Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Newbie is infected with a browser hijjacker - Hot deals/ Hypenet


  • Please log in to reply
8 replies to this topic

#1 anke71

anke71

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 26 June 2014 - 03:57 PM

Hi ,

 

in my browserpages I get continuous pop-ups from Hypenet & HotDeals .

I already run Norton, but found out that this doen'st work on PUP. Well for me it's not a PUP but a DUP. Definitely Unwanted Program.

Also when starting up I need to press F11 in order to get the thing goibg otherwise it just hangs. So there might be something in the boot.

I am not familiar with all this things, but I would like to receive help/advice to remove.

 

I think I have Windows Vista and my browser is Google Chrome. Already installed adblock, but it only helps if I per page block the adverts. And that's not do-able of course .

I don't know what else you need to know.

 

Anke



BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:29 PM

Posted 26 June 2014 - 10:52 PM

Hi anke71 and welcome to BleepingComputer! :)

 

:step1: Please download AdwCleaner by Xplode and save to your Desktop.
NOTE : Please close or save all work, as the computer will be Rebooted
Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button. (only once)
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
If you see any which you do not want removed, remove the check mark next to it.
Next: Click on the Clean button (only once) to remove the selected items.
You will receive a message telling you that all programs will be close so that the infections can be removed.
Click on OK, and then OK again to confirm the reboot.
When cleaning process is complete a log (AdwCleaner[S0].txt ) of what was removed will be on your desktop.
Please copy and the paste this log in your next post.

 

 

 

:step2: 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
     

What we need in your next reply:

  • Adwcleaner log
  • JRT log

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 anke71

anke71
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 28 June 2014 - 02:05 AM

Hi, this is step 1. Now step 2 still to do
 
 
 
# AdwCleaner v3.213 - Rapport aangemaakt 27/06/2014 op 07:38:20
# Laatste Update 23/06/2014 door Xplode
# Besturingssysteem : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Gebruikersnaam : Anke - PC_VAN_ANKE
# Gestart vanuit : C:\Users\Anke\Downloads\AdwCleaner.exe
# Optie : Verwijderen
 
***** [ Services ] *****
 
 
***** [ Bestanden / Mappen ] *****
 
Map Verwijderd : C:\ProgramData\Ask
Map Verwijderd : C:\ProgramData\Babylon
Map Verwijderd : C:\Program Files\Ask.com
Map Verwijderd : C:\Program Files\myBabylon_English
Map Verwijderd : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Bestand Verwijderd : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
 
***** [ Snelkoppelingen ] *****
 
 
***** [ Register ] *****
 
Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
[#] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75B9007E-A4F5-400D-BE87-EEB4B1881DF8}
[#] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75B9007E-A4F5-400D-BE87-EEB4B1881DF8}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\and
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Conduit.Engine
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\driverscanner
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT1460988
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT2856415
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{22E03916-85C5-44B0-8DC9-1830C11238D9}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{31EFA33E-9D5A-443B-8F10-7DEBA9677E34}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{89E5A2EE-498E-4170-A0EE-E98DF8B326DB}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{DB2751C2-FF58-46A8-9CB1-790BAE144B52}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{7C8643E8-857D-49C5-84B7-779EC0B2A50C}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22E03916-85C5-44B0-8DC9-1830C11238D9}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22E03916-85C5-44B0-8DC9-1830C11238D9}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{89E5A2EE-498E-4170-A0EE-E98DF8B326DB}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C8643E8-857D-49C5-84B7-779EC0B2A50C}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{22E03916-85C5-44B0-8DC9-1830C11238D9}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{89E5A2EE-498E-4170-A0EE-E98DF8B326DB}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7C8643E8-857D-49C5-84B7-779EC0B2A50C}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89E5A2EE-498E-4170-A0EE-E98DF8B326DB}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C8643E8-857D-49C5-84B7-779EC0B2A50C}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D4B1314-9578-4E16-AA5C-8293693E670E}
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DCDBBF03-BC10-457D-911F-EFB0321D22BE}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{22E03916-85C5-44B0-8DC9-1830C11238D9}]
Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}]
Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{22E03916-85C5-44B0-8DC9-1830C11238D9}]
Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}]
Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{22E03916-85C5-44B0-8DC9-1830C11238D9}]
Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}]
Sleutel Verwijderd : HKCU\Software\Alexa Internet
Sleutel Verwijderd : HKCU\Software\APN
Sleutel Verwijderd : HKCU\Software\Ask.com
Sleutel Verwijderd : HKCU\Software\distromatic
Sleutel Verwijderd : HKCU\Software\YahooPartnerToolbar
Sleutel Verwijderd : HKCU\Software\AppDataLow\Toolbar
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\AskToolbar
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Conduit
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Elf_1
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\PriceGong
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\myBabylon_English
Sleutel Verwijderd : HKLM\Software\APN
Sleutel Verwijderd : HKLM\Software\AskToolbar
Sleutel Verwijderd : HKLM\Software\Conduit
Sleutel Verwijderd : HKLM\Software\Elf_1
Sleutel Verwijderd : HKLM\Software\Uniblue
Sleutel Verwijderd : HKLM\Software\myBabylon_English
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Sleutel Verwijderd : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Sleutel Verwijderd : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16555
 
 
-\\ Google Chrome v35.0.1916.153
 
*************************
 
AdwCleaner[R0].txt - [12825 octets] - [27/06/2014 07:13:31]
AdwCleaner[S0].txt - [12844 octets] - [27/06/2014 07:38:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12905 octets] ##########

Edited by anke71, 28 June 2014 - 02:07 AM.


#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:29 PM

Posted 28 June 2014 - 02:20 AM

Please post your JRT log. :)

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 anke71

anke71
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 28 June 2014 - 02:37 AM

and here the jrt. 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Anke on za 28-06-2014 at  9:17:22,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Anke\appdata\locallow\asktoolbar"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on za 28-06-2014 at  9:28:36,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 anke71

anke71
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 28 June 2014 - 02:39 AM

looks now good! rhanks



#7 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:29 PM

Posted 28 June 2014 - 03:31 AM

Please open adwcleaner again, this time click on "Uninstall" button.

 

Let's perform some checks.

 

:step1: Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"

    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.

    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.

    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on YesFailure to reboot normally will prevent Malwarebytes from removing all the malware.

    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

 

:step2: Download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points

Click Go and copy / paste the result (Result.txt).

 

What we need in your next reply:

  • MBAM log
  • Minitoolbox log
  • How's your computer running?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#8 anke71

anke71
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 29 June 2014 - 05:52 AM

The boot still needs F11 to start up

And my banking site didn't work ...doesn't load. --> https

I didn't try that many but normal ones do load.

 

hereby the logs

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Anke on za 28-06-2014 at  9:17:22,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Anke\appdata\locallow\asktoolbar"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on za 28-06-2014 at  9:28:36,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
MiniToolBox by Farbar  Version: 25-06-2014
Ran by Anke (administrator) on 28-06-2014 at 22:55:35
Running from "C:\Users\Anke\Downloads"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP-configuratie
 
De DNS-omzettingscache is leeggemaakt.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
::1             localhost
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
802.11bgn 1T2R Mini Card Wireless Adapter = Draadloze netwerkverbinding (Connected)
Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = LAN-verbinding (Media disconnected)
 
 
# ----------------------------------
# IPv4-configuratie
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# Einde van IPv4-configuratie
 
 
 
Windows IP-configuratie
 
   Hostnaam  . . . . . . . . . . . . : PC_van_Anke
   Primair DNS-achtervoegsel . . . . : 
   Knooppunttype . . . . . . . . . . : gemengd
   IP-routering ingeschakeld . . . . : nee
   WINS-proxy ingeschakeld . . . . . : nee
 
Adapter voor draadloos LAN Draadloze netwerkverbinding:
 
   Verbindingsspec. DNS-achtervoegsel: 
   Beschrijving. . . . . . . . . . . : 802.11bgn 1T2R Mini Card Wireless Adapter
   Fysiek adres. . . . . . . . . . . : 00-1D-92-C1-19-79
   DHCP ingeschakeld . . . . . . . . : ja
   Autom. configuratie ingeschakeld  : ja
   Link-local IPv6-adres . . . . . . : fe80::5a6:cc84:de8a:b1eb%11(voorkeur) 
   IPv4-adres. . . . . . . . . . . . : 192.168.1.6(voorkeur) 
   Subnetmasker. . . . . . . . . . . : 255.255.255.0
   Lease verkregen . . . . . . . . . : zaterdag 28 juni 2014 22:49:29
   Lease verlopen. . . . . . . . . . : zondag 29 juni 2014 22:49:28
   Standaardgateway. . . . . . . . . : 192.168.1.1
   DHCP-server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 268443026
   DHCPv6-client DUID. . . . . . . . : 00-01-00-01-10-33-44-3B-00-1D-92-5A-64-7E
   DNS-servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS via TCPIP . . . . . . . . : ingeschakeld
 
Ethernet-adapter LAN-verbinding:
 
   Mediumstatus. . . . . . . . . . . : medium ontkoppeld
   Verbindingsspec. DNS-achtervoegsel: 
   Beschrijving. . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
   Fysiek adres. . . . . . . . . . . : 00-21-85-4E-8A-0D
   DHCP ingeschakeld . . . . . . . . : ja
   Autom. configuratie ingeschakeld  : ja
 
Tunnel-adapter LAN-verbinding* 6:
 
   Mediumstatus. . . . . . . . . . . : medium ontkoppeld
   Verbindingsspec. DNS-achtervoegsel: 
   Beschrijving. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Fysiek adres. . . . . . . . . . . : 02-00-54-55-4E-01
   DHCP ingeschakeld . . . . . . . . : nee
   Autom. configuratie ingeschakeld  : ja
Server:  UnKnown
Address:  192.168.1.1
 
Naam:    google.com
Addresses:  2a00:1450:4013:c01::8b
 173.194.65.113
 173.194.65.100
 173.194.65.139
 173.194.65.138
 173.194.65.101
 173.194.65.102
 
 
 
Pingen naar google.com [173.194.65.101] met 32 bytes aan gegevens:
 
Algemene fout.
 
Antwoord van 173.194.65.101: bytes=32 tijd=26 ms TTL=49
 
 
 
Ping-statistieken voor 173.194.65.101:
 
    Pakketten: verzonden = 2, ontvangen = 1, verloren = 1
 
    (50% verlies).
 
 
 
De gemiddelde tijd voor het uitvoeren van ��n bewerking in milliseconden:
 
    Minimum = 26ms, Maximum = 26ms, Gemiddelde = 26ms
 
Server:  UnKnown
Address:  192.168.1.1
 
Naam:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
 
Pingen naar yahoo.com [206.190.36.45] met 32 bytes aan gegevens:
 
Algemene fout.
 
Antwoord van 206.190.36.45: bytes=32 tijd=182 ms TTL=49
 
 
 
Ping-statistieken voor 206.190.36.45:
 
    Pakketten: verzonden = 2, ontvangen = 1, verloren = 1
 
    (50% verlies).
 
 
 
De gemiddelde tijd voor het uitvoeren van ��n bewerking in milliseconden:
 
    Minimum = 182ms, Maximum = 182ms, Gemiddelde = 182ms
 
 
 
Pingen naar 127.0.0.1 met 32 bytes aan gegevens:
 
Antwoord van 127.0.0.1: bytes=32 tijd<1 ms TTL=128
 
Antwoord van 127.0.0.1: bytes=32 tijd<1 ms TTL=128
 
 
 
Ping-statistieken voor 127.0.0.1:
 
    Pakketten: verzonden = 2, ontvangen = 2, verloren = 0
 
    (0% verlies).
 
 
 
De gemiddelde tijd voor het uitvoeren van ��n bewerking in milliseconden:
 
    Minimum = 0ms, Maximum = 0ms, Gemiddelde = 0ms
 
===========================================================================
Interfacelijst
 11 ...00 1d 92 c1 19 79 ...... 802.11bgn 1T2R Mini Card Wireless Adapter
 10 ...00 21 85 4e 8a 0d ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  1 ........................... Software Loopback Interface 1
 14 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 routetabel
===========================================================================
Actieve routes:
Netwerkadres             Netmasker          Gateway        Interface Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.6     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.6    281
      192.168.1.6  255.255.255.255         On-link       192.168.1.6    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.6    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.6    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.6    281
===========================================================================
Permanente routes:
  Geen
 
IPv6 routetabel
===========================================================================
Actieve routes:
 Indien metrische netwerkbestemming      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 11    281 fe80::5a6:cc84:de8a:b1eb/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Permanente routes:
  Geen
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/28/2014 10:50:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/28/2014 06:53:32 PM) (Source: Application Error) (User: )
Description: Toepassing met fout mbam.exe, versie 1.0.0.532, tijdstempel 0x53518532, module met fout QtCore4.dll, versie 4.8.4.0, tijdstempel 0x51352df8, uitzonderingscode 0xc0000005, foutmarge 0x0010ebb3,
proces-id 0x13ac, starttijd van toepassing 0xmbam.exe0.
 
Error: (06/28/2014 09:33:46 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/28/2014 09:29:06 AM) (Source: Perflib) (User: )
Description: SYSTEEMC:\Program Files\Norton 360\Engine\21.3.0.12\N360.exe
 
 
System errors:
=============
Error: (06/28/2014 10:51:28 PM) (Source: Service Control Manager) (User: )
Description: Tosrfcom
 
Error: (06/28/2014 10:51:01 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery-service
 
Error: (06/28/2014 10:38:45 PM) (Source: Service Control Manager) (User: )
Description: Util HypeNet%%3
 
Error: (06/28/2014 08:14:00 PM) (Source: Dhcp) (User: )
Description: De IP-adreslease 192.168.1.8 voor de netwerkkaart met netwerkadres 001D92C11979 is geweigerd door de DHCP-server 192.168.1.1. De DHCP-server heeft een DHCPNACK-bericht verzonden.
 
Error: (06/28/2014 02:28:57 PM) (Source: Tcpip) (User: )
Description: Het systeem heeft een adresconflict gevonden voor het IP-adres 192.168.1.7, waarbij het systeem
het netwerkhardwareadres 10-0D-7F-78-C6-68 heeft. Hierdoor kan
de werking van het netwerk op dit systeem verstoord zijn.
 
Error: (06/28/2014 09:34:50 AM) (Source: Service Control Manager) (User: )
Description: Tosrfcom
 
Error: (06/28/2014 09:34:50 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery-service
 
Error: (06/28/2014 09:33:12 AM) (Source: EventLog) (User: )
Description: De vorige afsluiting van het systeem om 9:25:36 op 28-6-2014 is onverwacht gebeurd.
 
Error: (06/28/2014 09:28:21 AM) (Source: nvstor32) (User: )
Description: Pariteitsfout op \Device\RaidPort0.
 
 
Microsoft Office Sessions:
=========================
Error: (06/28/2014 10:50:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/28/2014 06:53:32 PM) (Source: Application Error)(User: )
Description: mbam.exe1.0.0.53253518532QtCore4.dll4.8.4.051352df8c00000050010ebb313ac01cf92edd5773ea0
 
Error: (06/28/2014 09:33:46 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/28/2014 09:29:06 AM) (Source: Perflib)(User: )
Description: SYSTEEMC:\Program Files\Norton 360\Engine\21.3.0.12\N360.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-06-28 22:51:27.722
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2014-06-28 22:40:10.999
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2014-06-28 18:38:56.645
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2014-06-28 18:38:55.951
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2014-06-28 18:38:55.259
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2014-06-28 18:38:54.514
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2014-06-28 18:32:17.062
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume1\ProgramData\SMR410\Archive\SYMEVENT.SYS kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2014-06-28 18:32:16.328
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume1\ProgramData\SMR410\Archive\SYMEVENT.SYS kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2014-06-28 18:32:15.686
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume1\ProgramData\SMR410\Archive\SYMEVENT.SYS kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
  Date: 2014-06-28 18:32:14.996
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume1\ProgramData\SMR410\Archive\SYMEVENT.SYS kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.
 
 
 
=========================== Installed Programs ============================
32 Bit HP CIO Components Installer (Version: 2.1.4 - Hewlett-Packard) Hidden
Aangifte inkomstenbelasting 2009 (HKLM\...\Aangifte inkomstenbelasting 2009) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting 2010 (HKLM\...\Aangifte inkomstenbelasting 2010) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting 2011 (HKLM\...\Aangifte inkomstenbelasting 2011) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting 2012 (HKLM\...\Aangifte inkomstenbelasting 2012) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting 2013 (HKLM\...\Aangifte inkomstenbelasting 2013) (Version:  - Belastingdienst)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 8.1.3 - Nederlands (HKLM\...\{AC76BA86-7AD7-1043-7B44-A81300000003}) (Version: 8.1.3 - Adobe Systems Incorporated)
AJCompressCopy (HKLM\...\AJCompressCopy) (Version:  - )
Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 6 (HKLM\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.00.11 - TOSHIBA CORPORATION)
BufferChm (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.3 - DivX, Inc.)
DJ_AIO_03_F4200_Software (Version: 110.0.238.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (Version: 110.0.238.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4220_ProductContext (Version: 110.0.238.000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Ezisno Chinese Study Environment (HKLM\...\{0B1AB88D-B351-4AAC-A95A-831C862B1BFD}) (Version:  - )
EZSINODict (HKLM\...\{5CB3ABFC-2732-420C-B12D-9FD641CE5D94}) (Version:  - )
F4200 (Version: 110.0.238.000 - Uw bedrijfsnaam) Hidden
F4210_Help (Version: 110.0.238.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Chrome Frame (HKLM\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
Google SketchUp 6 (HKLM\...\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}) (Version: 6.0.01615 - Google)
Google SketchUp 6 (Version: 6.4.247 - Google) Hidden
Google SketchUp Pro 8 (HKLM\...\{964D07BE-460C-4862-B59C-49575B8F46DC}) (Version: 3.0.11752 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Hema Fotoalbum (HKCU\...\{83EF9202-135C-4AFC-A083-DE9D09C6BC46}_is1) (Version:  - Hema)
HP Customer Participation Program 11.0 (HKLM\...\HPExtendedCapabilities) (Version: 11.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 (HKLM\...\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}) (Version: 11.0 - HP)
HP Imaging Device Functions 11.0 (HKLM\...\HP Imaging Device Functions) (Version: 11.0 - HP)
HP Photosmart Essential 2.5 (Version: 1.03.0000 - Hewlett-Packard) Hidden
HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.0 - HP)
HP Solution Center 11.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 11.0 - HP)
HP Update (HKLM\...\{D063F201-FAC4-4D5C-B10B-615058ADE5A7}) (Version: 4.000.009.002 - Hewlett-Packard)
HPProductAssistant (Version: 110.0.180.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 110.0.180.000 - Hewlett-Packard) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
JMicron JMB38X Flash Media Controller (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.14.03 - JMicron Technology Corp.)
Lager (Version: 1.0.0.0 - Hewlett-Packard) Hidden
Malwarebytes Anti-Malware versie 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - nld (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (NLD) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Money Plus (HKLM\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Money Shared Libraries (Version: 17.0.0.3817 - Microsoft Corporation) Hidden
Microsoft Office 2000 Professional (HKLM\...\{00010413-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM\...\{29774876-118B-42F4-821D-8247B5231043}) (Version: 8.3.205 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Norton 360 (HKLM\...\N360) (Version: 21.3.0.12 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Pixia (HKLM\...\{A0BCF90F-B4E4-435C-A48D-8FAAE10554F9}) (Version: 3.1d - )
PSSWCORE (Version: 2.03.0000 - Hewlett-Packard) Hidden
RAR File Open Knife - Free Opener (HKLM\...\RAR File Open Knife - Free Opener) (Version: 1.00 - Philipp Winterberg)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5653 - Realtek Semiconductor Corp.)
Scan (Version: 11.0.0.0 - Hewlett-Packard) Hidden
SDFormatter (HKLM\...\{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}) (Version: 3.0.0 - SD Association)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 11.0 - HP)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartView 2.1 (HKLM\...\{4109EEA6-0868-41B8-B79A-07DCFB2B1C93}) (Version: 2.1 - Fluke)
SmartWebPrinting (Version: 110.0.182.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Speedbalance 6.0 (HKLM\...\Speedbalance60_is1) (Version: 6.0.9.0 - Banana.ch SA - Lugano (Switzerland))
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
System Control Manager (HKLM\...\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}) (Version: 2.0108.0625.OE003.09 - )
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - nld) (Version:  - Microsoft Corporation)
Toolbox (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TTS (HKLM\...\TTS) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Verzoek of wijziging voorlopige aanslag 2013 (HKLM\...\Verzoek of wijziging voorlopige aanslag 2013) (Version:  - Belastingdienst)
VideoToolkit01 (Version: 110.0.171.000 - Hewlett-Packard) Hidden
VLC media player 1.1.0 (HKLM\...\VLC media player) (Version: 1.1.0 - VideoLAN)
WebReg (Version: 110.0.180.000 - Hewlett-Packard) Hidden
 
========================= Devices: ================================
 
Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #5
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Bluetooth RFCOMM
Description: Bluetooth RFCOMM
Class Guid: {7240100f-6512-4548-8418-9ebb5c6a1a94}
Manufacturer: TOSHIBA
Service: tosrfcom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 68%
Total physical RAM: 1790.37 MB
Available physical RAM: 560.42 MB
Total Pagefile: 3829.21 MB
Available Pagefile: 2416.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.46 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:288.09 GB) (Free:126.59 GB) NTFS
 
========================= Users: ========================================
 
Gebruikersaccounts voor \\PC_VAN_ANKE
 
Administrator            Anke                     Gast                     
De opdracht is voltooid.
 
========================= Minidump Files ==================================
 
C:\Windows\Minidump\Mini070112-01.dmp
========================= Restore Points ==================================
 
29-03-2014 19:38:30 Gepland herstelpunt
10-04-2014 01:00:21 Windows Update
24-04-2014 16:33:30 Gepland herstelpunt
26-04-2014 17:13:56 Gepland herstelpunt
05-05-2014 01:00:24 Windows Update
15-05-2014 01:00:38 Windows Update
01-06-2014 01:00:18 Windows Update
05-06-2014 02:12:42 Gepland herstelpunt
13-06-2014 01:00:21 Windows Update
26-06-2014 06:13:21 Norton_Power_Eraser_20140626081320964
26-06-2014 16:39:38 Removed Java 7 Update 15
28-06-2014 08:41:46 Gepland herstelpunt
 
**** End of log ****
 


#9 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:29 PM

Posted 29 June 2014 - 09:35 AM

Is your computer HP?

 

Is your computer time correct? If not, that's the reason you cannot access https websites. Change the time to present will corrected it.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users