Error 0x8007001F - 0x20006 when upgrading win7 to Win10
- Thread starter gidriss
- Start date
The logs displayed that windows defender found malware and the tools / methods to bypass the activation of software.
SoftwareBundler:Win32/Prepscram threat description - Microsoft Security Intelligence
Please open a new thread:
Malware Removal Posting Instructions
SoftwareBundler:Win32/Prepscram threat description - Microsoft Security Intelligence
Please open a new thread:
Malware Removal Posting Instructions
Code:
SURT total detected corruption count: 6
Code:
Windows Defender:
================
Date: 2021-04-01 03:17:46.368
Description:
L’analyse Windows Defender a détecté un logiciel espion ou un autre logiciel potentiellement indésirable.
Pour plus d’informations, consultez les informations suivantes :
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Prepscram&threatid=226289
Nom : SoftwareBundler:Win32/Prepscram
ID : 226289
Gravité : Élevée
Catégorie : Programme d’installation de logiciels indésirables regroupés
Chemin d’accès trouvé : file:C:\Program Files (x86)\Microsoft Toolkit Final\Setup activation.exe;process:pid:8372
Type de détection : Concret
Source de détection : Protection en temps réel
État : Inconnu
Utilisateur : \
Nom du processus :
Code:
Windows Defender:
================
Date: 2021-04-01 03: 17: 46.368
Description:
Windows Defender scan detected spyware or other potentially unwanted software.
For more information, see the following information:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Prepscram&threatid=226289
Name: SoftwareBundler: Win32 / Prepscram
ID: 226289
Severity: High
Category: Bundled unwanted software installer
Path found: file: C: \ Program Files (x86) \ Microsoft Toolkit Final \ Setup activation.exe; process: pid: 8372
Type of detection: Concrete
Detection source: Real-time protection
Status: Unknown
User: \
Process Name:
- May 7, 2013
- 10,400
Where did the logs indicate that? The logs indicate that a software installer was found, which could be used to install PUPs or malicious software.
Code:
() [Fichier non signé] C:\ProgramData\KMSAuto\bin\TunMirror2.exe
(@ByELDI -> @ByELDI) [Fichier non signé] C:\Program Files\KMSpico\Service_KMS.exe
Task: {FB6E9E1F-DDE3-496C-990F-CC80F383A5EA} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [745664 2016-01-11] (@ByELDI -> @ByELDI) [Fichier non signé]
S2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [301056 2015-07-24] (MDL Forum, mod by Ratiborus) [Fichier non signé]
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-11] (@ByELDI -> @ByELDI) [Fichier non signé]
R2 TunMirror; C:\ProgramData\KMSAuto\bin\TunMirror2.exe [10752 2013-12-04] () [Fichier non signé]
2021-04-01 06:38 - 2021-04-01 06:39 - 000000000 ____D C:\Program Files\KMSpico
2021-04-01 06:38 - 2021-04-01 06:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2021-04-01 06:38 - 2018-11-15 12:36 - 003229424 _____ ( ) C:\Users\gaamex\AppData\Roaming\KMSpico-setup.exe
2021-04-01 06:37 - 2021-04-01 06:37 - 003825989 _____ C:\Users\gaamex\Downloads\KMSpico.zip
2021-04-01 06:37 - 2021-04-01 06:37 - 000000000 ____D C:\Users\gaamex\Downloads\KMSpico
2021-04-01 02:37 - 2021-04-01 03:32 - 000000000 ____D C:\ProgramData\KMSAuto
2021-04-01 06:38 - 2018-11-15 12:36 - 003229424 _____ ( ) C:\Users\gaamex\AppData\Roaming\KMSpico-setup.exe
- Feb 12, 2015
- 1,882
Welcome to Sysnative Forums.
I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.
Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:
1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!
2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.
3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.
5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
==========================
I am currently reviewing your logs and I will be back to you as soon as I can.
I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.
Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:
1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!
2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.
3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.
5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
==========================
I am currently reviewing your logs and I will be back to you as soon as I can.
- Feb 12, 2015
- 1,882
Hi, gidriss.
I have reviewed your logs and I can say that there is not only a number of malicious or/and potentially unwanted applications installed, but a lot of garbage as well.
First things first, I would like to make sure that your operating system is legally activated. KMS service/program you downloaded the previous days is used to illegally activate Microsoft's products, such as Windows or Office. Since I don't see Microsoft Office in your installed programs list, I tend to believe that KMS was used to illegally activate Windows. Have in mind that a not activated operating system has many restrictions, including not receiving security updates. If that is the case, unfortunately I can't help you, until you activate Windows legally.
To check the operating system please do the following:
I have reviewed your logs and I can say that there is not only a number of malicious or/and potentially unwanted applications installed, but a lot of garbage as well.
First things first, I would like to make sure that your operating system is legally activated. KMS service/program you downloaded the previous days is used to illegally activate Microsoft's products, such as Windows or Office. Since I don't see Microsoft Office in your installed programs list, I tend to believe that KMS was used to illegally activate Windows. Have in mind that a not activated operating system has many restrictions, including not receiving security updates. If that is the case, unfortunately I can't help you, until you activate Windows legally.
To check the operating system please do the following:
- Press Windows icon on your Desktop, together with the letter R.
- Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
- Copy and paste the following command and press Enter:
Code:
slmgr /dli- After running the command, you will get a report. Please take a screenshot of what you got and attach it in your next reply. Here it is an article where you can see how do you take a screenshot with the snipping tool, in case you need it.
Last edited:
- Feb 12, 2015
- 1,882
Well, unfortunately the operating system is neither OEM nor Retail licensed. It is activated with the help of the KMS service and it will be deactivate if I continue with my instructions. Having said that, unfortunately I can't help you, until you legally activate Windows with a legal license. Meaning, buy a license.
I have for you some questions in order to understand the situation.
When did you buy this computer? Was there an operating system installed? If yes, do you remember anything about it? E.g. Windows XP, Vista, Windows 7 Home? If it is a laptop, you can check for a label on its back and see what is says. Did you ever make a clean install of Windows 7 Pro by yourself? If yes, perhaps you did have a legal license and you threw it away by installing another version of Windows 7...
I have for you some questions in order to understand the situation.
When did you buy this computer? Was there an operating system installed? If yes, do you remember anything about it? E.g. Windows XP, Vista, Windows 7 Home? If it is a laptop, you can check for a label on its back and see what is says. Did you ever make a clean install of Windows 7 Pro by yourself? If yes, perhaps you did have a legal license and you threw it away by installing another version of Windows 7...
- Feb 12, 2015
- 1,882
Sure. That is what you have to do, so you don't have the same issues from now on.
Microsoft doesn't sell Windows 7 anymore. This operating system reached its end of life some years ago, meaning that it's not getting security updates.
Windows 10 Home is probably what you need and you can buy a legal license from Microsoft.
Be careful, however, because some sellers sell Volume licenses, which are mainly used by large companies, to ordinary users. They claim that they sell in a low price, but this type of licenses may cause issues at a later stage. In other words, they are not legal for ordinary users. So, if you don't buy from Microsoft directly, make sure that the license you are getting is Retail.
Microsoft doesn't sell Windows 7 anymore. This operating system reached its end of life some years ago, meaning that it's not getting security updates.
Windows 10 Home is probably what you need and you can buy a legal license from Microsoft.
Be careful, however, because some sellers sell Volume licenses, which are mainly used by large companies, to ordinary users. They claim that they sell in a low price, but this type of licenses may cause issues at a later stage. In other words, they are not legal for ordinary users. So, if you don't buy from Microsoft directly, make sure that the license you are getting is Retail.
Last edited by a moderator:
- Feb 12, 2015
- 1,882
Hi, gidriss.
I'm really surprised by a couple of things I'm seeing here.
1. You want Windows 10 and you tried to buy Windows 7 which is an operating system without support anymore? Microsoft doesn't sell Windows 7 licenses anymore. Where did you buy it from?
2. The license says OEM_COA_SLP (System Locked Pre-installation).
OEM SLP keys are preinstalled by the manufacturer in the machine. How did you activate such a kind of license in your computer?
I'm afraid that something is wrong again here.
I'm really surprised by a couple of things I'm seeing here.
1. You want Windows 10 and you tried to buy Windows 7 which is an operating system without support anymore? Microsoft doesn't sell Windows 7 licenses anymore. Where did you buy it from?
2. The license says OEM_COA_SLP (System Locked Pre-installation).
OEM SLP keys are preinstalled by the manufacturer in the machine. How did you activate such a kind of license in your computer?
I'm afraid that something is wrong again here.
- Feb 12, 2015
- 1,882
Hi, gridiss.
You haven't replied to my questions above.
As for the log you posted above, it shows that there are corruptions needing a fix. As soon as we clean the computer here, and ensure that everything is clean, you can check again for the upgrade issue. The important thing is the license to be valid.
You haven't replied to my questions above.
As for the log you posted above, it shows that there are corruptions needing a fix. As soon as we clean the computer here, and ensure that everything is clean, you can check again for the upgrade issue. The important thing is the license to be valid.
- Feb 12, 2015
- 1,882
In addition to your responses to my questions above, please also provide fresh FRST logs, Addition.txt and FRST.txt.
Since your operating system is not in English, rename the downloaded file as EnglishFRST64.exe (64-bit), or EnglishFRST.exe (32-bit) so the resultant logs will be in English. It will be much easier for me to review them.
Thank you.
Since your operating system is not in English, rename the downloaded file as EnglishFRST64.exe (64-bit), or EnglishFRST.exe (32-bit) so the resultant logs will be in English. It will be much easier for me to review them.
Thank you.
- Feb 12, 2015
- 1,882
Hi, gidriss.
1. Uninstall programs
2. FRST fix
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
3. Run AdwCleaner (Scan mode)
Download AdwCleaner and save it to your desktop.
4. Run Malwarebytes (Scan mode)
If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
In your next reply, please post:
1. Uninstall programs
- Press the Windows Key + R.
- Type appwiz.cpl in the Run box and click OK.
- The Add/Remove Programs list will open. Locate the following programs in the list:
Code:
Restoro
SearcherBar
Web Companion
Wise Duplicate Finder- Select the above programs, one by one, and click Uninstall.
- Restart the computer at the end of the procedure.
2. FRST fix
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
- Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2879705918-1765932789-195621560-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://en-maktoob.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10041_direct_160418__yaie
SearchScopes: HKU\S-1-5-21-2879705918-1765932789-195621560-1000 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=140&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4935231522254258&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2879705918-1765932789-195621560-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={FB790F1B-D61D-4DB6-8D7D-3E99A3087206}&mid=2446703e119047d380253dd332ae33d1-6ee97a8222bc7e9cfca6b55a5a742283d9c76f56&lang=fr&ds=tl011&coid=avgtbdistl&cmpid=1015tb&pr=sa&d=2014-02-09 08:44:35&v=19.3.0.491&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2879705918-1765932789-195621560-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=140&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4935231522254258&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2879705918-1765932789-195621560-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10041_direct_160418__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2879705918-1765932789-195621560-1003 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-2879705918-1765932789-195621560-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={FB790F1B-D61D-4DB6-8D7D-3E99A3087206}&mid=2446703e119047d380253dd332ae33d1-6ee97a8222bc7e9cfca6b55a5a742283d9c76f56&lang=fr&ds=tl011&coid=avgtbdistl&cmpid=1015tb&pr=sa&d=2014-02-09 08:44:35&v=19.3.0.491&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2879705918-1765932789-195621560-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-2879705918-1765932789-195621560-500 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
BHO: DataMngr -> {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} -> No File
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> No File
BHO-x32: DataMngr -> {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} -> No File
Toolbar: HKLM-x32 - No Name - {f34c9277-6577-4dff-b2d7-7d58092f272f} - No File
Toolbar: HKU\S-1-5-21-2879705918-1765932789-195621560-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-2879705918-1765932789-195621560-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-2879705918-1765932789-195621560-1003 -> No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKU\S-1-5-21-2879705918-1765932789-195621560-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-2879705918-1765932789-195621560-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-2879705918-1765932789-195621560-1003 -> No Name - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - No File
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2879705918-1765932789-195621560-1000\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2879705918-1765932789-195621560-1003\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [{1F0FBA6A-61F0-442A-A709-CFF23572E0AA}] => (Allow) C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe => No File
FirewallRules: [{54F22E86-BFCA-4359-96DC-07F6FFE152AC}] => (Allow) C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe => No File
FirewallRules: [{C7A11BC8-E56C-4C14-B353-93E1D21DDB45}] => (Allow) C:\Users\gaamex\AppData\Local\Temp\DriverPack-2021040312322\tools\aria2c.exe => No File
Shortcut: C:\Users\gaamex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reset Windows Update Tool\reset-settings.lnk -> C:\Program Files\wureset\wureset\bin\reset-settings.bat ()
C:\Program Files\wureset\wureset\bin\reset-settings.bat
HKLM\...\Run: [Restoro] => C:\Program Files\Restoro\bin\RestoroApp.ex
HKU\S-1-5-21-2879705918-1765932789-195621560-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1732368 2016-08-04] (Lavasoft Limited -> Lavasoft) [File not signed]
HKU\S-1-5-21-2879705918-1765932789-195621560-1000\...\Run: [Ad-Aware Search Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\AASearchCompanion.exe [667920 2016-04-18] (Lavasoft Limited -> ) [File not signed]
HKU\S-1-5-21-2879705918-1765932789-195621560-1000\...\Run: [Firefox Browser] => ;C:\Firefox\X-Firefox.exe
HKU\S-1-5-21-2879705918-1765932789-195621560-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-2879705918-1765932789-195621560-1000\...\MountPoints2: {20d34e75-ae31-11e6-afb1-ec9a744ada22} - F:\LGAutoRun.exe
HKU\S-1-5-21-2879705918-1765932789-195621560-1000\...\MountPoints2: {4460796b-48d2-11e6-9708-001e101fa1f5} - F:\AutoRun.exe
HKU\S-1-5-21-2879705918-1765932789-195621560-1000\...\MountPoints2: {4d2f3bdd-2128-11e6-8c4b-ec9a744ada22} - F:\AutoRun.exe
HKU\S-1-5-21-2879705918-1765932789-195621560-1000\...\MountPoints2: {902a619f-9266-11eb-8857-a86fc90e6720} - F:\setup.exe
HKU\S-1-5-21-2879705918-1765932789-195621560-1000\...\MountPoints2: {bd82e8f1-2b3c-11e6-90f0-ec9a744ada22} - F:\AutoRun.exe
HKU\S-1-5-21-2879705918-1765932789-195621560-1000\...\MountPoints2: {dbca89fc-19b7-11e6-a0f7-ec9a744ada22} - F:\AutoRun.exe
HKU\S-1-5-21-2879705918-1765932789-195621560-1003\...\MountPoints2: {08bbd087-0ed5-11e6-961c-ec9a744ada22} - F:\AutoRun.exe
HKU\S-1-5-21-2879705918-1765932789-195621560-1003\...\MountPoints2: {08bbd0aa-0ed5-11e6-961c-344b50b7efb4} - F:\AutoRun.exe
HKU\S-1-5-21-2879705918-1765932789-195621560-1003\...\MountPoints2: {10d25740-99b5-11ea-9d3e-ec9a744ada22} - F:\autorun.exe
HKU\S-1-5-21-2879705918-1765932789-195621560-1003\...\MountPoints2: {4460796b-48d2-11e6-9708-001e101fa1f5} - F:\AutoRun.exe
HKU\S-1-5-21-2879705918-1765932789-195621560-1003\...\MountPoints2: {4d2f3bdd-2128-11e6-8c4b-ec9a744ada22} - F:\AutoRun.exe
HKU\S-1-5-21-2879705918-1765932789-195621560-1003\...\MountPoints2: {55e99501-a232-11e5-8e93-ec9a744ada22} - F:\AutoRun.exe
HKU\S-1-5-21-2879705918-1765932789-195621560-1003\...\MountPoints2: {bd82e8f1-2b3c-11e6-90f0-ec9a744ada22} - F:\AutoRun.exe
HKU\S-1-5-21-2879705918-1765932789-195621560-1003\...\MountPoints2: {dbca89fc-19b7-11e6-a0f7-ec9a744ada22} - F:\AutoRun.exe
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll => No File
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll => No File
Startup: C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartClock.lnk [2021-04-07] <==== ATTENTION
ShortcutTarget: SmartClock.lnk -> C:\Users\gaamex\AppData\Roaming\Smart Clock\SmartClock.exe (No File)
Task: {5F5C414E-3D68-446C-96F8-3510822EC722} - System32\Tasks\AVG-Secure-Search-Update_1214tb_rmv => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1214tb.exe [2794520 2014-12-14] (AVG Technologies -> )
Task: {8734BE40-7DD3-47BB-9886-A80739795FA2} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {9D0FF0D5-EE02-4500-94E2-2844209BFA92} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {B2830EAC-20BE-410C-854D-2F41BC55E030} - System32\Tasks\AVG-Secure-Search-Update_1214tb_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1214tb.exe [2794520 2014-12-14] (AVG Technologies -> )
Task: {B448AE0B-F6B9-4C08-9E0D-8A2516B8B528} - \Programme de mise à jour en ligne de HP. -> No File <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_1214tb_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1214tb.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_1214tb_rmv.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1214tb.exe
FF NewTab: Mozilla\Firefox\Profiles\8xgllmvv.default -> hxxps://en-maktoob.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10041_direct_160418__yaff
FF Homepage: Mozilla\Firefox\Profiles\8xgllmvv.default -> hxxps://en-maktoob.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10041_direct_160418__yaff
FF SearchPlugin: C:\Users\gaamex\AppData\Roaming\Mozilla\Firefox\Profiles\8xgllmvv.default\searchplugins\avg-secure-search.xml [2019-03-14]
FF SearchPlugin: C:\Users\gaamex\AppData\Roaming\Mozilla\Firefox\Profiles\8xgllmvv.default\searchplugins\yahoo-lavasoft.xml [2016-10-17]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\19.0.0.10 => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR NewTab: Default -> Active:"chrome-extension://oppjbdkgpfhhllancffaoaemplhkngoc/newtab/newtab-hp.html", Not-active:"chrome-extension://bfeoflmknglhkaclnpkdgjleajfklfmd/stubby.html"
R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [301056 2015-07-24] (MDL Forum, mod by Ratiborus) [File not signed]
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-04-18] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
R2 RestoroActiveProtection; C:\Program Files\Restoro\bin\RestoroProtection.exe [9310216 2021-02-07] (Restoro Ltd -> Restoro)
R2 TunMirror; C:\ProgramData\KMSAuto\bin\TunMirror2.exe [10752 2013-12-04] () [File not signed]
C:\Users\Administrateur\AppData\Roaming\VymRCnDtwYYKvQjr
C:\Users\gaamex\Downloads\Restoro License
C:\Users\gaamex\Downloads\Restoro License.zip
C:\Users\Public\Desktop\Restoro.lnk
C:\ProgramData\Desktop\Restoro.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Restoro
C:\Windows\restoro.ini
C:\ProgramData\Restoro
C:\Program Files\Restoro
C:\Users\gaamex\Downloads\Restoro.exe
C:\Users\gaamex\Downloads\Restoro-2028-Crack-Full-License-Key---Number-2021-Download_851e0786813fc063d963b0.zip
C:\Users\Public\Desktop\Chrone Browser.lnk
C:\ProgramData\Desktop\Chrone Browser.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chrone Browser
C:\Chrone
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SearcherBar
C:\Users\gaamex\AppData\Roaming\KMSpico-setup.exe
C:\Users\gaamex\Downloads\KMSpico.zip
C:\Users\gaamex\Downloads\KMSpico
C:\Users\gaamex\Desktop\Garbage Cleaner.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Duplicate Finder
C:\ProgramData\Garbage Cleaner
C:\Program Files (x86)\Wise
C:\ProgramData\KMSAuto
C:\Windows\Tasks\AVG-Secure-Search-Update_1214tb_rmv.job
C:\Windows\Tasks\AVG-Secure-Search-Update_1214tb_rel.job
C:\Program Files (x86)\Kaspersky Lab
C:\ProgramData\Kaspersky Lab
C:\ProgramData\TuneUp Software
C:\Users\gaamex\AppData\Roaming\KMSpico-setup.exe
C:\Program Files (x86)\Lavasoft
C:\Program Files (x86)\AVG SafeGuard toolbar
C:\ProgramData\KMSAuto
VirusTotal: C:\Firefox\X-Firefox.exe
EmptyTemp:
End::- Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
- Please post the log in your next reply.
3. Run AdwCleaner (Scan mode)
Download AdwCleaner and save it to your desktop.
- Double click AdwCleaner.exe to run it.
- Click Scan Now.
- When the scan has finished, a Scan Results window will open.
- Click Cancel (at this point do not attempt to Quarantine anything that is found)
- Now click the Log Filestab.
- Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
- A Notepad file will open containing the results of the scan.
- Please post the contents of the file in your next reply.
4. Run Malwarebytes (Scan mode)
- Download Malwarebytes and save it to your Desktop.
- Once downloaded, close all programs and Windows on your computer.
- Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
- Follow the instructions to install the program.
- When finished, double click the program's icon created on your Desktop.
- Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
Code:Under the title Scan Options, all the options are checked. Under the title Windows Security Center (Premium only) the option is unchecked. Under the title Potentially unwanted items all options are set to Always. - Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
- When finished, you will see the Threat Scan Summary window open.
If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
- Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
- Find the report with the most recent date and double click on it.
- Click on Export and then Copy to Clipboard.
- Paste its content here, in your next reply.
In your next reply, please post:
- The fixlog.txt
- The AdwCleaner[S0*].txt
- The Malwarebytes report
Has Sysnative Forums helped you? Please consider donating to help us support the site!