Search

1) Run HiJackThis again, press Do a system scan only In scan window check following lines:

O1 - Hosts: 127.0.0.1 down.baidu2016.com
O1 - Hosts: 127.0.0.1 123.sogou.com
O1 - Hosts: 127.0.0.1 www.czzsyzgm.com
O1 - Hosts: 127.0.0.1 www.czzsyzxl.com
O1 - Hosts: 127.0.0.1 union.baidu2019.com
O1 - Hosts: 127.0.0.1 down.baidu2016.com
O1 - Hosts: 127.0.0.1 123.sogou.com
O1 - Hosts: 127.0.0.1 www.czzsy...

3) Do you want me to run the program again?

---

pedromatt, 2016-10-07 17:04:20 (UTC)

Yes, run FRST again and share links on new logs.

1) I installed it after I installed windows but I've unnistalled it some months ago.

2) Sorry, here is the correct link: https://up2sha.re/file?f=91kFxbulMbgk

3) Do you want me to run the program again?

pedromatt,

1) Do  you have installed Driver Booster? If yes, then I advise you to uninstall.

1) You did not answer.

https://up2sha.re/file?f=fmm8W0qTNqR

 

If it's more helpful

 

---

pedromatt, 2016-10-07 16:26:38 (UTC)

2) Link is not correct.

3) Make new FRST logs.  

Hello,

Sorry, the logfile extract is shrunked. Is it possible to host the whole logfile on https://up2sha.re/ and share the generated link here ?

Best regards,

Found on 2 computers

***** [ Raccourcis ] *****

Raccourci infecté:  C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Acronis\True Image\Outils et utilitaires\Monter une image.lnk ( /mount_image )

This Link is found as infected on 2 computers and I wonder on the reality of infection.?: I launched ADW cleaner and the resulting file "quarantine.db" contained the TXT:

SQLite forma...

Effectivement il y a des infections.

"avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)"

--> La version 12 est disponible :

http://files.avast.com/iavs9x/avast_free_antivirus_setup_offline.exe

"CHR Extension: (webget)"

--> Pour retirer cette extension de Google Chrome :

https://support.google.com/chrome_webstore/answer/2664769?hl=fr

"ProxyServer: [....

Hello,

Sorry for the delay.

Can you share more informations with FRST ?

• Download FRST
• Right-click on the file -> "Execute as Administrator"
• Click on the "Scan" button
• The logfile is saved as FRST.txt , and additional informations are in Addition.txt.
• Please host them on Up2Share and share the generated link.

Best regards,

ran a registry cleaner to clean up some dead software links etc.  this seemed to remove that registry entry that was throwing off adwcleaner.  reran adwcleaner and there are now no threats picked up.

Thanks.

• Download RogueKiller here
• Execute the file "setup.exe" as Administrator (right-click on the file -> Execute as Administrator"
• The pre-scan will occur, please wait until it ends.
• Then click on [Scan] on the right hand corner. Wait until the scan finish.
• Finally, host the generated logfile on Up2Sha.re and copy/paste here the provided link.