Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijackthis log please help diagnose


  • This topic is locked This topic is locked
12 replies to this topic

#1 didi12

didi12

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 12 September 2015 - 12:47 PM

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:16:13, on 12/09/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18015)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\delphine\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Orange Installer] "C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Système')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: FAH.lnk = C:\Program Files\WinZip\FAH\FAHConsole.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Préchargeur.lnk = C:\Program Files\WinZip\WzPreloader.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\UtcResources.dll,-3001 (DiagTrack) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: HP Network Devices Support (HPSLPSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Realtek11nSU - Realtek - C:\Program Files (x86)\BlueStork BS-WN-USB NANO 11n USB Wireless LAN Utility\RtlService.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
 
--
End of file - 24815 bytes
 


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:49 PM

Posted 12 September 2015 - 03:31 PM

Hello didi12 and welcome to BleepingComputer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

AdwCleaner log
RKreport.txt
Frst.txt
Addition.txt


Thanks

Satchfan


Edited by satchfan, 13 September 2015 - 09:50 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:49 PM

Posted 15 September 2015 - 03:20 AM

Hi didi12

It has been several days since I replied to your request for help with your computer problems.

Please let me know if you are having problems and still need help.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#4 didi12

didi12
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 16 September 2015 - 01:10 AM

Hi,
 
Sorry, I'm working yesterday.

 

I've the log of adwcleaner and rkreport.txt.

 

Sorry for my English language, because i'm frenchy.

 

I don't look where is the symbol for insert my logs.

 

Help me. please



#5 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:49 PM

Posted 16 September 2015 - 01:51 AM

Please copy and paste them into your post, (you may have to use Ctrl+V to paste them in).


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 didi12

didi12
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 16 September 2015 - 08:11 AM

Hi,

Thank you for quickly anser.

 

# AdwCleaner v5.007 - Rapport créé le 13/09/2015 à 17:48:51
# Mis à jour le 08/09/2015 par Xplode
# Base de données : 2015-09-10.1 [Serveur]
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (x64)
# Nom d'utilisateur : delphine - DELPHINE-PC
# Exécuté depuis : C:\Users\delphine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S8BDWGKM\adwcleaner_5.007.exe
# Option : Scanner
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Trouvé : Partner Service

***** [ Dossiers ] *****

Dossier Trouvé : C:\Program Files (x86)\globalUpdate
Dossier Trouvé : C:\Program Files (x86)\YouTube Accelerator
Dossier Trouvé : C:\Program Files (x86)\download Manager
Dossier Trouvé : C:\ProgramData\apn
Dossier Trouvé : C:\ProgramData\Partner
Dossier Trouvé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator
Dossier Trouvé : C:\Users\delphine\AppData\Local\globalUpdate
Dossier Trouvé : C:\Users\delphine\AppData\LocalLow\Goobzo
Dossier Trouvé : C:\Users\delphine\AppData\Roaming\Store
Dossier Trouvé : C:\Users\delphine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BoBrowser
Dossier Trouvé : C:\Users\Public\Documents\Goobzo

***** [ Fichiers ] *****

Fichier Trouvé : C:\END
Fichier Trouvé : C:\Users\delphine\Desktop\Facebook.lnk
Fichier Trouvé : C:\Users\delphine\Desktop\Youtube.lnk
Fichier Trouvé : C:\Users\mael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
Fichier Trouvé : C:\Users\mael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
Fichier Trouvé : C:\Users\Public\Desktop\eBay.lnk

***** [ Raccourcis ] *****

***** [ Tâches planifiées ] *****

Tâche Trouvée : PostPoneInstall
Tâche Trouvée : MAXDriverUpdater_UPDATES
Tâche Trouvée : MAXDriverUpdaterRunAtStartup
Tâche Trouvée : crash_service
Tâche Trouvée : CGN

***** [ Registre ] *****

Clé Trouvée : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Clé Trouvée : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Clé Trouvée : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Clé Trouvée : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Clé Trouvée : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Clé Trouvée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\bobrowser.exe
Clé Trouvée : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Clé Trouvée : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Clé Trouvée : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Clé Trouvée : HKCU\Software\Classes\CLSID\19041B6B-8F97-4669-BA21-C17572737ED2
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Clé Trouvée : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Clé Trouvée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Clé Trouvée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Clé Trouvée : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Clé Trouvée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Clé Trouvée : HKCU\Software\APN PIP
Clé Trouvée : HKCU\Software\simplytech
Clé Trouvée : HKCU\Software\Store
Clé Trouvée : HKCU\Software\WTools
Clé Trouvée : HKCU\Software\Linkey
Clé Trouvée : HKCU\Software\Kromtech
Clé Trouvée : HKCU\Software\csdimedia
Clé Trouvée : HKLM\SOFTWARE\Conduit
Clé Trouvée : HKLM\SOFTWARE\GlobalUpdate
Clé Trouvée : HKLM\SOFTWARE\SearchProtect
Clé Trouvée : HKLM\SOFTWARE\Clara
Clé Trouvée : HKLM\SOFTWARE\SpeedBit
Clé Trouvée : HKLM\SOFTWARE\AIM Toolbar
Clé Trouvée : HKLM\SOFTWARE\csdimedia
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Clé Trouvée : [x64] HKCU\Software\APN PIP
Clé Trouvée : [x64] HKCU\Software\simplytech
Clé Trouvée : [x64] HKCU\Software\Store
Clé Trouvée : [x64] HKCU\Software\WTools
Clé Trouvée : [x64] HKCU\Software\Linkey
Clé Trouvée : [x64] HKCU\Software\Kromtech
Clé Trouvée : [x64] HKCU\Software\csdimedia
Clé Trouvée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}

***** [ Navigateurs ] *****

[C:\Users\delphine\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Trouvé : oursurfing
[C:\Users\delphine\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Trouvée : hxxp://www.oursurfing.com/?type=hp&ts=1440412446&z=93db55ac9a41476e2984b2bgfz8zee3zfg6obz6z3w&from=age&uid=395049983_1052514_D8607C84
[C:\Users\delphine\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Trouvée : hxxp://www.oursurfing.com/webfavicon.ico
[C:\Users\delphine\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Trouvée : oilkkkefbalmbfppgjmgjoefbclebkce
[C:\Users\delphine\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Trouvée : hxxp://www.oursurfing.com/?type=hp&ts=1440412446&z=93db55ac9a41476e2984b2bgfz8zee3zfg6obz6z3w&from=age&uid=395049983_1052514_D8607C84

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [5983 octets] ##########

 

 

______________________________________________________________________________________________________________________________________________________

 

quarantime adwcleaner

 

C:\Program Files (x86)\YouTube Accelerator\cancel.gif->C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\cancel.gif.vir
C:\Program Files (x86)\YouTube Accelerator\comtest.gif->C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\comtest.gif.vir
C:\Program Files (x86)\YouTube Accelerator\INSTALL.LOG->C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\INSTALL.LOG.vir
C:\Program Files (x86)\YouTube Accelerator\instlsp.log->C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\instlsp.log.vir
C:\Program Files (x86)\YouTube Accelerator\ok.gif->C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\ok.gif.vir
C:\Program Files (x86)\YouTube Accelerator\progbar.gif->C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\progbar.gif.vir
C:\Program Files (x86)\YouTube Accelerator\res\blank.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\res\blank.html.vir
C:\ProgramData\Partner\debug.log->C:\AdwCleaner\Quarantine\C\ProgramData\Partner\debug.log.vir
C:\ProgramData\Partner\Partner.dll->C:\AdwCleaner\Quarantine\C\ProgramData\Partner\Partner.dll.vir
C:\ProgramData\Partner\Partner.exe->C:\AdwCleaner\Quarantine\C\ProgramData\Partner\Partner.exe.vir
C:\ProgramData\Partner\Partner64.dll->C:\AdwCleaner\Quarantine\C\ProgramData\Partner\Partner64.dll.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator\About YouTube Accelerator.url->C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator\About YouTube Accelerator.url.vir
C:\Users\delphine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BoBrowser\BoBrowser.lnk->C:\AdwCleaner\Quarantine\C\Users\delphine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BoBrowser\BoBrowser.lnk.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\config.xml->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\config.xml.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\va_conf.dat->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\va_conf.dat.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\acceleration_not_supported.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\acceleration_not_supported.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\activation_expired.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\activation_expired.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\activation_offline.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\activation_offline.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\blank.html->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\blank.html.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\dl_update.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\dl_update.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\exiting.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\exiting.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\hd_disabled.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\hd_disabled.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\itunesmessage.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\itunesmessage.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\noupdates.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\noupdates.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\now_accelerating.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\now_accelerating.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\oem_video_accelerator.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\oem_video_accelerator.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\olddriver.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\olddriver.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\premium_now_accelerating.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\premium_now_accelerating.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\premium_video_accelerator.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\premium_video_accelerator.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\restart.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\restart.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\silenttestfailed.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\silenttestfailed.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\silenttestsucceeded.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\silenttestsucceeded.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\test.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\test.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\trialexp_video_accelerator.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\trialexp_video_accelerator.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\trial_now_accelerating.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\trial_now_accelerating.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\trial_video_accelerator.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\trial_video_accelerator.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\tweetmessage.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\tweetmessage.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\update.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\update.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\va_off.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\va_off.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\va_on.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\va_on.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\video_accelerator.mht->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Res\VARes_1000008\video_accelerator.mht.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Log\engine_5792_YouTubeAcceleratorService.log->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Log\engine_5792_YouTubeAcceleratorService.log.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Log\engine_5956_testlsp.log->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Log\engine_5956_testlsp.log.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Log\helper_5956_testlsp.log->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Log\helper_5956_testlsp.log.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Log\ipc_5016_YouTubeAccelerator.log->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Log\ipc_5016_YouTubeAccelerator.log.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Log\ipc_5792_YouTubeAcceleratorService.log->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Log\ipc_5792_YouTubeAcceleratorService.log.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Log\ipc_5956_testlsp.log->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Log\ipc_5956_testlsp.log.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Log\LspCommTest.zip->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Log\LspCommTest.zip.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Log\testlsp_5956.log->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Log\testlsp_5956.log.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Log\YouTubeAcceleratorService_5792.log->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Log\YouTubeAcceleratorService_5792.log.vir
C:\Users\Public\Documents\Goobzo\YouTube Accelerator\Log\YouTubeAccelerator_5016.log->C:\AdwCleaner\Quarantine\C\Users\Public\Documents\Goobzo\YouTube Accelerator\Log\YouTubeAccelerator_5016.log.vir
C:\END->C:\AdwCleaner\Quarantine\C\END.vir
C:\Users\delphine\Desktop\Facebook.lnk->C:\AdwCleaner\Quarantine\C\Users\delphine\Desktop\Facebook.lnk.vir
C:\Users\delphine\Desktop\Youtube.lnk->C:\AdwCleaner\Quarantine\C\Users\delphine\Desktop\Youtube.lnk.vir
C:\Users\mael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\mael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage.vir
C:\Users\mael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage-journal->C:\AdwCleaner\Quarantine\C\Users\mael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage-journal.vir
C:\Users\Public\Desktop\eBay.lnk->C:\AdwCleaner\Quarantine\C\Users\Public\Desktop\eBay.lnk.vir

______________________________________________________________________________________________________________________________________________________________________________

 

RogueKiller V10.10.4.0 [Sep  4 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en  : Mode normal
Utilisateur : delphine [Administrateur]
Démarré depuis : C:\Users\delphine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2BP42A7L\RogueKiller.exe
Mode : Scan -- Date : 09/13/2015 19:03:32

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 4 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} (C:\ProgramData\Partner\Partner64.dll) -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} (C:\ProgramData\Partner\Partner64.dll) -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2637645801-1422052124-327599547-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2637645801-1422052124-327599547-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Trouvé(e)

¤¤¤ Tâches : 3 ¤¤¤
[Suspicious.Path] \crash_service -- C:\Users\delphine\AppData\Local\BoBrowser\Application\crash_service.exe (--max-reports=50 --no-window -v=1) -> Trouvé(e)
[Suspicious.Path] \PostPoneInstall -- C:\Users\delphine\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe (C:\Users\delphine\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe /INSTALL /dwlurl=http://vzbucket.clara-labs.com/3c91fcc2-ce59-42b3-b901-f68079520898/build/1.36.1.25/1068c92a-e71e-417a-beb8-ff6c250c11ff.exe /zdata=appinstanceuid%3d1b797c3d-8f17-4fea-a787-8db0df50bbd5%26appkey%3d3c91fcc2-ce59-42b3-b901-f68079520898  /bagkey=ihVJfEXP /configid=7 /configurationfields=325 /configid=5 --make-default-browser=true  -AppInstanceUid=1B797C3D-8F17-4FEA-A787-8DB0DF50BBD5) -> Trouvé(e)
[Suspicious.Path] \Microsoft\Windows\Media Center\PeriodicScanRetry -- %windir%\ehome\MCUpdate.exe (-pscn 0) -> Trouvé(e)

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Non chargé [0xc000036b]) ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 55ebaf4480d9369ccf9a6526dd66c2b0
[BSP] abccb98eaa51f460c4ecb0d0d0f5ae2d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 27265024 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 27469824 | Size: 469966 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 989960192 | Size: 470489 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Fonction incorrecte. )

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive5: TOSHIBA External USB 3.0 USB Device +++++
--- User ---
[MBR] 073baf65519c11f661dc49f24a131a41
[BSP] 1d8251d0f0b81b20fc0e7a26cbc1a1ab : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive6: HP Photosmart B110 USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

 

___________________________________________________________________________________________________________________________

 

Farbar Service Scanner Version: 26-07-2015
Ran by delphine (administrator) on 16-09-2015 at 15:07:12
Running from "C:\Users\delphine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H91DRO5F"
Microsoft Windows 7 Édition Familiale Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

_________________________________________________________________________________________________

 

I hope that you will find the solution to my problem. Thanks
 



#7 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:49 PM

Posted 16 September 2015 - 09:02 AM

I hope that you will find the solution to my problem.

 

I hope so too. :)

 

 

Your FRST scan was not complete but we’ll leave that for now.

Also, you are not saving downloads to your desktop and some of our programs will not work properly unless they are there, (on the desktop). Please make sure that all other programs I ask you to download are saved on your desktop or else, move them there after the download has finished.

Thank you.


There is a lot of infection on your computer but some of it has been "fixed”. We’ll fix some more and run some other scans to see how bad it is.


Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

  • close all programs
  • double-click RogueKiller.exe - Windows 7: right-click the program and select Run as Administrator'
  • after it has completed it's prescan, click on Scan
  • click on the click on the “Registre” tab
  • make sure the following entries there are checked:


    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} (C:\ProgramData\Partner\Partner64.dll) -> Trouvé(e)
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} (C:\ProgramData\Partner\Partner64.dll) -> Trouvé(e)

     

  • click on the click on the “Tâches” tab and place a checkmark next to these:


    [Suspicious.Path] \crash_service -- C:\Users\delphine\AppData\Local\BoBrowser\Application\crash_service.exe (--max-reports=50 --no-window -v=1) -> Trouvé(e)
    [Suspicious.Path] \PostPoneInstall -- C:\Users\delphine\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe (C:\Users\delphine\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe /INSTALL /dwlurl=http://vzbucket.clara-labs.com/3c91fcc2-ce59-42b3-b901-f68079520898/build/1.36.1.25/1068c92a-e71e-417a-beb8-ff6c250c11ff.exe /zdata=appinstanceuid%3d1b797c3d-8f17-4fea-a787-8db0df50bbd5%26appkey%3d3c91fcc2-ce59-42b3-b901-f68079520898  /bagkey=ihVJfEXP /configid=7 /configurationfields=325 /configid=5 --make-default-browser=true  -AppInstanceUid=1B797C3D-8F17-4FEA-A787-8DB0DF50BBD5) -> Trouvé(e)
    [Suspicious.Path] \Microsoft\Windows\Media Center\PeriodicScanRetry -- %windir%\ehome\MCUpdate.exe (-pscn 0) -> Trouvé(e)

     

  • then press the Delete button and post the log it produces.

===================================================

Download Malwarebytes-Anti-Malware

Click here.

  • double-click mbam-setup.exe and follow the prompts to install the program – (Note: Vista & Windows 7 users, please right-click and select “Run as Administrator”)
  • select the “Scan” tab at the top
  • there are three scan types; choose Threat Scan, then click on Scan
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

===================================================

Run aswMBR

  • download aswMBR.exe to your desktop
  • double click the aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply. Note - do NOT attempt any Fix yet.

Logs to include with next post:

RogueKiller fix log
aswMBR log
Mbam.txt


Can you tell me if there is any improvement.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 didi12

didi12
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 16 September 2015 - 11:34 AM

result MBAM

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Error, 16/09/2015 07:50, SYSTEM, DELPHINE-PC, Protection, IsLicensed, 13,
Protection, 16/09/2015 07:50, SYSTEM, DELPHINE-PC, Protection, Malware Protection, Stopping,
Protection, 16/09/2015 07:50, SYSTEM, DELPHINE-PC, Protection, Malware Protection, Stopped,
Update, 16/09/2015 17:50, SYSTEM, DELPHINE-PC, Manual, Remediation Database, 2015.8.28.2, 2015.9.11.1,
Update, 16/09/2015 17:50, SYSTEM, DELPHINE-PC, Manual, Domain Database, 2015.7.24.2, 2015.9.16.5,
Update, 16/09/2015 17:50, SYSTEM, DELPHINE-PC, Manual, AKA IP Database, 2015.9.7.1, 2015.9.11.2,
Update, 16/09/2015 17:50, SYSTEM, DELPHINE-PC, Manual, AKA Domain Database, 2015.9.8.1, 2015.9.11.2,
Update, 16/09/2015 17:50, SYSTEM, DELPHINE-PC, Manual, IP Database, 2015.7.24.3, 2015.9.16.1,
Update, 16/09/2015 17:51, SYSTEM, DELPHINE-PC, Manual, Malware Database, 2015.9.8.5, 2015.9.16.4,
Scan, 16/09/2015 18:25, SYSTEM, DELPHINE-PC, Manual, Départ : 16/09/2015 17:52, Durée : 32 min 38 s, Analyse des menaces, Terminé, 0 détections de programmes malveillants, 0 détections de programmes non malveillants,

(end)

 

and  the analysis of roguekiller stopped(arrested) suddenly.
I am going to begin again



#9 didi12

didi12
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 16 September 2015 - 11:55 AM

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-09-16 18:45:45
-----------------------------
18:45:45.863    OS Version: Windows x64 6.1.7601 Service Pack 1
18:45:45.863    Number of processors: 2 586 0x602
18:45:45.863    ComputerName: DELPHINE-PC  UserName: delphine
18:45:48.627    Initialize success
18:45:48.677    VM: initialized successfully
18:45:48.677    VM: Amd CPU supported virtualized
18:45:52.987    AVAST engine defs: 15091501
18:46:03.419    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
18:46:03.419    Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
18:46:03.559    Disk 0 MBR read successfully
18:46:03.559    Disk 0 MBR scan
18:46:03.579    Disk 0 Windows 7 default MBR code
18:46:03.579    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13312 MB offset 2048
18:46:03.609    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 27265024
18:46:03.609    Disk 0 default boot code
18:46:03.639    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       469966 MB offset 27469824
18:46:03.669    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       470489 MB offset 989960192
18:46:03.699    Disk 0 scanning C:\Windows\system32\drivers
18:46:13.531    Service scanning
18:46:33.749    Modules scanning
18:46:33.749    Disk 0 trace - called modules:
18:46:33.779    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
18:46:33.779    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045f0370]
18:46:33.789    3 CLASSPNP.SYS[fffff8800198f43f] -> nt!IofCallDriver -> [0xfffffa8004028b30]
18:46:33.789    5 ACPI.sys[fffff88000ec77a1] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa80042a6400]
18:46:35.129    AVAST engine scan C:\Windows
18:46:38.237    AVAST engine scan C:\Windows\system32
18:50:14.164    AVAST engine scan C:\Windows\system32\drivers
18:50:32.624    AVAST engine scan C:\Users\delphine
18:54:24.628    Disk 0 MBR has been saved successfully to "C:\Users\delphine\Desktop\MBR.dat"
18:54:24.638    The log file has been saved successfully to "C:\Users\delphine\Desktop\aswMBR 16 09 2015.txt"

 



#10 didi12

didi12
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 16 September 2015 - 02:29 PM

Hi,

 

rocguekiller is here !!! :bananas:

 

rogueKiller V10.10.5.0 [Sep 14 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en  : Mode normal
Utilisateur : delphine [Administrateur]
Démarré depuis : C:\Users\delphine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2BP42A7L\RogueKiller.exe
Mode : Scan -- Date : 09/16/2015 20:38:05

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 6 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} (C:\ProgramData\Partner\Partner64.dll) -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} (C:\ProgramData\Partner\Partner64.dll) -> Trouvé(e)
[Suspicious.Path|Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMBR (\??\C:\Users\delphine\AppData\Local\Temp\aswMBR.sys) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMBR (\??\C:\Users\delphine\AppData\Local\Temp\aswMBR.sys) -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2637645801-1422052124-327599547-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2637645801-1422052124-327599547-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Trouvé(e)

¤¤¤ Tâches : 2 ¤¤¤
[Suspicious.Path] \crash_service -- C:\Users\delphine\AppData\Local\BoBrowser\Application\crash_service.exe (--max-reports=50 --no-window -v=1) -> Trouvé(e)
[Suspicious.Path] \PostPoneInstall -- C:\Users\delphine\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe (C:\Users\delphine\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe /INSTALL /dwlurl=http://vzbucket.clara-labs.com/3c91fcc2-ce59-42b3-b901-f68079520898/build/1.36.1.25/1068c92a-e71e-417a-beb8-ff6c250c11ff.exe /zdata=appinstanceuid%3d1b797c3d-8f17-4fea-a787-8db0df50bbd5%26appkey%3d3c91fcc2-ce59-42b3-b901-f68079520898  /bagkey=ihVJfEXP /configid=7 /configurationfields=325 /configid=5 --make-default-browser=true  -AppInstanceUid=1B797C3D-8F17-4FEA-A787-8DB0DF50BBD5) -> Trouvé(e)

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Non chargé [0xc000036b]) ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10 EADS-22M2B0 SCSI Disk Device +++++
--- User ---
[MBR] 55ebaf4480d9369ccf9a6526dd66c2b0
[BSP] abccb98eaa51f460c4ecb0d0d0f5ae2d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 27265024 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 27469824 | Size: 469966 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 989960192 | Size: 470489 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Fonction incorrecte. )

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive5: HP Photosmart B110 USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )



#11 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:49 PM

Posted 16 September 2015 - 03:46 PM

Let us take this a little bit at a time because it is very difficult when some of our programs are run in different languages.

RogueKiller found some things that need to be fixed but although I gave you instructions, they were probably not to your understanding.

Please run RogueKiller again and I’ll put the instructions here again with a little difference, (that word is the same in French isn’t it?)


Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

  • close all programs
  • double-click RogueKiller.exe - Windows 7: right-click the program and select Run as Administrator'
  • after it has completed it's prescan, click on Scan
  • click on the click on the “Registre” tab
  • make sure the following entries there are checked:


    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} (C:\ProgramData\Partner\Partner64.dll) -> Trouvé(e)
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} (C:\ProgramData\Partner\Partner64.dll) -> Trouvé(e)


     

  • click on the click on the “Tâches” tab and place a checkmark next to these:


    [Suspicious.Path] \crash_service -- C:\Users\delphine\AppData\Local\BoBrowser\Application\crash_service.exe (--max-reports=50 --no-window -v=1) -> Trouvé(e)
    [Suspicious.Path] \PostPoneInstall -- C:\Users\delphine\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe (C:\Users\delphine\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe /INSTALL /dwlurl=http://vzbucket.clara-labs.com/3c91fcc2-ce59-42b3-b901-f68079520898/build/1.36.1.25/1068c92a-e71e-417a-beb8-ff6c250c11ff.exe /zdata=appinstanceuid%3d1b797c3d-8f17-4fea-a787-8db0df50bbd5%26appkey%3d3c91fcc2-ce59-42b3-b901-f68079520898 /bagkey=ihVJfEXP /configid=7 /configurationfields=325 /configid=5 --make-default-browser=true -AppInstanceUid=1B797C3D-8F17-4FEA-A787-8DB0DF50BBD5) -> Trouvé(e)
    [Suspicious.Path] \Microsoft\Windows\Media Center\PeriodicScanRetry -- %windir%\ehome\MCUpdate.exe (-pscn 0) -> Trouvé(e)

     

  • then press the Suppression button and post the log it produces.

If you have a problem understanding anything, please tell me.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:49 PM

Posted 19 September 2015 - 05:05 PM

Hi didi12

It has been several days since I replied to your request for help with your computer problems.

Please let me know if you are having problems understanding the instructions and still need help.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:49 PM

Posted 21 September 2015 - 02:04 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users