View original (French)

Persistent malware

Solved
caffard -  
Fish66 Posted messages 18337 Status Contributeur sécurité -
Hello,

I have several persistent malware. I have used Spybot, Malwarebytes, and Iobit, but my homepage always remains on www-searching.com. Does anyone know what to do
? Thank you

Configuration: Windows / Chrome 45.0.2454.101

6 réponses

Réponse 1 / 6
Buenos74 Posted messages 5252 Registration date   Status Membre Last intervention   850
 
Hello,

go to the Chrome settings and set it to "default"

--
"I am the Lizard King............... I can do everything"
Jim Morrison (RIP)
0
Réponse 2 / 6
Fish66 Posted messages 18337 Status Contributeur sécurité 1 318
 
Hello,
I advise you to uninstall Spybot! It is not effective...
----------
1/
You have installed adware and unwanted programs on your PC.
-------------------------------
Download: AdwCleaner (thanks to Xplode)
Run AdwCleaner
Click on Scan then Clean, and wait for the cleaning process to finish.
Post the report that appears at the end of the search.
(The report is also saved under C:\AdwCleaner\AdwCleaner[x].txt)
----------------------------
To avoid having ads and toolbars, you can read this: https://forum.malekal.com/viewtopic.php?t=33776&start=

2/
[*] Download and save ZHPCleaner on your desktop from this link: https://nicolascoolman.eu
<[*] Run it by right-clicking and choosing "Run as administrator"
[*] Accept the terms of use,
[*] Click on the [Clean] button
[*] Accept all proposed repairs
[*] A report ZHPCleaner.txt will be created on the desktop
[*] Click on Report if you don't see the report, a copy (%appdata%\ZHP\ZHPCleaner.txt) will open,
[*] Host this report on: http://pjjoint.malekal.com/ or https://www.cjoint.com/
[*] Copy/Paste the generated link in your response.

3/
[*] Download: Farbar Recovery Scan Tool (FRST) from
this link: https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
[*] Save it on your desktop (You must run the version compatible with your system 32 bits or 64 bits)
==> How to know which 32-bit or 64-bit version is running on my system?
[*] Launch FRST, run as administrator under Windows: 7/8 and Vista
[*] In the main menu, make sure the "Addition.txt" box is checked then click on "Scan" and wait for the analysis to complete



[*] Once the scan is complete, go to your desktop, two reports FRST.txt and Addition.txt have been created.
[*] Host the FRST.txt and Addition.txt reports on your desktop on: malekal.com
[*] Copy/Paste the provided links in your next response.

==> Help: <<<HERE>>>

@+

--
¤¤¤ The best remedy for all problems is patience.... ¤¤¤
0
caffard
 
Thank you fish for your reply. Adwcleaner crashes during the cleaning process, causing my computer to restart. As for the rest, here are the reports

addition: http://pjjoint.malekal.com/files.php?id=20151009_15p6g9s13l14

Frst: http://pjjoint.malekal.com/files.php?id=FRST_20151009_t10f10o14m14g8

zhp:http://pjjoint.malekal.com/files.php?id=20151009_v13c11o7x10k15
0
Réponse 3 / 6
Fish66 Posted messages 18337 Status Contributeur sécurité 1 318
 
Hello, 
adwcleaner crashes during cleaning which causes my computer to restart.

If needed, we will relaunch ADWCleaner later.. :-)
1/
Correction to perform with FRST:
Warning: These instructions are only for this computer. They should not be applied to another one as it may cause damage

[*] From this link: http://upload.sosvirus.net/download/ejtldke10w6xmh0m4etjg6bf54kmpy7p2x2vjhrz
[*] Download and save this file as Fixlist.txt on your PC desktop
[*] On your desktop, you have the text file(fixlist.txt & FRST.exe)
[*] Launch FRST, "run as administrator" under Windows Vista, Windows Seven, and Windows 8/8.1
[*] Click on "Fix"
[*] A text file appears, copy/paste the content here in a new message.
[*] Restart the computer.
[*] ===> Help: <<<HERE>>>


2/
[*] Temporarily disable your antivirus.
[*] Download: Zoek.exe on your desktop
[*] Close all running applications, then launch Zoek.exe
[*] Under Windows Vista/Seven/8/10, right-click on Zoek.exe then Run as administrator
[*] Copy all the content from the frame below, right-click on the selected area and choose Copy 

createsrpoint;
ipconfig /flushdns >> C:\zoek-results.log;b
chrdefaults;
ffdefaults;
iedefaults; 
resethosts;
emptyclsid;
emptyfolderscheck;delete
emptyalltemp;
autoclean;


[*] Then paste the previously copied lines into the Zoek window



[*] Then click on the [b]Run Script/b button. Wait a moment.
[*] At the end of the scan, the PC will restart.
[*] A report is generated here: [b]C:\zoek-result.log/b.
[*] Upload this report on: SOSUpload to post the link in your next reply.

@+

--
¤¤¤ The best remedy for all problems is patience.... ¤¤¤
0
caffard Posted messages 51 Status Membre
 
Thank you again for your help

FRST:

Fix result of Farbar Recovery Scan Tool (x64) Version:08-10-2015
Ran by Dell (2015-10-09 21:17:17) Run:1
Running from C:\Users\Dell\Desktop
Loaded Profiles: Dell & (Available Profiles: Dell & Richard & marti_000 & Guest)
Boot Mode: Normal
==============================================

fixlist content:

start
CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-1607932518-1379288269-329845671-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
2015-10-01 18:21 - 2015-02-15 12:57 - 00000464 _____ C:\Windows\system32\ScannerSettings
2014-12-30 14:28 - 2014-12-30 14:28 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-11-19 03:27 - 2014-11-19 03:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Task: {18C515FD-60A2-426A-B48D-001F9F289F95} - \avaxvyyvyf -> No File <==== ATTENTION
Task: {D0B225F4-12FD-481D-9DE0-65955153CF16} - \avaxvavya -> No File <==== ATTENTION
Task: {D195E8F6-CE30-47FC-9652-C07B1022F694} - \avayvxvaxc -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\marti_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Richard\Desktop\Facebook.website:TASKICON_0news-1751121550
AlternateDataStreams: C:\Users\Richard\Desktop\Facebook.website:TASKICON_1messages-431041656
AlternateDataStreams: C:\Users\Richard\Desktop\Facebook.website:TASKICON_2events-250898981
AlternateDataStreams: C:\Users\Richard\Desktop\Facebook.website:TASKICON_3friends-215113587

EmptyTemp:
end


Restore point was successfully created.
HKU\S-1-5-21-1607932518-1379288269-329845671-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Windows\system32\ScannerSettings => moved successfully
C:\ProgramData\Ament.ini => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18C515FD-60A2-426A-B48D-001F9F289F95}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18C515FD-60A2-426A-B48D-001F9F289F95}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaxvyyvyf => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0B225F4-12FD-481D-9DE0-65955153CF16}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0B225F4-12FD-481D-9DE0-65955153CF16}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaxvavya => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D195E8F6-CE30-47FC-9652-C07B1022F694}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D195E8F6-CE30-47FC-9652-C07B1022F694}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avayvxvaxc => key not found.
"C:\Users\marti_000\OneDrive" => ":ms-properties" ADS not found.
C:\Users\Richard\Desktop\Facebook.website => ":TASKICON_0news-1751121550" ADS removed successfully.
C:\Users\Richard\Desktop\Facebook.website => ":TASKICON_1messages-431041656" ADS removed successfully.
C:\Users\Richard\Desktop\Facebook.website => ":TASKICON_2events-250898981" ADS removed successfully.
C:\Users\Richard\Desktop\Facebook.website => ":TASKICON_3friends-215113587" ADS removed successfully.
EmptyTemp: => 4.4 GB temporary data Removed.


The system needed a reboot..

End of Fixlog 21:24:22

Zoek:

http://upload.sosvirus.net/download/v32w4gdj44q3v3e2ba6bzyoo18lv174ommyjcbek
0
Réponse 4 / 6
Fish66 Posted messages 18337 Status Contributeur sécurité 1 318
 
Hello,
Download Eset Nod32:
http://download.eset.com/special/eos/esetsmartinstaller_eng.exe
  • Run the file
  • Accept the terms
  • Allow the program to access the Internet
  • Click on advanced settings to open the menu and select the options (by default the scanner scans your entire computer)
  • Downloading signatures


It is recommended to disable your antivirus so as not to slow down the scan and to avoid alert messages!
  • The scan starts right after the download
  • Generate the report
  • Click on the list of detected threats and then on export to a text file...

You can save it on your desktop by giving it a name. Post the report on the forum.
If the report is not on the desktop check here ==> C:\Program Files\EsetOnlineScanner\log.txt

To help you here is a tutorial written by dorgane:
https://www.commentcamarche.net/faq/29643-scanner-en-ligne-avec-eset-nod32

See you later

--
¤¤¤ The best remedy for all problems is patience.... ¤¤¤
0
caffard
 
Thank you for your help again. Here is the report:
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\sma.exe.vir a variant of Win64/SBWatchman.B potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smci32.dll.vir a variant of Win32/SBWatchman.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smci64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smi32.exe.vir a variant of Win32/SBWatchman.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smi64.exe.vir a variant of MSIL/SBWatchman.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smu.exe.vir a variant of Win64/SBWatchman.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\SMUninstall.exe.vir a variant of Win32/SpeedBit.G potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smw.sys.vir a variant of Win64/SBWatchman.C potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe.vir a variant of Win32/AlteredSoftware.I potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe.vir a variant of Win32/Toolbar.CrossRider.CZ potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\chrmstp.exe.vir a variant of Win32/AlteredSoftware.K possibly unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\chrome.7z.vir a variant of Win32/AlteredSoftware.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\setup.exe.vir a variant of Win32/AlteredSoftware.K potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DailyPcClean Support\DailyPCClean.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AS application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DailyPcClean Support\predm.exe.vir a variant of Win32/Adware.EoRezo.AZ application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\OLBPre\OLBPre.exe.vir a variant of MSIL/MyPCBackup.G potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PhraseProfessor_1.10.0.24\Service\ppsvc.exe.vir a variant of Win32/Adware.Vitruvian.F application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PhraseProfessor_1.10.0.24\Update\PhraseProfessorAutoUpdateClient.exe.vir a variant of MSIL/Adware.Vitruvian.A application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe.vir a variant of Win32/Systweak.R potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dell\AppData\Local\BrowserAir\Application\updater.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dell\AppData\Local\DeskBar\dblaunch.exe.vir a variant of Win32/Goobzo.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dell\AppData\Local\DeskBar\2.6.5.0\DeskBar.exe.vir a variant of MSIL/Goobzo.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dell\AppData\Local\wincheck\Uninstall.exe.vir Win32/Adware.ConvertAd.AQ application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dell\AppData\Local\wincheck\wincheck.exe.vir a variant of Win32/Adware.ConvertAd.L application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dell\AppData\Roaming\SoftwareUpdater\SoftwareUpdater.exe.vir Win32/Adware.ConvertAd.AQ application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dell\AppData\Roaming\SoftwareUpdater\surunasu.exe.vir a variant of Win32/Adware.ConvertAd.PO application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dell\AppData\Roaming\SoftwareUpdater\SUsrv.exe.vir a variant of Win32/Adware.AdService.A cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dell\AppData\Roaming\SoftwareUpdater\Uninstall.exe.vir Win32/Adware.ConvertAd.AQ application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dell\AppData\Roaming\SoftwareUpdater\UpdateNotifier.exe.vir a variant of Win32/Adware.ConvertAd.N cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\avaavaevy\avaavaevy.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\avaavaevy\pbqrmvbub.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\avaavxvyex\avaavxvyex.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\avaavxvyex\pbqrmvbub.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\avabvbxvh\avabvbxvh.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\avabvbxvh\pbqrmvbub.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\avabvbyvyc\avabvbyvyc.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\avabvbyvyc\pbqrmvbub.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\avabvexvac\avabvexvac.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\avabvexvac\pbqrmvbub.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\avabvyxvdy\avabvyxvdy.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\avabvyxvdy\pbqrmvbub.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\avaxvavya\avaxvavya.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\avaxvavya\pbqrmvbub.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\avayvaxvaa\avayvaxvaa.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\bvxvbvef\bvxvbvef.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\bvxvbvef\pbqrmvbub.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\avaavaevy\avaavaevy.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\avaavaevy\pbqrmvbub.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\avaavxvyex\avaavxvyex.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\avaavxvyex\pbqrmvbub.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\avabvbavad\avabvbavad.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\avabvbavad\pbqrmvbub.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\avabvbxvh\avabvbxvh.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\avabvbxvh\pbqrmvbub.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\avabvdxvy\avabvdxvy.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\avabvdxvy\pbqrmvbub.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\avabvexvac\avabvexvac.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\avabvexvac\pbqrmvbub.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\avabvyxvdy\avabvyxvdy.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\avabvyxvdy\pbqrmvbub.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\avaxvavya\avaxvavya.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\avaxvavya\pbqrmvbub.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\avayvaxvaa\avayvaxvaa.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\avayvaxxvae\avayvaxxvae.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\avayvaxxvae\pbqrmvbub.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\bvxvbvef\bvxvbvef.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Users\Richard\AppData\Local\bvxvbvef\pbqrmvbub.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Windows\apppatch\apppatch64\vcldr64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Windows\apppatch\nbin\VC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Windows\SysNative\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Windows\SysNative\drivers\ppfd_vt_1_10_0_24.sys.vir a variant of Win64/NetFilter.A potentially dangerous application cleaned by deletion - quarantined
C:\AdwCleaner\Quarantine\C\Windows\SysNative\drivers\ppfd_vw_1_10_0_24.sys.vir a variant of Win64/NetFilter.A potentially dangerous application cleaned by deletion - quarantined
C:\Users\Dell\AppData\Roaming\ZHP\Quarantine\eFixPro (1).exe Win32/ReImageRepair.G potentially unwanted application cleaned by deletion - quarantined
C:\Users\Dell\AppData\Roaming\ZHP\Quarantine\eFixPro (2).exe Win32/ReImageRepair.G potentially unwanted application cleaned by deletion - quarantined
C:\Users\Dell\AppData\Roaming\ZHP\Quarantine\eFixPro.exe Win32/ReImageRepair.G potentially unwanted application cleaned by deletion - quarantined
C:\Users\Dell\AppData\Roaming\ZHP\Quarantine\pc-cleaner-417.exe multiple threats cleaned by deletion - quarantined
C:\Users\Dell\AppData\Roaming\ZHP\Quarantine\VOPackage[1].exe a variant of Win32/Adware.ConvertAd.KZ.gen application cleaned by deletion - quarantined
C:\Users\Guest\Downloads\supereasy_driver_updater_1.1.1_7870.exe a variant of Win32/Systweak.R potentially unwanted application deleted - quarantined
0
Réponse 5 / 6
Fish66 Posted messages 18337 Status Contributeur sécurité 1 318
 
Hello,

Do you still have problems with this PC?

See you later

--
¤¤¤ The best remedy for all problems is patience.... ¤¤¤
0
Caffard
 
Everything seems perfect to me now. Thank you so much, it's greatly appreciated.
0
Réponse 6 / 6
Fish66 Posted messages 18337 Status Contributeur sécurité 1 318
 
Sure! :-)
--------
To finish:
  • Avoid downloading software from dubious sites (Softonic; 01Net, télécharger.com,....) and when installing software, especially free ones, make sure there are no pre-checked boxes indicating the acceptance of the installation of unwanted software, adware, and toolbars.
  • Download Delfix to your desktop from one of the two links:


https://toolslib.net/downloads/viewdownload/2-delfix/
or
https://www.commentcamarche.net/telecharger/securite/7111-delfix/

Check the following boxes:
[*] Reactivate Uac (just for Vista, Seven, and W8)
[*] Remove disinfection tools (checked by default)
[*] Clean up system restore

Then click on Run and wait during the cleanup process.
When the procedures are completed, the tool will close and disappear from the desktop
A report is saved in the clipboard: you just need to right-click and "paste" in your next reply to send me the report
the report is stored at this location: C:\DelFix.txt

Warning: The report is unique and is deleted each time one or more options of DelFix are re-executed.
===========================================

Updatechecker:
Download: updatechecker to indicate the software that is not up to date and also allows you to perform these updates
You can use it once a week

===========================================

Cleaning files and registry keys
Download and install: CCleaner Slim version
Run it (right-click "run as administrator" for Vista and Seven) Go to Options then
Advanced and uncheck the box Clear only files etc....
Go to Cleaner, choose Analyze. Once finished, run the cleanup.
Then, choose Registry, then Search for issues. Once finished, fix all issues as many times as it finds during the scan.
Help here: https://www.malekal.com/tutoriel-ccleaner/

You can use CCleaner once a week
===========================================

Advice:
1/ I recommend using the Firefox or Google Chrome browser and installing the add-ons: WOT to indicate dubious files and Adblock Plus to block ads...
Firefox:
==> WOT: https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/
==> Adblock Plus: https://addons.mozilla.org/fr/firefox/addon/adblock-plus/

Google Chrome:
==> WOT: https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp?hl=fr
==> Adblock Plus: https://chrome.google.com/webstore/detail/adblock-plus/nbiebjbkiionlickgdcjohfonfifmlin?hl=fr

2/ You can keep Malwarebytes and use it once a week.

3/ A bit of reading:
The dangers of Peer-To-Peer, Emule, etc...
How to Secure your computer...
Why and how I get infected
Why keep your browser updated
-------------
1 report (Delfix) to send me

See you later

--
¤¤¤ The best remedy for all problems is patience.... ¤¤¤
0
caffard
 
et voilà :# DelFix v1.011 - Fichier journal créé le 13/10/2015 à 05:15:05
# Mis à jour le 18/08/2015 par Xplode
# Nom d'utilisateur : Dell - CAROLLE
# Système d'exploitation : Windows 8.1 (64 bits)

~ Activation de l'UAC ... OK

~ Suppression des outils de désinfection ...

Supprimé : C:\FRST
Supprimé : C:\zoek_backup
Supprimé : C:\AdwCleaner
Supprimé : C:\zoek-results.log
Supprimé : C:\Users\Dell\Desktop\Addition.txt
Supprimé : C:\Users\Dell\Desktop\adwcleaner_5.011.exe
Supprimé : C:\Users\Dell\Desktop\Fixlog.txt
Supprimé : C:\Users\Dell\Desktop\FRST.txt
Supprimé : C:\Users\Dell\Desktop\FRST64.exe
Supprimé : C:\Users\Dell\Desktop\ZHPCleaner.lnk
Supprimé : C:\Users\Dell\Desktop\ZHPCleaner.txt
Supprimé : C:\Users\Dell\Desktop\zoek.exe
Supprimé : C:\Users\Dell\Downloads\esetsmartinstaller_fra.exe
Supprimé : C:\Users\Dell\Downloads\FRST.exe
Supprimé : C:\Users\Dell\Downloads\HijackThis.exe
Supprimé : C:\Users\Dell\Downloads\ZHPCleaner.exe
Supprimé : HKLM\SOFTWARE\AdwCleaner

~ Nettoyage du point de restauration système ...

Supprimé : RP #54 [Point de restauration créé par FRST | 10/10/2015 01:17:20]
Supprimé : RP #55 [point de restauration zoek.exe | 10/10/2015 01:39:34]

Nouveau point de restauration créé !

########## - EOF - ##########
0
Fish66 Posted messages 18337 Status Contributeur sécurité 1 318
 
We’re done.. Be careful and have a good surf.. :-)
0