View original (French)

Is my computer infected?

Solved
JohProd Posted messages 53 Status Member -  
JohProd Posted messages 53 Status Member -
Hello everyone.
I'm new to this site, and I’m reaching out to you because you are the only ones who can help me.
So here it is, I’ve noticed that my HP laptop has a serious problem; it is slow, really slow. A copy typically goes at 20MB/second, but now it only goes at 3MB/second, maybe 5MB at most. My browser (Google Chrome) can’t go back; I have to redo the same search.
I have Kaspersky Internet Security 2012 as my antivirus, and it disables itself automatically; I get warned that the antivirus is disabled even though I didn’t do it. The same goes for Windows Update, which disables automatic updates by itself.

So I think my computer is infected with a serious virus.
Can you confirm this? If it is infected, can you help me to disinfect it?

NB: Kaspersky doesn't detect any threats with an up-to-date database and a complete system scan.

Configuration: Windows 7 / Chrome 26.0.1410.64

--
Ti ache i coupe gros bois

51 answers

  • 1
  • 2
  • 3
Answer 1 / 51
JohProd Posted messages 53 Status Member 1
 
Hello,
Your link tells me:
"The requested subject does not exist."

--
I cut thick wood.
1
Answer 2 / 51
H.A.W.X Posted messages 1275 Status Member 72
 
Hello,

My name is H.A.W.X, and I will help you with your problem.
Before that, I would like you to answer these questions:

~ Can you still download software?
~ What is the brand of your PC and your operating system?

These questions are important, thank you for answering as precisely as possible.

Next, please take note of these two points:

~~ http://sosvirus.org/viewtopic.php?f=281&t=512

~~ http://www.pc-infopratique.com/forum-informatique/tutoriel-heberger-rapport-vt-67934.html

++
0
Answer 3 / 51
JohProd Posted messages 53 Status Member 1
 
Thank you H.A.W.X.

Yes, I can still download it.

Model: HP G72 Notebook PC
My system is a Windows 7 Ultimate 64-bit
Version: 6.1.7601 Service Pack 1 Build 7601
Intel Core i3 2.25GHz

I have taken note of the two points.
--
I cut big wood.
0
Answer 4 / 51
H.A.W.X Posted messages 1275 Status Member 72
 
Hello,

Very well.

Do this: http://sosvirus.org/viewtopic.php?f=281&t=572

++
0
Answer 5 / 51
H.A.W.X Posted messages 1275 Status Member 72
 
Hello,

Please do this for me, thanks

1 ~ http://sosvirus.org/viewtopic.php?f=281&t=546
2 ~ http://sosvirus.org/viewtopic.php?f=281&t=576

I'm waiting for two reports then ;)

++
0
Answer 6 / 51
JohProd Posted messages 53 Status Member 1
 
After a little downloading issue,
Here is my first removal report done by adwcleaner:

# AdwCleaner v2.300 - Report created on 01/05/2013 at 17:36:40
# Updated on 28/04/2013 by Xplode
# Operating System: Windows 7 Ultimate Service Pack 1 (64 bits)
# Username: Joh Production - JOHPRODUCTION
# Boot mode: Normal
# Run from: C:\Users\Joh Production\Desktop\adwcleaner.exe
# Option [Removal]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted: C:\ProgramData\Babylon
Folder Deleted: C:\Users\Joh Production\AppData\Local\Tiger Savings
Folder Deleted: C:\Users\Joh Production\AppData\LocalLow\boost_interprocess
Folder Deleted: C:\Users\Joh Production\AppData\Roaming\Babylon
File Deleted: C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted: C:\Users\Joh Production\AppData\Roaming\Mozilla\Firefox\Profiles\86domeer.default\searchplugins\delta.xml

***** [Registry] *****

Key Deleted: HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted: HKCU\Software\BabylonToolbar
Key Deleted: HKCU\Software\DataMngr
Key Deleted: HKCU\Software\5b53d6dcb569ba43
Key Deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted: HKLM\Software\Babylon
Key Deleted: HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted: HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted: HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted: HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted: HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted: HKLM\Software\DataMngr
Key Deleted: HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted: HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

Replaced: [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119556&tt=190313_wo2&babsrc=HP_ss&mntrId=0E85C446190E28E6 --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (fr)

File: C:\Users\Joh Production\AppData\Roaming\Mozilla\Firefox\Profiles\86domeer.default\prefs.js

C:\Users\Joh Production\AppData\Roaming\Mozilla\Firefox\Profiles\86domeer.default\user.js ... Deleted!

Deleted: user_pref("extensions.delta.admin", false);
Deleted: user_pref("extensions.delta.aflt", "babsst");
Deleted: user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted: user_pref("extensions.delta.autoRvrt", "false");
Deleted: user_pref("extensions.delta.dfltLng", "en");
Deleted: user_pref("extensions.delta.excTlbr", false);
Deleted: user_pref("extensions.delta.id", "0e851ef2000000000000c446190e28e6");
Deleted: user_pref("extensions.delta.instlDay", "15791");
Deleted: user_pref("extensions.delta.instlRef", "sst");
Deleted: user_pref("extensions.delta.newTab", false);
Deleted: user_pref("extensions.delta.prdct", "delta");
Deleted: user_pref("extensions.delta.prtnrId", "delta");
Deleted: user_pref("extensions.delta.rvrt", "false");
Deleted: user_pref("extensions.delta.smplGrp", "none");
Deleted: user_pref("extensions.delta.tlbrId", "base");
Deleted: user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted: user_pref("extensions.delta.vrsn", "1.8.10.0");
Deleted: user_pref("extensions.delta.vrsnTs", "1.8.10.019:07:38");
Deleted: user_pref("extensions.delta.vrsni", "1.8.10.0");

-\\ Google Chrome v26.0.1410.64

File: C:\Users\Joh Production\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] The file contains no illegitimate entries.

-\\ Opera v12.14.1738.0

File: C:\Users\Joh Production\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] The file contains no illegitimate entries.

*************************

AdwCleaner[R1].txt - [4476 bytes] - [01/05/2013 16:07:34]
AdwCleaner[S1].txt - [4448 bytes] - [01/05/2013 17:36:40]

########## EOF - C:\AdwCleaner[S1].txt - [4508 bytes] ##########

The ZHPDiag report

ZHPDiag v2013.5.1.20 report by Nicolas Coolman, Update on 01/05/2013
Run by Joh Production at 02/05/2013 18:21:20
State: Version up to date.
WhiteList: Enable
High Elevated Privileges: OK
UAC: Activated by user

---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 20.0.1
GCIE: Google Chrome v26.0.1410.64 (Default)
OPIE: Opera v12.14

---\\ Windows Product Information
~ Language: French
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script: OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP): OK
Windows ID Activation: OK
~ Windows Partial Key: 2C9T3
Windows License: OK
~ Windows Remaining Initializations Number: 3
Software Protection Service: OK
Windows Automatic Updates: OK
Windows Activation Technologies: OK

---\\ System Protection
Kaspersky Internet Security 2013 v13.0.1.4190
Windows Defender W7

---\\ System Optimizer
CCleaner v3.23 =>Piriform Ltd

---\\ Peer To Peer (P2P)
µTorrent v2.2.1

---\\ Software Update
Adobe Flash Player 11 Plugin
Java 7 Update 21

---\\ System Information
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3893 MB (35% free)
System Restore: Enabled
System drive C: has 68 GB (14%) free of 466 GB

---\\ Logged in mode
~ Computer Name: JOHPRODUCTION
~ User Name: Joh Production
~ All Users Names: Joh Production, HomeGroupUser$, Administrator,
~ Unselected Option: None
Logged in as Administrator

---\\ Environment Variables
~ System Unit: C:\
~ %AppData%: C:\Users\Joh Production\AppData\Roaming\
~ %Desktop%: C:\Users\Joh Production\Desktop\
~ %Favorites%: C:\Users\Joh Production\Favorites\
~ %LocalAppData%: C:\Users\Joh Production\AppData\Local\
~ %StartMenu%: C:\Users\Joh Production\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir%: C:\Windows\
~ %System%: C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 68 GB of 466 GB)
D:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Free 3 GB of 4 GB)

---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 32 Legitimate Filtered in 00mn 00s

---\\ Special search for generic files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.08/12/2011 - 19:49:44.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Startup Application.) (.14/07/2009 - 05:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Internet Extensions for Win32.) (.22/02/2013 - 10:20:51.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.21/11/2010 - 07:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - License Library.) (.21/11/2010 - 07:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 07:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 05:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 03:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 07:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 07:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 07:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.14/07/2009 - 03:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 04:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.08/12/2011 - 19:51:31.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 07:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT Filesystem Driver.) (.12/04/2013 - 18:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.14/07/2009 - 04:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 07:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 07:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 04:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 07:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.21/11/2010 - 07:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s

---\\ Status of hidden files (Hidden/Total)
~ My Pictures: 1/18
~ My Musics: 1/39
~ My Videos: 1/4
~ My Favorites: 1/12
~ My Documents: 1/16687
~ My Desktop: 2/40944
~ Start Menu: 1/48
~ Hidden Files: Scanned in 01mn 20s

---\\ Processes running
[MD5.276AC7BAE1F596A3A1D4B6D43AEF099C] - (.BitTorrent, Inc. - µTorrent.) -- C:\Users\Joh Production\AppData\Roaming\uTorrent\uTorrent.exe [399736] [PID.2252] =>P2P.µTorrent
[MD5.760ACD103FFB86AD65DC41CDEB08ABCF] - (.Samsung Electronics - No description.) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560] [PID.2460]
[MD5.659474582C6E060DBD8FFFF97DC892C5] - (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968] [PID.2580]
[MD5.587EFD6A3A30A35A27904D21AE1FB882] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376] [PID.1804]
[MD5.C0E392910782C2BB9A28C8538CC1E1A1] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240] [PID.3460]
[MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1312720] [PID.5104]
[MD5.C66DD919C3D8528F8309E4A11DA43CF2] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7127040] [PID.4920]
[MD5.0C83FC56707BF68DB04947052A8188B1] - (.Nalpeiron Ltd. - Nalpeiron Highend Service.) -- C:\Windows\SysWOW64\astsrv.exe [57344] [PID.1772]
[MD5.009F4F1EC78A294A55C154430BA63C6F] - (.Nalpeiron Ltd. - This service enables products that use the.) -- C:\Windows\SysWOW64\nlssrv32.exe [71280] [PID.1880]
[MD5.777788D9B63CCEEEF2DB353BA4EDD454] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14904] [PID.3580]
~ Running Processes: Scanned in 00mn 01s

---\\ Google Chrome, Startup, Search, Extensions (G0,G1,G2)
C:\Users\Joh Production\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [bfbmjmiodbnnpllbbbfblcplfjjepjdn] Turn Off the Lights v.2.2, (Enabled)
G2 - GCE: Preference [User Data\Default] [bhmmomiinigofkjcapegjjndpbikblnp] WOT v.1.4.11, (Enabled)
G2 - GCE: Preference [User Data\Default] [cehdakiococlfmjcbebbkjkfjhbieknh] Battlefield Heroes v.5.0.203.0, (Enabled)
G2 - GCE: Preference [User Data\Default] [cogcpnmcioajbgpnmaeibpnjbepkbhec] CT Sobrio v.1 (Enabled)
G2 - GCE: Preference [User Data\Default] [cpmapgelcjnnpnblchplnadokgmamdbk] Change My Facebook Colors! v.0.0.6 (Enabled)
G2 - GCE: Preference [User Data\Default] [dchlnpcodkpfdpacogkljefecpegganj] Link Analysis (URL Advisor) v.13.0.1.4190 (Disabled)
G2 - GCE: Preference [User Data\Default] [hakdifolhalapjijoafobooafbilfakh] Online Banking Protection v.13.0.1.4190 (Disabled)
G2 - GCE: Preference [User Data\Default] [hghkgaeecgjhjkannahfamoehjmkjail] Dangerous Websites Blocking Module v.13.0.1.4190 (Disabled)
G2 - GCE: Preference [User Data\Default] [inmmhkeajgflmokoaaoadgkhhmibjbpj] Facebook Invite All v.1.1.1 (Enabled)
G2 - GCE: Preference [User Data\Default] [jagncdcchgajhfhijbbhecadmaiegcmh] Virtual Keyboard v.13.0.1.4292 (Disabled)
G2 - GCE: Preference [User Data\Default] [mgijmajocgfcbeboacabfgobmjgjcoja] Google Dictionary (by Google) v.3.0.17 (Enabled)
G2 - GCE: Preference [User Data\Default] [monhkdcehmbdgkhgpccaccbbcgcfpjkd] My IP Address v.1.0 (Enabled)
G2 - GCE: Preference [User Data\Default] [nneajnkjbffgblleaoojgaacokifdkhm] \u003Cvideo\u003E HTML5 DivX Plus Web Player v.2.1.2.145 (Enabled)
G2 - GCE: Preference [User Data\Default] [obbdikpnjhhckpfiojgpnclnolhofifc] FasterPlus v.2.5, (Enabled)
G2 - GCE: Preference [User Data\Default] [pjldcfjmnllhmgjclecdnfampinooman] Anti-banned v.13.0.1.4190 (Disabled)
~ Google Browser: 27 Legitimate Filtered in 00mn 14s

---\\ Mozilla Firefox, Plugins, Startup, Search, Extensions (P2,M0,M1,M2,M3)
C:\Users\Joh Production\AppData\Roaming\Mozilla\Firefox\Profiles\86domeer.default\prefs.js
~ Firefox Browser: 32 Legitimate Filtered in 00mn 02s

---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Analyze lines F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

0
Answer 7 / 51
JohProd Posted messages 53 Status Member 1
 
Report of Malwarebytes Anti-Malware:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.03.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Joh Production :: JOHPRODUCTION [administrator]

03/05/2013 20:38:38
mbam-log-2013-05-03 (20-38-38).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | Filesystem | Heuristic/Extra | Heuristic/Shuriken | PUP | PUM
Scan options disabled: P2P
Item(s) scanned: 460994
Elapsed time: 11 hour(s), 14 minute(s), 59 second(s)

Memory processes detected: 0
(No harmful item detected)

Memory modules detected: 0
(No harmful item detected)

Registry key(s) detected: 0
(No harmful item detected)

Registry value(s) detected: 0
(No harmful item detected)

Registry data item(s) detected: 0
(No harmful item detected)

Folder(s) detected: 1
C:\Users\Joh Production\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and successfully deleted.

File(s) detected: 33
C:\Users\Joh Production\Desktop\Bureau\Acid Music Studio 9.0\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
C:\Users\Joh Production\Desktop\Bureau\torrent\Sony Vegas Pro 10 + Patch + Keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
C:\Users\Joh Production\Downloads\Adobe After Effects cs6 11.0.378 X64\keygen-X-FORCE.rar (PUP.RiskwareTool.CK) -> No action taken.
C:\Users\Joh Production\Downloads\Adobe.Photoshop.CS6.Extended.13.0.1.Europe\Serials + Keygen X-Force.rar (PUP.RiskwareTool.CK) -> No action taken.
C:\CIEL\WPAYE\Loader.exe (Trojan.Agent) -> Quarantined and successfully deleted.
C:\Program Files (x86)\TuneUp Utilities 2013\Patch.exe (Riskware.Tool.CK) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Desktop\Bureau\mem ex\Download\1338284986-WRX-STi-2008.rar (Trojan.Agent.H) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Desktop\Bureau\mem ex\Download\need_for_speed_underground_2_bankmod.zip (PUP.HackTool.HotKeysHook) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Desktop\Bureau\torrent\Sony Vegas Pro 10 + Patch + Keygen\Sony Vegas Pro 10 - Patch.exe (RiskWare.Tool.HCK) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Documents\Montage\MEGA-PACK-BONUS\MEGA-PACK-BONUS\plugins\Alien.Skin.Blow.Up.v2.0.4.Incl.Keymaker-CORE\Alien.Skin.Blow.Up.v2.0.4.Incl.Keymaker-CORE\CORE10k.EXE (PUP.Keygen.Intro) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Documents\Montage\MEGA-PACK-BONUS\MEGA-PACK-BONUS\plugins\Alien.Skin.Bokeh.v2.0.0.Incl.Keymaker-CORE\Alien.Skin.Bokeh.v2.0.0.Incl.Keymaker-CORE\CORE10k.EXE (PUP.Keygen.Intro) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Documents\Montage\MEGA-PACK-BONUS\MEGA-PACK-BONUS\plugins\Alien.Skin.Exposure.v3.0.5.Incl.Keymaker-CORE\Alien.Skin.Exposure.v3.0.5.Incl.Keymaker-CORE\CORE10k.EXE (PUP.Keygen.Intro) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Documents\Montage\MEGA-PACK-BONUS\MEGA-PACK-BONUS\plugins\Alien.Skin.Eye.Candy.v6.0.0a.Incl.Keymaker-CORE\Alien.Skin.Eye.Candy.v6.0.0a.Incl.Keymaker-CORE\CORE10k.EXE (PUP.Keygen.Intro) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Documents\Montage\MEGA-PACK-BONUS\MEGA-PACK-BONUS\plugins\Alien.Skin.Image.Doctor.v2.0.1.Incl.Patch-UARE\TeamUARE\patch.exe (PUP.Hacktool.Patcher) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Documents\Montage\MEGA-PACK-BONUS\MEGA-PACK-BONUS\plugins\OnOne_FocalPoint.1.0\keygen.exe (Riskware.Tool.CK) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Downloads\FullInstalGTAIV.rar (Packer.ModifiedUPX) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Downloads\Multi Keygen #2.exe (RiskWare.Tool.CK) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Downloads\x-force ad2013 aio keygen.rar (RiskWare.Tool.CK) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Downloads\Adobe After Effects cs6 11.0.378 X64\Crack.rar (PUP.RiskwareTool.CK) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Downloads\Adobe After Effects cs6 11.0.378 X64\Crack\amtlib.dll (PUP.RiskwareTool.CK) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Downloads\Adobe After Effects cs6 11.0.378 X64\keygen-X-FORCE\xf-mccs6.exe (PUP.RiskwareTool.CK) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Downloads\Adobe.Photoshop.CS6.Extended.13.0.1.Europe\BONUS.rar (PUP.Hacktool.Patcher) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Downloads\Adobe.Photoshop.CS6.Extended.13.0.1.Europe\BONUS\adobe.cs6.all.products.activator.(x32.y.x64)_up01.exe (PUP.Hacktool.Patcher) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Downloads\Adobe.Photoshop.CS6.Extended.13.0.1.Europe\Serials + Keygen X-Force\xf-mccs6.rar (PUP.RiskwareTool.CK) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Downloads\Adobe.Photoshop.CS6.Extended.13.0.1.Europe\Serials + Keygen X-Force\xf-mccs6\xf-mccs6.exe (PUP.RiskwareTool.CK) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Downloads\ciel solution 2013\Ciel Solution 2013\Patch Ciel 2013 La Solution-MPT.exe (PUP.Hacktool.Patcher) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Downloads\onOne Perfect Photo Suite 7.1.1 Premium Edition + Ultimate Creative Pack 2\keygen.rar (RiskWare.Tool.HCK) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Downloads\onOne Perfect Photo Suite 7.1.1 Premium Edition + Ultimate Creative Pack 2\keygen\xf-oopf7.exe (RiskWare.Tool.HCK) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Downloads\TuneUp Utilites 2013 v 13.0.2013.193\Patch\Patch.exe (Riskware.Tool.CK) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Downloads\x-force ad2013 aio keygen\xfadsk2013\Crack-Win\xf-adsk2013_x32.exe (RiskWare.Tool.CK) -> Quarantined and successfully deleted.
C:\Users\Joh Production\Downloads\x-force ad2013 aio keygen\xfadsk2013\Crack-Win\xf-adsk2013_x64.exe (RiskWare.Tool.CK) -> Quarantined and successfully deleted.
C:\Users\Joh Production\AppData\Roaming\dclogs\2013-03-13-4.dc (Stolen.Data) -> Quarantined and successfully deleted.
C:\Users\Joh Production\AppData\Roaming\dclogs\2013-03-14-5.dc (Stolen.Data) -> Quarantined and successfully deleted.

(end)

--
Ti ache i coupe gros bois
0
Answer 8 / 51
H.A.W.X Posted messages 1275 Status Member 72
 
Hello,

I guess you know where all these detections come from, it's what you're downloading.

I'll give you the instructions in a moment ;)

++
0
Answer 9 / 51
H.A.W.X Posted messages 1275 Status Member 72
 
Good evening,

Still experiencing slowdowns?
Could you please pinpoint the issues as much as possible?

++
0
Answer 10 / 51
juju666 Posted messages 35446 Registration date   Status Security Contributor Last intervention   4 796
 
Hello 

G2 - GCE: Preference [User Data\Default] [cpmapgelcjnnpnblchplnadokgmamdbk] Change My Facebook Colors! v.0.0.6 (Enabled) G2 - GCE: Preference [User Data\Default] [inmmhkeajgflmokoaaoadgkhhmibjbpj] Facebook Invite All v.1.1.1 (Enabled) G2 - GCE: Preference [User Data\Default] [monhkdcehmbdgkhgpccaccbbcgcfpjkd] My IP address v.1.0 (Enabled)


These are scams in Google Chrome extensions, we should consider disabling/deleting them
See you
--
.::. Security Contributor .::.
0
Answer 11 / 51
JohProd Posted messages 53 Status Member 1
 
Thank you H.A.W.X, my computer is faster now. I will try to avoid all those cracks and keygens on the web.
No particular problems except for issues with Windows Update and my GPU, but for that, I will open another thread.

Thank you juju666, that's already done now. It seems you are an expert in this field ;-)
If you see any other steps to better disinfect my computer in every nook and cranny, I'm all ears.

Thank you all again.

Best regards

Rivière Johnny

--
Ti ache i coupe gros bois
0
Answer 12 / 51
juju666 Posted messages 35446 Registration date   Status Security Contributor Last intervention   4 796
 
Re,
H.A.W.X. will be happy to help you with your Windows Update issues ;)

--
.::. Security Contributor .::.
0
Answer 13 / 51
JohProd Posted messages 53 Status Member 1
 
Okay, thanks.
I'll ask him/her. :-)

--
You cut big wood.
0
Answer 14 / 51
H.A.W.X Posted messages 1275 Status Member 72
 
Hello,

So I need a more in-depth scan in that case ;)

Do this:
~ http://sosvirus.org/viewtopic.php?f=281&t=597

++
0
Answer 15 / 51
H.A.W.X Posted messages 1275 Status Member 72
 
Good evening,

The report you sent me privately is incomplete, it's cut off.

Upload the two reports located in C:\OTL to www.cjoint.com.

Otherwise, please redo the requested operation above ;)

++
0
Answer 16 / 51
JohProd Posted messages 53 Status Member 1
 
Here is the link for the OTL report:

http://cjoint.com/?CEggQ0d5ney

Extra Report:

https://www.cjoint.com/c/CEggU7p1gdO
--
You cut big wood, you know?
0
Answer 17 / 51
H.A.W.X Posted messages 1275 Status Member 72
 
Hello;

Please do this:
~ http://sosvirus.org/viewtopic.php?f=281&t=600&p=3735#p3735

After the PC has restarted, let me know what the status is for the updates.

++
0
Answer 18 / 51
JohProd Posted messages 53 Status Member 1
 
Hello,

Unfortunately, the updates still do not install. Failure.
Error - code 800B0100
- code 9C57.

--
Cutting big wood is tiring.
0
Answer 19 / 51
H.A.W.X Posted messages 1275 Status Member 72
 
Hello,

Check the link below:
~ https://support.microsoft.com/en-us/windows?ui=en-US&rs=en-001&ad=US

If that doesn't work, go to
Control Panel -> Windows Update -> click on View update history to see the latest ones for failures or successes.

Then download the failed updates from the Microsoft website and try to install them in safe mode.

Do what I told you in order and let me know how it goes ;)

++
0
Answer 20 / 51
JohProd Posted messages 53 Status Member 1
 
The updates still cannot be installed.
Even in safe mode (this service cannot be started in safe mode).
I downloaded and installed the updates manually (in normal mode), and I'm being told that the update was not installed.

--
I cut big wood with an axe.
0
  • 1
  • 2
  • 3