Trojan horse - Page 2
Solved
Précédent
- 1
- 2
You are waiting for another CS :)
--
If there is a problem, there is always a solution
~~~~~~ Cs ~~~~~~
--
If there is a problem, there is always a solution
~~~~~~ Cs ~~~~~~
Hello idnoder,
at Lili's request, who has a problem with her PC, I'm taking over to finish the
disinfection of your PC
please do this and post the report
Download roguekiller to your desktop
take this one, look at the image >> click here
The link https://www.luanagames.com/index.fr.html
The tutorial http://tigzyrk.blogspot.be/2012/10/fr-roguekiller-tutoriel-officiel.html
Close all your running programs
Run roguekiller (Vista-W7-W8 users run as administrator - right-click)
Let the prescan run and accept the Eula, see the image >> click here
Click on scan
The report will be displayed on your desktop and in C: RKReport[#].txt
Post the report via copy/paste
thank you
@+
the radiation level is higher at the employment office than at Chernobyl
at Lili's request, who has a problem with her PC, I'm taking over to finish the
disinfection of your PC
please do this and post the report
Download roguekiller to your desktop
take this one, look at the image >> click here
The link https://www.luanagames.com/index.fr.html
The tutorial http://tigzyrk.blogspot.be/2012/10/fr-roguekiller-tutoriel-officiel.html
Close all your running programs
Run roguekiller (Vista-W7-W8 users run as administrator - right-click)
Let the prescan run and accept the Eula, see the image >> click here
Click on scan
The report will be displayed on your desktop and in C: RKReport[#].txt
Post the report via copy/paste
thank you
@+
the radiation level is higher at the employment office than at Chernobyl
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
email: https://www.adlice.com/contact/
Feedback: https://forum.adlice.com/
Website: http://www.surlatoile.org/RogueKiller/
Blog: https://www.adlice.com/
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bit version
Boot Mode: Normal mode
User: Jacques [Admin Rights]
Mode: Scan -- Date: 03/31/2014 18:11:16
| ARK || FAK || MBR |
¤¤¤ Malicious Processes: 0 ¤¤¤
¤¤¤ Registry Entries: 13 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : C-Media Mixer (Mixer.exe /startup [7]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:49167;hxxps=127.0.0.1:49167; [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled Tasks: 2 ¤¤¤
[V1][ROGUE ST] Weather It Up-firefoxinstaller.job : C:\Program Files\Weather It Up\Weather It Up-firefoxinstaller.exe - /installxpi /agentregpath='Weather It Up' /extensionfilepath='C:\Program Files\Weather It Up\49136.xpi' /appid=49136 /srcid='001101' /subid='0' /zdata='0' /bic=466DAF398D184B32823696145A8F0714IE /verifier=9343920cce8629641ebab91953801463 /installerversion=1_34_3_6 /installerfullversion=1.34.3.6 /installationtime=1396248094 /statsdomain=hxxp://stats.srvstatsdata.com /errorsdomain=hxxp://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com /extensionversion=0.94 /prefsbranch=a18c3bc7ab2aa43c1885a665d2f25cf89d6802e5935194428bef7bce888d550bbcom49136 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/49136.rdf /extensionname='Weather It Up' /extensiondesc='Weather it up is a simple browser extension that provides the latest weather information.' /publishername='Phoenix Media' /defbro=ie /allusers /allprofiles /checkfflist /autoupdateulr='hxxp://update.srvstatsdata.com/ff_agent_updates/{CAMP_ID}/update.json' /runfrom='task' /externallog='' [-][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x] -> FOUND
[V2][ROGUE ST] Weather It Up-firefoxinstaller : C:\Program Files\Weather It Up\Weather It Up-firefoxinstaller.exe - /installxpi /agentregpath='Weather It Up' /extensionfilepath='C:\Program Files\Weather It Up\49136.xpi' /appid=49136 /srcid='001101' /subid='0' /zdata='0' /bic=466DAF398D184B32823696145A8F0714IE /verifier=9343920cce8629641ebab91953801463 /installerversion=1_34_3_6 /installerfullversion=1.34.3.6 /installationtime=1396248094 /statsdomain=hxxp://stats.srvstatsdata.com /errorsdomain=hxxp://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com /extensionversion=0.94 /prefsbranch=a18c3bc7ab2aa43c1885a665d2f25cf89d6802e5935194428bef7bce888d550bbcom49136 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/49136.rdf /extensionname='Weather It Up' /extensiondesc='Weather it up is a simple browser extension that provides the latest weather information.' /publishername='Phoenix Media' /defbro=ie /allusers /allprofiles /checkfflist /autoupdateulr='hxxp://update.srvstatsdata.com/ff_agent_updates/{CAMP_ID}/update.json' /runfrom='task' /externallog='' [-][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x] -> FOUND
¤¤¤ Startup Entries: 0 ¤¤¤
¤¤¤ Web Browsers: 0 ¤¤¤
¤¤¤ Browser Addons: 0 ¤¤¤
¤¤¤ Specific Files / Folders: ¤¤¤
¤¤¤ Driver: [LOAD] ¤¤¤
[Address] EAT @explorer.exe (DllCanUnloadNow) : wlanutil.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x735D155F)
[Address] EAT @explorer.exe (DllGetClassObject) : wlanutil.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x735D4852)
[Address] EAT @explorer.exe (DllMain) : wlanutil.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x735D12FB)
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll @ 0x021B4C50)
[Address] IAT @iexplore.exe (LoadLibraryA) : KERNEL32.dll -> HOOKED (C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll @ 0x021B2000)
[Address] IAT @iexplore.exe (LoadLibraryW) : KERNEL32.dll -> HOOKED (C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll @ 0x021B2030)
[Address] IAT @iexplore.exe (LoadLibraryExW) : KERNEL32.dll -> HOOKED (C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll @ 0x021B20B0)
¤¤¤ External Routines: ¤¤¤
¤¤¤ Infection: ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
---> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721616PLA380 ATA Device +++++
--- User ---
[MBR] 681add1742775c3b051c7c13f50a8958
[BSP] 855b5aaea752edba6aa8805dcb802c62 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 157064 MB
User = LL1 ... OK!
User = LL2 ... OK!
Finished: << RKreport[0]_S_03312014_181116.txt >>
Here is the report, I hope everything will be fine....thank you, have a good evening.
--
Jacques
email: https://www.adlice.com/contact/
Feedback: https://forum.adlice.com/
Website: http://www.surlatoile.org/RogueKiller/
Blog: https://www.adlice.com/
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bit version
Boot Mode: Normal mode
User: Jacques [Admin Rights]
Mode: Scan -- Date: 03/31/2014 18:11:16
| ARK || FAK || MBR |
¤¤¤ Malicious Processes: 0 ¤¤¤
¤¤¤ Registry Entries: 13 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : C-Media Mixer (Mixer.exe /startup [7]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:49167;hxxps=127.0.0.1:49167; [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled Tasks: 2 ¤¤¤
[V1][ROGUE ST] Weather It Up-firefoxinstaller.job : C:\Program Files\Weather It Up\Weather It Up-firefoxinstaller.exe - /installxpi /agentregpath='Weather It Up' /extensionfilepath='C:\Program Files\Weather It Up\49136.xpi' /appid=49136 /srcid='001101' /subid='0' /zdata='0' /bic=466DAF398D184B32823696145A8F0714IE /verifier=9343920cce8629641ebab91953801463 /installerversion=1_34_3_6 /installerfullversion=1.34.3.6 /installationtime=1396248094 /statsdomain=hxxp://stats.srvstatsdata.com /errorsdomain=hxxp://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com /extensionversion=0.94 /prefsbranch=a18c3bc7ab2aa43c1885a665d2f25cf89d6802e5935194428bef7bce888d550bbcom49136 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/49136.rdf /extensionname='Weather It Up' /extensiondesc='Weather it up is a simple browser extension that provides the latest weather information.' /publishername='Phoenix Media' /defbro=ie /allusers /allprofiles /checkfflist /autoupdateulr='hxxp://update.srvstatsdata.com/ff_agent_updates/{CAMP_ID}/update.json' /runfrom='task' /externallog='' [-][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x] -> FOUND
[V2][ROGUE ST] Weather It Up-firefoxinstaller : C:\Program Files\Weather It Up\Weather It Up-firefoxinstaller.exe - /installxpi /agentregpath='Weather It Up' /extensionfilepath='C:\Program Files\Weather It Up\49136.xpi' /appid=49136 /srcid='001101' /subid='0' /zdata='0' /bic=466DAF398D184B32823696145A8F0714IE /verifier=9343920cce8629641ebab91953801463 /installerversion=1_34_3_6 /installerfullversion=1.34.3.6 /installationtime=1396248094 /statsdomain=hxxp://stats.srvstatsdata.com /errorsdomain=hxxp://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com /extensionversion=0.94 /prefsbranch=a18c3bc7ab2aa43c1885a665d2f25cf89d6802e5935194428bef7bce888d550bbcom49136 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/49136.rdf /extensionname='Weather It Up' /extensiondesc='Weather it up is a simple browser extension that provides the latest weather information.' /publishername='Phoenix Media' /defbro=ie /allusers /allprofiles /checkfflist /autoupdateulr='hxxp://update.srvstatsdata.com/ff_agent_updates/{CAMP_ID}/update.json' /runfrom='task' /externallog='' [-][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x] -> FOUND
¤¤¤ Startup Entries: 0 ¤¤¤
¤¤¤ Web Browsers: 0 ¤¤¤
¤¤¤ Browser Addons: 0 ¤¤¤
¤¤¤ Specific Files / Folders: ¤¤¤
¤¤¤ Driver: [LOAD] ¤¤¤
[Address] EAT @explorer.exe (DllCanUnloadNow) : wlanutil.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x735D155F)
[Address] EAT @explorer.exe (DllGetClassObject) : wlanutil.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x735D4852)
[Address] EAT @explorer.exe (DllMain) : wlanutil.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x735D12FB)
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll @ 0x021B4C50)
[Address] IAT @iexplore.exe (LoadLibraryA) : KERNEL32.dll -> HOOKED (C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll @ 0x021B2000)
[Address] IAT @iexplore.exe (LoadLibraryW) : KERNEL32.dll -> HOOKED (C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll @ 0x021B2030)
[Address] IAT @iexplore.exe (LoadLibraryExW) : KERNEL32.dll -> HOOKED (C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll @ 0x021B20B0)
¤¤¤ External Routines: ¤¤¤
¤¤¤ Infection: ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
---> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721616PLA380 ATA Device +++++
--- User ---
[MBR] 681add1742775c3b051c7c13f50a8958
[BSP] 855b5aaea752edba6aa8805dcb802c62 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 157064 MB
User = LL1 ... OK!
User = LL2 ... OK!
Finished: << RKreport[0]_S_03312014_181116.txt >>
Here is the report, I hope everything will be fine....thank you, have a good evening.
--
Jacques
re
ok, relaunch roguekiller, let it do the pre-scan then click on scan
when the scan is finished, click on delete and on proxy reset
look at this
delete
proxy reset
post the reports via 1 copy/paste
thank you
@+
the radiation level is higher at the employment agency than at Chernobyl
ok, relaunch roguekiller, let it do the pre-scan then click on scan
when the scan is finished, click on delete and on proxy reset
look at this
delete
proxy reset
post the reports via 1 copy/paste
thank you
@+
the radiation level is higher at the employment agency than at Chernobyl
Hello, there has been a change in my PC, I'm getting ads like (trojan horse) and double icons on my desktop, this morning it's in full form.
Yesterday I did a scan but it's impossible to copy and paste, so I'm doing it manually, there are two lines for Explorer
1st) status(deleted) type(PUM) key type(IE proxy) global(HKEY current user) user(none) key(software\microsoft\windows\current version\internet SE) value(proxy server) data(127.0.0.1;49167;https=127.0.0.1;49167;)
2nd) status(replaced) type(PUM) key type(IE proxy) global(HKEY current user) key(software\microsoft\windows\current version\internetSE) value(proxy enable) data(1).
That's the result, now this morning on my desktop I found three roguekiller reports from last night at 7 PM, they are different if that helps!!!! Have a good day, and thanks again.
--
jacques
Yesterday I did a scan but it's impossible to copy and paste, so I'm doing it manually, there are two lines for Explorer
1st) status(deleted) type(PUM) key type(IE proxy) global(HKEY current user) user(none) key(software\microsoft\windows\current version\internet SE) value(proxy server) data(127.0.0.1;49167;https=127.0.0.1;49167;)
2nd) status(replaced) type(PUM) key type(IE proxy) global(HKEY current user) key(software\microsoft\windows\current version\internetSE) value(proxy enable) data(1).
That's the result, now this morning on my desktop I found three roguekiller reports from last night at 7 PM, they are different if that helps!!!! Have a good day, and thanks again.
--
jacques
Hi idnoder,
yesterday I did the scan but it's impossible to copy and paste, so I'm doing it by hand
try again one more time to post the 3 reports via one copy/paste please
if it doesn't work, host them via cjoint >> https://www.cjoint.com/
thanks
@+
--
the radiation level is higher at the employment center than in Chernobyl
yesterday I did the scan but it's impossible to copy and paste, so I'm doing it by hand
try again one more time to post the 3 reports via one copy/paste please
if it doesn't work, host them via cjoint >> https://www.cjoint.com/
thanks
@+
--
the radiation level is higher at the employment center than in Chernobyl
Hello
Starting tomorrow evening, I can resume :)
Take care
--
If there is a problem, there is always a solution
~~~~~~ Cs ~~~~~~
Starting tomorrow evening, I can resume :)
Take care
--
If there is a problem, there is always a solution
~~~~~~ Cs ~~~~~~
Hi Lili,
Okay, no problem
See you later
--
The radiation level is higher at the employment center than at Chernobyl.
Okay, no problem
See you later
--
The radiation level is higher at the employment center than at Chernobyl.
here is the first of three, Jacques
--
jacquesRogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
email: https://www.adlice.com/contact/
Feedback: https://forum.adlice.com/
Website: http://www.surlatoile.org/RogueKiller/
Blog: https://www.adlice.com/
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32-bit version
Boot: Normal mode
User: Jacques [Admin rights]
Mode: Scan -- Date: 03/31/2014 19:54:36
| ARK || FAK || MBR |
¤¤¤ Malicious Processes: 0 ¤¤¤
¤¤¤ Registry Entries: 2 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings: ProxyServer (hxxp=127.0.0.1:49167;hxxps=127.0.0.1:49167; [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings: ProxyEnable (1) -> FOUND
¤¤¤ Scheduled Tasks: 0 ¤¤¤
¤¤¤ Startup Entries: 0 ¤¤¤
¤¤¤ Web Browsers: 0 ¤¤¤
¤¤¤ Browser Addons: 0 ¤¤¤
¤¤¤ Specific Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
[Address] EAT @explorer.exe (DllCanUnloadNow): wlanutil.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x735D155F)
[Address] EAT @explorer.exe (DllGetClassObject): wlanutil.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x735D4852)
[Address] EAT @explorer.exe (DllMain): wlanutil.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x735D12FB)
¤¤¤ External Traffic: ¤¤¤
¤¤¤ Infection: ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721616PLA380 ATA Device +++++
--- User ---
[MBR] 681add1742775c3b051c7c13f50a8958
[BSP] 855b5aaea752edba6aa8805dcb802c62: Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 157064 MB
User = LL1 ... OK!
User = LL2 ... OK!
Finished: << RKreport[0]_S_03312014_195436.txt >>
RKreport[0]_D_03312014_182539.txt;RKreport[0]_S_03312014_181116.txt
--
jacquesRogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
email: https://www.adlice.com/contact/
Feedback: https://forum.adlice.com/
Website: http://www.surlatoile.org/RogueKiller/
Blog: https://www.adlice.com/
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32-bit version
Boot: Normal mode
User: Jacques [Admin rights]
Mode: Scan -- Date: 03/31/2014 19:54:36
| ARK || FAK || MBR |
¤¤¤ Malicious Processes: 0 ¤¤¤
¤¤¤ Registry Entries: 2 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings: ProxyServer (hxxp=127.0.0.1:49167;hxxps=127.0.0.1:49167; [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings: ProxyEnable (1) -> FOUND
¤¤¤ Scheduled Tasks: 0 ¤¤¤
¤¤¤ Startup Entries: 0 ¤¤¤
¤¤¤ Web Browsers: 0 ¤¤¤
¤¤¤ Browser Addons: 0 ¤¤¤
¤¤¤ Specific Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
[Address] EAT @explorer.exe (DllCanUnloadNow): wlanutil.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x735D155F)
[Address] EAT @explorer.exe (DllGetClassObject): wlanutil.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x735D4852)
[Address] EAT @explorer.exe (DllMain): wlanutil.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x735D12FB)
¤¤¤ External Traffic: ¤¤¤
¤¤¤ Infection: ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721616PLA380 ATA Device +++++
--- User ---
[MBR] 681add1742775c3b051c7c13f50a8958
[BSP] 855b5aaea752edba6aa8805dcb802c62: Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 157064 MB
User = LL1 ... OK!
User = LL2 ... OK!
Finished: << RKreport[0]_S_03312014_195436.txt >>
RKreport[0]_D_03312014_182539.txt;RKreport[0]_S_03312014_181116.txt
here is the second one, Jacques
--
jacquesRogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
email : https://www.adlice.com/contact/
Feedback: https://forum.adlice.com/
Website: http://www.surlatoile.org/RogueKiller/
Blog: https://www.adlice.com/
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32-bit version
Boot: Normal Mode
User: Jacques [Admin Rights]
Mode: Removal -- Date: 03/31/2014 19:54:57
| ARK || FAK || MBR |
¤¤¤ Malicious Processes: 0 ¤¤¤
¤¤¤ Registry Entries: 0 ¤¤¤
¤¤¤ Scheduled Tasks: 0 ¤¤¤
¤¤¤ Startup Entries: 0 ¤¤¤
¤¤¤ Web Browsers: 0 ¤¤¤
¤¤¤ Browser Addons: 0 ¤¤¤
¤¤¤ Specific Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
[Address] EAT @explorer.exe (DllCanUnloadNow): wlanutil.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x735D155F)
[Address] EAT @explorer.exe (DllGetClassObject): wlanutil.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x735D4852)
[Address] EAT @explorer.exe (DllMain): wlanutil.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x735D12FB)
¤¤¤ External Routines: ¤¤¤
¤¤¤ Infection: ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Verification: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721616PLA380 ATA Device +++++
--- User ---
[MBR] 681add1742775c3b051c7c13f50a8958
[BSP] 855b5aaea752edba6aa8805dcb802c62: Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 157064 MB
User = LL1 ... OK!
User = LL2 ... OK!
Finished: << RKreport[0]_D_03312014_195454.txt >>
RKreport[0]_D_03312014_182539.txt;RKreport[0]_S_03312014_181116.txt;RKreport[0]_S_03312014_195436.txt
--
jacquesRogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
email : https://www.adlice.com/contact/
Feedback: https://forum.adlice.com/
Website: http://www.surlatoile.org/RogueKiller/
Blog: https://www.adlice.com/
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32-bit version
Boot: Normal Mode
User: Jacques [Admin Rights]
Mode: Removal -- Date: 03/31/2014 19:54:57
| ARK || FAK || MBR |
¤¤¤ Malicious Processes: 0 ¤¤¤
¤¤¤ Registry Entries: 0 ¤¤¤
¤¤¤ Scheduled Tasks: 0 ¤¤¤
¤¤¤ Startup Entries: 0 ¤¤¤
¤¤¤ Web Browsers: 0 ¤¤¤
¤¤¤ Browser Addons: 0 ¤¤¤
¤¤¤ Specific Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
[Address] EAT @explorer.exe (DllCanUnloadNow): wlanutil.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x735D155F)
[Address] EAT @explorer.exe (DllGetClassObject): wlanutil.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x735D4852)
[Address] EAT @explorer.exe (DllMain): wlanutil.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0x735D12FB)
¤¤¤ External Routines: ¤¤¤
¤¤¤ Infection: ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Verification: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721616PLA380 ATA Device +++++
--- User ---
[MBR] 681add1742775c3b051c7c13f50a8958
[BSP] 855b5aaea752edba6aa8805dcb802c62: Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 157064 MB
User = LL1 ... OK!
User = LL2 ... OK!
Finished: << RKreport[0]_D_03312014_195454.txt >>
RKreport[0]_D_03312014_182539.txt;RKreport[0]_S_03312014_181116.txt;RKreport[0]_S_03312014_195436.txt
now the third one, thank you, Jacques
--
jacquesRogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
email: https://www.adlice.com/contact/
Feedback: https://forum.adlice.com/
Website: http://www.surlatoile.org/RogueKiller/
Blog: https://www.adlice.com/
Operating system: Windows Vista (6.0.6002 Service Pack 2) 32 bit version
Boot mode: Normal
User: Jacques [Admin rights]
Mode: Proxy RAZ -- Date: 03/31/2014 19:55:02
| ARK || FAK || MBR |
¤¤¤ Malicious processes: 0 ¤¤¤
¤¤¤ Registry entries: 2 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings: ProxyServer (hxxp=127.0.0.1:49167;hxxps=127.0.0.1:49167; [Country: (Private Address) (XX), City: (Private Address)]) -> DELETED
[PROXY IE][PUM] HKCU\[...]\Internet Settings: ProxyEnable (1) -> REPLACED (0)
¤¤¤ Web browsers: 0 ¤¤¤
¤¤¤ Driver: [LOAD] ¤¤¤
¤¤¤ External hives: ¤¤¤
¤¤¤ Infection: ¤¤¤
Finished: << RKreport[0]_PR_03312014_195500.txt >>
RKreport[0]_D_03312014_182539.txt;RKreport[0]_D_03312014_195454.txt;RKreport[0]_S_03312014_181116.txt
RKreport[0]_S_03312014_195436.txt
--
jacquesRogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
email: https://www.adlice.com/contact/
Feedback: https://forum.adlice.com/
Website: http://www.surlatoile.org/RogueKiller/
Blog: https://www.adlice.com/
Operating system: Windows Vista (6.0.6002 Service Pack 2) 32 bit version
Boot mode: Normal
User: Jacques [Admin rights]
Mode: Proxy RAZ -- Date: 03/31/2014 19:55:02
| ARK || FAK || MBR |
¤¤¤ Malicious processes: 0 ¤¤¤
¤¤¤ Registry entries: 2 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings: ProxyServer (hxxp=127.0.0.1:49167;hxxps=127.0.0.1:49167; [Country: (Private Address) (XX), City: (Private Address)]) -> DELETED
[PROXY IE][PUM] HKCU\[...]\Internet Settings: ProxyEnable (1) -> REPLACED (0)
¤¤¤ Web browsers: 0 ¤¤¤
¤¤¤ Driver: [LOAD] ¤¤¤
¤¤¤ External hives: ¤¤¤
¤¤¤ Infection: ¤¤¤
Finished: << RKreport[0]_PR_03312014_195500.txt >>
RKreport[0]_D_03312014_182539.txt;RKreport[0]_D_03312014_195454.txt;RKreport[0]_S_03312014_181116.txt
RKreport[0]_S_03312014_195436.txt
Hi Jacques,
let me know how the PC is doing
thanks
@+
--
the radiation level is higher at the job center than at Chernobyl
let me know how the PC is doing
thanks
@+
--
the radiation level is higher at the job center than at Chernobyl
Hello, I waited this morning to see how it worked. So, one minute to access the Orange portal, then it is a bit faster but still slow. I have new ads appearing right now (Groupon which I don't know!!) and Bubble Dock at startup. For the rest, I'll see today. I can no longer access Facebook even through YouTube. I removed Chrome to see if it worked better but with no results, I’ll be able to put it back. That's where I stand for now. This morning I have work to do in the workshop so I’ll check around noon how it’s working. Thank you, have a good day. Jacques
--
jacques
--
jacques
Hi Jacques,
please do this and post the report
the link to host/post the report >> https://www.cjoint.com/
the software to run on your PC >> http://www.sosvirus.net/canned-speech-shortcut-module-t613.html
thank you
see you
--
the radiation level is higher at the employment agency than at Chernobyl
please do this and post the report
the link to host/post the report >> https://www.cjoint.com/
the software to run on your PC >> http://www.sosvirus.net/canned-speech-shortcut-module-t613.html
thank you
see you
--
the radiation level is higher at the employment agency than at Chernobyl
Good evening, I think the (Trojans have landed) my computer is no longer working, I have ads continuously, the more I clean it, the less it works, I contacted sosvirus and I'm waiting, but since it's a forum I don't see what they're going to do better!! Can you tell me if it's possible to fix this problem (a month ago my computer doctor told me it was dead) thank you for your reply, Jacques
--
jacques
--
jacques
Hi Jacques,
I contacted sosvirus and I'm waiting
Let me know if you're registered on the site, as I don't see the username you use on CCM
WARNING, you must not follow two disinfections simultaneously (risk of crashing the PC)
If you haven't followed any instructions on sosvirus yet, try running
Shortcut_Module in safe mode with network support
http://www.sosvirus.net/mode-sans-echec-canned-speech-mode-sans-echec-t1391.html
Awaiting your response
Thank you
@+
--
The radiation level is higher at the employment agency than at Chernobyl.
I contacted sosvirus and I'm waiting
Let me know if you're registered on the site, as I don't see the username you use on CCM
WARNING, you must not follow two disinfections simultaneously (risk of crashing the PC)
If you haven't followed any instructions on sosvirus yet, try running
Shortcut_Module in safe mode with network support
http://www.sosvirus.net/mode-sans-echec-canned-speech-mode-sans-echec-t1391.html
Awaiting your response
Thank you
@+
--
The radiation level is higher at the employment agency than at Chernobyl.
Hi, I didn't use sosvirus for disinfection, I'm waiting for a response, but I just went into (safe mode without results) I found a screen with my icons but nothing worked so I went back to normal mode and everything went back to normal, so for now no disinfection, well I’m not working on my computer, you know! At 77 years old it's retirement, but the computer passes the time, have a good evening, Jacques
--
jacques
--
jacques
Hi Jacques,
let me know if you managed to execute Shortcut_Module on your PC
thanks
@+
--
the radiation level is higher at the unemployment office than in Chernobyl
let me know if you managed to execute Shortcut_Module on your PC
thanks
@+
--
the radiation level is higher at the unemployment office than in Chernobyl
Good evening, no, I wasn't able to succeed, and as on sosvirus, el desaparecido asked me to download OTL from Old Timer (which I couldn't place on my desktop, but I did the analysis that I sent) (I will try once again to put it on the desktop). It's not easy because when I'm on a page, ads pop up on their own, which is very annoying. My identification on sosvirus is (lenuleninformatique) and that's true. Have a good evening, Jacques.
Hello lilidurhone, for me it's not resolved at all, on the contrary I have two additional viruses, and there (sosvirus) they don't do much or I don't know how to get it to work!! I don't know what to do anymore because I switch pages and I get an ad, if I try to access a site IE does not respond, how can I do a complete cleanup once and for all? Have a nice day Jacques
--
jacques
--
jacques
Précédent
- 1
- 2