Harrassing pop-up : onlinesecuritymetere.in

Hello community,

I’m having this problem (as described in the title) others already posted about in previous messages, but as you need to know the info about my own machine, here it goes :

Using Windows 7 64-bits, Avast version : 2014.9.0.2021

I did the Farbar scan and I attached the FRST.txt file.

I hope you can help me, it’s really getting extremely annoying.

Thank you !

1]
Where are the other logs that we need ?
https://forum.avast.com/index.php?topic=53253.0

2]
You have used a old version of Farbar.
Use the latest one to create the log files.

3]
You are using a old version of avast.
Perform a clean installation of the latest one:
https://forum.avast.com/index.php?topic=169255.msg1203279#msg1203279

Please follow the instructions above and I will prepare a fix.

Hello,

Thank you for your rapid response. I followed all the instructions, please find the log files in the attachment.

I also downloaded the latest Avast version, as well as Farbar.

Hi elvazur, :slight_smile:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

[*]Please do not create any new threads on this while we are working on your system as it wastes another volunteer’s time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
[*]Please do not install any new software while we are working on this system as it may hinder our process.
[*]Malware removal is a complicated process so don’t stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
[*]Please do not try to fix anything without being ask.
[*]Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
[*]Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
[*]Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
[*]If you are confused about any instruction, stop and ask. Do not keep on going.
[*]Do not repeat the steps if you face any problems.
[*]I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
[*]Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
[*]The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.


Uninstall Bundled software uninstaller and YTD YouTube Downloader & Converter 3.7.


[*]Step #1 Fix with FRST
Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
[*]Open Notepad.exe. Do not use any other text editor software;
[*]Copy and Paste the contents inside the code-box to your Notepad

Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3319195597-3395872903-476012188-1000\...\MountPoints2: G - G:\PERMIS.EXE
HKU\S-1-5-21-3319195597-3395872903-476012188-1000\...\MountPoints2: {2824cda2-318e-11e3-9a9b-c86000c8af9e} - F:\setup.exe
HKU\S-1-5-21-3319195597-3395872903-476012188-1000\...\MountPoints2: {2824cda7-318e-11e3-9a9b-c86000c8af9e} - G:\Setup.exe
HKU\S-1-5-21-3319195597-3395872903-476012188-1000\...\MountPoints2: {9615f26c-35a4-11e3-93ef-c86000c8af9e} - I:\setup.exe
HKU\S-1-5-21-3319195597-3395872903-476012188-1000\...\MountPoints2: {ed20bc40-ea99-11e3-ab97-c86000c8af9e} - J:\Setup.exe
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Nizar\AppData\Roaming\Mozilla\Firefox\Profiles\izuprjyf.default-1380744932825\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-05-16]
S2 FreemakeVideoCapture; "C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe" [X]
C:\Program Files (x86)\Freemake\
2015-05-03 16:20 - 2012-06-09 11:42 - 00000200 _____ () C:\Windows\Tasks\AutoKMS.job
2015-05-03 15:20 - 2012-06-09 11:42 - 00000202 _____ () C:\Windows\Tasks\AutoKMSDaily.job
Task: {7A486422-45C6-4D79-8B93-2F2F468954CF} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe
Task: {841B3CA9-69D5-486E-AA00-4D1D05554C72} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
C:\Windows\AutoKMS.exe
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\Users\Nizar\AppData\Local\Temp:AedC5fBdFMAybTED72U
AlternateDataStreams: C:\Users\Nizar\AppData\Local\Temporary Internet Files:iKmMPWxVLk36LAD3gmO
FirewallRules: [TCP Query User{AA928441-9BCD-48EC-BA41-3E241969D571}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{B245E5E2-1E8B-443D-8440-A50E1713A860}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
C:\windows\kmsemulator.exe
Hosts:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
RemoveProxy:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
End

[*]Click on File > Save as…
[list][*]Inside the File Name box type fixlist.txt
[*]From the Save as type drop down list, choose All Files
[*]Save the file to your Desktop;
[*]Re-run FRST.exe and click Fix;
[*]Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.[]After the completion, a log will be produced;
[
]Attach the log in your next reply.[/list]


[*]Required Log(s):
[*]FRST Fix Log

Regards,
Valinorum

Hello Valinorum :slight_smile:

Here is the fix log as requested.

How is your PC?

Still the same, getting popups about the same issue.

Reset your browser after completing Step 2.


[*]Step # 2Fix with AdwCleaner
[*]Download AdwCleaner by Xplode to your Desktop from the following link.
[list][]Download Link #1
[
]Download Link #2
[*]Right-click on AdwCleaner.exe and choose Run as administrator;
[*]Click on Scan and let the program run unhindered;
[*]When done, click on Clean and allow the system to reboot after it is done;
[]A log will be opened automatically after the restart;
[
]Attach the log in your reply.[/list]


[*]Required Log(s):
[*]AdwCleaner Log

Regards,
Valinorum

Hi again,

Here’s the AdwCleaner log.

(still getting the pop-ups)

Reset your browser.

I followed the instructions, but I only have a “Refresh” button (see attachment). I don’t know if it’s the same, but I did it.

The pop-ups are still popping, they are totally independent from my internet browser I think.

What I have been doing before to be able to work without interruption, is I go to the task manager and kill the “explorer.exe” process. Then it stops.

Yes, click on the ‘Refresh Firefox’ button.

What I have been doing before to be able to work without interruption, is I go to the task manager and kill the "explorer.exe" process. Then it stops.
Let us eliminate the general possibilities first. Since you mentioned that killing "explorer.exe" process is stopping the pop-up, I would ask you to re-run FRST.exe and type [b]explorer.exe[/b] in the search box. Click on "Search Files" and attach the log when done.

Here’s the Search log.

PS : I had already hit the refresh button :slight_smile:

[*]Step #3 Run Malwarebytes’ Anti-Rootkit
Please download Malwarebytes Anti-Rootkit from here and extract the content to your Desktop.
[*]Update the program if asked.
[*]In the Scan System option check all the boxes and click on Scan.
[*]Click on Cleanup button after the scan and wait patiently. Reboot the computer if asked.
[*]After the clean-up process; locate two logs in the mbar folder namely–
[list][]mbar-log.txt; and
[
]system-log.txt[*]Copy and paste the contents of the log in your next reply.[/list]


I did the scan and cleaning, but I’m still getting the pop-ups.
Here are the logs.

mbar-log :

[i]Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.05.06.04
rootkit: v2015.04.21.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17728
Nizar :: NIZAR-PC [administrator]

5/6/2015 10:29:01 PM
mbar-log-2015-05-06 (22-29-01).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 450202
Time elapsed: 10 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp120C.exe (Trojan.Krypt) → Delete on reboot. [d894bed258324de958154dbe18eab44c]
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp4A67.exe (Trojan.Agent.FSAVXGen) → Delete on reboot. [c2aa8e021f6b77bf80656446ec1507f9]
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp53E9.exe (Trojan.Agent.DED) → Delete on reboot. [98d45b3593f7c76f187fa45715eced13]

Physical Sectors Detected: 0
(No malicious items detected)

(end)[/i]




System-log :

[i]Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17728

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, X:\ DRIVE_FIXED
CPU speed: 3.202000 GHz
Memory total: 12823044096, free: 9158299648

Downloaded database version: v2015.05.06.04
Downloaded database version: v2015.04.21.01
Downloaded database version: v2015.05.06.01

Initializing…
------------ Kernel report ------------
05/06/2015 22:28:46
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStorA.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\asahci64.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\drivers\ctaud2k.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ctoss2k.sys
\SystemRoot\system32\drivers\ctprxy2k.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\dtscsibus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\ha20x22k.sys
\SystemRoot\system32\drivers\emupia2k.sys
\SystemRoot\system32\drivers\ctsfm2k.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\CTHWIUT.SYS
\SystemRoot\System32\drivers\CT20XUT.SYS
\SystemRoot\System32\drivers\CTEXFIFX.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\athurx.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
??\C:\Windows\system32\drivers\acedrv11.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
??\C:\Windows\system32\drivers\mbamchameleon.sys
??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\nsi.dll
\Windows\System32\iertutil.dll
\Windows\System32\user32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shell32.dll
\Windows\System32\difxapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msvcrt.dll
\Windows\System32\sechost.dll
\Windows\System32\msctf.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ole32.dll
\Windows\System32\normaliz.dll
\Windows\System32\usp10.dll
\Windows\System32\clbcatq.dll
\Windows\System32\gdi32.dll
\Windows\System32\psapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\lpk.dll
\Windows\System32\ws2_32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\oleaut32.dll
\Windows\System32\setupapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\kernel32.dll
\Windows\System32\wininet.dll
\Windows\System32\Wldap32.dll
\Windows\System32\imm32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.05.06.04
rootkit: v2015.04.21.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800ac59790, DeviceName: \Device\Harddisk0\DR0, DriverName: \Driver\Disk
--------- Disk Stack ------
DevicePointer: 0xfffffa800ac592c0, DeviceName: Unknown, DriverName: \Driver\partmgr
DevicePointer: 0xfffffa800ac59790, DeviceName: \Device\Harddisk0\DR0, DriverName: \Driver\Disk
DevicePointer: 0xfffffa800ab8ac50, DeviceName: Unknown, DriverName: \Driver\iaStorF
DevicePointer: 0xfffffa800a8fb040, DeviceName: Unknown, DriverName: \Driver\ACPI
DevicePointer: 0xfffffa800a8a26f0, DeviceName: \Device\00000077, DriverName: \Driver\iaStorA
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0, DriverName: \Driver\Disk
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers…
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0…
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 62C0FF3C

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048  Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848  Numsec = 468652032

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0  Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0  Numsec = 0

Disk Size: 240057409536 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800ac5f790, DeviceName: \Device\Harddisk1\DR1, DriverName: \Driver\Disk
--------- Disk Stack ------
DevicePointer: 0xfffffa800ac5f2c0, DeviceName: Unknown, DriverName: \Driver\partmgr
DevicePointer: 0xfffffa800ac5f790, DeviceName: \Device\Harddisk1\DR1, DriverName: \Driver\Disk
DevicePointer: 0xfffffa800ab8bc50, DeviceName: Unknown, DriverName: \Driver\iaStorF
DevicePointer: 0xfffffa800a8f8060, DeviceName: \Device\00000078, DriverName: \Driver\iaStorA
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1, DriverName: \Driver\Disk
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1…
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 13EDEF9C

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048  Numsec = 1331200000

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1331202048  Numsec = 622317568

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0  Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8012c2a060, DeviceName: \Device\Harddisk2\DR2, DriverName: \Driver\Disk
--------- Disk Stack ------
DevicePointer: 0xfffffa8012c28b90, DeviceName: Unknown, DriverName: \Driver\partmgr
DevicePointer: 0xfffffa8012c2a060, DeviceName: \Device\Harddisk2\DR2, DriverName: \Driver\Disk
DevicePointer: 0xfffffa8012b6ab80, DeviceName: Unknown, DriverName: \Driver\iaStorF
DevicePointer: 0xfffffa8012c24b60, DeviceName: \Device\0000009b, DriverName: \Driver\USBSTOR
------------ End ----------
Infected: C:\ProgramData\Microsoft\Secure\Icons\temp\tmp120C.exe → [Trojan.Krypt]
Infected: C:\ProgramData\Microsoft\Secure\Icons\temp\tmp4A67.exe → [Trojan.Agent.FSAVXGen]
Infected: C:\ProgramData\Microsoft\Secure\Icons\temp\tmp53E9.exe → [Trojan.Agent.DED]
File “C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-C0A52BF0372227CBDF49E2BBB5E658D1A0AFA169.bin.VE1” is compressed (flags = 1)
File “C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-C0A52BF0372227CBDF49E2BBB5E658D1A0AFA169.bin.VF” is compressed (flags = 1)
File “C:\ProgramData\AVAST Software\Avast\log\AvastSvc.log” is compressed (flags = 1)
File “C:\ProgramData\AVAST Software\Avast\log\AvastUI.log” is compressed (flags = 1)
File “C:\ProgramData\AVAST Software\Avast\log\CommChannel.Protocol.log” is compressed (flags = 1)
File “C:\ProgramData\AVAST Software\Avast\log\Instup.log” is compressed (flags = 1)
File “C:\ProgramData\AVAST Software\Persistent Data\Avast\Logs\Update.log” is compressed (flags = 1)
Scan finished
Creating System Restore point…
Cleaning up…
Removal scheduling successful. System shutdown needed.
System shutdown occurred

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes’ Anti-Malware (portable)\MBR-0-i.mbam…
Removing C:\ProgramData\Malwarebytes’ Anti-Malware (portable)\VBR-0-0-2048-i.mbam…
Removing C:\ProgramData\Malwarebytes’ Anti-Malware (portable)\MBR-0-r.mbam…
Removing C:\ProgramData\Malwarebytes’ Anti-Malware (portable)\MBR-1-i.mbam…
Removing C:\ProgramData\Malwarebytes’ Anti-Malware (portable)\MBR-1-r.mbam…
Removal finished[/i]

Please post a fresh FRST scan log.

I really wonder why it worked with other people already from steps before.
Do you think killing the explorer.exe process before running the scans and fixed could make a difference ?

The FRST Scan log as well as the Addition.txt are in the attachment (copy/paste doesn’t go 'cause the message exceeds the characters limit).

Explorer.exe should not have caused this. Follow the step outlined below and we shall move on from there.

[*]Step #4 Run ComboFix
Download ComboFix by sUBs from one of the suitable locations listed below and save it to your Desktop.
Download Link #1
Download Link #2
Donwload Link #3

Warning
Please acknowledged yourself this warning beforehand. The tool, ComboFix, is an extremely powerful malware removal tool if not one of the most powerful tools ever created. In the hands of an inept person or a simple mistake can render your machine un-bootable. Peruse every step I listed below unless you want a dreadful occurrence.
***

[]Disable your security software. For more information, peruse this thread;
[*]Right-click and choose Run as administrator to run the program.
[*]As a buit-in process, ComboFix will check if you system has Microsoft Windows Recovery Console installed. Let Combofix download and install Microsoft Windows Recovery Console.
[list][*]It requires an active internet connection.
[*]If your system already has Microsoft Windows Recovery Console installed, this step will be skipped
[*]ComboFix will now scan your system for malwares and will attempt to remove them.
[*]Note: ComboFix performs fifty steps during this fix. Please be patient.
[*]After the scan your system will reboot and a log will be produced. The log is automatically saved in C:\ComboFix.txt.
[
]Attach the log in your next reply.[/list]

Crucial Notes:
[*]Do not mouse-click when ComboFix is running as it may stall.
[*]Do not re-run ComboFix if you face a problem. Ask for my instruction here.
[*]ComboFix will make Internet Explorer your default browser and will change number of different Internet Explorer settings.
[*]ComboFix prevents autorun functions of all CD and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you, please tell me.
[]It is possible that ComboFix, even on its first run, may have fixed the problems you are having. We strongly suggest that you still post your log into the topic that you are receiving help as you most likely will have infections left over that your helper will need to analyze further.
[
]ComboFix will disconnect your system from internet for security measures. The connection is automatically restored after the scan but if it does not, it can be restored by rebooting the PC.

Hello,
I just put my antiradioactive suit and ran Combofix, it went through some stages but I have this warning:

Unable to create a backup of the current registry file
C:\Windows\System32\config\SYSTEM !
Continue restoration of this file?

I have no idea whether to say Yes or No.

I’m writing from my mobile phone, I’m keeping the computer on standby until I hear from you.