Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Windows10pro RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    ***** NORMAL SCAN FOR ACTIVE MALWARE *****

    Trojan Remover Ver 6.9.5.2954. For information, email support@simplysup.com

    [Unregistered version]

    Scan started at: 02:19:19 05 sty 2018

    Using Database v9560

    Operating System:  Windows 10 Pro x64 [Version 1703, Build: 10.0.15063.0]

    File System:       NTFS

    UAC is ENABLED [default level]

    UserData directory: C:\Users\Zbyszek\AppData\Roaming\Simply Super Software\Trojan Remover\

    Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\

    Logfile directory:  C:\Users\Zbyszek\Documents\Simply Super Software\Trojan Remover Logfiles\

    Program directory:  C:\Program Files (x86)\Trojan Remover\

    Running with Administrator privileges

     

    ************************************************************

    02:19:19: ----- Checking Default File Associations -----

    No modified default file associations detected

     

    ************************************************************

    02:19:19: ----- SCANNING FOR ROOTKIT SERVICES -----

    No hidden Services were detected.

     

    ************************************************************

    02:19:19: Scanning ----- Windows Registry -----

    --------------------

    Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

    --------------------

    Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

    This key's "Shell" value calls the following program(s):

    Key value: [explorer.exe]

    File: C:\Windows\Explorer.exe

    C:\Windows\Explorer.exe (verified signer: [Microsoft Windows])

    4847928 bytes

    Created:  18.03.2017 21:58

    Modified: 18.03.2017 21:58

    Company:  Microsoft Corporation

    [4E09D16BD3D98831C42CFD59E88E5807]

    ----------

    This key's "Userinit" value calls the following program(s):

    Key value: [C:\Windows\system32\userinit.exe,]

    File: C:\Windows\system32\userinit.exe

    C:\Windows\System32\userinit.exe (verified signer: [Microsoft Windows])

    32256 bytes

    Created:  18.03.2017 21:58

    Modified: 18.03.2017 21:58

    Company:  Microsoft Corporation

    [46B72E05D0B9F489CA60DBD7361039B0]

    ----------

    --------------------

    Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

    --------------------

    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    Value Name: [SunJavaUpdateSched]

    Value Data: ["C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"]

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (verified signer: [Oracle America, Inc.])

    587288 bytes

    Created:  15.03.2017 02:43

    Modified: 15.03.2017 02:43

    Company:  Oracle Corporation

    [A443A7C05ABF0FCD16E89593F63B633B]

    --------------------

    Value Name: [TrojanScanner]

    Value Data: [C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot]

    C:\Program Files (x86)\Trojan Remover\Trjscan.exe (verified signer: [Simply Super Software])

    3676216 bytes

    Created:  05.01.2018 02:16

    Modified: 24.11.2017 18:29

    Company:  Simply Super Software

    [E90A5841C58753ED88372C677236089E]

    --------------------

    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

    This Registry key appears to be empty

    --------------------

    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Value Name: [DriverUpdate]

    Value Data: ["C:\Program Files\DriverUpdate\DriverUpdate.exe" -boot]

    C:\Program Files\DriverUpdate\DriverUpdate.exe (verified signer: [Slimware Utilities Holdings, Inc.])

    30227880 bytes

    Created:  08.12.2017 11:39

    Modified: 08.12.2017 11:39

    Company:  SlimWare Utilities, Inc.

    [C43D9A606BE60C36BA6E45D56126C12C]

    --------------------

    Value Name: [SlimCleaner Plus]

    Value Data: ["C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize /boot]

    C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe (verified signer: [Slimware Utilities Holdings, Inc.])

    26221248 bytes

    Created:  25.10.2016 16:19

    Modified: 25.10.2016 16:19

    Company:  Slimware Utilities Holdings, Inc.

    [B4418079258EEE98970969FDCE143DA0]

     

    ************************************************************

    02:19:26: Scanning ----- Windows 64-Bit Registry -----

    --------------------

    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    Value Name: [SecurityHealth]

    Value Data: [%ProgramFiles%\Windows Defender\MSASCuiL.exe]

    C:\Program Files\Windows Defender\MSASCuiL.exe (verified signer: [Microsoft Windows])

    629152 bytes

    Created:  18.03.2017 21:56

    Modified: 18.03.2017 21:56

    Company:  Microsoft Corporation

    [47B132F5FF6C1555BE449D59AD6A6788]

    --------------------

    Value Name: [NvBackend]

    Value Data: ["C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"]

    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (verified signer: [NVIDIA Corporation])

    1794888 bytes

    Created:  05.01.2018 01:50

    Modified: 29.06.2015 22:53

    Company:  NVIDIA Corporation

    [0CB22F45A985A01E3F41358FA6E4D9BB]

    --------------------

    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

    This Registry key appears to be empty

     

    ************************************************************

    02:19:27: Scanning ----- ShellExecuteHooks -----

    No ShellExecuteHook entries found to scan

     

    ************************************************************

    02:19:27: Scanning ----- 64-Bit ShellExecuteHooks -----

    No 64-Bit ShellExecuteHook entries found to scan

     

    ************************************************************

    02:19:27: Scanning -----HIDDEN REGISTRY ENTRIES-----

    Taskdir check completed

    ----------

    No Hidden File-loading Registry Entries found

    ----------

    No Hidden File-loading x64 Registry Entries found

    ----------

     

    ************************************************************

    02:19:28: Scanning -----ACTIVE SCREENSAVER-----

    No active ScreenSaver found to scan.

     

    ************************************************************

    02:19:28: Scanning ----- Registry Active Setup Keys -----

     

    ************************************************************

    02:19:28: Scanning ----- 64-Bit Registry Active Setup Keys -----

    Key:  {89820200-ECBD-11cf-8B85-00AA005B4340}

    Path: U

    U - [file not found to scan]

    ----------

     

    ************************************************************

    02:19:29: Scanning ----- SERVICEDLL REGISTRY KEYS -----

     

    ************************************************************

    02:19:45: Scanning ----- SERVICES REGISTRY KEYS -----

    Key:       IntcAzAudAddService

    ImagePath:  \SystemRoot\system32\drivers\RTKVHD64.sys

    Service Display Name: Service for Realtek HD Audio (WDM)

    Service Start Type: Manual

    C:\Windows\System32\drivers\RTKVHD64.sys (verified signer: [Realtek Semiconductor Corp])

    4065296 bytes

    Created:  21.06.2012 13:13

    Modified: 21.06.2012 13:13

    Company:  Realtek Semiconductor Corp.

    [C2F868881D48A568B525255F084EF063]

    ----------

    Key:       SlimService

    ImagePath:  "C:\Program Files\SlimService\SlimServiceFactory.exe"

    Service Display Name: SlimWare Utility Service Launcher

    Service Start Type: Automatic

    C:\Program Files\SlimService\SlimServiceFactory.exe (verified signer: [Slimware Utilities Holdings, Inc.])

    252096 bytes

    Created:  25.10.2016 16:19

    Modified: 25.10.2016 16:19

    Company:  SlimWare Utilities, Inc.

    [996C1107C5B53307FA709D17EB14D3D6]

    C:\Program Files\SlimService\SlimServiceFactory.exe appears to contain: PUS.SLIMWAREUTILITIES

    HKLM\SYSTEM\CurrentControlSet\Services\SlimService\"ImagePath" - registry value removed

    C:\Program Files\SlimService\SlimServiceFactory.exe: 1 processes terminated

    C:\Program Files\SlimService\SlimServiceFactory.exe - file renamed to: C:\Program Files\SlimService\SlimServiceFactory.exe.vir

    ----------

    Key:       SlimWareServices

    ImagePath:  "C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe"

    Service Display Name: SlimWare Services

    Service Start Type: Automatic

    C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe (verified signer: [Slimware Utilities Holdings, Inc.])

    184232 bytes

    Created:  08.12.2017 11:39

    Modified: 08.12.2017 11:39

    Company:  SlimWare Utilities Holdings, Inc.

    [CA1EC30DBBDF517667BED6AB1582B907]

    C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe appears to contain: SUSPICIOUS.SIGNATURE (SLIMWARE UTILITIES HOLDINGS, INC.)

    HKLM\SYSTEM\CurrentControlSet\Services\SlimWareServices\"ImagePath" - registry value removed

    C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe: 1 processes terminated

    C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe - file renamed to: C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe.vir

    ----------

     

    ************************************************************

    02:20:51: Scanning -----VXD ENTRIES-----

     

    ************************************************************

    02:20:51: Scanning ----- ContextMenuHandlers -----

    Key:   WinRAR32

    CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA}

    Path:  C:\Program Files\WinRAR\rarext32.dll

    C:\Program Files\WinRAR\rarext32.dll (verified signer: [win.rar GmbH])

    368016 bytes

    Created:  05.01.2018 01:24

    Modified: 19.09.2016 09:23

    Company:  Alexander Roshal

    [B313F921A58EBDB29922F4C21F8C86FF]

    ----------

     

    ************************************************************

    02:20:53: Scanning ----- Folder\ColumnHandlers -----

    No Folder\ColumnHandler entries found to scan

     

    ************************************************************

    02:20:53: Scanning ----- 64-Bit ContextMenuHandlers -----

    Key:   WinRAR

    CLSID: {B41DB860-64E4-11D2-9906-E49FADC173CA}

    Path:  C:\Program Files\WinRAR\rarext.dll

    C:\Program Files\WinRAR\rarext.dll (verified signer: [win.rar GmbH])

    437136 bytes

    Created:  05.01.2018 01:24

    Modified: 19.09.2016 09:23

    Company:  Alexander Roshal

    [F6C5EB71FEA1D6F805AD8C6B29592549]

    ----------

     

    ************************************************************

    02:20:55: Scanning ----- 64-Bit Folder\ColumnHandlers -----

    No Folder\ColumnHandler entries found to scan

     

    ************************************************************

    02:20:55: Scanning ----- Browser Helper Objects -----

    Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

    BHO: C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll

    C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll (verified signer: [Oracle America, Inc.])

    473152 bytes

    Created:  05.01.2018 01:51

    Modified: 05.01.2018 01:51

    Company:  Oracle Corporation

    [0DDF0EABD633212060E31E3A24A10E12]

    ----------

    Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}

    BHO: C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll

    C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll (verified signer: [Oracle America, Inc.])

    186944 bytes

    Created:  05.01.2018 01:51

    Modified: 05.01.2018 01:51

    Company:  Oracle Corporation

    [14F57FB1F3DA1502E8D3E25AC67C9974]

    ----------

     

    ************************************************************

    02:20:56: Scanning ----- 64-Bit Browser Helper Objects -----

    Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

    BHO: C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll

    C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll (verified signer: [Oracle America, Inc.])

    571456 bytes

    Created:  05.01.2018 01:55

    Modified: 05.01.2018 01:55

    Company:  Oracle Corporation

    [FEC83014EA8FDC5910983FCE9AEB794A]

    ----------

    Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}

    BHO: C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll

    C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll (verified signer: [Oracle America, Inc.])

    234560 bytes

    Created:  05.01.2018 01:55

    Modified: 05.01.2018 01:55

    Company:  Oracle Corporation

    [A74F58039D4D538123D7C58D3B0E6228]

    ----------

     

    ************************************************************

    02:20:57: Scanning ----- ShellServiceObjectDelayLoad Entries -----

     

    ************************************************************

    02:20:57: Scanning ----- 64-Bit ShellServiceObjectDelayLoad Entries -----

     

    ************************************************************

    02:20:57: Scanning ----- ShellServiceObjects -----

     

    ************************************************************

    02:21:01: Scanning ----- 64-Bit ShellServiceObjects -----

     

    ************************************************************

    02:21:04: Scanning -----  SharedTaskScheduler Entries -----

    No SharedTaskScheduler entries found to scan

     

    ************************************************************

    02:21:04: Scanning -----  64-Bit SharedTaskScheduler Entries -----

    No 64-Bit SharedTaskScheduler entries found to scan

     

    ************************************************************

    02:21:04: Scanning ----- IMAGEFILE DEBUGGERS -----

    No "Debugger" entries found.

     

    ************************************************************

    02:21:04: Scanning ----- APPINIT_DLLS -----

    No AppInit_DLLs value found to check

     

    ************************************************************

    02:21:04: Scanning ----- 64-Bit APPINIT_DLLS -----

    No 64-Bit AppInit_DLLs value found to check

     

    ************************************************************

    02:21:05: Scanning ----- SECURITY PROVIDER DLLS -----

     

    ************************************************************

    02:21:05: Scanning ----- CREDENTIAL PROVIDERS -----

     

    ************************************************************

    02:21:08: Scanning ------ COMMON STARTUP GROUP ------

    [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]

    The Common Startup Group attempts to load the following file(s) at boot time:

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

    -HS- 174 bytes

    Created:  18.03.2017 22:03

    Modified: 18.03.2017 22:01

    Company:  [no info]

    [7F1698BAB066B764A314A589D338DAAE]

    --------------------

     

    ************************************************************

    02:21:11: Scanning ----- USER STARTUP GROUPS -----

    Checking Startup Group for: Zbyszek

    [C:\Users\Zbyszek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]

    C:\Users\Zbyszek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

    -HS- 174 bytes

    Created:  05.01.2018 01:17

    Modified: 05.01.2018 01:17

    Company:  [no info]

    [7F1698BAB066B764A314A589D338DAAE]

    ----------

    --------------------

     

    ************************************************************

    02:21:11: Scanning ----- SCHEDULED TASKS -----

    Taskname: Adobe Flash Player Updater

    Target: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    Parameters:

    Schedule:

    At 01:46:00 every day

    Next Run Time: 05.01.2018 02:46:00

    Status: Ready

    Creator: Adobe Systems Incorporated

    Comments: To zadanie zapewnia aktualno

    ść instalacji programu Adobe Flash Player, stosując najnowsze ulepszenia i poprawki zabezpieczeń. Jeśli to zadanie zostanie wyłączone lub usunięte, program Adobe Flash Player nie będzie mógł automatycznie zabezpieczać komputera przy użyciu najnowszych poprawek zabezpieczeń.

    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (verified signer: [Adobe Systems Incorporated])

    271448 bytes

    Created:  05.01.2018 02:05

    Modified: 05.01.2018 02:05

    Company:  Adobe Systems Incorporated

    [BE62B286791F715E430FB022C1707BBA]

    ----------

    Taskname: DriverUpdate Startup

    Target: C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe

    Parameters: -boot

    Schedule:

    At logon

    Next Run Time:

    Status: Ready

    Creator: DESKTOP-0CVDGSR\Zbyszek

    Comments: Runs DriverUpdate at system startup.

    C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe - [file not found to scan]

    ----------

    Taskname: SlimCleaner Plus (Scheduled Scan - Zbyszek)

    Target: C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

    Parameters: /doScheduledScan

    Schedule:

    At 02:13:00 every day

    Next Run Time: 06.01.2018 02:13:00

    Status: Ready

    Creator: Zbyszek

    Comments:

    C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe (verified signer: [Slimware Utilities Holdings, Inc.])

    26221248 bytes

    Created:  25.10.2016 16:19

    Modified: 25.10.2016 16:19

    Company:  Slimware Utilities Holdings, Inc.

    [B4418079258EEE98970969FDCE143DA0]

    ----------

     

    ************************************************************

    02:21:26: Scanning ----- ShellIconOverlayIdentifiers -----

     

    ************************************************************

    02:21:26: Scanning ----- 64-Bit ShellIconOverlayIdentifiers -----

     

    ************************************************************

    02:21:26: Scanning ----- DEVICE DRIVER ENTRIES -----

    Value: msacm.l3acm

    File:  C:\Windows\SysWOW64\l3codeca.acm

    C:\Windows\SysWOW64\l3codeca.acm (verified signer: [Microsoft Windows])

    73216 bytes

    Created:  18.03.2017 21:56

    Modified: 18.03.2017 21:56

    Company:  Fraunhofer Institut Integrierte Schaltungen IIS

    [4F933B9DD47C0349C2B5612410A56C80]

    ----------

     

    ************************************************************

    02:21:27: ----- ADDITIONAL CHECKS -----

    Heuristic checks for hidden files/drivers completed

    ----------

    Layered Service Provider entries checks completed

    ----------

    Windows Explorer Policies checks completed

    ----------

    Desktop Wallpaper: C:\Windows\web\wallpaper\Windows\img0.jpg

    C:\Windows\web\wallpaper\Windows\img0.jpg

    226091 bytes

    Created:  18.03.2017 21:56

    Modified: 18.03.2017 21:56

    Company:  [no info]

    [49150F7BFD879FE03A2F7D148A2514DE]

    ----------

    Web Desktop Wallpaper entry is blank

    ----------

    Checks for rogue DNS NameServers completed

    ----------

    The Windows Update (wuauserv) service is disabled

    No action was taken on the damaged/disabled services

    Scan cancelled by User

    ----------

    Addtional checks for Backdoor.ZeroAccess not carried out

    Checks of SAFEMODE registry keys not carried out

    Checks for patched system files not carried out

    ----------

    Checks for Trojan.Poweliks not carried out

    Checks for IE Proxy not carried out

    Heuristic Checks Scan stopped at user request

    Shortcut Hijack Checks not carried out

    Running Processes were not scanned

    The HOSTS file was not checked

    The check on Explorer.exe was not carried out

    Internet Explorer settings were not checked.

     

    ************************************************************

    === CHANGES WERE MADE TO THE WINDOWS REGISTRY ===

    === ONE OR MORE FILES WERE RENAMED OR REMOVED ===

    Scan completed at: 02:21:38 05 sty 2018

    Total Scan time: 00:02:19

    -------------------------------------------------------------------------

    Trojan Remover needs to restart the system to complete operations

    *** RESTART CANCELLED BY USER ***

    ************************************************************

     

     


    Monday, February 26, 2018 10:43 PM

Answers

All replies