Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Me Pls ! :)


  • This topic is locked This topic is locked
5 replies to this topic

#1 robert961996

robert961996

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 30 January 2016 - 06:56 AM

Mod Edit:  Merged posts, moved from Win 7 to Malware Removal Logs - Hamluis.
 
Advertising and Virus Removal
 
ComboFix 16-01-24.01 - Dom 2016-01-30  12:43:03.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.8154.3989 [GMT 1:00]
Uruchomiony z: c:\users\Dom\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\ntuser.pol
c:\users\Dom\Documents\PrawkoB2013P.tmp
c:\users\Dom\juzeczek łap .mp3
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2015-12-28 do 2016-01-30  )))))))))))))))))))))))))))))))
.
.
2016-01-30 11:48 . 2016-01-30 11:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-01-24 15:21 . 2016-01-30 09:21 -------- d-----w- c:\users\Dom\AppData\Local\Windows Live
2016-01-24 15:20 . 2016-01-24 15:20 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2016-01-24 15:19 . 2016-01-30 09:25 -------- d-----w- c:\users\Dom\AppData\Roaming\WarThunder
2016-01-03 16:41 . 2016-01-03 16:42 -------- d-----r- C:\CS go
2016-01-02 19:12 . 2016-01-02 19:12 -------- d-----w- c:\users\Dom\AppData\Roaming\SimpleFiles
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2015-12-22 3639280]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-12-14 3013712]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-12-17 50385536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-11 5515496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-03 1021128]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-10 335232]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-12 5028464]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Start BT in service;Start BT in service;c:\program files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe;c:\program files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 XFDriver64;XFDriver64;c:\program files (x86)\Xfire2\XFDriver64.sys;c:\program files (x86)\Xfire2\XFDriver64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Sterownik przełącznika kontrolera hosta Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 VirtDiskBus;3TB+ Unlock;c:\windows\system32\DRIVERS\VirtDiskBus64.sys;c:\windows\SYSNATIVE\DRIVERS\VirtDiskBus64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 iusb3hub;Sterownik koncentratora Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Sterownik kontrolera hosta Intel® USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8023x64;Sterownik Realtek 10/100 NIC Family NDIS x64;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2016-01-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-22 07:09]
.
2016-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-22 06:56]
.
2016-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-22 06:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-09 22:12 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-12 5028464]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-06-03 2754704]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-06-03 1571696]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\program files (x86)\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 185.124.119.251 185.124.119.252
FF - ProfilePath - c:\users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\lmi5n64d.default\
FF - prefs.js: browser.startup.homepage - hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghFeVxcAwBGRRgUJVoBTA1IGAwOeAsPBxRDF1MbI11cUlxIFQEFIk0FA18DB0VXfWFoKB8fHHFKM1pXF1wDdUdGIUpNE1w=
user_pref(extensions.autoDisableScopes,14);
user_pref(xpinstall.signatures.required,false);
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Wow6432Node-HKCU-Run-MyDefragReminder - c:\program files (x86)\FixCleanRepair\DefragReminder.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-Origin - c:\program files (x86)\Origin\OriginUninstall.exe
AddRemove-{5E4F9CDE-1459-4B00-9938-2B3598303C1C}_is1 - c:\mody wot\unins000.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2972107 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2972216 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2978128 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2979578v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3037581 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2016-01-30  12:50:25
ComboFix-quarantined-files.txt  2016-01-30 11:50
.
Przed: 107 576 061 952 bajtów wolnych
Po: 107 444 289 536 bajtów wolnych
.
- - End Of File - - 394D5C5A5351A587D9FADA246D043BB3
A36C5E4F47E84449FF07ED3517B43A31


Raport with  AdwCleaner 
 
 
# AdwCleaner v5.031 - Utworzono raport 30/01/2016 o 13:21:35
# Ostatnia aktualizacja 25/01/2016 przez Xplode
# Baza danych : 2016-01-25.3 [Serwer]
# System operacyjny : Windows 7 Home Premium Service Pack 1 (x64)
# Nazwa użytkownika : Dom - DOM-PC
# Lokalizacja programu : C:\Users\Dom\Downloads\AdwCleaner.exe
# Działanie : Usuń
# Wsparcie : http://toolslib.net/forum
 
***** [ Usługi ] *****
 
 
***** [ Foldery ] *****
 
[-] Folder usunięto : C:\Program Files (x86)\Common Files\51603d73-31f4-492f-a43e-5b71fef2ce15
[-] Folder usunięto : C:\ProgramData\51603d73-31f4-492f-a43e-5b71fef2ce15
[-] Folder usunięto : C:\Users\Dom\AppData\Roaming\SimpleFiles
 
***** [ Pliki ] *****
 
[-] Plik usunięto : C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] Plik usunięto : C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] Plik usunięto : C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.newpoptab.com_0.localstorage
[-] Plik usunięto : C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.newpoptab.com_0.localstorage-journal
[-] Plik usunięto : C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.terraclicks.com_0.localstorage
[-] Plik usunięto : C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.terraclicks.com_0.localstorage-journal
[-] Plik usunięto : C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\lmi5n64d.default\user.js
[-] Plik usunięto : C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\lmi5n64d.default\searchplugins\default.xml
 
***** [ DLLs ] *****
 
 
***** [ Skróty ] *****
 
[-] Skrót wyleczono : C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Skrót wyleczono : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Skrót wyleczono : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Skrót wyleczono : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\Star Wars - The Old Republic.lnk
[-] Skrót wyleczono : C:\Users\Dom\Desktop\Google Chrome.lnk
[-] Skrót wyleczono : C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Skrót wyleczono : C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Skrót wyleczono : C:\Users\Dom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Skrót wyleczono : C:\Users\Dom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Skrót wyleczono : C:\Users\Dom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk
[-] Skrót wyleczono : C:\Users\Dom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
[-] Skrót wyleczono : C:\Users\Dom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk
 
***** [ Zaplanowane zadania ] *****
 
 
***** [ Rejestr ] *****
 
[-] Klucz usunięto : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Klucz usunięto : HKLM\SOFTWARE\Classes\TypeLib\{F338D95A-38E8-4E82-B1EA-6BD5DE68B618}
[-] Klucz usunięto : HKCU\Software\dobreprogramy
[-] Klucz usunięto : HKCU\Software\PRODUCTSETUP
[-] Klucz usunięto : HKCU\Software\SimpleFiles
[-] Klucz usunięto : HKLM\SOFTWARE\SimpleFiles
 
***** [ Przeglądarki internetowe ] *****
 
[-] [C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\lmi5n64d.default\prefs.js] [Preference] usunięto : user_pref("browser.startup.homepage", "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghFeVxcAwBGRRgUJVoBTA1IGAwOeAsPBxRDF1MbI11cUlxIFQEFIk0FA18DB0VXfWFoKB8fHHFKM1pXF1wDdUdGIUpNE1w=");
 
*************************
 
:: "Tracing" klucze usunięta
:: Zresetowano ustawienia Winsock
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [4060 bajty] ##########

Edited by hamluis, 30 January 2016 - 10:05 AM.


BC AdBot (Login to Remove)

 


#2 robert961996

robert961996
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 30 January 2016 - 03:35 PM

# AdwCleaner v5.031 - Logfile created 30/01/2016 at 21:30:19
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Karolina - KAROLINA
# Running from : C:\Users\Karolina\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : wfdrvr_vw_1_10_0_28
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\SearchesToYesbnd
[-] Folder Deleted : C:\Users\Karolina\AppData\Local\Gameo
[-] Folder Deleted : C:\Users\Karolina\AppData\Roaming\Gameo
[-] Folder Deleted : C:\Users\Karolina\AppData\Roaming\GoldenGate
 
***** [ Files ] *****
 
[-] File Deleted : C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[-] File Deleted : C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.istartsurf.com_0.localstorage
[-] File Deleted : C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.istartsurf.com_0.localstorage-journal
[-] File Deleted : C:\Users\Karolina\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\searchplugins\istartsurf.xml
[-] File Deleted : C:\Users\Karolina\AppData\Roaming\Mozilla\Firefox\Profiles\lrcuelvl.default\searchplugins\istartsurf.xml
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Mozilla\Extends
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [defsearchp@gmail.com]
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9CBB6D98-5673-44C2-B429-45EF963301D9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B81A3063-CE6C-4F9A-AEBD-5DDD0EA805A0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BA6EB888-8424-4C93-8E71-6050C714CFBE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{31D48CAD-F6D9-411A-A0C9-C1F051511A86}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D8409F9B-C49C-432D-A7EF-F888F0B18497}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E806AC01-E7A5-4949-AF7C-7E6E5775035B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F338D95A-38E8-4E82-B1EA-6BD5DE68B618}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9CBB6D98-5673-44C2-B429-45EF963301D9}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B81A3063-CE6C-4F9A-AEBD-5DDD0EA805A0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BA6EB888-8424-4C93-8E71-6050C714CFBE}
[-] Key Deleted : HKCU\Software\dobreprogramy
[-] Key Deleted : HKCU\Software\gameo
[-] Key Deleted : HKCU\Software\GoldenGate
[!] Key Not Deleted : HKCU\Software\Mozilla\Extends
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\FFPluginHp
[-] Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
[-] Key Deleted : HKLM\SOFTWARE\SupDp
[-] Key Deleted : HKLM\SOFTWARE\WdsManPro
[-] Key Deleted : HKLM\SOFTWARE\yessearchesSoftware
[!] Key Not Deleted : HKU\S-1-5-21-2464015959-2792135322-290026212-1001\Software\dobreprogramy
[!] Key Not Deleted : HKU\S-1-5-21-2464015959-2792135322-290026212-1001\Software\gameo
[!] Key Not Deleted : HKU\S-1-5-21-2464015959-2792135322-290026212-1001\Software\GoldenGate
[!] Key Not Deleted : HKU\S-1-5-21-2464015959-2792135322-290026212-1001\Software\Mozilla\Extends
[!] Key Not Deleted : HKU\S-1-5-21-2464015959-2792135322-290026212-1001\Software\PRODUCTSETUP
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Karolina\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("browser.newtab.url", "hxxp://www.yessearches.com/?ts=AHEpB30kBn8nAk..&v=20160121&uid=78C76938D1C434E1FC3DF756BA7224EB&ptid=ior&mode=ffseng");
[-] [C:\Users\Karolina\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "yessearches");
[-] [C:\Users\Karolina\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "yessearches");
[-] [C:\Users\Karolina\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxp://www.yessearches.com/?ts=AHEpB30kBn8nAk..&v=20160121&uid=78C76938D1C434E1FC3DF756BA7224EB&ptid=ior&mode=ffseng");
[-] [C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.istartsurf.com/webfavicon.ico
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5195 bytes] ##########
 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 30 January 2016 - 05:48 PM

Hello robert961996 and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
Please do the following.

Step 1:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 2:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   59 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Step 3:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 4:
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 robert961996

robert961996
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 02 February 2016 - 02:16 PM

~ ZHPCleaner v2016.2.2.20 by Nicolas Coolman (2016/02/02)

~ Run by Dom (Administrator)  (02/02/2016 20:14:08)

~ Site : http://www.nicolascoolman.fr

~ Facebook : https://www.facebook.com/nicolascoolman1

~ State version : Version OK

~ Type : Repair

~ Report : C:\Users\Dom\Desktop\ZHPCleaner.txt

~ Quarantine : C:\Users\Dom\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt

~ UAC : Activate

~ Boot Mode : Normal (Normal boot)

Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

 

---\\  Services (0)

~ No malicious or unnecessary items found.

 

---\\  Browser internet (0)

~ No malicious or unnecessary items found.

 

---\\  Hosts file (1)

~ The hosts file is legitimate (1)

 

---\\  Scheduled automatic tasks. (0)

~ No malicious or unnecessary items found.

 

---\\  Explorer ( File, Folder) (25)

MOVED file: C:\Users\Dom\Downloads\FixCleanRepair.exe [Applon Inc - Fix Clean Repair]  =>PUP.Optional.FixCleanRepair

MOVED file: C:\Users\Dom\Downloads\Grand_Theft_Auto_V_PC_full_game_CD_KEY_downloader.exe [New Monte Inc - Installer]  =>.Superfluous.NewMonteInc

MOVED file: C:\Users\Dom\Downloads\sh-remover (1).exe [Enigma Software Group USA, LLC. - Enigma Installer]  =>.Superfluous.SpyHunter

MOVED file: C:\Users\Dom\Downloads\sh-remover.exe [Enigma Software Group USA, LLC. - Enigma Installer]  =>.Superfluous.SpyHunter

MOVED file: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_discovertreasure-a.akamaihd.net_0.localstorage    =>PUP.Optional.AkamaiHD

MOVED file: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_discovertreasure-a.akamaihd.net_0.localstorage-journal    =>PUP.Optional.AkamaiHD

MOVED file: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_glassbottle-a.akamaihd.net_0.localstorage    =>PUP.Optional.AkamaiHD

MOVED file: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_glassbottle-a.akamaihd.net_0.localstorage-journal    =>PUP.Optional.AkamaiHD

MOVED file: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage    =>PUP.Optional.BoostSaves

MOVED file: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal    =>PUP.Optional.BoostSaves

MOVED file: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage    =>PUP.Optional.Generic

MOVED file: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal    =>PUP.Optional.Generic

MOVED file: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilividnewtab.com_0.localstorage    =>PUP.Optional.Bandoo

MOVED file: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilividnewtab.com_0.localstorage-journal    =>PUP.Optional.Bandoo

MOVED file: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage    =>PUP.Optional.Multiplug

MOVED file: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage-journal    =>PUP.Optional.Multiplug

MOVED file: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.pricemoon.co_0.localstorage    =>PUP.Optional.PriceMoon

MOVED file: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.pricemoon.co_0.localstorage-journal    =>PUP.Optional.PriceMoon

MOVED file: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safesidetabsearch.com_0.localstorage    =>PUP.Optional.Sidetab

MOVED file: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safesidetabsearch.com_0.localstorage-journal    =>PUP.Optional.Sidetab

MOVED file: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lollipop-network.com_0.localstorage    =>PUP.Optional.Lollipop

MOVED file: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lollipop-network.com_0.localstorage-journal    =>PUP.Optional.Lollipop

MOVED file: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.safesidetab.com_0.localstorage    =>PUP.Optional.Sidetab

MOVED file: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.safesidetab.com_0.localstorage-journal    =>PUP.Optional.Sidetab

MOVED folder: C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\File System\008  =>PUP.Optional.DomaIQ

 

---\\  Registry ( Key, Value, Data) (9)

DELETED key*: HKEY_USERS\S-1-5-21-172272006-34284816-2641117706-1000\SOFTWARE\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I []  =>Adware.InstallCore

DELETED key*: HKEY_USERS\S-1-5-21-172272006-34284816-2641117706-1000\SOFTWARE\FixCleanRepair []  =>PUP.Optional.FixCleanRepair

DELETED key: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I []  =>Adware.InstallCore

DELETED key: HKCU\Software\FixCleanRepair []  =>PUP.Optional.FixCleanRepair

DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\WordAnchor_1.10.0.19 []  =>PUP.Optional.WordAnchor

DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{44B3DD22-7295-476F-BBC0-E4AE8FC08C7B} [C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe]  =>PUP.Optional.SimpleFiles

DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{D826CC83-71BC-4074-8BF2-D8C8B5E18B6E} [C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe]  =>PUP.Optional.SimpleFiles

DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{3E2F7030-E1BE-44D1-89CE-C691941E77C4} [C:\Program Files (x86)\SimpleFiles\downloader.exe]  =>PUP.Optional.SimpleFiles

DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{78D8294D-13CC-466B-9422-DEAC3B7F9936} [C:\Program Files (x86)\SimpleFiles\downloader.exe]  =>PUP.Optional.SimpleFiles

 

---\\  Summary of the elements found (15)

 

---\\  Other deletions. (9)

~ Registry Keys Tracing deleted (9)

~ Remove the old reports ZHPCleaner. (0)

 

---\\ Result of repair

~ Repair carried out successfully

 

---\\ Statistics

~ Items scanned : 610

~ Items found : 0

~ Items cancelled : 0

~ Items repaired : 34

 

~ End of clean in 00h00mn17s

===================

ZHPCleaner-[R]-02022016-20_14_25.txt

ZHPCleaner-[S]-02022016-20_11_53.txt



#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 06 February 2016 - 07:08 PM

Are you still with me ?

 

5.Days


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 AM

Posted 11 February 2016 - 12:30 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users