Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed http://ɴ.net/proxy.pac but I think I still have something going on


  • Please log in to reply
5 replies to this topic

#1 StepTNT

StepTNT

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 12 June 2016 - 04:08 AM

After some weeks of fighting, I managed to remove the http://ɴ.net/proxy.pac thing.

 

I wasn't able to track down which process was writing into the registry (I've tried with registry auditing but it didn't give enough details), so I think I still may have something on my machine and I need your help with this.

 

I've tried scanning with Avast, adwCleaner and Zemana and they don't report anything, but I want to be 100% sure because I have some kind of feeling that there's something wrong on my PC.

 

Basically I've noticed three things: Firefox started to hang on javascript (only solution is to kill the process), Media Player Classic changed zoom options while playing (with no input from me, which is weird) and, sometimes, just after suspend the PC wakes and powercfg /lastwake is "empty".

 

I'm on Windows 10 (10586.318) x64.



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 PM

Posted 12 June 2016 - 03:54 PM

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

http://ccm.net/download/download-24750-zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply



#3 StepTNT

StepTNT
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 13 June 2016 - 02:56 AM

JRT Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Pro x64
Ran by stept (Administrator) on 13/06/2016 at  9:52:06,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Successfully deleted: C:\ProgramData\iobit\driver booster (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\stept\AppData\Roaming\iobit\driver booster (Folder)
Successfully deleted: C:\Program Files (x86)\iobit\driver booster (Folder)



Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/06/2016 at  9:53:38,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Adware Removal Tool

 

Adware.Games.searchalgo.com ->> File ->> C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\crt\src\concrt\SearchAlgorithms.cpp
Adware.Games.searchalgo.com ->> File ->> C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\crt\src\concrt\SearchAlgorithms.h
Adware.mystartsearch.com ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ <RegKey:> {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Adware.mystartsearch.com ->> Registry Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ <RegValue:> DefaultScope <RegData:> {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Adware.mystartsearch.com ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ <RegKey:> {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Adware.mystartsearch.com ->> Registry Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ <RegValue:> DefaultScope <RegData:> {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Adware.mystartsearch.com ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ <RegKey:> {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Adware.mystartsearch.com ->> Registry Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ <RegValue:> DefaultScope <RegData:> {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Adware.mystartsearch.com ->> Registry Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ <RegValue:> DefaultScope <RegData:> {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Adware.mystartsearch.com ->> Registry Data ->> HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\ <RegValue:> DefaultScope <RegData:> {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Adware.mystartsearch.com ->> Registry Data ->> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\ <RegValue:> DefaultScope <RegData:> {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Adware.adnetworkperformance.com ->> Browser: Chrome ->> C:\Users\stept\AppData\Local\Google\Chrome\User Data\Default\Preferences


ZHPCleaner

 

~ ZHPCleaner v2016.8.13.324 by Nicolas Coolman (2015/08/13)
~ Run by stept (Administrator)  (13/06/2016 10:20:50)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Type : Riparare
~ Report : A:\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\stept\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 10586)


---\\  Servizi (0)
~ Nessun elemento malevolo o inutili trovato.


---\\  Browser Internet (0)
~ Nessun elemento malevolo o inutili trovato.


---\\  File hosts (1)
~ Il file hosts è legittimo (15517)


---\\  Operazioni pianificate automatiche. (0)
~ Nessun elemento malevolo o inutili trovato.


---\\  Esploratore ( File, Cartelle) (98)
SPOSTATO cartelle: C:\Windows\Installer\MSI1EBE.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI2100.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI2157.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI21C6.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI22C1.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI2315.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI2611.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI2611.tmp-0  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI2744.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI2A27.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI2BDE.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI2D29.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI2D55.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI33B5.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI3F56.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI3FC6.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI40C1.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI43CC.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI45F1.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI4728.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI47C8.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI4C2E.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI50BF.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI518C.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI5305.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI54FD.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI55BA.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI56D6.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI57BA.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI5845.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI5960.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI5AED.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI5AF0.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI5B16.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI5C59.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI5E30.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI63D9.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI643C.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI64DD.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI731C.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI76EB.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI77C8.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI78B3.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI7F6B.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI80E4.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI821F.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI87AE.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI8913.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI8982.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI89BC.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI93A9.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI94C5.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI96F1.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI974.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI976F.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI9760.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI9926.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI9BEB.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI9D11.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI9D3.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSI9E5C.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIB42D.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIB567.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIB89.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIBD38.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIBEC1.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIBFFC.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIC348.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSICD3F.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSICF30.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSICFC8.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSID015.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSID05B.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSID0A4.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSID146.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSID1A9.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSID249.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSID8A9.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSID9F.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIDC6C.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIE568.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIE5DE.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIE6BB.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIE6D1.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIE95C.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIEC2C.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIECAD.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIED00.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIED3C.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIF4DA.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIF5F5.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIF7A8.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIF9E0.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIF9FA.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIF9.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIFB37.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIFC18.tmp-  =>Empty
SPOSTATO cartelle: C:\Windows\Installer\MSIFE0A.tmp-  =>Empty


---\\  Registro ( Chiavi, Valori, Dati ) (0)
~ Nessun elemento malevolo o inutili trovato.


---\\ Risultato di riparazione
~ Riparazione effettuata con successo
~ Browser non trovato (Opera Software)


---\\ Statistiche
~ Elementi analizzati : 34205
~ Elementi trovati : 0
~ Elementi cancellati : 0
~ Elementi riparati : 98


~ End of clean in 1 minutes
===================
ZHPCleaner-[R]-13062016-10_21_53.txt
ZHPCleaner-[S]-13062016-10_19_57.txt

 

Zemana

 

Zemana AntiMalware 2.20.179.985 (Installato)

-------------------------------------------------------
Risultato scansione        : Completato
Data scansione             : 2016/6/13
Sistema operativo          : Windows 10 64-bit
Processore                 : 4X Intel® Core™ i5-4670 CPU @ 3.40GHz
Modalità BIOS              : UEFI
CUID                       : 0069F0363E866448742CD2
Tipo di scansione          : Scansione accurata
Durata                     : 11m 1s
Oggetti scansionati        : 597388
Oggetti rilevati           : 1
Oggetti esclusi            : 0
Livello lettura            : SCSI
Caricamento automatico     : Attivato
Mostra tutte le estensioni : Disattivato
Scansione documenti        : Disattivato
Informazioni dominio       : WORKGROUP,0,2

Oggetti rilevati
-------------------------------------------------------

Firefox Search
Stato             : Scansionato
Oggetto           : Hoepli - http://dizionari.hoepli.it
MD5               : -
Editore           : -
Dimensione        : -
Versione          : -
Rilevamento       : Impostazione del browser sospetta
Azione pulizia    : Ripara
Oggetti correlati :
                Impostazione del browser - Firefox Search


Risultati pulizia
-------------------------------------------------------
Puliti                : 1
Segnalati come sicuri : 0
Falliti               : 0

 

 

Done.

It seems that there's nothing wrong, but I still have some doubts (video driver crashed twice during scans).


Edited by StepTNT, 13 June 2016 - 03:37 AM.


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 PM

Posted 13 June 2016 - 04:28 PM

Malwarebytes Scan.

 

We need you to run MalwareBytes to get a log, please download the free version of MalwareBytes HERE

http://data-cdn.mbamupdates.com/web/mbam-setup-2.2.0.1024.exe  Alternate Link.

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear, and after the install click the new desktop icon to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

  1. If the dashboard is not already displayed select it.
  2. Then select "Update Now" to get the latest database.

VSKiiIc.jpg

  1. Next we need to change a scanning option, select "Settings" on the main menu, then "Detection and Protection" on the left.
  2. Then select "Scan for rootkits" in the detection options, as well as the other two options already checked.

ZU4W2g2.jpg

  • Now return to Dashboard on the main menu and select "Scan Now" at the bottom of the screen.

nF8dOcq.jpg

  • Allow MalwareBytes to scan your system, it may take some time depending on what you have loaded onto your hard drive.

L8lsasM.jpg

When the scan is finished

  1. Click "Save Results"
  2. Then click on "Text file"

5x4JOvA.jpg

  • A window will then open allowing you to choose a name for the logfile and also allowing you to choose where to save it, save it to the desktop.
  • Please copy and paste the contents of this file in your next post.

 

 

Eset Online Scanner.

 

Eset Scan

Click Me To Download Eset Scan

Disable your antivirus prior to this scan.
 
 esetonlinebtn.png
 

  •  Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Minitoolbox scan.

 

 

Please download Minitoolbox and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Security Check Scan.

 

Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.



#5 StepTNT

StepTNT
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 14 June 2016 - 03:03 AM

MalwareBytes

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Data scansione: 14/06/2016
Ora scansione: 09:48
File di log: mwb.txt
Amministratore: Sì

Versione: 2.2.1.1043
Database malware: v2016.06.14.01
Database rootkit: v2016.05.27.01
Licenza: Periodo di prova
Protezione da malware: Attivata
Protezione da siti web nocivi: Attivata
Auto-protezione: Disattivata

SO: Windows 10
CPU: x64
File system: NTFS
Utente: stept

Tipo di scansione: Ricerca elementi nocivi
Risultati: Completata
Elementi analizzati: 411132
Tempo impiegato: 12 min, 47 sec

Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Euristiche: Attivata
PUP: Attivata
PUM: Attivata

Processi: 0
(Nessun elemento nocivo rilevato)

Moduli: 0
(Nessun elemento nocivo rilevato)

Chiavi di registro: 2
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9EEB5F0B-A479-4B87-B320-00319E1608C4}, , [6b6e0af264356cca7e04668af21105fb],
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\InstallShield® Update Service Scheduler, , [25b4fdff950466d0265d925ee41f916f],

Valori di registro: 3
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9EEB5F0B-A479-4B87-B320-00319E1608C4}|Path, \InstallShield® Update Service Scheduler, , [6b6e0af264356cca7e04668af21105fb]
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL, http://xn--koa.net/server.pac, , [daff9468f3a692a433c71fd0f70c758b]
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL, http://xn--koa.net/server.pac, , [e8f1c4385445f83e38c2f6f91be849b7]

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Cartelle: 0
(Nessun elemento nocivo rilevato)

File: 1
Hijack.AutoConfigURL.PrxySvrRST, C:\Windows\System32\Tasks\InstallShield® Update Service Scheduler, , [d207986442571620ceb2ec0459aa669a],

Settori fisici: 0
(Nessun elemento nocivo rilevato)


(end)

 

ESET

 

Nothing found, no log here


Edited by StepTNT, 14 June 2016 - 03:51 AM.


#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 PM

Posted 14 June 2016 - 09:56 PM

Scan & Clean With Ads Fix

 

  • Disable Windows Defender & Antivirus Prior To Running This Tool!!
  • Save Ads Fix to your desktop.
  • Right Click & Run As Administrator.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
  • Click Options then select Unlock the deletion.
  • Then click on clean.

Reset Host File

 

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

 

 

Pre_Scan

 

Please download Pre_Scan.

Save it to your desktop.

Disable your antivirus, and windows defender.

Close All open work Pre_Scan will close all processes to run.

Right Click Run as Admin.

Allow completion, when it completes the program will reboot your machine and open a log.

Please post that log here in your next reply.

 

 

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users