Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scr file.


  • This topic is locked This topic is locked
5 replies to this topic

#1 Isaac0510

Isaac0510

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 30 January 2018 - 06:35 PM

Hello, i was sent a link by someone on discord and like an idiot i clicked on it thinking it was a picture (keep in mind this person was a friend) but it turned out to be an scr file. I'm not sure if i ran it or not though so i got really scared and immediately turned off my computer i asked a couple other people on some servers and they said to start my computer up in safe mode with networking and scan with malware bites, i did exactly that and after some research i stumbled upon a thread on this website on which it said to run Adwcleaner and i did that too (here's the thread https://www.bleepingcomputer.com/forums/t/508679/accidentally-ran-a-scr-file-what-has-it-done/) it also mentions Combofix but i don't think i am qualified/trained to identify which is what so here i am making a thread to get help. I'm really worried that my computer has been infected even though i'm not sure i even ran the file and even after malwarebytes said that there was only 7 minor threats which i quarantined. Sorry for taking your time and thank you in advance for anyone who provides help as soon as possible. I can provide screenshots if needed. 


Edited by Isaac0510, 30 January 2018 - 06:39 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:52 PM

Posted 31 January 2018 - 09:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

While in Safe mode with Networking fnd out if the file is bad. Upload the file to VirusTotal. (You will have to browser to the location of the file.)
https://www.virustotal.com/#/home/upload

Post the results for my review.

If the file is safe then run this Scan and post both logs for my review.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

p.s.
Do the scan in normal mode.

#3 Isaac0510

Isaac0510
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 31 January 2018 - 11:34 AM

Thank you for your reply Nasdaq, first of all I just want to let you know that I have scanned my PC with Malwarebytes, ESET online scan, Avast and the aswMBR.exe  and while the antiviruses showed nothing but stuff that's not really harmful for my PC well not on the trojan level i still was worried if something got in without the antiviruses catching up on it and if you want me to provide the logs for those things too then i will, I have also tried downloading and installing Comodo firewall but couldn't because I don't think it works on Windows 7 (Just for my own safety and stuff). ~thank god i'm not too late on this, i no longer have the file i'm not sure if it deleted itself or i deleted it (really crap memory because i got really anxious when i realized what it was) https://goo.gl/MVre3y Here's the link that was sent to me, although i don't think it works anymore. (Don't click on it if you're someone other than Nasdaq or unless you know what you're doing because i don't want anyone else getting affected by this).

 

Results for FRST (64 bit version) Sorry about some parts being in French; it's due to me using it as a display language I think.

 

Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Exécuté par Ishak (administrateur) sur ISHAK-PC (31-01-2018 17:17:40)
Exécuté depuis C:\Users\Ishak\Desktop\Research
Profils chargés: Ishak (Profils disponibles: Ishak)
Platform: Windows 7 Professional Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Chrome)
Mode d'amorçage: Safe Mode (with Networking)
 
==================== Processus (Avec liste blanche) =================
 
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
 
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\Ishak\AppData\Local\Discord\app-0.0.300\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\Ishak\AppData\Local\Discord\app-0.0.300\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registre (Avec liste blanche) ===========================
 
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [382072 2016-06-23] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-06] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-20] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Qualcomm®Atheros®)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3614477603-748478874-2641783372-1000\...\Run: [f.lux] => C:\Users\Ishak\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-06] (Flux Software LLC)
HKU\S-1-5-21-3614477603-748478874-2641783372-1000\...\Run: [WallpaperEngine] => D:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper32.exe [1348072 2017-12-18] ()
HKU\S-1-5-21-3614477603-748478874-2641783372-1000\...\Run: [DellSystemDetect] => C:\Users\Ishak\AppData\Local\Apps\2.0\J9PGAQCY.4RJ\GN9G3J29.PJJ\dell..tion_831211ca63b981c5_0008.0008_b150a6542eb950c1\DellSystemDetect.exe [314544 2017-09-12] (Dell)
HKU\S-1-5-21-3614477603-748478874-2641783372-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C0].tx
HKU\S-1-5-21-3614477603-748478874-2641783372-1000\...\MountPoints2: {168c4e37-58ee-11e7-a9e6-806e6f6e6963} - F:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [170360 2017-06-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2017-06-08] (NVIDIA Corporation)
 
==================== Internet (Avec liste blanche) ====================
 
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
 
Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AE2231E0-5213-4E5A-8181-5E759A304D5B}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-17] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-16] (AVAST Software)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\program files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-17] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2017-09-27] (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-16] (AVAST Software)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\program files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (Pas de nom) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-12-07]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll [Pas de fichier]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [Pas de fichier]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll [2013-11-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1206147.dll [Pas de fichier]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-12] ( Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2017-09-27] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWr8UeuffMWh7dVpmmWxAxEArFaKO19-VB1ihefwnZigxryOS8d9KfbPTjzjFMOEfz6Do0L8VuBVryppGhyuhgxtFQUwYOHkiAMGUpflTsV4pzQPYIistyRQCCfA2BgfaCm0ecDYstYlFyI-UbaKEZoWf8-PV9
CHR StartupUrls: Default -> "hxxp://facebook.com/","hxxp://youtube.com/","hxxps://www.youtube.com/feed/subscriptions"
CHR Profile: C:\Users\Ishak\AppData\Local\Google\Chrome\User Data\Default [2018-01-31]
CHR Extension: (Slides) - C:\Users\Ishak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Ishak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Ishak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-24]
CHR Extension: (YouTube) - C:\Users\Ishak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-24]
CHR Extension: (Sheets) - C:\Users\Ishak\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Ishak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-24]
CHR Extension: (AdBlock) - C:\Users\Ishak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-01-29]
CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\Ishak\AppData\Local\Google\Chrome\User Data\Default\Extensions\heajfgnegopeedndeahkdjedjkjcmnpb [2017-06-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ishak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]
CHR Extension: (Gmail) - C:\Users\Ishak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-24]
CHR Extension: (Chrome Media Router) - C:\Users\Ishak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
CHR Profile: C:\Users\Ishak\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-11-08]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Avec liste blanche) ====================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [87064 2017-09-27] (Perfect World Entertainment Inc)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-06] (AVAST Software)
S2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows ® Win 7 DDK provider) [Fichier non signé]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-06] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-12-15] ()
S2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2273432 2017-09-27] (Comodo)
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [54704 2017-11-20] (AnchorFree Inc.)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-06-23] (Intel Corporation)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [Fichier non signé]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-01-19] (McAfee, Inc.)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [147792 2017-08-12] (Razer Inc)
S2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [185216 2017-08-22] (Razer Inc.)
S2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [252176 2017-09-20] (Razer Inc.)
S2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [37248 2017-09-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-10-15] (Atheros) [Fichier non signé]
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Pilotes (Avec liste blanche) ======================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
S3 AFTrafMgr1.4; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [56840 2017-11-14] (AnchorFree Inc.)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-01-06] (AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-06] (AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-06] (AVAST Software)
S0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-06] (AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-06] (AVAST Software)
S1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-01-06] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-01-06] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-08-31] (AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-11] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-01-06] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-01-06] (AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-01-06] (AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-11] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-01-06] (AVAST Software)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-01-07] (Qualcomm Atheros)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2017-06-19] (Windows ® Win 7 DDK provider)
S3 DFX12; C:\Windows\System32\drivers\dfx12x64.sys [29688 2017-06-19] (Windows ® Win 7 DDK provider)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-09-20] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-01-31] (Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-01-31] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-31] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31024 2018-01-10] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-11-16] (NVIDIA Corporation)
S2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137208 2017-08-19] (Razer, Inc.)
R3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
S3 aswVmm; \??\C:\Users\Ishak\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION
S3 GENERICDRV; \??\C:\Users\Ishak\Desktop\amifldrv64.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
 
==================== NetSvcs (Avec liste blanche) ===================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
 
==================== Un mois - Créés - fichiers et dossiers ========
 
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
 
2018-01-31 17:17 - 2018-01-31 17:17 - 000000000 ____D C:\FRST
2018-01-31 17:16 - 2018-01-31 17:17 - 000000000 ____D C:\Users\Ishak\Desktop\Research
2018-01-31 17:13 - 2018-01-31 17:16 - 002393088 _____ (Farbar) C:\Users\Ishak\Downloads\FRST64.exe
2018-01-31 01:13 - 2018-01-31 01:13 - 000000000 ____D C:\Users\Ishak\AppData\Local\ESET
2018-01-31 01:12 - 2018-01-31 01:12 - 000002120 _____ C:\Users\Public\Desktop\Comodo Dragon.lnk
2018-01-31 01:12 - 2018-01-31 01:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2018-01-31 01:11 - 2018-01-31 01:12 - 000000000 ____D C:\Program Files (x86)\Comodo
2018-01-31 01:11 - 2018-01-31 01:11 - 000000000 ____D C:\Users\Ishak\AppData\Local\Comodo
2018-01-31 01:09 - 2018-01-31 01:11 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Ishak\Downloads\esetonlinescanner_enu.exe
2018-01-31 01:02 - 2018-01-31 01:02 - 000002048 _____ C:\Users\Ishak\Desktop\aswMBR.txt
2018-01-31 01:02 - 2018-01-31 01:02 - 000000512 _____ C:\Users\Ishak\Desktop\MBR.dat
2018-01-31 00:58 - 2018-01-31 01:12 - 000000000 ____D C:\ProgramData\Comodo
2018-01-31 00:58 - 2018-01-31 00:58 - 005514616 _____ (COMODO) C:\Users\Ishak\Downloads\cmd_fw_installer_6113_c7.exe
2018-01-31 00:58 - 2018-01-31 00:58 - 000000000 ____D C:\ProgramData\Shared Space
2018-01-31 00:58 - 2018-01-31 00:58 - 000000000 ____D C:\ProgramData\Comodo Downloader
2018-01-31 00:54 - 2018-01-31 00:56 - 005200384 _____ (AVAST Software) C:\Users\Ishak\Downloads\aswmbr.exe
2018-01-31 00:13 - 2018-01-31 00:15 - 000000000 ____D C:\AdwCleaner
2018-01-31 00:10 - 2018-01-31 00:12 - 008206624 _____ (Malwarebytes) C:\Users\Ishak\Downloads\Unconfirmed 232777.crdownload
2018-01-31 00:10 - 2018-01-31 00:12 - 008206624 _____ (Malwarebytes) C:\Users\Ishak\Downloads\Unconfirmed 146844.crdownload
2018-01-31 00:10 - 2018-01-31 00:12 - 008206624 _____ (Malwarebytes) C:\Users\Ishak\Downloads\adwcleaner_7.0.7.0 (2).exe
2018-01-30 23:39 - 2018-01-31 17:12 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-01-30 23:39 - 2018-01-31 17:08 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-30 23:39 - 2018-01-31 17:08 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-01-30 23:39 - 2018-01-30 23:39 - 000001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-30 23:39 - 2018-01-30 23:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-30 23:39 - 2018-01-30 23:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-30 23:39 - 2018-01-30 23:39 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-30 23:39 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-01-30 23:29 - 2018-01-30 23:37 - 083316440 _____ (Malwarebytes ) C:\Users\Ishak\Downloads\mb3-setup-35891.35891-3.3.1.2183-1.0.262-1.0.3374.exe
2018-01-30 12:49 - 2018-01-30 12:49 - 000000000 ___RD C:\Users\Ishak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2018-01-30 12:48 - 2018-01-30 12:48 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-01-29 18:59 - 2018-01-28 23:57 - 000000240 ___SH C:\Users\Public\Libraries.ini
2018-01-27 12:01 - 2018-01-27 12:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2018-01-27 12:00 - 2018-01-27 12:00 - 000000000 ____D C:\Windows\PCHEALTH
2018-01-27 12:00 - 2018-01-27 12:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Works
2018-01-27 12:00 - 2018-01-27 12:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2018-01-27 11:58 - 2018-01-27 11:58 - 000000000 ____D C:\Program Files\Microsoft Office
2018-01-27 11:58 - 2018-01-27 11:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2018-01-27 11:57 - 2018-01-27 12:00 - 000000000 ____D C:\Windows\SHELLNEW
2018-01-27 11:57 - 2018-01-27 11:57 - 000000000 ____D C:\Users\Ishak\AppData\Local\Microsoft Help
2018-01-27 01:31 - 2018-01-27 11:29 - 368945248 _____ (Microsoft Corporation) C:\Users\Ishak\Downloads\office2007sp3-kb2526086-fullfile-en-us.exe
2018-01-20 20:52 - 2018-01-20 20:52 - 000000000 ____D C:\Users\Ishak\AppData\Local\CrashReportClient
2018-01-19 19:03 - 2018-01-19 19:03 - 000000000 ____D C:\Users\Ishak\ansel
2018-01-19 19:01 - 2017-12-15 03:03 - 000059240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2018-01-15 21:12 - 2018-01-15 21:12 - 000241138 _____ C:\Users\Ishak\Downloads\The_Destroyer.htm
2018-01-08 00:46 - 2018-01-08 00:46 - 000026910 _____ C:\Users\Ishak\Downloads\WheresMyItems.tmod
2018-01-06 23:51 - 2018-01-06 23:51 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-01-06 23:51 - 2018-01-06 23:51 - 000149344 ____C (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-01-02 03:31 - 2018-01-02 03:31 - 000391040 _____ C:\Windows\Minidump\010218-26925-01.dmp
 
==================== Un mois - Modifiés - fichiers et dossiers ========
 
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
 
2018-01-31 17:11 - 2017-06-24 23:48 - 000000000 ____D C:\Users\Ishak\AppData\Roaming\discord
2018-01-31 17:08 - 2017-11-04 15:00 - 001007510 _____ C:\Windows\ntbtlog.txt
2018-01-30 23:18 - 2017-06-24 21:04 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-30 23:18 - 2017-06-24 21:04 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-30 23:17 - 2017-10-13 18:00 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-01-30 23:17 - 2017-08-30 11:58 - 000003292 _____ C:\Windows\System32\Tasks\{49F3EAA6-D9B3-4811-8A74-B52B21D6772B}
2018-01-30 23:17 - 2017-07-11 20:09 - 000003920 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1499800171
2018-01-30 23:17 - 2017-07-05 02:18 - 000003096 _____ C:\Windows\System32\Tasks\{CF78076B-0CF4-4232-8745-B9A5EC534EE4}
2018-01-30 23:17 - 2017-07-05 00:46 - 000003168 _____ C:\Windows\System32\Tasks\{9A700ED0-42C3-4D06-B3D5-22EFC46D3FD6}
2018-01-30 23:17 - 2017-07-04 01:17 - 000003168 _____ C:\Windows\System32\Tasks\{425E9E07-779B-4F7A-A98E-E8B78FD08FE8}
2018-01-30 23:17 - 2017-06-24 21:04 - 000003800 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-30 23:17 - 2017-06-24 21:04 - 000003740 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-30 23:17 - 2017-06-24 21:04 - 000003740 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-30 23:17 - 2017-06-24 21:04 - 000003732 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-30 23:17 - 2017-06-24 21:04 - 000003556 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-30 23:17 - 2017-06-24 21:04 - 000003496 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-30 23:17 - 2017-06-24 18:23 - 000003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-01-30 23:17 - 2017-06-24 18:23 - 000003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-01-30 22:48 - 2009-07-14 05:45 - 000009600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-30 22:48 - 2009-07-14 05:45 - 000009600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-30 19:16 - 2017-06-24 23:52 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-30 12:58 - 2017-06-24 18:18 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-30 12:48 - 2017-06-26 02:01 - 000000000 __SHD C:\Users\Ishak\IntelGraphicsProfiles
2018-01-30 12:47 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-27 21:41 - 2017-11-17 22:38 - 000000000 ____D C:\Users\Ishak\Desktop\Everything
2018-01-27 12:18 - 2017-06-24 15:52 - 000110160 _____ C:\Users\Ishak\AppData\Local\GDIPFONTCACHEV1.DAT
2018-01-27 12:05 - 2017-07-26 23:59 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-01-27 12:05 - 2009-07-14 05:45 - 000415496 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-27 12:00 - 2009-07-14 06:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-01-27 11:59 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-01-27 11:58 - 2009-07-14 03:34 - 000000478 _____ C:\Windows\win.ini
2018-01-26 21:57 - 2017-07-29 22:11 - 000000000 ____D C:\Users\Ishak\AppData\Local\Discord
2018-01-24 02:25 - 2017-11-26 23:43 - 000000000 ____D C:\Users\Ishak\AppData\Roaming\TunnelBear
2018-01-23 18:32 - 2017-07-11 19:45 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-01-22 18:35 - 2017-11-26 23:43 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2018-01-22 16:32 - 2017-06-28 01:38 - 000000000 ____D C:\Users\Ishak\AppData\Local\Win7UI
2018-01-21 19:00 - 2017-08-25 21:09 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2018-01-21 18:59 - 2017-08-25 21:08 - 000000000 ____D C:\Users\Ishak\AppData\Local\Battle.net
2018-01-20 11:20 - 2017-06-24 18:09 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-01-19 19:03 - 2017-06-24 18:09 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-01-19 19:03 - 2017-06-24 15:48 - 000000000 ____D C:\Users\Ishak
2018-01-19 19:02 - 2017-06-24 18:09 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-01-19 19:02 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-01-11 21:27 - 2017-07-11 19:45 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-01-11 21:27 - 2017-07-11 19:45 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-01-10 15:33 - 2017-06-24 21:04 - 002425656 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2018-01-10 15:33 - 2017-06-24 21:04 - 002090800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2018-01-10 15:33 - 2017-06-24 21:04 - 001310008 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2018-01-10 10:41 - 2017-06-24 21:04 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-01-09 11:22 - 2017-06-24 19:35 - 000002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-06 23:51 - 2017-11-16 23:43 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-01-06 23:51 - 2017-07-11 19:45 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-01-06 23:51 - 2017-07-11 19:45 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-01-06 23:51 - 2017-07-11 19:45 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-01-06 23:51 - 2017-07-11 19:45 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-01-06 23:51 - 2017-07-11 19:45 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-01-06 23:51 - 2017-07-11 19:45 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-01-06 23:51 - 2017-07-11 19:45 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-01-06 23:51 - 2017-07-11 19:45 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-01-06 23:51 - 2017-07-11 19:45 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-01-06 23:51 - 2017-07-11 19:45 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-01-02 03:31 - 2017-07-31 03:15 - 000000000 ____D C:\Windows\Minidump
 
==================== Fichiers à la racine de certains dossiers =======
 
2013-02-07 13:22 - 2013-02-07 13:22 - 000050330 _____ () C:\Program Files (x86)\AntiDust.exe
2017-07-17 11:08 - 2017-07-17 11:08 - 000000037 ___SH () C:\Users\Ishak\AppData\Local\20986331705021ca58edc424.96250074
 
Certains fichiers dans TEMP:
====================
2017-11-15 22:24 - 2017-11-30 23:03 - 000000180 _____ () C:\Users\Ishak\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2017-11-30 23:03 - 2018-01-04 21:15 - 000000016 _____ () C:\Users\Ishak\AppData\Local\Temp\6b5a5da4adf7b5089e35227ffc1c8552.dll
2017-11-15 22:24 - 2017-11-15 22:56 - 000000016 _____ () C:\Users\Ishak\AppData\Local\Temp\ac6568f797a3cd297c652774e5195c9b.dll
2017-09-15 16:46 - 2017-09-15 16:46 - 000000000 _____ () C:\Users\Ishak\AppData\Local\Temp\npp.7.5.1.Installer.exe
2009-02-10 17:17 - 2009-02-10 17:17 - 000145184 ____R (Microsoft Corporation) C:\Users\Ishak\AppData\Local\Temp\ose00000.exe
 
==================== Bamital & volsnap ======================
 
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
 
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
 
LastRegBack: 2018-01-28 04:50
 

 

==================== Fin de FRST.txt ============================

Attached Files


Edited by Isaac0510, 31 January 2018 - 12:01 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:52 PM

Posted 31 January 2018 - 02:07 PM

Hi,

No malware found. I suggest you run this fix to remove inactive registry entries.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\igfxcui: igfxdev.dll [X]
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [Pas de fichier]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1206147.dll [Pas de fichier]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
S3 aswVmm; \??\C:\Users\Ishak\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION
S3 GENERICDRV; \??\C:\Users\Ishak\Desktop\amifldrv64.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> Pas de fichier
Task: {263B88F9-3627-417F-943C-D4488E385A2D} - System32\Tasks\{425E9E07-779B-4F7A-A98E-E8B78FD08FE8} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.37.0.103&LastError=12002
Task: {2AB43CBC-BC7B-4CC6-8975-F13B603664A0} - System32\Tasks\{9A700ED0-42C3-4D06-B3D5-22EFC46D3FD6} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.37.0.103&LastError=12002
Task: {5028CFAE-7DE1-4779-A5D4-8A3BE8682808} - System32\Tasks\{CF78076B-0CF4-4232-8745-B9A5EC534EE4} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.38.0.101/en/abandoninstall?page=tsMain

C:\Windows\System32\Tasks\{425E9E07-779B-4F7A-A98E-E8B78FD08FE8}
C:\Windows\System32\Tasks\{9A700ED0-42C3-4D06-B3D5-22EFC46D3FD6}
C:\Windows\System32\Tasks\{CF78076B-0CF4-4232-8745-B9A5EC534EE4}
C:\Users\Ishak\AppData\Local\20986331705021ca58edc424.96250074
C:\Windows\Minidump\010218-26925-01.dmp

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#5 Isaac0510

Isaac0510
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 31 January 2018 - 02:35 PM

First of all (again) i did all of this in safe mode with networking just to make sure everything is safe and i wanted to let you know just in-case i shouldn't do it or something like that, now back on topic. 

 

Fixlog.txt contents. 

 

Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 27.01.2018

Exécuté par Ishak (31-01-2018 20:24:04) Run:1
Exécuté depuis C:\Users\Ishak\Desktop\Research
Profils chargés: Ishak (Profils disponibles: Ishak)
Mode d'amorçage: Safe Mode (with Networking)
==============================================
 
fixlist contenu:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Winlogon\Notify\igfxcui: igfxdev.dll [X]
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [Pas de fichier]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1206147.dll [Pas de fichier]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
S3 aswVmm; \??\C:\Users\Ishak\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION
S3 GENERICDRV; \??\C:\Users\Ishak\Desktop\amifldrv64.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
 
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> Pas de fichier
Task: {263B88F9-3627-417F-943C-D4488E385A2D} - System32\Tasks\{425E9E07-779B-4F7A-A98E-E8B78FD08FE8} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.37.0.103&LastError=12002
Task: {2AB43CBC-BC7B-4CC6-8975-F13B603664A0} - System32\Tasks\{9A700ED0-42C3-4D06-B3D5-22EFC46D3FD6} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.37.0.103&LastError=12002
Task: {5028CFAE-7DE1-4779-A5D4-8A3BE8682808} - System32\Tasks\{CF78076B-0CF4-4232-8745-B9A5EC534EE4} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.38.0.101/en/abandoninstall?page=tsMain
 
C:\Windows\System32\Tasks\{425E9E07-779B-4F7A-A98E-E8B78FD08FE8}
C:\Windows\System32\Tasks\{9A700ED0-42C3-4D06-B3D5-22EFC46D3FD6}
C:\Windows\System32\Tasks\{CF78076B-0CF4-4232-8745-B9A5EC534EE4}
C:\Users\Ishak\AppData\Local\20986331705021ca58edc424.96250074
C:\Windows\Minidump\010218-26925-01.dmp
 
End
*****************
 
Erreur: Un point de restauration ne peut être créé qu'en mode normal.
Processus fermé avec succès.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => supprimé(es) avec succès
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => supprimé(es) avec succès
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/AuthorwarePlayer" => supprimé(es) avec succès
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => supprimé(es) avec succès
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => supprimé(es) avec succès
"HKLM\System\CurrentControlSet\Services\aswVmm" => supprimé(es) avec succès
aswVmm => service supprimé(es) avec succès
"HKLM\System\CurrentControlSet\Services\GENERICDRV" => supprimé(es) avec succès
GENERICDRV => service supprimé(es) avec succès
"HKLM\System\CurrentControlSet\Services\taphss6" => supprimé(es) avec succès
taphss6 => service supprimé(es) avec succès
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => supprimé(es) avec succès
"HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}" => supprimé(es) avec succès
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{263B88F9-3627-417F-943C-D4488E385A2D} => impossible à supprimer clé. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{263B88F9-3627-417F-943C-D4488E385A2D}" => supprimé(es) avec succès
C:\Windows\System32\Tasks\{425E9E07-779B-4F7A-A98E-E8B78FD08FE8} => déplacé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{425E9E07-779B-4F7A-A98E-E8B78FD08FE8}" => supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AB43CBC-BC7B-4CC6-8975-F13B603664A0}" => supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AB43CBC-BC7B-4CC6-8975-F13B603664A0}" => supprimé(es) avec succès
C:\Windows\System32\Tasks\{9A700ED0-42C3-4D06-B3D5-22EFC46D3FD6} => déplacé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9A700ED0-42C3-4D06-B3D5-22EFC46D3FD6}" => supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5028CFAE-7DE1-4779-A5D4-8A3BE8682808}" => supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5028CFAE-7DE1-4779-A5D4-8A3BE8682808}" => supprimé(es) avec succès
C:\Windows\System32\Tasks\{CF78076B-0CF4-4232-8745-B9A5EC534EE4} => déplacé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CF78076B-0CF4-4232-8745-B9A5EC534EE4}" => supprimé(es) avec succès
"C:\Windows\System32\Tasks\{425E9E07-779B-4F7A-A98E-E8B78FD08FE8}" => non trouvé(e)
"C:\Windows\System32\Tasks\{9A700ED0-42C3-4D06-B3D5-22EFC46D3FD6}" => non trouvé(e)
"C:\Windows\System32\Tasks\{CF78076B-0CF4-4232-8745-B9A5EC534EE4}" => non trouvé(e)
C:\Users\Ishak\AppData\Local\20986331705021ca58edc424.96250074 => déplacé(es) avec succès
C:\Windows\Minidump\010218-26925-01.dmp => déplacé(es) avec succès
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40974613 B
Java, Flash, Steam htmlcache => 187527642 B
Windows/system/drivers => 808799743 B
Edge => 0 B
Chrome => 233225993 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558406 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 51914 B
Ishak => 2812820652 B
 
RecycleBin => 6653613398 B
EmptyTemp: => 10.1 GB données temporaires supprimées.
 
================================
 
 
Le système a dû redémarrer.
 
==== Fin de Fixlog 20:26:30 ====
 
My computer restarted after it got done just like it says at the end of the fixlog. Thank you so much for your time Nasdaq you're a life saver and i really appreciate it. If there's anything else i have to do please let me know. Thank you again. 
 
EDIT: for some reason i cannot uninstall java, whenever i try to uninstall it manually it just gives me an error saying "The Windows installer service could not be accessed etc..." is there a way to fix this? 
 
EDIT2: i managed to uninstall it. 

Edited by Isaac0510, 31 January 2018 - 03:06 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:52 PM

Posted 01 February 2018 - 08:19 AM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users