Search

Thank you very much.

I redacted the links to your logfiles in your precedent message since they contained some "sensitive"/"private" informations.

I analyze the logfile and come back to you with more informations.

Here are the logfiles (sorry for the delay to answer) :

https://up2sha.re/file?f=XXXXXX

https://up2sha.re/file?f=XXXXX

Hello,

Something else seems to recreate the key. I'll look with a ZHPDiag report :

• Download ZHPDiag from Nicolas on his website
• Then run it with administrator's rights (with right click)
• Then upload the log file on up2share (you will find it on your desktop, just drop the file on the upload zone)
• Then post the link in your reply

Best regards,

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

[-] File Deleted : C:\WINDOWS\SysWOW64\h@tkeysh@@k.dll

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}

***** [ Web browsers ] *****

*************...

The file which has been opened by Edge is the BlueScreenView report (you can see the path to the file in the adressbar on the top).

Can you copy this file to your Desktop : C:\WINDOWS\Minidump\041916-112203-01.dmp and create a zip archive from this file ?

Then, host it on https://up2sha.re, and paste here the generated link.

Best regards,

Yes, but your computer doesn't seem to have some remainings, so we need to spot what is re-creating this folder at each reboot.

Since I didn't see it with ZHPDiag, we'll try with FRST :

1. Download FRST
2. Right-click on the file -> "Execute as Administrator"
3. Click on the "Scan" button
4. The logfile is saved as FRST.txt , and additional informations are in Addition.txt.
5. Please host them on Up2Sha...

Apparently I am not the only one to have this problem of Acestream reappearance :

https://www.google.fr/search?q=acestream+disinfection&ie=utf-8&oe=utf-8&gws_rd=cr&ei=uwUWV8LoLImwatLzhogB

OK Here it is:

# AdwCleaner v5.112 - Logfile created 19/04/2016 at 05:34:03
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Steve - STEVESPC
# Running from : C:\Users\Steve\Downloads\adwcleaner_5.112.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : swdumon

***** [ Fo...

Hello,

No, I had just opened Firefox and Thunderbird. This acestream malware really seems difficult to get rid of. Have you already had problems after installing this software?