INFECTION VIRUS

Aide à la désinfection pour supprimer les virus, adwares, ransomwares, trojans.

Modérateurs : Mods Windows, Helper

daksh27

INFECTION VIRUS

par daksh27 »

HELLO,
PLEASE HELP
I HAVE PROVIDED THESE LINKS
CAN I GET THE REPORT OF THESE LINKS.
THANK YOU


FRST link:
http://pjjoint.malekal.com/files.php?id ... 14c9i15h15

SHORTCUT TXT:
http://pjjoint.malekal.com/files.php?id ... u9e7c11e12

ADDITION TXT:
http://pjjoint.malekal.com/files.php?id ... 5c10u12o13
Avatar de l’utilisateur
angelique
Messages : 31349
Inscription : 28 févr. 2008 13:58
Localisation : Breizhilienne

Re: INFECTION VIRUS

par angelique »

Bonjour,


Tu devrais désinstaller :

WinZip 21.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410A}) (Version: 21.0.12288 - WinZip Computing, S.L. )
Wondershare Video Editor(Build 5.1.3) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )


Winzip doit être remplacer par 7zip ➯ http://www.7-zip.org/


  • Ouvre le bloc-notes : Menu Démarrer / Tous les programmes / Accessoires et Bloc-Notes. (ou executer➫notepad)
    Copie/colle dedans ce qui suit :

    Code : Tout sélectionner

    Task: {181EDE3F-3922-49E2-9A59-D389D37F2B71} - System32\Tasks\WinZipBackGroundToolsTask => E:\WzBGTools.exe 
    Task: {51E23539-C20A-4B63-A09B-848F362A5311} - System32\Tasks\Prifashnerqagh Helper => C:\Program Files (x86)\Lerjudom\xanermuy.exe 
    Task: {51F48CF7-43A9-4C45-8D2A-3D6356ADF749} - System32\Tasks\AdobeAAMUpdater-1.0-Shreya-PC-Shreya => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
    Task: {53FDC07D-C6AF-4EBA-92A0-580C0FCDBD34} - \Wqukerpering -> No File <==== ATTENTION
    Task: {80C300EC-6CCF-4C18-8146-56A417CEE274} - System32\Tasks\LordBoom => c:\programdata\{6b0b1a6d-fc5b-c450-6b0b-b1a6dfc569b7}\656747036209105217b.exe  <==== ATTENTION
    Task: {8A2F38A2-0B8B-4831-BADB-344C5992B91C} - System32\Tasks\LiveToRead => c:\programdata\{e772534f-0522-37f8-e772-2534f0524d3c}\4541737690505926019b.exe  <==== ATTENTION
    Task: {98818595-DAF3-478E-84EF-2B31371C024D} - System32\Tasks\allshare\allsharedms\allsharedms => Rundll32.exe "C:\ProgramData\674B780B227g293\674B780B227g293.dll",BgVCTY
    Task: {9DAEA28E-E659-4A24-82D5-F8B15D6EA020} - System32\Tasks\allshare\allshareagent => Rundll32.exe "C:\ProgramData\674B780B227g293\674B780B227g293.dll",BgVCTY
    Task: {AAD40953-F1AB-47CF-A29A-59CBBCBAEBF4} - System32\Tasks\adb => Rundll32.exe "C:\ProgramData\674B780B227g293\674B780B227g293.dll",BgVCTY
    Task: {ACB1E9DC-5656-4B44-9B1D-FA1FA143B1A3} - System32\Tasks\gnu\curl => Rundll32.exe "C:\ProgramData\674B780B227g293\674B780B227g293.dll",BgVCTY
    Task: {AD9CD640-0748-4A5E-AE02-EA78B9E91173} - System32\Tasks\Driver Booster SkipUAC (Shreya) => C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe 
    Task: {C6B35B7C-9877-4D54-B83F-158F5F264F25} - System32\Tasks\ShreyaFederalsPrimlyV2 => Rundll32.exe VestigiallySquelching.dll,main 7 1 <==== ATTENTION
    Task: {C9522354-1059-4785-B4AF-5E865763CC33} - \winter_sports_helper_service -> No File <==== ATTENTION
    Task: {D002A3D8-853D-410C-91C3-8DEBAF8BD667} - System32\Tasks\androidnotifier-exe => Rundll32.exe "C:\ProgramData\674B780B227g293\674B780B227g293.dll",BgVCTY
    Task: {D5635397-07F5-431A-8D49-7C9FEFA163BE} - System32\Tasks\{74F28C02-AA14-F1EB-B170-7ADC58D82DD3} => C:\Users\Shreya\AppData\Local\{5B126~1\Sync.exe  <==== ATTENTION
    Task: {F35054FF-CED7-44C2-97BE-D15BBEEE210A} - System32\Tasks\update\dropboxupdate => Rundll32.exe "C:\ProgramData\674B780B227g293\674B780B227g293.dll",BgVCTY <==== ATTENTION
    Task: C:\Windows\Tasks\LiveToRead.job => c:\programdata\{e772534f-0522-37f8-e772-2534f0524d3c}\4541737690505926019b.exe <==== ATTENTION
    Task: C:\Windows\Tasks\LordBoom.job => c:\programdata\{6b0b1a6d-fc5b-c450-6b0b-b1a6dfc569b7}\656747036209105217b.exe <==== ATTENTION
    Task: C:\Windows\Tasks\winter_sports_helper_service.job => C:\Program Files (x86)\Winter Sports\winter_sports_helper_service.exe <==== ATTENTION
    Task: C:\Windows\Tasks\{74F28C02-AA14-F1EB-B170-7ADC58D82DD3}.job => C:\Users\Shreya\AppData\Local\{5B126~1\Sync.exe <==== ATTENTION
    WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
    Shortcut: C:\Users\Shreya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
    Shortcut: C:\Users\Shreya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
    ShortcutWithArgument: C:\Users\Shreya\AppData\Local\Phecerghtstenage\ChromeDefaultData2\Web Applications\_crx_oibcjmolfjijonoaacpofedmgkfkflhh\AdBlock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=oibcjmolfjijonoaacpofedmgkfkflhh
    ShortcutWithArgument: C:\Users\Shreya\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Applications\_crx_oibcjmolfjijonoaacpofedmgkfkflhh\AdBlock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=oibcjmolfjijonoaacpofedmgkfkflhh
    ShortcutWithArgument: C:\Users\Shreya\AppData\Local\Berrch\Default\Web Applications\_crx_oibcjmolfjijonoaacpofedmgkfkflhh\AdBlock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=oibcjmolfjijonoaacpofedmgkfkflhh
    ShortcutWithArgument: C:\Users\Shreya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Shreya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Shreya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Shreya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    FirewallRules: [{B78FE1E1-C51C-45D3-BC70-C6A460603841}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe
    FirewallRules: [{7087ED65-F96B-46B4-91DB-CA5E921A5478}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe
    FirewallRules: [{119161CA-C847-432A-8A3E-BFA2C2BEDAC6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DBDownloader.exe
    FirewallRules: [{A3332C29-F047-4A5D-9882-09C1F0D9139C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DBDownloader.exe
    FirewallRules: [{CB980BEC-01CE-45B2-80E5-9F35B32B3097}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\AutoUpdate.exe
    FirewallRules: [{56AD22FA-64C7-4837-819D-514DA3C7F4D6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\AutoUpdate.exe
    HKLM\...\Run: [gpuminer] => C:\Users\Shreya\AppData\Roaming\cpuminer\sgminer\sgminer.cmd
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
    HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [8PBHRDEUMTYOYSU] => "C:\Program Files\5MRWE1AVD0\Z083550E8.exe"
    HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [G01NJMQXDT3GMFR] => "C:\Program Files\P4NE5WUNZZ\P4NE5WUNZ.exe"
    HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [2Z1T024X35UDYGX] => "C:\Program Files\8HHPDM9KQF\FK5CDP54K.exe"
    HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [76272618] => "C:\Users\Shreya\AppData\Roaming\51758067\206705.exe"
    HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [X45122K1BNG2ENH] => "C:\Program Files\RMWY1PRHCQ\CK6LMYTPN.exe"
    HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [38152148] => "C:\Users\Shreya\AppData\Roaming\18873474\247676.exe"
    HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [0K018KYNULMSCRN] => "C:\Program Files\M2S7X4Y7EC\M2S7X4Y7E.exe"
    HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [HZ3AXMVFAWYAANT] => "C:\Program Files\8YC6DZ7KPE\8YC6DZ7KP.exe"
    HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [ISHX5Q5ROJ608AD] => "C:\Program Files (x86)\PubHotspot\SZL7C.exe"
    HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [4O2YL7YZYEQMVV7] => "C:\Program Files (x86)\SpeeDownloader\RYUX2.exe" <===== ATTENTION
    HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [BZ2MAXXOO5GLXP6] => "C:\Program Files\VE009XP42W\847FHXV52.exe"
    ShellExecuteHooks: No Name - {E591EECC-233E-11E7-88A1-64006A5CFC23} - C:\Users\Shreya\AppData\Roaming\Zanigh\Sterzoingtujation.dll -> No File
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2017-04-21]
    ShortcutTarget: Update Notifier.lnk -> E:\WZUpdateNotifier.exe (No File)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-04-21]
    ShortcutTarget: WinZip Preloader.lnk -> E:\WzPreloader.exe (No File)
    Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
    CHR NewTab: Default ->  Active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
    CHR DefaultSearchURL: Default -> hxxp://www.initialpage123.com/search/?q={searchTerms}&z=90cba6f87440090ffa1a258g8z0t1o2q6o7m1z5c6b&from=amz&uid=WDCXWD7500BPVT-75HXZT3_WD-WX61E41U0519U0519&type=sp
    CHR Extension: (Speed Dial 2) - C:\Users\Shreya\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2017-04-20]
    CHR Extension: (Home Tab) - C:\Users\Shreya\AppData\Local\Google\Chrome\User Data\Default\Extensions\kofkpgiaknijknhajbhnghkodiccblkg [2017-04-20]
    2017-04-20 02:06 - 2017-04-20 03:18 - 00000000 ____D C:\ProgramData\AMD
    2017-04-20 00:59 - 2017-04-20 00:59 - 00000000 ____D C:\Windows\System32\Tasks\gnu
    2017-04-20 00:58 - 2017-04-20 00:58 - 00016708 _____ C:\Windows\System32\Tasks\syncios
    2017-04-20 00:34 - 2017-04-20 11:00 - 00000000 ____D C:\Windows\System32\Tasks\allshare
    2017-04-20 00:32 - 2017-04-20 11:02 - 00016708 _____ C:\Windows\System32\Tasks\adb
    2017-04-20 00:18 - 2017-04-20 00:18 - 00003588 _____ C:\Windows\System32\Tasks\{6480492F-BA03-4A08-A753-33D419B397B6}
    2017-04-20 00:15 - 2017-04-20 00:15 - 00018432 _____ C:\Users\Shreya\AppData\Roaming\Main.dat
    2017-04-20 00:15 - 2017-04-20 00:15 - 00000000 __SHD C:\Users\Shreya\AppData\Local\kemgadeojglibflomicgnfeopkdfflnw
    2017-04-20 00:13 - 2017-04-21 17:29 - 00000000 ____D C:\Users\Shreya\AppData\Local\Phecerghtstenage
    2017-04-20 00:13 - 2017-04-20 00:14 - 00000000 _____ C:\Users\Shreya\AppData\Roaming\InstallationConfiguration.xml
    2017-04-20 00:13 - 2017-04-20 00:13 - 00140288 _____ C:\Users\Shreya\AppData\Roaming\Installer.dat
    2017-04-20 00:12 - 2017-04-20 00:12 - 00000000 ____D C:\Users\Shreya\AppData\Roaming\excdir
    2017-04-20 00:11 - 2017-04-20 00:11 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
    2017-04-20 00:10 - 2017-04-20 00:10 - 00000000 ____D C:\Program Files\¿ìѹ
    2017-04-20 00:09 - 2017-04-20 00:15 - 00000000 ____D C:\ProgramData\ProductData
    2017-04-20 00:09 - 2017-04-20 00:10 - 00000000 ____D C:\Users\Shreya\AppData\LocalLow\IObit
    2017-04-20 00:09 - 2017-04-20 00:09 - 00003258 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
    2017-04-20 00:09 - 2017-04-20 00:09 - 00002890 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Shreya)
    2017-04-20 00:09 - 2017-04-20 00:09 - 00000000 ____D C:\Windows\IObit
    2017-04-20 00:09 - 2017-04-20 00:09 - 00000000 ____D C:\ProgramData\IObit
    2017-04-20 00:08 - 2017-04-20 11:36 - 00000000 ___HD C:\ProgramData\674B780B227g293
    2017-04-20 00:08 - 2017-04-20 00:08 - 00078848 _____ C:\Windows\Manager.exe
    2017-04-20 00:08 - 2017-04-20 00:08 - 00000000 ____D C:\Users\Shreya\AppData\Roaming\IObit
    2017-04-20 00:07 - 2017-04-20 12:13 - 00000000 ____D C:\ProgramData\RegisterObject
    2017-04-20 00:06 - 2017-04-20 13:13 - 00000000 ____D C:\ProgramData\Windows Security
    2017-04-20 00:06 - 2017-04-20 11:43 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
    2017-04-20 00:05 - 2017-04-20 00:28 - 00000000 ____D C:\Users\Shreya\AppData\Roaming\Zanigh
    2017-04-20 00:05 - 2017-04-20 00:09 - 00000000 ____D C:\Users\Shreya\AppData\Local\Berrch
    2017-04-20 00:05 - 2017-04-20 00:05 - 00006046 _____ C:\Windows\System32\Tasks\Prifashnerqagh Helper
    2017-04-21 23:19 - 2016-06-28 17:19 - 00000266 _____ C:\Windows\Tasks\{74F28C02-AA14-F1EB-B170-7ADC58D82DD3}.job
    2017-04-21 23:01 - 2017-01-10 22:45 - 00003770 _____ C:\Windows\System32\Tasks\AutoRearm
    2017-04-21 22:10 - 2015-06-29 22:51 - 00000000 ____D C:\Users\Shreya\AppData\LocalLow\Temp
    2017-04-21 20:23 - 2015-06-18 20:23 - 00000356 _____ C:\Windows\Tasks\LiveToRead.job
    2017-04-21 18:39 - 2015-05-28 18:39 - 00000522 _____ C:\Windows\Tasks\winter_sports_helper_service.job
    2017-04-21 18:29 - 2015-06-17 00:29 - 00000354 _____ C:\Windows\Tasks\LordBoom.job
    2017-04-20 00:06 - 2017-04-20 00:06 - 0074240 _____ () C:\Users\Shreya\AppData\Local\Temp\DriverBoosterSetup.exe
    2017-04-20 00:08 - 2017-04-20 00:08 - 0151552 _____ () C:\Users\Shreya\AppData\Local\Temp\g686A.tmp.exe
    2017-04-20 00:08 - 2017-04-20 00:08 - 0173568 _____ () C:\Users\Shreya\AppData\Local\Temp\g686B.tmp.exe
    2017-04-20 00:06 - 2017-04-20 00:07 - 1249917 _____ (VideoBox                                                    ) C:\Users\Shreya\AppData\Local\Temp\vbsetup.exe
    C:\Program Files (x86)\Lerjudom
    c:\programdata\{6b0b1a6d-fc5b-c450-6b0b-b1a6dfc569b7}
    c:\programdata\{e772534f-0522-37f8-e772-2534f0524d3c}
    C:\ProgramData\674B780B227g293
    C:\Users\Shreya\AppData\Local\{5B126~1
    C:\Program Files\5MRWE1AVD0
    C:\Program Files\P4NE5WUNZZ
    C:\Program Files\8HHPDM9KQF
    C:\Users\Shreya\AppData\Roaming\51758067
    C:\Program Files\RMWY1PRHCQ
    C:\Users\Shreya\AppData\Roaming\18873474
    C:\Program Files\M2S7X4Y7EC\M2S7X4Y7E
    C:\Program Files\8YC6DZ7KPE
    C:\Program Files (x86)\PubHotspot
    C:\Program Files (x86)\SpeeDownloader
    C:\Program Files\VE009XP42W
    EmptyTemp:
    
    
  • Menu Fichier / Enregistrer-sous
    Place toi sur le bureau.
    Dans le champs en bas, nom du fichier mets : fixlist.txt
    Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.
  • Ferme toutes les applications, y compris ton navigateur
  • Double-clique sur FRST.exe
    Image Sous Vista, Windows 7, 8,10, etc.... il faut lancer le fichier par clic-droit ➫ Exécuter en tant qu'administrateur
    Sur le menu principal, clique une seule fois sur Corriger/Fix et patiente le temps de la correction


    Un redémarrage peut être nécessaire (pas obligatoire).
  • L'outil va créer un rapport de correction Fixlog.txt. Poste ce rapport dans ta réponse avec ton commentaire si c'est mieux !
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Image
daksh27

Re: INFECTION VIRUS

par daksh27 »

THANKS A LOT!
I DID ALL THE THINGS YOU MENTIONED.

FIX RESULT REPORT:

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-04-2017 01
Ran by Shreya (22-04-2017 21:37:27) Run:1
Running from E:\
Loaded Profiles: Shreya (Available Profiles: Shreya)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {181EDE3F-3922-49E2-9A59-D389D37F2B71} - System32\Tasks\WinZipBackGroundToolsTask => E:\WzBGTools.exe
Task: {51E23539-C20A-4B63-A09B-848F362A5311} - System32\Tasks\Prifashnerqagh Helper => C:\Program Files (x86)\Lerjudom\xanermuy.exe
Task: {51F48CF7-43A9-4C45-8D2A-3D6356ADF749} - System32\Tasks\AdobeAAMUpdater-1.0-Shreya-PC-Shreya => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {53FDC07D-C6AF-4EBA-92A0-580C0FCDBD34} - \Wqukerpering -> No File <==== ATTENTION
Task: {80C300EC-6CCF-4C18-8146-56A417CEE274} - System32\Tasks\LordBoom => c:\programdata\{6b0b1a6d-fc5b-c450-6b0b-b1a6dfc569b7}\656747036209105217b.exe <==== ATTENTION
Task: {8A2F38A2-0B8B-4831-BADB-344C5992B91C} - System32\Tasks\LiveToRead => c:\programdata\{e772534f-0522-37f8-e772-2534f0524d3c}\4541737690505926019b.exe <==== ATTENTION
Task: {98818595-DAF3-478E-84EF-2B31371C024D} - System32\Tasks\allshare\allsharedms\allsharedms => Rundll32.exe "C:\ProgramData\674B780B227g293\674B780B227g293.dll",BgVCTY
Task: {9DAEA28E-E659-4A24-82D5-F8B15D6EA020} - System32\Tasks\allshare\allshareagent => Rundll32.exe "C:\ProgramData\674B780B227g293\674B780B227g293.dll",BgVCTY
Task: {AAD40953-F1AB-47CF-A29A-59CBBCBAEBF4} - System32\Tasks\adb => Rundll32.exe "C:\ProgramData\674B780B227g293\674B780B227g293.dll",BgVCTY
Task: {ACB1E9DC-5656-4B44-9B1D-FA1FA143B1A3} - System32\Tasks\gnu\curl => Rundll32.exe "C:\ProgramData\674B780B227g293\674B780B227g293.dll",BgVCTY
Task: {AD9CD640-0748-4A5E-AE02-EA78B9E91173} - System32\Tasks\Driver Booster SkipUAC (Shreya) => C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe
Task: {C6B35B7C-9877-4D54-B83F-158F5F264F25} - System32\Tasks\ShreyaFederalsPrimlyV2 => Rundll32.exe VestigiallySquelching.dll,main 7 1 <==== ATTENTION
Task: {C9522354-1059-4785-B4AF-5E865763CC33} - \winter_sports_helper_service -> No File <==== ATTENTION
Task: {D002A3D8-853D-410C-91C3-8DEBAF8BD667} - System32\Tasks\androidnotifier-exe => Rundll32.exe "C:\ProgramData\674B780B227g293\674B780B227g293.dll",BgVCTY
Task: {D5635397-07F5-431A-8D49-7C9FEFA163BE} - System32\Tasks\{74F28C02-AA14-F1EB-B170-7ADC58D82DD3} => C:\Users\Shreya\AppData\Local\{5B126~1\Sync.exe <==== ATTENTION
Task: {F35054FF-CED7-44C2-97BE-D15BBEEE210A} - System32\Tasks\update\dropboxupdate => Rundll32.exe "C:\ProgramData\674B780B227g293\674B780B227g293.dll",BgVCTY <==== ATTENTION
Task: C:\Windows\Tasks\LiveToRead.job => c:\programdata\{e772534f-0522-37f8-e772-2534f0524d3c}\4541737690505926019b.exe <==== ATTENTION
Task: C:\Windows\Tasks\LordBoom.job => c:\programdata\{6b0b1a6d-fc5b-c450-6b0b-b1a6dfc569b7}\656747036209105217b.exe <==== ATTENTION
Task: C:\Windows\Tasks\winter_sports_helper_service.job => C:\Program Files (x86)\Winter Sports\winter_sports_helper_service.exe <==== ATTENTION
Task: C:\Windows\Tasks\{74F28C02-AA14-F1EB-B170-7ADC58D82DD3}.job => C:\Users\Shreya\AppData\Local\{5B126~1\Sync.exe <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
Shortcut: C:\Users\Shreya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\Shreya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
ShortcutWithArgument: C:\Users\Shreya\AppData\Local\Phecerghtstenage\ChromeDefaultData2\Web Applications\_crx_oibcjmolfjijonoaacpofedmgkfkflhh\AdBlock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=oibcjmolfjijonoaacpofedmgkfkflhh
ShortcutWithArgument: C:\Users\Shreya\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Applications\_crx_oibcjmolfjijonoaacpofedmgkfkflhh\AdBlock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=oibcjmolfjijonoaacpofedmgkfkflhh
ShortcutWithArgument: C:\Users\Shreya\AppData\Local\Berrch\Default\Web Applications\_crx_oibcjmolfjijonoaacpofedmgkfkflhh\AdBlock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=oibcjmolfjijonoaacpofedmgkfkflhh
ShortcutWithArgument: C:\Users\Shreya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Shreya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Shreya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Shreya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
FirewallRules: [{B78FE1E1-C51C-45D3-BC70-C6A460603841}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe
FirewallRules: [{7087ED65-F96B-46B4-91DB-CA5E921A5478}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe
FirewallRules: [{119161CA-C847-432A-8A3E-BFA2C2BEDAC6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DBDownloader.exe
FirewallRules: [{A3332C29-F047-4A5D-9882-09C1F0D9139C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DBDownloader.exe
FirewallRules: [{CB980BEC-01CE-45B2-80E5-9F35B32B3097}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\AutoUpdate.exe
FirewallRules: [{56AD22FA-64C7-4837-819D-514DA3C7F4D6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\AutoUpdate.exe
HKLM\...\Run: [gpuminer] => C:\Users\Shreya\AppData\Roaming\cpuminer\sgminer\sgminer.cmd
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [8PBHRDEUMTYOYSU] => "C:\Program Files\5MRWE1AVD0\Z083550E8.exe"
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [G01NJMQXDT3GMFR] => "C:\Program Files\P4NE5WUNZZ\P4NE5WUNZ.exe"
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [2Z1T024X35UDYGX] => "C:\Program Files\8HHPDM9KQF\FK5CDP54K.exe"
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [76272618] => "C:\Users\Shreya\AppData\Roaming\51758067\206705.exe"
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [X45122K1BNG2ENH] => "C:\Program Files\RMWY1PRHCQ\CK6LMYTPN.exe"
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [38152148] => "C:\Users\Shreya\AppData\Roaming\18873474\247676.exe"
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [0K018KYNULMSCRN] => "C:\Program Files\M2S7X4Y7EC\M2S7X4Y7E.exe"
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [HZ3AXMVFAWYAANT] => "C:\Program Files\8YC6DZ7KPE\8YC6DZ7KP.exe"
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [ISHX5Q5ROJ608AD] => "C:\Program Files (x86)\PubHotspot\SZL7C.exe"
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [4O2YL7YZYEQMVV7] => "C:\Program Files (x86)\SpeeDownloader\RYUX2.exe" <===== ATTENTION
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\...\Run: [BZ2MAXXOO5GLXP6] => "C:\Program Files\VE009XP42W\847FHXV52.exe"
ShellExecuteHooks: No Name - {E591EECC-233E-11E7-88A1-64006A5CFC23} - C:\Users\Shreya\AppData\Roaming\Zanigh\Sterzoingtujation.dll -> No File
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2017-04-21]
ShortcutTarget: Update Notifier.lnk -> E:\WZUpdateNotifier.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-04-21]
ShortcutTarget: WinZip Preloader.lnk -> E:\WzPreloader.exe (No File)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File
CHR NewTab: Default -> Active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR DefaultSearchURL: Default -> hxxp://www.initialpage123.com/search/?q={searc ... 19&type=sp
CHR Extension: (Speed Dial 2) - C:\Users\Shreya\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2017-04-20]
CHR Extension: (Home Tab) - C:\Users\Shreya\AppData\Local\Google\Chrome\User Data\Default\Extensions\kofkpgiaknijknhajbhnghkodiccblkg [2017-04-20]
2017-04-20 02:06 - 2017-04-20 03:18 - 00000000 ____D C:\ProgramData\AMD
2017-04-20 00:59 - 2017-04-20 00:59 - 00000000 ____D C:\Windows\System32\Tasks\gnu
2017-04-20 00:58 - 2017-04-20 00:58 - 00016708 _____ C:\Windows\System32\Tasks\syncios
2017-04-20 00:34 - 2017-04-20 11:00 - 00000000 ____D C:\Windows\System32\Tasks\allshare
2017-04-20 00:32 - 2017-04-20 11:02 - 00016708 _____ C:\Windows\System32\Tasks\adb
2017-04-20 00:18 - 2017-04-20 00:18 - 00003588 _____ C:\Windows\System32\Tasks\{6480492F-BA03-4A08-A753-33D419B397B6}
2017-04-20 00:15 - 2017-04-20 00:15 - 00018432 _____ C:\Users\Shreya\AppData\Roaming\Main.dat
2017-04-20 00:15 - 2017-04-20 00:15 - 00000000 __SHD C:\Users\Shreya\AppData\Local\kemgadeojglibflomicgnfeopkdfflnw
2017-04-20 00:13 - 2017-04-21 17:29 - 00000000 ____D C:\Users\Shreya\AppData\Local\Phecerghtstenage
2017-04-20 00:13 - 2017-04-20 00:14 - 00000000 _____ C:\Users\Shreya\AppData\Roaming\InstallationConfiguration.xml
2017-04-20 00:13 - 2017-04-20 00:13 - 00140288 _____ C:\Users\Shreya\AppData\Roaming\Installer.dat
2017-04-20 00:12 - 2017-04-20 00:12 - 00000000 ____D C:\Users\Shreya\AppData\Roaming\excdir
2017-04-20 00:11 - 2017-04-20 00:11 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
2017-04-20 00:10 - 2017-04-20 00:10 - 00000000 ____D C:\Program Files\¿ìѹ
2017-04-20 00:09 - 2017-04-20 00:15 - 00000000 ____D C:\ProgramData\ProductData
2017-04-20 00:09 - 2017-04-20 00:10 - 00000000 ____D C:\Users\Shreya\AppData\LocalLow\IObit
2017-04-20 00:09 - 2017-04-20 00:09 - 00003258 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2017-04-20 00:09 - 2017-04-20 00:09 - 00002890 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Shreya)
2017-04-20 00:09 - 2017-04-20 00:09 - 00000000 ____D C:\Windows\IObit
2017-04-20 00:09 - 2017-04-20 00:09 - 00000000 ____D C:\ProgramData\IObit
2017-04-20 00:08 - 2017-04-20 11:36 - 00000000 ___HD C:\ProgramData\674B780B227g293
2017-04-20 00:08 - 2017-04-20 00:08 - 00078848 _____ C:\Windows\Manager.exe
2017-04-20 00:08 - 2017-04-20 00:08 - 00000000 ____D C:\Users\Shreya\AppData\Roaming\IObit
2017-04-20 00:07 - 2017-04-20 12:13 - 00000000 ____D C:\ProgramData\RegisterObject
2017-04-20 00:06 - 2017-04-20 13:13 - 00000000 ____D C:\ProgramData\Windows Security
2017-04-20 00:06 - 2017-04-20 11:43 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2017-04-20 00:05 - 2017-04-20 00:28 - 00000000 ____D C:\Users\Shreya\AppData\Roaming\Zanigh
2017-04-20 00:05 - 2017-04-20 00:09 - 00000000 ____D C:\Users\Shreya\AppData\Local\Berrch
2017-04-20 00:05 - 2017-04-20 00:05 - 00006046 _____ C:\Windows\System32\Tasks\Prifashnerqagh Helper
2017-04-21 23:19 - 2016-06-28 17:19 - 00000266 _____ C:\Windows\Tasks\{74F28C02-AA14-F1EB-B170-7ADC58D82DD3}.job
2017-04-21 23:01 - 2017-01-10 22:45 - 00003770 _____ C:\Windows\System32\Tasks\AutoRearm
2017-04-21 22:10 - 2015-06-29 22:51 - 00000000 ____D C:\Users\Shreya\AppData\LocalLow\Temp
2017-04-21 20:23 - 2015-06-18 20:23 - 00000356 _____ C:\Windows\Tasks\LiveToRead.job
2017-04-21 18:39 - 2015-05-28 18:39 - 00000522 _____ C:\Windows\Tasks\winter_sports_helper_service.job
2017-04-21 18:29 - 2015-06-17 00:29 - 00000354 _____ C:\Windows\Tasks\LordBoom.job
2017-04-20 00:06 - 2017-04-20 00:06 - 0074240 _____ () C:\Users\Shreya\AppData\Local\Temp\DriverBoosterSetup.exe
2017-04-20 00:08 - 2017-04-20 00:08 - 0151552 _____ () C:\Users\Shreya\AppData\Local\Temp\g686A.tmp.exe
2017-04-20 00:08 - 2017-04-20 00:08 - 0173568 _____ () C:\Users\Shreya\AppData\Local\Temp\g686B.tmp.exe
2017-04-20 00:06 - 2017-04-20 00:07 - 1249917 _____ (VideoBox ) C:\Users\Shreya\AppData\Local\Temp\vbsetup.exe
C:\Program Files (x86)\Lerjudom
c:\programdata\{6b0b1a6d-fc5b-c450-6b0b-b1a6dfc569b7}
c:\programdata\{e772534f-0522-37f8-e772-2534f0524d3c}
C:\ProgramData\674B780B227g293
C:\Users\Shreya\AppData\Local\{5B126~1
C:\Program Files\5MRWE1AVD0
C:\Program Files\P4NE5WUNZZ
C:\Program Files\8HHPDM9KQF
C:\Users\Shreya\AppData\Roaming\51758067
C:\Program Files\RMWY1PRHCQ
C:\Users\Shreya\AppData\Roaming\18873474
C:\Program Files\M2S7X4Y7EC\M2S7X4Y7E
C:\Program Files\8YC6DZ7KPE
C:\Program Files (x86)\PubHotspot
C:\Program Files (x86)\SpeeDownloader
C:\Program Files\VE009XP42W
EmptyTemp:

*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{181EDE3F-3922-49E2-9A59-D389D37F2B71} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{181EDE3F-3922-49E2-9A59-D389D37F2B71} => key removed successfully
C:\Windows\System32\Tasks\WinZipBackGroundToolsTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinZipBackGroundToolsTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51E23539-C20A-4B63-A09B-848F362A5311} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51E23539-C20A-4B63-A09B-848F362A5311} => key removed successfully
Could not move "C:\Windows\System32\Tasks\Prifashnerqagh Helper" => Scheduled to move on reboot.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Prifashnerqagh Helper => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51F48CF7-43A9-4C45-8D2A-3D6356ADF749} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51F48CF7-43A9-4C45-8D2A-3D6356ADF749} => key removed successfully
C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Shreya-PC-Shreya => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeAAMUpdater-1.0-Shreya-PC-Shreya => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53FDC07D-C6AF-4EBA-92A0-580C0FCDBD34} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53FDC07D-C6AF-4EBA-92A0-580C0FCDBD34} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wqukerpering => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80C300EC-6CCF-4C18-8146-56A417CEE274} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80C300EC-6CCF-4C18-8146-56A417CEE274} => key removed successfully
C:\Windows\System32\Tasks\LordBoom => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LordBoom => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A2F38A2-0B8B-4831-BADB-344C5992B91C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A2F38A2-0B8B-4831-BADB-344C5992B91C} => key removed successfully
C:\Windows\System32\Tasks\LiveToRead => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LiveToRead => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{98818595-DAF3-478E-84EF-2B31371C024D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98818595-DAF3-478E-84EF-2B31371C024D} => key removed successfully
C:\Windows\System32\Tasks\allshare\allsharedms\allsharedms => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\allshare\allsharedms\allsharedms => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9DAEA28E-E659-4A24-82D5-F8B15D6EA020} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DAEA28E-E659-4A24-82D5-F8B15D6EA020} => key removed successfully
C:\Windows\System32\Tasks\allshare\allshareagent => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\allshare\allshareagent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{AAD40953-F1AB-47CF-A29A-59CBBCBAEBF4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAD40953-F1AB-47CF-A29A-59CBBCBAEBF4} => key removed successfully
C:\Windows\System32\Tasks\adb => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\adb => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{ACB1E9DC-5656-4B44-9B1D-FA1FA143B1A3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACB1E9DC-5656-4B44-9B1D-FA1FA143B1A3} => key removed successfully
C:\Windows\System32\Tasks\gnu\curl => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gnu\curl => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD9CD640-0748-4A5E-AE02-EA78B9E91173} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD9CD640-0748-4A5E-AE02-EA78B9E91173} => key removed successfully
Could not move "C:\Windows\System32\Tasks\Driver Booster SkipUAC (Shreya)" => Scheduled to move on reboot.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Shreya) => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C6B35B7C-9877-4D54-B83F-158F5F264F25} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6B35B7C-9877-4D54-B83F-158F5F264F25} => key removed successfully
C:\Windows\System32\Tasks\ShreyaFederalsPrimlyV2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShreyaFederalsPrimlyV2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C9522354-1059-4785-B4AF-5E865763CC33} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9522354-1059-4785-B4AF-5E865763CC33} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\winter_sports_helper_service => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D002A3D8-853D-410C-91C3-8DEBAF8BD667} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D002A3D8-853D-410C-91C3-8DEBAF8BD667} => key removed successfully
C:\Windows\System32\Tasks\androidnotifier-exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\androidnotifier-exe => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5635397-07F5-431A-8D49-7C9FEFA163BE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5635397-07F5-431A-8D49-7C9FEFA163BE} => key removed successfully
C:\Windows\System32\Tasks\{74F28C02-AA14-F1EB-B170-7ADC58D82DD3} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{74F28C02-AA14-F1EB-B170-7ADC58D82DD3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F35054FF-CED7-44C2-97BE-D15BBEEE210A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F35054FF-CED7-44C2-97BE-D15BBEEE210A} => key removed successfully
C:\Windows\System32\Tasks\update\dropboxupdate => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update\dropboxupdate => key removed successfully
C:\Windows\Tasks\LiveToRead.job => moved successfully
C:\Windows\Tasks\LordBoom.job => moved successfully
C:\Windows\Tasks\winter_sports_helper_service.job => moved successfully
C:\Windows\Tasks\{74F28C02-AA14-F1EB-B170-7ADC58D82DD3}.job => moved successfully
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION => removed successfully
C:\Users\Shreya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk => moved successfully
C:\Users\Shreya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk => moved successfully
C:\Users\Shreya\AppData\Local\Phecerghtstenage\ChromeDefaultData2\Web Applications\_crx_oibcjmolfjijonoaacpofedmgkfkflhh\AdBlock.lnk => not found.
C:\Users\Shreya\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Applications\_crx_oibcjmolfjijonoaacpofedmgkfkflhh\AdBlock.lnk => Shortcut argument removed successfully.
C:\Users\Shreya\AppData\Local\Berrch\Default\Web Applications\_crx_oibcjmolfjijonoaacpofedmgkfkflhh\AdBlock.lnk => Shortcut argument removed successfully.
C:\Users\Shreya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk => Shortcut argument removed successfully.
C:\Users\Shreya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\Shreya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully.
C:\Users\Shreya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B78FE1E1-C51C-45D3-BC70-C6A460603841} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7087ED65-F96B-46B4-91DB-CA5E921A5478} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{119161CA-C847-432A-8A3E-BFA2C2BEDAC6} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A3332C29-F047-4A5D-9882-09C1F0D9139C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB980BEC-01CE-45B2-80E5-9F35B32B3097} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{56AD22FA-64C7-4837-819D-514DA3C7F4D6} => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gpuminer => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe => value removed successfully
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\Software\Microsoft\Windows\CurrentVersion\Run\\8PBHRDEUMTYOYSU => value removed successfully
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\Software\Microsoft\Windows\CurrentVersion\Run\\G01NJMQXDT3GMFR => value removed successfully
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\Software\Microsoft\Windows\CurrentVersion\Run\\2Z1T024X35UDYGX => value removed successfully
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\Software\Microsoft\Windows\CurrentVersion\Run\\76272618 => value removed successfully
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\Software\Microsoft\Windows\CurrentVersion\Run\\X45122K1BNG2ENH => value removed successfully
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\Software\Microsoft\Windows\CurrentVersion\Run\\38152148 => value removed successfully
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\Software\Microsoft\Windows\CurrentVersion\Run\\0K018KYNULMSCRN => value removed successfully
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HZ3AXMVFAWYAANT => value removed successfully
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ISHX5Q5ROJ608AD => value removed successfully
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\Software\Microsoft\Windows\CurrentVersion\Run\\4O2YL7YZYEQMVV7 => value removed successfully
HKU\S-1-5-21-2302586105-2206666383-3303423465-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BZ2MAXXOO5GLXP6 => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E591EECC-233E-11E7-88A1-64006A5CFC23} => value removed successfully
HKCR\CLSID\{E591EECC-233E-11E7-88A1-64006A5CFC23} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj => key removed successfully
HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => key not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk => not found.
E:\WZUpdateNotifier.exe => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk => not found.
E:\WzPreloader.exe => not found.
HKCR\PROTOCOLS\Handler\WSISVCUchrome => key not found.
Chrome NewTab => removed successfully
Chrome DefaultSearchURL => removed successfully
C:\Users\Shreya\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik => moved successfully
C:\Users\Shreya\AppData\Local\Google\Chrome\User Data\Default\Extensions\kofkpgiaknijknhajbhnghkodiccblkg => moved successfully
C:\ProgramData\AMD => moved successfully
C:\Windows\System32\Tasks\gnu => moved successfully
C:\Windows\System32\Tasks\syncios => moved successfully
C:\Windows\System32\Tasks\allshare => moved successfully
"C:\Windows\System32\Tasks\adb" => not found.
C:\Windows\System32\Tasks\{6480492F-BA03-4A08-A753-33D419B397B6} => moved successfully
C:\Users\Shreya\AppData\Roaming\Main.dat => moved successfully

"C:\Users\Shreya\AppData\Local\kemgadeojglibflomicgnfeopkdfflnw" folder move:

Could not move "C:\Users\Shreya\AppData\Local\kemgadeojglibflomicgnfeopkdfflnw" => Scheduled to move on reboot.

"C:\Users\Shreya\AppData\Local\Phecerghtstenage" => not found.
Could not move "C:\Users\Shreya\AppData\Roaming\InstallationConfiguration.xml" => Scheduled to move on reboot.
C:\Users\Shreya\AppData\Roaming\Installer.dat => moved successfully

"C:\Users\Shreya\AppData\Roaming\excdir" folder move:

Could not move "C:\Users\Shreya\AppData\Roaming\excdir" => Scheduled to move on reboot.

C:\Users\Public\Documents\XMUpdate => moved successfully
C:\Program Files\¿ìѹ => moved successfully
C:\ProgramData\ProductData => moved successfully
C:\Users\Shreya\AppData\LocalLow\IObit => moved successfully
Could not move "C:\Windows\System32\Tasks\Driver Booster Scheduler" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\Tasks\Driver Booster SkipUAC (Shreya)" => Scheduled to move on reboot.
C:\Windows\IObit => moved successfully
C:\ProgramData\IObit => moved successfully
C:\ProgramData\674B780B227g293 => moved successfully
Could not move "C:\Windows\Manager.exe" => Scheduled to move on reboot.
C:\Users\Shreya\AppData\Roaming\IObit => moved successfully
C:\ProgramData\RegisterObject => moved successfully
C:\ProgramData\Windows Security => moved successfully
C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} => moved successfully
C:\Users\Shreya\AppData\Roaming\Zanigh => moved successfully
C:\Users\Shreya\AppData\Local\Berrch => moved successfully
Could not move "C:\Windows\System32\Tasks\Prifashnerqagh Helper" => Scheduled to move on reboot.
"C:\Windows\Tasks\{74F28C02-AA14-F1EB-B170-7ADC58D82DD3}.job" => not found.
C:\Windows\System32\Tasks\AutoRearm => moved successfully
C:\Users\Shreya\AppData\LocalLow\Temp => moved successfully
"C:\Windows\Tasks\LiveToRead.job" => not found.
"C:\Windows\Tasks\winter_sports_helper_service.job" => not found.
"C:\Windows\Tasks\LordBoom.job" => not found.
C:\Users\Shreya\AppData\Local\Temp\DriverBoosterSetup.exe => moved successfully
"C:\Users\Shreya\AppData\Local\Temp\g686A.tmp.exe" => not found.
C:\Users\Shreya\AppData\Local\Temp\g686B.tmp.exe => moved successfully
C:\Users\Shreya\AppData\Local\Temp\vbsetup.exe => moved successfully
"C:\Program Files (x86)\Lerjudom" => not found.
"c:\programdata\{6b0b1a6d-fc5b-c450-6b0b-b1a6dfc569b7}" => not found.
"c:\programdata\{e772534f-0522-37f8-e772-2534f0524d3c}" => not found.
"C:\ProgramData\674B780B227g293" => not found.
C:\Users\Shreya\AppData\Local\{5B126~1 => moved successfully
"C:\Program Files\5MRWE1AVD0" => not found.
"C:\Program Files\P4NE5WUNZZ" => not found.
"C:\Program Files\8HHPDM9KQF" => not found.
"C:\Users\Shreya\AppData\Roaming\51758067" => not found.
"C:\Program Files\RMWY1PRHCQ" => not found.
"C:\Users\Shreya\AppData\Roaming\18873474" => not found.
"C:\Program Files\M2S7X4Y7EC\M2S7X4Y7E" => not found.
"C:\Program Files\8YC6DZ7KPE" => not found.
"C:\Program Files (x86)\PubHotspot" => not found.
"C:\Program Files (x86)\SpeeDownloader" => not found.
"C:\Program Files\VE009XP42W" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 79908933 B
Java, Flash, Steam htmlcache => 515 B
Windows/system/drivers => 9075422 B
Edge => 0 B
Chrome => 86998717 B
Firefox => 9308164 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 24970 B
systemprofile32 => 13442235 B
LocalService => 132244 B
NetworkService => 123774 B
Shreya => 20309535 B

RecycleBin => 6192930 B
EmptyTemp: => 223.1 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-04-2017 21:41:35)

C:\Windows\System32\Tasks\Prifashnerqagh Helper => Is moved successfully
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Shreya) => Is moved successfully
C:\Users\Shreya\AppData\Local\kemgadeojglibflomicgnfeopkdfflnw => Is moved successfully
C:\Users\Shreya\AppData\Roaming\InstallationConfiguration.xml => Is moved successfully
C:\Users\Shreya\AppData\Roaming\excdir => Is moved successfully
C:\Windows\System32\Tasks\Driver Booster Scheduler => Is moved successfully
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Shreya) => Is moved successfully
C:\Windows\Manager.exe => Is moved successfully
C:\Windows\System32\Tasks\Prifashnerqagh Helper => Is moved successfully

==== End of Fixlog 21:41:35 ====
Avatar de l’utilisateur
angelique
Messages : 31349
Inscription : 28 févr. 2008 13:58
Localisation : Breizhilienne

Re: INFECTION VIRUS

par angelique »

Scan MBAM version free ➯ http://www.malekal.com/tutoriel-malware ... i-malware/ , supprime la sélection trouvée et vide la quarantaine

Supp. C:\FRST et ses rapports

c'est better ?
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Image
daksh27

Re: INFECTION VIRUS

par daksh27 »

THANKS A LOT FOR YOUR HELP!
THE VIRUS GOT REMOVED.
Avatar de l’utilisateur
angelique
Messages : 31349
Inscription : 28 févr. 2008 13:58
Localisation : Breizhilienne

Re: INFECTION VIRUS

par angelique »

PDT_018
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Image
  • Sujets similaires
    Réponses
    Vues
    Dernier message

Revenir à « Supprimer/Desinfecter les virus (Trojan, Adwares, Ransomwares, Backdoor, Spywares) »