Solved infection on Windows 7 Acer Starter laptop + SD cards problems

C

conrad-boy

New Member
Thread author
Verified
Aug 7, 2016
15
Hello all,

In opposite to actual disinfection of my compaq win 10 desktop pc with his cucuntu's dualboot/grub's problems in this topic in BleepingComputer:
infected by speedbit search - Virus, Trojan, Spyware, and Malware Removal Logs

I go for my sd cards and my win 7 acer starter edition laptop here on MalwareTips to ask help:

Hello,


when i had installed cyberlink powerdvd 17 the april 16th and cyberlink media suite 15 the june 10th on suspicious site on my notebook, the installer installes pc clean plus, hd wallpaper, social2search, ...


all my sd/micro sd drives plugged on this notebook:


after makes bootables my sd:
-the sdxc 512 gb converted into "windows 7 password reset disk" -> the bug of this card after makes this card into "windows 7 password reset disk" is: suspiciout to takes videos/photos with my camera with this card
-the sdxc 64 gb converted into raspbian os for my future raspberry pi -> the bug of this card after makes this card into "raspbian" is: the 64 gb transformed to 10 MB partition + impossibility to takes videos/photos with my camera with this card
-the sd 4 go converted into win 10 installation with win usb -> the bug of this card after makes this card into windows installer is: suspicions to boot error & to takes videos/photos with my camera with this card

-the micro sdxc 128 Gb boots on framakey mint, but is suspicious to takes videos with my caméra with this card after makes this bootable into framakey mint


becauses i want to know if to simultaneous makes bootables and take pictures/videos with the same card,

because the norms for types of formats of theses drives to makes bootables and takes videos/photos,

because interests for the multi-work universal card (bootable + camera compatibility on same card simultaneous)


when create the "password reset sd card" with windows password tools the sd formated,

where is the solutions ? for change sd formats without data loss/convert sd partition without formating ?


Bizarre...


the adsfix (whichs uninstalled registry 1st aid/smart privacy cleaner/solvusoft) and usbfix (for my sd drives) is here:

adsfix AdsFix-24-05-2017-18-40-19.txt

usbfix UsbFix-Report.txt


under this actual post the copy of adsfix/frst logs attached:

The usbfix won't attached because too long, but this usbfix log is on cjoint.com on this thread

Thanks...
 

Attachments

  • GEzeUb53yGO_AdsFix-24-05-2017-18-40-19.txt
    24.1 KB · Views: 0
  • FRST.txt
    104.1 KB · Views: 2
  • Addition.txt
    54.5 KB · Views: 1
C

conrad-boy

New Member
Thread author
Verified
Aug 7, 2016
15
...and finally the Roguekiller log:
 

Attachments

  • RKreport_DEL_notebook acer 12 Juin 2017.txt
    933.8 KB · Views: 0
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,


adwcleaner_new.png
Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.
  • Right-click on
    adwcleaner_new.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner
 
C

conrad-boy

New Member
Thread author
Verified
Aug 7, 2016
15
# AdwCleaner v6.047 - Rapport créé le 17/06/2017 à 07:07:09
# Mis à jour le 19/05/2017 par Malwarebytes
# Base de données : 2017-06-16.2 [Serveur]
# Système d'exploitation : Windows 7 Starter Service Pack 1 (X86)
# Nom d'utilisateur : widen-finalis - YOUCAM8WAIT
# Exécuté depuis : C:\Users\widen-finalis\Desktop\adwcleaner_6.047.exe
# Mode: Nettoyage
# Support : Customer Support & Help Center



***** [ Services ] *****

[-] Service supprimé: CCManagementService
[-] Service supprimé: Lace514
[-] Service supprimé: OtherSearch


***** [ Dossiers ] *****

[-] Dossier supprimé: C:\ProgramData\51172d06-07d3-1
[-] Dossier supprimé: C:\ProgramData\51172d06-47a7-1
[#] Dossier supprimé au redémarrage: C:\Users\widen-finalis\AppData\Local\Systweak
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Local\WebDiscoverBrowser
[#] Dossier supprimé au redémarrage: C:\Users\widen-finalis\AppData\Local\Systweak\Advanced System Protector
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Local\AppTrailers
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Local\CompuClever
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Local\AdvinstAnalytics
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\LocalLow\IObit\Advanced SystemCare
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\PC Clean Plus
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\System Healer
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Systweak
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Event Monitor
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\HDWallPaper
[#] Dossier supprimé au redémarrage: C:\Users\widen-finalis\AppData\Roaming\Systweak\Advanced System Protector
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\VDI
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\AppTrailers
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\MediaPlayAir
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\CompuClever
[#] Dossier supprimé au redémarrage: C:\Users\widen-finalis\AppData\Roaming\VDI\Shared\Product Updater
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Interstatnogui
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\IObit\Advanced SystemCare
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\devnull
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppTrailers
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaPlayAir
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CompuClever
[-] Dossier supprimé: C:\ProgramData\Systweak
[#] Dossier supprimé au redémarrage: C:\ProgramData\Systweak\Advanced System Protector
[-] Dossier supprimé: C:\ProgramData\CompuClever
[-] Dossier supprimé: C:\ProgramData\Auslogics
[-] Dossier supprimé: C:\ProgramData\IObit\ASCDownloader
[-] Dossier supprimé: C:\ProgramData\IObit\Advanced SystemCare
[#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\Systweak
[#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\Systweak\Advanced System Protector
[#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\CompuClever
[#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\Auslogics
[#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\IObit\ASCDownloader
[#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\IObit\Advanced SystemCare
[-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
[-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Clean Plus
[-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
[-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDWallPaper
[-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
[-] Dossier supprimé: C:\Program Files\Advanced System Protector
[-] Dossier supprimé: C:\Program Files\ByteFence
[-] Dossier supprimé: C:\Program Files\MalwareProtectionLive
[-] Dossier supprimé: C:\Program Files\PC Clean Plus
[-] Dossier supprimé: C:\Program Files\SystemHealer
[-] Dossier supprimé: C:\Program Files\WebDiscoverBrowser
[-] Dossier supprimé: C:\Program Files\WinZip Registry Optimizer
[-] Dossier supprimé: C:\Program Files\HDWallPaper
[-] Dossier supprimé: C:\Program Files\Auslogics
[-] Dossier supprimé: C:\Program Files\pccleanplus
[-] Dossier supprimé: C:\Program Files\Common Files\IObit\Advanced SystemCare
[-] Dossier supprimé: C:\Windows\system32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
[-] Dossier supprimé: C:\Windows\system32\config\systemprofile\AppData\LocalLow\IObit\Advanced SystemCare


***** [ Fichiers ] *****

[-] Fichier supprimé: C:\Windows\system32\drivers\6b4c20a654a2c242ad84fe4edf2c5a72.sys
[-] Fichier supprimé: C:\Users\widen-finalis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 10.lnk
[-] Fichier supprimé: C:\Users\widen-finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Protection Live.lnk
[-] Fichier supprimé: C:\Users\widen-finalis\Desktop\MediaPlayAir.lnk
[-] Fichier supprimé: C:\END
[-] Fichier supprimé: C:\Users\Public\Desktop\WinZip Registry Optimizer.lnk
[-] Fichier supprimé: C:\Users\Public\Desktop\Launch System Healer.lnk
[-] Fichier supprimé: C:\Users\Public\Desktop\PC Clean Plus.lnk
[-] Fichier supprimé: C:\Users\Public\Desktop\HDWallPaper.lnk
[-] Fichier supprimé: C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
[-] Fichier supprimé: C:\Windows\system32\sasnative32.exe
[-] Fichier supprimé: C:\Windows\system32\drivers\NetUtils2016.sys
[-] Fichier supprimé: C:\Windows\system32\drivers\Lace_wpf_x86.sys


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Raccourcis ] *****



***** [ Tâches planifiées ] *****

[-] Tâche supprimée: Start WinZip Registry Optimizer for youcam8wait@widen-finalis(logon)
[-] Tâche supprimée: FreeDownloadManagerNetworkMonitor


***** [ Registre ] *****

[-] Clé supprimée: HKLM\SOFTWARE\Classes\DiskDoctorChecker.DiskChecker
[-] Clé supprimée: HKLM\SOFTWARE\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
[-] Clé supprimée: HKLM\SOFTWARE\Classes\CLSID\{00212D92-C5D8-4FF4-AE50-B20F0F85C40A}
[-] Clé supprimée: HKLM\SOFTWARE\Classes\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}
[-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
[-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\csastats
[-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\VDI
[-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Hotspot
[-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayAir
[#] Clé supprimée au redémarrage: HKCU\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
[#] Clé supprimée au redémarrage: HKCU\Software\csastats
[#] Clé supprimée au redémarrage: HKCU\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[#] Clé supprimée au redémarrage: HKCU\Software\VDI
[#] Clé supprimée au redémarrage: HKCU\Software\Hotspot
[-] Clé supprimée: HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
[-] Clé supprimée: HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[-] Clé supprimée: HKLM\SOFTWARE\WISECLEANER
[-] Clé supprimée: HKLM\SOFTWARE\Auslogics
[-] Clé supprimée: HKLM\SOFTWARE\devnull
[#] Clé supprimée au redémarrage: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayAir
[-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MalwareProtectionLive
[-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WarThunder
[-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppTrailers
[-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Clean Maestro
[-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
[-] Donnée restaurée: HKLM\SOFTWARE\Classes\Unknown\shell\openas\command [Default]
[-] Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[#] Clé supprimée au redémarrage: HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[-] Clé supprimée: HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
[-] Clé supprimée: HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
[-] Clé supprimée: HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan
[#] Clé supprimée au redémarrage: HKLM\SOFTWARE\CLASSES\APPID\{278029E0-2347-4254-A65E-204AC55E2508}
[#] Clé supprimée au redémarrage: HKLM\SOFTWARE\CLASSES\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}
[-] Clé supprimée: HKLM\SOFTWARE\CLASSES\TYPELIB\{FE9301D5-9266-4A2F-8767-85482115CAB0}
[-] Clé supprimée: HKLM\SOFTWARE\CLASSES\INTERFACE\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}
[-] Valeur supprimée: HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND [ADVANCED SYSTEM PROTECTOR.BAK]
[-] Valeur supprimée: HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENDLG\COMMAND [ADVANCED SYSTEM PROTECTOR.BAK]
[-] Clé supprimée: HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
[-] Clé supprimée: HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
[-] Clé supprimée: HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare


***** [ Navigateurs ] *****



*************************

:: Clés "Tracing" supprimées
:: Paramètres Winsock réinitialisés
:: Clés "Image File Execution Options" supprimées
:: Fichiers "Prefetch" supprimés
:: Paramètres Proxy réinitialisés
:: Paramètres TCP/IP réinitialisés
:: Règles du pare-feu réinitialisées
:: Paramètres IPSec réinitialisés
:: File BITS réinitialisée
:: IE policies supprimées
:: Policies Chrome supprimées
:: Préférences Chrome réinitialisées: C:\Users\widen-finalis\AppData\Local\Google\Chrome\User Data\Default

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [11018 octets] - [17/06/2017 07:07:09]
C:\AdwCleaner\AdwCleaner[S0].txt - [9998 octets] - [17/06/2017 06:55:52]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11167 octets] ##########
 
C

conrad-boy

New Member
Thread author
Verified
Aug 7, 2016
15
TwinHeadedEagle said:
Hello,


adwcleaner_new.png
Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.
  • Right-click on
    adwcleaner_new.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner
Click to expand...

# AdwCleaner v6.047 - Rapport créé le 17/06/2017 à 07:07:09
# Mis à jour le 19/05/2017 par Malwarebytes
# Base de données : 2017-06-16.2 [Serveur]
# Système d'exploitation : Windows 7 Starter Service Pack 1 (X86)
# Nom d'utilisateur : widen-finalis - YOUCAM8WAIT
# Exécuté depuis : C:\Users\widen-finalis\Desktop\adwcleaner_6.047.exe
# Mode: Nettoyage
# Support : Customer Support & Help Center



***** [ Services ] *****

[-] Service supprimé: CCManagementService
[-] Service supprimé: Lace514
[-] Service supprimé: OtherSearch


***** [ Dossiers ] *****

[-] Dossier supprimé: C:\ProgramData\51172d06-07d3-1
[-] Dossier supprimé: C:\ProgramData\51172d06-47a7-1
[#] Dossier supprimé au redémarrage: C:\Users\widen-finalis\AppData\Local\Systweak
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Local\WebDiscoverBrowser
[#] Dossier supprimé au redémarrage: C:\Users\widen-finalis\AppData\Local\Systweak\Advanced System Protector
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Local\AppTrailers
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Local\CompuClever
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Local\AdvinstAnalytics
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\LocalLow\IObit\Advanced SystemCare
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\PC Clean Plus
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\System Healer
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Systweak
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Event Monitor
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\HDWallPaper
[#] Dossier supprimé au redémarrage: C:\Users\widen-finalis\AppData\Roaming\Systweak\Advanced System Protector
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\VDI
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\AppTrailers
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\MediaPlayAir
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\CompuClever
[#] Dossier supprimé au redémarrage: C:\Users\widen-finalis\AppData\Roaming\VDI\Shared\Product Updater
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Interstatnogui
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\IObit\Advanced SystemCare
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\devnull
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppTrailers
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaPlayAir
[-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CompuClever
[-] Dossier supprimé: C:\ProgramData\Systweak
[#] Dossier supprimé au redémarrage: C:\ProgramData\Systweak\Advanced System Protector
[-] Dossier supprimé: C:\ProgramData\CompuClever
[-] Dossier supprimé: C:\ProgramData\Auslogics
[-] Dossier supprimé: C:\ProgramData\IObit\ASCDownloader
[-] Dossier supprimé: C:\ProgramData\IObit\Advanced SystemCare
[#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\Systweak
[#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\Systweak\Advanced System Protector
[#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\CompuClever
[#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\Auslogics
[#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\IObit\ASCDownloader
[#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\IObit\Advanced SystemCare
[-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
[-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Clean Plus
[-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
[-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDWallPaper
[-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
[-] Dossier supprimé: C:\Program Files\Advanced System Protector
[-] Dossier supprimé: C:\Program Files\ByteFence
[-] Dossier supprimé: C:\Program Files\MalwareProtectionLive
[-] Dossier supprimé: C:\Program Files\PC Clean Plus
[-] Dossier supprimé: C:\Program Files\SystemHealer
[-] Dossier supprimé: C:\Program Files\WebDiscoverBrowser
[-] Dossier supprimé: C:\Program Files\WinZip Registry Optimizer
[-] Dossier supprimé: C:\Program Files\HDWallPaper
[-] Dossier supprimé: C:\Program Files\Auslogics
[-] Dossier supprimé: C:\Program Files\pccleanplus
[-] Dossier supprimé: C:\Program Files\Common Files\IObit\Advanced SystemCare
[-] Dossier supprimé: C:\Windows\system32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
[-] Dossier supprimé: C:\Windows\system32\config\systemprofile\AppData\LocalLow\IObit\Advanced SystemCare


***** [ Fichiers ] *****

[-] Fichier supprimé: C:\Windows\system32\drivers\6b4c20a654a2c242ad84fe4edf2c5a72.sys
[-] Fichier supprimé: C:\Users\widen-finalis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 10.lnk
[-] Fichier supprimé: C:\Users\widen-finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Protection Live.lnk
[-] Fichier supprimé: C:\Users\widen-finalis\Desktop\MediaPlayAir.lnk
[-] Fichier supprimé: C:\END
[-] Fichier supprimé: C:\Users\Public\Desktop\WinZip Registry Optimizer.lnk
[-] Fichier supprimé: C:\Users\Public\Desktop\Launch System Healer.lnk
[-] Fichier supprimé: C:\Users\Public\Desktop\PC Clean Plus.lnk
[-] Fichier supprimé: C:\Users\Public\Desktop\HDWallPaper.lnk
[-] Fichier supprimé: C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
[-] Fichier supprimé: C:\Windows\system32\sasnative32.exe
[-] Fichier supprimé: C:\Windows\system32\drivers\NetUtils2016.sys
[-] Fichier supprimé: C:\Windows\system32\drivers\Lace_wpf_x86.sys


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Raccourcis ] *****



***** [ Tâches planifiées ] *****

[-] Tâche supprimée: Start WinZip Registry Optimizer for youcam8wait@widen-finalis(logon)
[-] Tâche supprimée: FreeDownloadManagerNetworkMonitor


***** [ Registre ] *****

[-] Clé supprimée: HKLM\SOFTWARE\Classes\DiskDoctorChecker.DiskChecker
[-] Clé supprimée: HKLM\SOFTWARE\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
[-] Clé supprimée: HKLM\SOFTWARE\Classes\CLSID\{00212D92-C5D8-4FF4-AE50-B20F0F85C40A}
[-] Clé supprimée: HKLM\SOFTWARE\Classes\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}
[-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
[-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\csastats
[-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\VDI
[-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Hotspot
[-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayAir
[#] Clé supprimée au redémarrage: HKCU\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
[#] Clé supprimée au redémarrage: HKCU\Software\csastats
[#] Clé supprimée au redémarrage: HKCU\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[#] Clé supprimée au redémarrage: HKCU\Software\VDI
[#] Clé supprimée au redémarrage: HKCU\Software\Hotspot
[-] Clé supprimée: HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
[-] Clé supprimée: HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[-] Clé supprimée: HKLM\SOFTWARE\WISECLEANER
[-] Clé supprimée: HKLM\SOFTWARE\Auslogics
[-] Clé supprimée: HKLM\SOFTWARE\devnull
[#] Clé supprimée au redémarrage: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayAir
[-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MalwareProtectionLive
[-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WarThunder
[-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppTrailers
[-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Clean Maestro
[-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
[-] Donnée restaurée: HKLM\SOFTWARE\Classes\Unknown\shell\openas\command [Default]
[-] Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[#] Clé supprimée au redémarrage: HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[-] Clé supprimée: HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
[-] Clé supprimée: HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
[-] Clé supprimée: HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan
[#] Clé supprimée au redémarrage: HKLM\SOFTWARE\CLASSES\APPID\{278029E0-2347-4254-A65E-204AC55E2508}
[#] Clé supprimée au redémarrage: HKLM\SOFTWARE\CLASSES\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}
[-] Clé supprimée: HKLM\SOFTWARE\CLASSES\TYPELIB\{FE9301D5-9266-4A2F-8767-85482115CAB0}
[-] Clé supprimée: HKLM\SOFTWARE\CLASSES\INTERFACE\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}
[-] Valeur supprimée: HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND [ADVANCED SYSTEM PROTECTOR.BAK]
[-] Valeur supprimée: HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENDLG\COMMAND [ADVANCED SYSTEM PROTECTOR.BAK]
[-] Clé supprimée: HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
[-] Clé supprimée: HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
[-] Clé supprimée: HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare


***** [ Navigateurs ] *****



*************************

:: Clés "Tracing" supprimées
:: Paramètres Winsock réinitialisés
:: Clés "Image File Execution Options" supprimées
:: Fichiers "Prefetch" supprimés
:: Paramètres Proxy réinitialisés
:: Paramètres TCP/IP réinitialisés
:: Règles du pare-feu réinitialisées
:: Paramètres IPSec réinitialisés
:: File BITS réinitialisée
:: IE policies supprimées
:: Policies Chrome supprimées
:: Préférences Chrome réinitialisées: C:\Users\widen-finalis\AppData\Local\Google\Chrome\User Data\Default

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [11018 octets] - [17/06/2017 07:07:09]
C:\AdwCleaner\AdwCleaner[S0].txt - [9998 octets] - [17/06/2017 06:55:52]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11167 octets] ##########
 
C

conrad-boy

New Member
Thread author
Verified
Aug 7, 2016
15
TwinHeadedEagle said:
How is your computer behaving now?
Click to expand...

My computer behave actually infected,

And actually i have now the trouble with my sd cards:
all my sd/micro sd drives plugged on this notebook:


after makes bootables my sd:
-the sdxc 512 gb converted into "windows 7 password reset disk" -> the bug of this card after makes this card into "windows 7 password reset disk" is: suspiciout to takes videos/photos with my camera with this card
-the sdxc 64 gb converted into raspbian os for my future raspberry pi -> the bug of this card after makes this card into "raspbian" is: the 64 gb transformed to 10 MB partition + impossibility to takes videos/photos with my camera with this card
-the sd 4 go converted into Windows 10 installation with win usb -> the bug of this card after makes this card into windows installer is: suspicions to boot error & to takes videos/photos with my camera with this card

-the micro sdxc 128 Gb boots on framakey mint, but is suspicious to takes videos with my caméra with this card after makes this bootable into framakey mint


becauses i want to know if to simultaneous makes bootables and take pictures/videos with the same card,

because the norms for types of formats of theses drives to makes bootables and takes videos/photos,

because interests for the multi-work universal card (bootable + camera compatibility on same card simultaneous)


when create the "password reset sd card" with windows password tools the sd formated,

where is the solutions ? for change sd formats without data loss/convert sd partition without formating ?


Bizarre...

Thanks...
 
C

conrad-boy

New Member
Thread author
Verified
Aug 7, 2016
15
Wise Driver Care v1.0 beta released,

I Go today try this new xise dtiver care application on notebook to update sd/sdxc/micro sd cards drivers, preliminary to make sd cards troubleshoot on this topic,

Adsfix scans actually the notebook...
 

Similar threads

upnorth
    • Like
Corsair's First Gaming and Streaming Laptop Goes All-In on AMD
Replies
1
Views
869
News Archive
show-Zi
show-Zi
Bot
    • Like
Announcing Windows 11 Insider Preview Build 23435
Replies
0
Views
1,045
Windows 11
Bot
Bot
Victor M
New Update Chrome 124 Ubuntu 24.04 LTS Apparmor profile
Replies
1
Views
872
ChromeOS & Linux
Victor M
Victor M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top