Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdCash infection


  • Please log in to reply
5 replies to this topic

#1 ltix86

ltix86

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 15 May 2015 - 03:08 AM

Hello everybody!

I got infected by AdCash, i'm afraid i have also other virus.

What should i do?

Thanks!!

Luca



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:49 PM

Posted 15 May 2015 - 08:16 AM

Hello Luca -

 

Download Screen317 Security Check from Here or Here and save it to your Desktop.

  • Double-click the new SecurityCheck.exe Icon
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please Copy/Paste the contents of that document.

Note 1:: If any security program requests permission to access the Internet, allow it to
Note 2. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message, (or similar) restart computer and Security Check should run

 

NEXT -

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
RKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
The program usually runs no longer than 2 minutes and only 1 version needs to run.
If it will not run, delete the download and try the other link. It will also run in Safe mode.
Please Copy / Paste the small log back here.

Important: Do not reboot your computer until you complete the next step.(just post the log)

* NOW :
 Please download AdwCleaner by Xplode from Here or Here
 and save to your Desktop.
 * Double-click on AdwCleaner.exe to run the tool.
 * Vista/Windows 7/8 users right-click and select Run As Administrator.
 * Click on the Scan button only once to ensure a correct reading
 * AdwCleaner will begin...be patient as the scan may take some time to complete.
 * After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Check the removals and see if you are OK with the list.
* Now
 * Click on the Clean button only once to ensure a correct reading
 * Press OK when asked to close all programs and follow the onscreen prompts.
 * Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
 * After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
 * Copy and Paste the contents of that logfile in your next reply.

* A copy of all logfiles are also saved in the C:\AdwCleaner folder which was created when running the tool.

 

Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR REVIEW.

 

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • NOTE : Please be patient as this will take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Download TDSSKiller and save it to your desktop.

  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

With your logs, Please include a report on whether your system is better now.

 

Thank You -



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:49 PM

Posted 18 May 2015 - 02:06 AM

Hello Luca,

Have you fixed your problem yet, or do you still want help ??

 

Thank You ..



#4 ltix86

ltix86
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 23 May 2015 - 07:40 AM

Sorry for the delay, here the reports:

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/21/2015 12:55:19 PM in x64 mode.
Windows Version: Windows 8.1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\apppatch\nbin => C:\PROGRA~2\SearchProtect\SearchProtect\bin [Dir]

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 05/21/2015 01:01:07 PM
Execution time: 0 hours(s), 5 minute(s), and 47 seconds(s)
 

 Results of screen317's Security Check version 1.002  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 9 Flash Player out of Date!
  Adobe Flash Player     16.0.0.305 Flash Player out of Date!  
 Mozilla Firefox 37.0.2 Firefox out of Date!  
 Google Chrome (42.0.2311.152)
 Google Chrome (43.0.2357.65)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

# AdwCleaner v4.204 - Creato file registro eventi 21/05/2015 in 13:16:33
# Aggiornato 12/05/2015 da Xplode
# Database : 2015-05-20.1 [Server]
# Sistema operativo : Windows 8.1  (x64)
# Nome utente : LucaTixi - LUCA
# In esecuzione da : C:\Users\LucaTixi\Desktop\adwcleaner_4.204(1).exe
# Opzione : Pulizia

***** [ Servizi ] *****


***** [ File / Cartelle ] *****


***** [ Attività pianificate ] *****


***** [ Collegamenti ] *****


***** [ Registry ] *****


***** [ Browser web ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v37.0.2 (x86 it)


-\\ Google Chrome v43.0.2357.65


*************************

AdwCleaner[R0].txt - [17326 byte] - [29/04/2014 15:38:08]
AdwCleaner[R1].txt - [1372 byte] - [29/04/2014 15:48:16]
AdwCleaner[R2].txt - [1235 byte] - [29/04/2014 16:36:30]
AdwCleaner[R3].txt - [1270 byte] - [30/04/2014 09:36:35]
AdwCleaner[R4].txt - [16038 byte] - [29/11/2014 22:16:26]
AdwCleaner[R5].txt - [2062 byte] - [30/11/2014 15:08:05]
AdwCleaner[R6].txt - [1951 byte] - [02/12/2014 11:57:22]
AdwCleaner[R7].txt - [2981 byte] - [20/04/2015 14:27:22]
AdwCleaner[R8].txt - [1738 byte] - [15/05/2015 09:28:30]
AdwCleaner[R9].txt - [1796 byte] - [21/05/2015 13:06:18]
AdwCleaner[S0].txt - [14724 byte] - [29/04/2014 15:41:58]
AdwCleaner[S1].txt - [1436 byte] - [29/04/2014 15:50:49]
AdwCleaner[S2].txt - [1296 byte] - [29/04/2014 16:39:41]
AdwCleaner[S3].txt - [1329 byte] - [30/04/2014 09:39:10]
AdwCleaner[S4].txt - [15781 byte] - [29/11/2014 22:21:25]
AdwCleaner[S5].txt - [1775 byte] - [30/11/2014 15:11:55]
AdwCleaner[S6].txt - [1890 byte] - [02/12/2014 12:01:58]
AdwCleaner[S7].txt - [2908 byte] - [20/04/2015 14:37:08]
AdwCleaner[S8].txt - [1718 byte] - [21/05/2015 13:16:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [1776  byte] ##########
 

Malwarebytes Anti-Malware
www.malwarebytes.org

Data scansione: 23/05/2015
Ora scansione: 12.38.17
File di log: mam.txt
Amministratore: Si

Versione: 2.01.6.1022
Database malware: v2015.05.23.01
Database rootkit: v2015.05.16.01
Licenza: Free
Protezione da malware: Disattivata
Protezione da siti web nocivi: Disattivata
Auto-protezione: Disattivata

SO: Windows 8.1
CPU: x64
File system: NTFS
Utente: LucaTixi

Tipo di scansione: Ricerca elementi nocivi
Risultati: Completata
Elementi analizzati: 471717
Tempo impiegato: 1 ore, 15 min, 14 sec

Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Euristica: Attivata
PUP: Attivata
PUM: Attivata

Processi: 0
(Nessun elemento nocivo rilevato)

Moduli: 0
(Nessun elemento nocivo rilevato)

Chiavi di registro: 24
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2FF9696A-D071-4724-8DF3-70023AC634B7}, Messo in quarantena, [7598d5c2385245f118f0ed8806ff7b85],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C8B7D8E-4245-444D-AFF8-1EEC973BE5B3}, Messo in quarantena, [cc41aaed53379f97d237740116efe917],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7CBFC949-2735-4FA4-B7C6-CAC03629F76F}, Messo in quarantena, [020be1b60e7cbb7be42593e25fa62fd1],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D6D3B69C-A98E-46CA-B93F-824B45DF3D8A}, Messo in quarantena, [24e9d4c3a1e92e085fa9314420e5bf41],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F9B74CB4-2E6D-41DD-AB94-953A474080C1}, Messo in quarantena, [31dc2d6a0c7e42f470974a2b62a308f8],
PUP.Optional.Sense.A, HKLM\SOFTWARE\WOW6432NODE\Sense-nv, Messo in quarantena, [41cce0b752386bcbe2a1b2ba93729c64],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Messo in quarantena, [67a6a5f2642688ae54bb0fcea45ffd03],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2FF9696A-D071-4724-8DF3-70023AC634B7}, Messo in quarantena, [bf4e3f58a5e550e65eaab8bd92737a86],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C8B7D8E-4245-444D-AFF8-1EEC973BE5B3}, Messo in quarantena, [2ae3fc9b2e5c8ea8b554b7bece37fb05],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7CBFC949-2735-4FA4-B7C6-CAC03629F76F}, Messo in quarantena, [d538afe8d7b3b482b3569adb0ef7ee12],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D6D3B69C-A98E-46CA-B93F-824B45DF3D8A}, Messo in quarantena, [8c813364c8c286b02bdd99dc0cf9ea16],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F9B74CB4-2E6D-41DD-AB94-953A474080C1}, Messo in quarantena, [e726bddaa4e66fc716f1a4d1fe07f40c],
PUP.Optional.Sense.A, HKU\S-1-5-18\SOFTWARE\Sense-nv, Messo in quarantena, [fe0fb3e40f7be94daada650750b5a55b],
PUP.Optional.Sense.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\Sense-nv, Messo in quarantena, [bc518116107aff3713714a2220e53ec2],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{18A6481B-9360-40C0-98BA-A9C5D93243D8}, Messo in quarantena, [68a5a8ef236794a2f70f9dd84bba1de3],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2FF9696A-D071-4724-8DF3-70023AC634B7}, Messo in quarantena, [9a73128562280a2c46bfc6af7a8bc838],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C495093-C366-4A8E-8216-BBA279E8BC58}, Messo in quarantena, [52bbeaadb9d1cc6aed18d99c1ee7659b],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C8B7D8E-4245-444D-AFF8-1EEC973BE5B3}, Messo in quarantena, [db320493a0ea0036cf37066f51b46997],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7CBFC949-2735-4FA4-B7C6-CAC03629F76F}, Messo in quarantena, [c944afe88a001f1763a3da9b8b7a32ce],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C78FB95B-1D0E-4E91-9D93-80AC38415BA7}, Messo in quarantena, [cc411384e7a394a2a16505701beada26],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D6D3B69C-A98E-46CA-B93F-824B45DF3D8A}, Messo in quarantena, [41cccacd35556ec8ba4b6510a5600ff1],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DA3BB057-C7E7-4B91-AA5F-12B7D51BD7DE}, Messo in quarantena, [45c85e39206a6acc2adbd4a13dc8ae52],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DCB3D430-9ECF-4E69-93C1-1ED0FD363D38}, Messo in quarantena, [4ac3aceb66240b2b26e0d4a1798c7888],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F9B74CB4-2E6D-41DD-AB94-953A474080C1}, Messo in quarantena, [4cc1e0b77218dc5a23e1df96f3126d93],

Valori di registro: 20
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2ff9696a-d071-4724-8df3-70023ac634b7}|AppName, Torntv V9.0-buttonutil.exe, Messo in quarantena, [7598d5c2385245f118f0ed8806ff7b85]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6c8b7d8e-4245-444d-aff8-1eec973be5b3}|AppName, Sense-codedownloader.exe, Messo in quarantena, [cc41aaed53379f97d237740116efe917]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7cbfc949-2735-4fa4-b7c6-cac03629f76f}|AppName, Torntv V9.0-codedownloader.exe, Messo in quarantena, [020be1b60e7cbb7be42593e25fa62fd1]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d6d3b69c-a98e-46ca-b93f-824b45df3d8a}|AppName, Sense-buttonutil.exe, Messo in quarantena, [24e9d4c3a1e92e085fa9314420e5bf41]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f9b74cb4-2e6d-41dd-ab94-953a474080c1}|AppName, Sense-bg.exe, Messo in quarantena, [31dc2d6a0c7e42f470974a2b62a308f8]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2ff9696a-d071-4724-8df3-70023ac634b7}|AppName, Torntv V9.0-buttonutil.exe, Messo in quarantena, [bf4e3f58a5e550e65eaab8bd92737a86]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6c8b7d8e-4245-444d-aff8-1eec973be5b3}|AppName, Sense-codedownloader.exe, Messo in quarantena, [2ae3fc9b2e5c8ea8b554b7bece37fb05]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7cbfc949-2735-4fa4-b7c6-cac03629f76f}|AppName, Torntv V9.0-codedownloader.exe, Messo in quarantena, [d538afe8d7b3b482b3569adb0ef7ee12]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d6d3b69c-a98e-46ca-b93f-824b45df3d8a}|AppName, Sense-buttonutil.exe, Messo in quarantena, [8c813364c8c286b02bdd99dc0cf9ea16]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f9b74cb4-2e6d-41dd-ab94-953a474080c1}|AppName, Sense-bg.exe, Messo in quarantena, [e726bddaa4e66fc716f1a4d1fe07f40c]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{18A6481B-9360-40C0-98BA-A9C5D93243D8}|AppName, c9c343be-ec49-4b17-94fb-4d25bdf51533-2.exe-codedownloader.exe, Messo in quarantena, [68a5a8ef236794a2f70f9dd84bba1de3]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2ff9696a-d071-4724-8df3-70023ac634b7}|AppName, Torntv V9.0-buttonutil.exe, Messo in quarantena, [9a73128562280a2c46bfc6af7a8bc838]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C495093-C366-4A8E-8216-BBA279E8BC58}|AppName, c9c343be-ec49-4b17-94fb-4d25bdf51533-2.exe-buttonutil.exe, Messo in quarantena, [52bbeaadb9d1cc6aed18d99c1ee7659b]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6c8b7d8e-4245-444d-aff8-1eec973be5b3}|AppName, Sense-codedownloader.exe, Messo in quarantena, [db320493a0ea0036cf37066f51b46997]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7cbfc949-2735-4fa4-b7c6-cac03629f76f}|AppName, Torntv V9.0-codedownloader.exe, Messo in quarantena, [c944afe88a001f1763a3da9b8b7a32ce]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C78FB95B-1D0E-4E91-9D93-80AC38415BA7}|AppName, c9c343be-ec49-4b17-94fb-4d25bdf51533-2.exe-codedownloader.exe, Messo in quarantena, [cc411384e7a394a2a16505701beada26]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d6d3b69c-a98e-46ca-b93f-824b45df3d8a}|AppName, Sense-buttonutil.exe, Messo in quarantena, [41cccacd35556ec8ba4b6510a5600ff1]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DA3BB057-C7E7-4B91-AA5F-12B7D51BD7DE}|AppName, c9c343be-ec49-4b17-94fb-4d25bdf51533-2.exe-buttonutil.exe, Messo in quarantena, [45c85e39206a6acc2adbd4a13dc8ae52]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DCB3D430-9ECF-4E69-93C1-1ED0FD363D38}|AppName, c9c343be-ec49-4b17-94fb-4d25bdf51533-2.exe-codedownloader.exe, Messo in quarantena, [4ac3aceb66240b2b26e0d4a1798c7888]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-565506067-3698530459-4260336734-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f9b74cb4-2e6d-41dd-ab94-953a474080c1}|AppName, Sense-bg.exe, Messo in quarantena, [4cc1e0b77218dc5a23e1df96f3126d93]

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Cartelle: 0
(Nessun elemento nocivo rilevato)

File: 1
PUP.Optional.GeForce.A, C:\Windows\System32\Tasks\Installer_geforce, Messo in quarantena, [33dad9bec2c88caaf022607f030021df],

Settori fisici: 0
(Nessun elemento nocivo rilevato)


(end)



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:49 PM

Posted 23 May 2015 - 05:04 PM

Hello -

That has cleaned out a lot of smaller infections, so is the computer running better now ??

 

Please open AdwCleaner by Xplode hit Uninstall so that you can install a new version when needed.

AdwCleaner[S8].txt - [1718 byte] - [21/05/2015 13:16:33] means that you have not updated the program since AdwCleaner[S0].txt - [14724 byte] - [29/04/2014 15:41:58] ...

[S0] was the log I wanted to see, and most likely cleaned all of the problems that you had

Install a fresh copy of AdwCleaner by Xplode from Here or Here as the program has been updated recently, and has no automatic updater.

 

Is your Home Page back to normal yet, or do we need to reset that as well ??

 

Update Adobe Flash Player from HERE and Untick any free offers, as they are just advertising

 

Update to the latest Firefox version from HERE

 

Please finish the ESET OnlineScan, and post any result back here ..........

 

Thank You.



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:49 PM

Posted 31 May 2015 - 06:43 PM

Hello Luca -

As part of the new month, I will stop following my older posts as they are not getting replies.

 

Either repost with a link to this topic, or follow these directions for more Expert help.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide .

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running "FRST" which will create two logs.

When you have done that, Post your logs (as directed) in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs , then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them.
A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one, to prevent others answering incorrectly.

 

Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users