/2015 – 18:30:57 | RASH | 386 Ko] – C:bootmgr
    [31/07/2015 – 05:51:49 | SHD] – C:Documents and Settings
    [31/07/2015 – 06:44:12 | D] – C:PerfLogs
    [10/09/2015 – 13:39:07 | D] – C:Logs
    [25/11/2015 – 14:51:02 | SHD] – C:Boot
    [25/11/2015 – 15:32:58 | D] – C:temp
    [25/11/2015 – 15:35:06 | SHD] – C:Recovery
    [25/11/2015 – 23:49:29 | RD] – C:Users
    [26/11/2015 – 07:14:05 | D] – C:inetpub
    [28/11/2015 – 10:56:13 | HD] – C:ProgramData
    [11/12/2015 – 03:37:10 | D] – C:Windows
    [01/01/2016 – 17:58:49 | RD] – C:Program Files
    [08/02/2016 – 10:52:08 | RD] – C:Program Files (x86)
    [02/04/2016 – 13:53:12 | D] – C:UsbFix

    ################## | D: – Fixed drive (NTFS) |

    [21/02/2014 – 08:09:21 | A | 182 Ko] – D:hyptest.ppt
    [27/11/2013 – 15:10:01 | A | 0 Ko] – D:Microsoft Office Click-to-Run 2010 (Protected) (Q) – Shortcut.lnk
    [06/11/2012 – 13:45:31 | A | 124 Ko] – D:LoLPH_Install_121031.exe
    [31/10/2012 – 19:48:55 | A | 223232 Ko] – D:LoLPH_Install_120924.2.dat
    [31/10/2012 – 20:10:32 | A | 2048000 Ko] – D:LoLPH_Install_120924.1.dat
    [09/11/2012 – 18:20:50 | A | 2048000 Ko] – D:LoLPH_Install_121031.1.dat
    [09/11/2012 – 18:20:50 | A | 375615 Ko] – D:LoLPH_Install_121031.2.dat
    [19/03/2015 – 19:02:30 | SHD] – D:$RECYCLE.BIN
    [08/04/2013 – 22:57:51 | D] – D:backup photos
    [02/09/2015 – 21:25:58 | D] – D:IPAD PHOTOS

    ################## | Vaccin |

    C:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    D:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

    Analysed in 30.92 seconds

    ################## | E.O.F | https://www.sosvirus.net/ | https://www.usb-antivirus.com/ |

  • Anonymous
    Post count: 0

    Hi Kris,

    Welcome on SOSVirus ,

    • Please Download Malwarebytes Anti-Malware (MBAM), save it to your Desktop.
    • Install Malwarebytes Anti-Malware, follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
    • When MBAM opens it will says Your database is out of date. Choose Fix Now.
    • Click on the Settings tab at the top of the window, click on Detection and Protection at the top of the windows, checkmarck Scan for rootkits.
    • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
    • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).

      Please be patient as the scan will take some time.

    • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.

      If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
      Click OK to either and let MBAM proceed with the disinfection process.
      If asked to restart the computer, please do so immediately.

    • After the reboot, launch MBAM, click on the History tab, choose Application Logs.
    • Click the most recent Scan Log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
    • To finish, upload the log on SOSUpload and give me the link on your next message.

    Reply

  • You must be logged in to reply to this topic.