arthurPlch

CLOSED PC infected - Swizzor!IK

Recommended Posts

A-squared free is obsolete, no longer in the development and is not supported.  You should not be using it.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Pas de fichier
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Pas de fichier
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <non trouvé(e)>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <non trouvé(e)>
2017-04-28 19:21 - 2017-04-28 19:21 - 00000000 ____D C:\ProgramData\pdfforge
2011-11-03 15:13 - 2011-11-03 15:13 - 1786688 _____ () C:\Users\Arthur\AppData\Local\Temp\sonarinst.exe
CustomCLSID: HKU\S-1-5-21-2768558785-2739680840-3553050652-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Arthur\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2768558785-2739680840-3553050652-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Arthur\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => Pas de fichier
Task: {640A9457-6C1E-4303-95B4-5579D09EFDBD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
Task: {AC01A8C2-D7E6-4FA9-9E4C-0129A221A982} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
Task: {D52E14CC-2B17-4518-B12B-D89A959B896A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
Task: {EDB87307-869B-447D-BB80-A99B4DFE185B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
Task: {FDA5E30D-0F60-4599-A8CF-14D14873846D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
AlternateDataStreams: C:\Users\Arthur\Downloads:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Arthur\Downloads\Maze.Runner.The.Scorch.Trials.2015.1080p.BluRay.6CH.ShAaNiG:Shareaza.GUID [16]
HKU\S-1-5-21-2768558785-2739680840-3553050652-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
Reg: reg delete "HKEY_USERS\S-1-5-21-2768558785-2739680840-3553050652-1001\SOFTWARE\PDFFORGE" f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\PDFFORGE" /f

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.