Dismiss Notice

Need Malware Removal Help?

We offer free malware removal assistance to our members. Sign Up now, and get free malware removal support.

SOLVED infection on Windows 7 Acer Starter laptop + SD cards problems

Discussion in 'Malware Removal Assistance' started by conrad-boy, Jun 15, 2017.

  1. conrad-boy

    conrad-boy New Member

    Joined:
    Aug 7, 2016
    Messages:
    15
    Likes Received:
    0
    Operating System:
    Windows 7
    Are you using a 32-bit or 64-bit operating system?:
    32-bit (x86)
    Infection date and initial symptoms:
    May 2017,

    Hd Wallpaper and PC Clean Plus adwares and rogues

    Browsers opens to bringmesports
    Auto installation of web air player
    Current issues and symptoms:
    Slow pc

    Adwares and rogues

    Browsers infected

    Suspicions of capabilities to takes pictures/videos with my camera and boot error after makes 3 sd cards bootables and converted a 4th sd card to "Windows User's Password Reset Disk" with "Windows User's Password Reset Tool included on Windows 7"
    Steps taken in order to remove the infection:
    RogueKiller
    COMODO
    Ad-Aware
    Qihoo 360
    Iolo System Mechanic
    Adsfix
    Usbfix
    Easeus clean genius/Acebyte Utilities/Acebyte Registry Cleaner (discontinued both since 2011)
    Logs added to help request:
    • FRST.txt
    • Addition.txt
    • I've also uploaded logs from other scans that I've performed
    • I did not upload the FRST logs (I understand that this will increase the time need it to clean-up the PC)
    Hello all,

    In opposite to actual disinfection of my compaq Windows 10 desktop pc with his cucuntu's dualboot/grub's problems in this topic in BleepingComputer:
    infected by speedbit search - Virus, Trojan, Spyware, and Malware Removal Logs

    I go for my sd cards and my win 7 acer starter edition laptop here on malwaretips to ask help:

    Hello,


    when i had installed cyberlink powerdvd 17 the april 16th and cyberlink media suite 15 the june 10th on suspicious site on my notebook, the installer installes pc clean plus, hd wallpaper, social2search, ...


    all my sd/micro sd drives plugged on this notebook:


    after makes bootables my sd:
    -the sdxc 512 gb converted into "Windows 7 password reset disk" -> the bug of this card after makes this card into "Windows 7 password reset disk" is: suspiciout to takes videos/photos with my camera with this card
    -the sdxc 64 gb converted into raspbian os for my future raspberry pi -> the bug of this card after makes this card into "raspbian" is: the 64 gb transformed to 10 MB partition + impossibility to takes videos/photos with my camera with this card
    -the sd 4 go converted into Windows 10 installation with win usb -> the bug of this card after makes this card into Windows installer is: suspicions to boot error & to takes videos/photos with my camera with this card

    -the micro sdxc 128 Gb boots on framakey mint, but is suspicious to takes videos with my caméra with this card after makes this bootable into framakey mint


    becauses i want to know if to simultaneous makes bootables and take pictures/videos with the same card,

    because the norms for types of formats of theses drives to makes bootables and takes videos/photos,

    because interests for the multi-work universal card (bootable + camera compatibility on same card simultaneous)


    when create the "password reset sd card" with Windows password tools the sd formated,

    where is the solutions ? for change sd formats without data loss/convert sd partition without formating ?


    Bizarre...


    the adsfix (whichs uninstalled registry 1st aid/smart privacy cleaner/solvusoft) and usbfix (for my sd drives) is here:

    adsfix AdsFix-24-05-2017-18-40-19.txt

    usbfix UsbFix-Report.txt


    under this actual post the copy of adsfix/frst logs attached:

    The usbfix won't attached because too long, but this usbfix log is on cjoint.com on this thread

    Thanks...
     

    Attached Files:

  2. conrad-boy

    conrad-boy New Member

    Joined:
    Aug 7, 2016
    Messages:
    15
    Likes Received:
    0
    ...and finally the Roguekiller log:
     

    Attached Files:

  3. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Joined:
    Mar 8, 2013
    Messages:
    20,853
    Likes Received:
    2,554
    AV:
    ESET
    Hello,


    [​IMG] Fix with AdwCleaner

    Please download AdwCleaner by Xplode and save the file to your Desktop.
    • Right-click on [​IMG] icon and select [​IMG] Run as Administrator to start the tool.
    • Accept the Terms of use.
    • Wait until the database is updated.
    • Click Scan.
    • When finished, please click Clean.
    • Your PC should reboot now.
    • After reboot, logfile will be opened. Copy its content into your next reply.

    Note: Reports will be saved in your system partition, usually at C:\Adwcleaner
     
  4. conrad-boy

    conrad-boy New Member

    Joined:
    Aug 7, 2016
    Messages:
    15
    Likes Received:
    0
    # AdwCleaner v6.047 - Rapport créé le 17/06/2017 à 07:07:09
    # Mis à jour le 19/05/2017 par Malwarebytes
    # Base de données : 2017-06-16.2 [Serveur]
    # Système d'exploitation : Windows 7 Starter Service Pack 1 (X86)
    # Nom d'utilisateur : widen-finalis - YOUCAM8WAIT
    # Exécuté depuis : C:\Users\widen-finalis\Desktop\adwcleaner_6.047.exe
    # Mode: Nettoyage
    # Support : Customer Support & Help Center



    ***** [ Services ] *****

    [-] Service supprimé: CCManagementService
    [-] Service supprimé: Lace514
    [-] Service supprimé: OtherSearch


    ***** [ Dossiers ] *****

    [-] Dossier supprimé: C:\ProgramData\51172d06-07d3-1
    [-] Dossier supprimé: C:\ProgramData\51172d06-47a7-1
    [#] Dossier supprimé au redémarrage: C:\Users\widen-finalis\AppData\Local\Systweak
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Local\WebDiscoverBrowser
    [#] Dossier supprimé au redémarrage: C:\Users\widen-finalis\AppData\Local\Systweak\Advanced System Protector
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Local\AppTrailers
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Local\CompuClever
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Local\AdvinstAnalytics
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\LocalLow\IObit\Advanced SystemCare
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\PC Clean Plus
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\System Healer
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Systweak
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Event Monitor
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\HDWallPaper
    [#] Dossier supprimé au redémarrage: C:\Users\widen-finalis\AppData\Roaming\Systweak\Advanced System Protector
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\VDI
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\AppTrailers
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\MediaPlayAir
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\CompuClever
    [#] Dossier supprimé au redémarrage: C:\Users\widen-finalis\AppData\Roaming\VDI\Shared\Product Updater
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Interstatnogui
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\IObit\Advanced SystemCare
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\devnull
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppTrailers
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaPlayAir
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CompuClever
    [-] Dossier supprimé: C:\ProgramData\Systweak
    [#] Dossier supprimé au redémarrage: C:\ProgramData\Systweak\Advanced System Protector
    [-] Dossier supprimé: C:\ProgramData\CompuClever
    [-] Dossier supprimé: C:\ProgramData\Auslogics
    [-] Dossier supprimé: C:\ProgramData\IObit\ASCDownloader
    [-] Dossier supprimé: C:\ProgramData\IObit\Advanced SystemCare
    [#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\Systweak
    [#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\Systweak\Advanced System Protector
    [#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\CompuClever
    [#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\Auslogics
    [#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\IObit\ASCDownloader
    [#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\IObit\Advanced SystemCare
    [-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
    [-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
    [-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Clean Plus
    [-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
    [-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDWallPaper
    [-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    [-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
    [-] Dossier supprimé: C:\Program Files\Advanced System Protector
    [-] Dossier supprimé: C:\Program Files\ByteFence
    [-] Dossier supprimé: C:\Program Files\MalwareProtectionLive
    [-] Dossier supprimé: C:\Program Files\PC Clean Plus
    [-] Dossier supprimé: C:\Program Files\SystemHealer
    [-] Dossier supprimé: C:\Program Files\WebDiscoverBrowser
    [-] Dossier supprimé: C:\Program Files\WinZip Registry Optimizer
    [-] Dossier supprimé: C:\Program Files\HDWallPaper
    [-] Dossier supprimé: C:\Program Files\Auslogics
    [-] Dossier supprimé: C:\Program Files\pccleanplus
    [-] Dossier supprimé: C:\Program Files\Common Files\IObit\Advanced SystemCare
    [-] Dossier supprimé: C:\Windows\system32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
    [-] Dossier supprimé: C:\Windows\system32\config\systemprofile\AppData\LocalLow\IObit\Advanced SystemCare


    ***** [ Fichiers ] *****

    [-] Fichier supprimé: C:\Windows\system32\drivers\6b4c20a654a2c242ad84fe4edf2c5a72.sys
    [-] Fichier supprimé: C:\Users\widen-finalis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 10.lnk
    [-] Fichier supprimé: C:\Users\widen-finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Protection Live.lnk
    [-] Fichier supprimé: C:\Users\widen-finalis\Desktop\MediaPlayAir.lnk
    [-] Fichier supprimé: C:\END
    [-] Fichier supprimé: C:\Users\Public\Desktop\WinZip Registry Optimizer.lnk
    [-] Fichier supprimé: C:\Users\Public\Desktop\Launch System Healer.lnk
    [-] Fichier supprimé: C:\Users\Public\Desktop\PC Clean Plus.lnk
    [-] Fichier supprimé: C:\Users\Public\Desktop\HDWallPaper.lnk
    [-] Fichier supprimé: C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
    [-] Fichier supprimé: C:\Windows\system32\sasnative32.exe
    [-] Fichier supprimé: C:\Windows\system32\drivers\NetUtils2016.sys
    [-] Fichier supprimé: C:\Windows\system32\drivers\Lace_wpf_x86.sys


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Raccourcis ] *****



    ***** [ Tâches planifiées ] *****

    [-] Tâche supprimée: Start WinZip Registry Optimizer for youcam8wait@widen-finalis(logon)
    [-] Tâche supprimée: FreeDownloadManagerNetworkMonitor


    ***** [ Registre ] *****

    [-] Clé supprimée: HKLM\SOFTWARE\Classes\DiskDoctorChecker.DiskChecker
    [-] Clé supprimée: HKLM\SOFTWARE\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
    [-] Clé supprimée: HKLM\SOFTWARE\Classes\CLSID\{00212D92-C5D8-4FF4-AE50-B20F0F85C40A}
    [-] Clé supprimée: HKLM\SOFTWARE\Classes\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}
    [-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
    [-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\csastats
    [-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
    [-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\VDI
    [-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Hotspot
    [-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayAir
    [#] Clé supprimée au redémarrage: HKCU\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
    [#] Clé supprimée au redémarrage: HKCU\Software\csastats
    [#] Clé supprimée au redémarrage: HKCU\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
    [#] Clé supprimée au redémarrage: HKCU\Software\VDI
    [#] Clé supprimée au redémarrage: HKCU\Software\Hotspot
    [-] Clé supprimée: HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
    [-] Clé supprimée: HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
    [-] Clé supprimée: HKLM\SOFTWARE\WISECLEANER
    [-] Clé supprimée: HKLM\SOFTWARE\Auslogics
    [-] Clé supprimée: HKLM\SOFTWARE\devnull
    [#] Clé supprimée au redémarrage: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayAir
    [-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MalwareProtectionLive
    [-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WarThunder
    [-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
    [-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppTrailers
    [-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Clean Maestro
    [-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
    [-] Donnée restaurée: HKLM\SOFTWARE\Classes\Unknown\shell\openas\command [Default]
    [-] Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
    [#] Clé supprimée au redémarrage: HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
    [-] Clé supprimée: HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
    [-] Clé supprimée: HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
    [-] Clé supprimée: HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan
    [#] Clé supprimée au redémarrage: HKLM\SOFTWARE\CLASSES\APPID\{278029E0-2347-4254-A65E-204AC55E2508}
    [#] Clé supprimée au redémarrage: HKLM\SOFTWARE\CLASSES\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}
    [-] Clé supprimée: HKLM\SOFTWARE\CLASSES\TYPELIB\{FE9301D5-9266-4A2F-8767-85482115CAB0}
    [-] Clé supprimée: HKLM\SOFTWARE\CLASSES\INTERFACE\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}
    [-] Valeur supprimée: HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND [ADVANCED SYSTEM PROTECTOR.BAK]
    [-] Valeur supprimée: HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENDLG\COMMAND [ADVANCED SYSTEM PROTECTOR.BAK]
    [-] Clé supprimée: HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
    [-] Clé supprimée: HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
    [-] Clé supprimée: HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare


    ***** [ Navigateurs ] *****



    *************************

    :: Clés "Tracing" supprimées
    :: Paramètres Winsock réinitialisés
    :: Clés "Image File Execution Options" supprimées
    :: Fichiers "Prefetch" supprimés
    :: Paramètres Proxy réinitialisés
    :: Paramètres TCP/IP réinitialisés
    :: Règles du pare-feu réinitialisées
    :: Paramètres IPSec réinitialisés
    :: File BITS réinitialisée
    :: IE policies supprimées
    :: Policies Chrome supprimées
    :: Préférences Chrome réinitialisées: C:\Users\widen-finalis\AppData\Local\Google\Chrome\User Data\Default

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [11018 octets] - [17/06/2017 07:07:09]
    C:\AdwCleaner\AdwCleaner[S0].txt - [9998 octets] - [17/06/2017 06:55:52]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11167 octets] ##########
     
  5. conrad-boy

    conrad-boy New Member

    Joined:
    Aug 7, 2016
    Messages:
    15
    Likes Received:
    0
    # AdwCleaner v6.047 - Rapport créé le 17/06/2017 à 07:07:09
    # Mis à jour le 19/05/2017 par Malwarebytes
    # Base de données : 2017-06-16.2 [Serveur]
    # Système d'exploitation : Windows 7 Starter Service Pack 1 (X86)
    # Nom d'utilisateur : widen-finalis - YOUCAM8WAIT
    # Exécuté depuis : C:\Users\widen-finalis\Desktop\adwcleaner_6.047.exe
    # Mode: Nettoyage
    # Support : Customer Support & Help Center



    ***** [ Services ] *****

    [-] Service supprimé: CCManagementService
    [-] Service supprimé: Lace514
    [-] Service supprimé: OtherSearch


    ***** [ Dossiers ] *****

    [-] Dossier supprimé: C:\ProgramData\51172d06-07d3-1
    [-] Dossier supprimé: C:\ProgramData\51172d06-47a7-1
    [#] Dossier supprimé au redémarrage: C:\Users\widen-finalis\AppData\Local\Systweak
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Local\WebDiscoverBrowser
    [#] Dossier supprimé au redémarrage: C:\Users\widen-finalis\AppData\Local\Systweak\Advanced System Protector
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Local\AppTrailers
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Local\CompuClever
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Local\AdvinstAnalytics
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\LocalLow\IObit\Advanced SystemCare
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\PC Clean Plus
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\System Healer
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Systweak
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Event Monitor
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\HDWallPaper
    [#] Dossier supprimé au redémarrage: C:\Users\widen-finalis\AppData\Roaming\Systweak\Advanced System Protector
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\VDI
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\AppTrailers
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\MediaPlayAir
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\CompuClever
    [#] Dossier supprimé au redémarrage: C:\Users\widen-finalis\AppData\Roaming\VDI\Shared\Product Updater
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Interstatnogui
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\IObit\Advanced SystemCare
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\devnull
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppTrailers
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaPlayAir
    [-] Dossier supprimé: C:\Users\widen-finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CompuClever
    [-] Dossier supprimé: C:\ProgramData\Systweak
    [#] Dossier supprimé au redémarrage: C:\ProgramData\Systweak\Advanced System Protector
    [-] Dossier supprimé: C:\ProgramData\CompuClever
    [-] Dossier supprimé: C:\ProgramData\Auslogics
    [-] Dossier supprimé: C:\ProgramData\IObit\ASCDownloader
    [-] Dossier supprimé: C:\ProgramData\IObit\Advanced SystemCare
    [#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\Systweak
    [#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\Systweak\Advanced System Protector
    [#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\CompuClever
    [#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\Auslogics
    [#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\IObit\ASCDownloader
    [#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\IObit\Advanced SystemCare
    [-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
    [-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
    [-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Clean Plus
    [-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
    [-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDWallPaper
    [-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    [-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
    [-] Dossier supprimé: C:\Program Files\Advanced System Protector
    [-] Dossier supprimé: C:\Program Files\ByteFence
    [-] Dossier supprimé: C:\Program Files\MalwareProtectionLive
    [-] Dossier supprimé: C:\Program Files\PC Clean Plus
    [-] Dossier supprimé: C:\Program Files\SystemHealer
    [-] Dossier supprimé: C:\Program Files\WebDiscoverBrowser
    [-] Dossier supprimé: C:\Program Files\WinZip Registry Optimizer
    [-] Dossier supprimé: C:\Program Files\HDWallPaper
    [-] Dossier supprimé: C:\Program Files\Auslogics
    [-] Dossier supprimé: C:\Program Files\pccleanplus
    [-] Dossier supprimé: C:\Program Files\Common Files\IObit\Advanced SystemCare
    [-] Dossier supprimé: C:\Windows\system32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
    [-] Dossier supprimé: C:\Windows\system32\config\systemprofile\AppData\LocalLow\IObit\Advanced SystemCare


    ***** [ Fichiers ] *****

    [-] Fichier supprimé: C:\Windows\system32\drivers\6b4c20a654a2c242ad84fe4edf2c5a72.sys
    [-] Fichier supprimé: C:\Users\widen-finalis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 10.lnk
    [-] Fichier supprimé: C:\Users\widen-finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Protection Live.lnk
    [-] Fichier supprimé: C:\Users\widen-finalis\Desktop\MediaPlayAir.lnk
    [-] Fichier supprimé: C:\END
    [-] Fichier supprimé: C:\Users\Public\Desktop\WinZip Registry Optimizer.lnk
    [-] Fichier supprimé: C:\Users\Public\Desktop\Launch System Healer.lnk
    [-] Fichier supprimé: C:\Users\Public\Desktop\PC Clean Plus.lnk
    [-] Fichier supprimé: C:\Users\Public\Desktop\HDWallPaper.lnk
    [-] Fichier supprimé: C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
    [-] Fichier supprimé: C:\Windows\system32\sasnative32.exe
    [-] Fichier supprimé: C:\Windows\system32\drivers\NetUtils2016.sys
    [-] Fichier supprimé: C:\Windows\system32\drivers\Lace_wpf_x86.sys


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Raccourcis ] *****



    ***** [ Tâches planifiées ] *****

    [-] Tâche supprimée: Start WinZip Registry Optimizer for youcam8wait@widen-finalis(logon)
    [-] Tâche supprimée: FreeDownloadManagerNetworkMonitor


    ***** [ Registre ] *****

    [-] Clé supprimée: HKLM\SOFTWARE\Classes\DiskDoctorChecker.DiskChecker
    [-] Clé supprimée: HKLM\SOFTWARE\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
    [-] Clé supprimée: HKLM\SOFTWARE\Classes\CLSID\{00212D92-C5D8-4FF4-AE50-B20F0F85C40A}
    [-] Clé supprimée: HKLM\SOFTWARE\Classes\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}
    [-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
    [-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\csastats
    [-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
    [-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\VDI
    [-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Hotspot
    [-] Clé supprimée: HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayAir
    [#] Clé supprimée au redémarrage: HKCU\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
    [#] Clé supprimée au redémarrage: HKCU\Software\csastats
    [#] Clé supprimée au redémarrage: HKCU\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
    [#] Clé supprimée au redémarrage: HKCU\Software\VDI
    [#] Clé supprimée au redémarrage: HKCU\Software\Hotspot
    [-] Clé supprimée: HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
    [-] Clé supprimée: HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
    [-] Clé supprimée: HKLM\SOFTWARE\WISECLEANER
    [-] Clé supprimée: HKLM\SOFTWARE\Auslogics
    [-] Clé supprimée: HKLM\SOFTWARE\devnull
    [#] Clé supprimée au redémarrage: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayAir
    [-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MalwareProtectionLive
    [-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WarThunder
    [-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
    [-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppTrailers
    [-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Clean Maestro
    [-] Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC TuneUp Maestro
    [-] Donnée restaurée: HKLM\SOFTWARE\Classes\Unknown\shell\openas\command [Default]
    [-] Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
    [#] Clé supprimée au redémarrage: HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
    [-] Clé supprimée: HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
    [-] Clé supprimée: HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
    [-] Clé supprimée: HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan
    [#] Clé supprimée au redémarrage: HKLM\SOFTWARE\CLASSES\APPID\{278029E0-2347-4254-A65E-204AC55E2508}
    [#] Clé supprimée au redémarrage: HKLM\SOFTWARE\CLASSES\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}
    [-] Clé supprimée: HKLM\SOFTWARE\CLASSES\TYPELIB\{FE9301D5-9266-4A2F-8767-85482115CAB0}
    [-] Clé supprimée: HKLM\SOFTWARE\CLASSES\INTERFACE\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}
    [-] Valeur supprimée: HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND [ADVANCED SYSTEM PROTECTOR.BAK]
    [-] Valeur supprimée: HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENDLG\COMMAND [ADVANCED SYSTEM PROTECTOR.BAK]
    [-] Clé supprimée: HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
    [-] Clé supprimée: HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
    [-] Clé supprimée: HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare


    ***** [ Navigateurs ] *****



    *************************

    :: Clés "Tracing" supprimées
    :: Paramètres Winsock réinitialisés
    :: Clés "Image File Execution Options" supprimées
    :: Fichiers "Prefetch" supprimés
    :: Paramètres Proxy réinitialisés
    :: Paramètres TCP/IP réinitialisés
    :: Règles du pare-feu réinitialisées
    :: Paramètres IPSec réinitialisés
    :: File BITS réinitialisée
    :: IE policies supprimées
    :: Policies Chrome supprimées
    :: Préférences Chrome réinitialisées: C:\Users\widen-finalis\AppData\Local\Google\Chrome\User Data\Default

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [11018 octets] - [17/06/2017 07:07:09]
    C:\AdwCleaner\AdwCleaner[S0].txt - [9998 octets] - [17/06/2017 06:55:52]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11167 octets] ##########
     
  6. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Joined:
    Mar 8, 2013
    Messages:
    20,853
    Likes Received:
    2,554
    AV:
    ESET
    How is your computer behaving now?
     
  7. conrad-boy

    conrad-boy New Member

    Joined:
    Aug 7, 2016
    Messages:
    15
    Likes Received:
    0
    My computer behave actually infected,

    And actually i have now the trouble with my sd cards:
    all my sd/micro sd drives plugged on this notebook:


    after makes bootables my sd:
    -the sdxc 512 gb converted into "Windows 7 password reset disk" -> the bug of this card after makes this card into "Windows 7 password reset disk" is: suspiciout to takes videos/photos with my camera with this card
    -the sdxc 64 gb converted into raspbian os for my future raspberry pi -> the bug of this card after makes this card into "raspbian" is: the 64 gb transformed to 10 MB partition + impossibility to takes videos/photos with my camera with this card
    -the sd 4 go converted into Windows 10 installation with win usb -> the bug of this card after makes this card into Windows installer is: suspicions to boot error & to takes videos/photos with my camera with this card

    -the micro sdxc 128 Gb boots on framakey mint, but is suspicious to takes videos with my caméra with this card after makes this bootable into framakey mint


    becauses i want to know if to simultaneous makes bootables and take pictures/videos with the same card,

    because the norms for types of formats of theses drives to makes bootables and takes videos/photos,

    because interests for the multi-work universal card (bootable + camera compatibility on same card simultaneous)


    when create the "password reset sd card" with Windows password tools the sd formated,

    where is the solutions ? for change sd formats without data loss/convert sd partition without formating ?


    Bizarre...


    Thanks...
     
  8. conrad-boy

    conrad-boy New Member

    Joined:
    Aug 7, 2016
    Messages:
    15
    Likes Received:
    0
    Wise Driver Care v1.0 beta released,

    I Go today try this new xise dtiver care application on notebook to update sd/sdxc/micro sd cards drivers, preliminary to make sd cards troubleshoot on this topic,

    Adsfix scans actually the notebook...
     
  9. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Joined:
    Mar 8, 2013
    Messages:
    20,853
    Likes Received:
    2,554
    AV:
    ESET
Loading...
Other threads that you may like Forum Date
Windows 8.1, X64 infection with SysWOW64\regsvr32.exe and others Malware Removal Assistance Mar 2, 2017
Infection of some kind of ransomware on a Windows 2003 server standard edition Malware Removal Assistance Feb 16, 2016
Adware infection on multiple unlinked PCs at home (Mac and Windows) Malware Removal Assistance Aug 23, 2015