Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected, possibly LuminosityLink RAT


  • Please log in to reply
25 replies to this topic

#1 help_meh

help_meh

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 14 November 2015 - 05:23 AM

So i recently saw few programs showing me false errors, overwritten etc.
What made me worry was my MultiBit BTC wallet which i got over 700$ in but it
gives me fake Java update error(which i didin't download) also there are much
users created(fbuser) on my computer which i didin't registered.
 
I scanned my PC with FRST64 and these are the results
FRTS.txt
http://pastebin.com/iRY4JqLZ
 
Addition.txt
http://pastebin.com/CFLvgDcJ
 
I know my OS is probbably other launguage but idk how to change the
launguage the results are given in.
 
I hope i can get sum help. Thanks!

Edited by Queen-Evie, 14 November 2015 - 07:53 AM.
moved from Am I Infected to Malware Removal Logs. FRST logs are allowed only in MRL forum, as stated in red on the main forum index page under Am I Infected "No DDS, FRST, HijackThis, or ComboFix logs should be posted in this forum".


BC AdBot (Login to Remove)

 


#2 help_meh

help_meh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 15 November 2015 - 05:16 AM

Anyone has any idea on how to remove this malware from my machine?



#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 PM

Posted 15 November 2015 - 02:42 PM

Hi help_meh,

I do not have access to the report. Please copy-paste in the page.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 help_meh

help_meh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 16 November 2015 - 07:00 AM

Hi help_meh,

I do not have access to the report. Please copy-paste in the page.

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie:07-11-2015
Gestart door mPnR_ (Beheerder) op DELL-PC (11-11-2015 08:54:56)
Gestart vanaf C:\Users\mPnR_\Desktop
Geladen Profielen: mPnR_ (Beschikbare Profielen: dell & mPnR_)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Taal: Holenderski (Holandia)
Internet Explorer Versie 9 (Standaardbrowser: Chrome)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processen (gefilterd) =================

(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Tablet Driver) C:\Windows\SysWOW64\WTClient.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Register (gefilterd) ===========================

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)

HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-02-16] (QFX Software Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-10-26] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\Run: [SetMyHomePage] => C:\Users\mPnR_\AppData\Roaming\SetMyHomePage\setmyhomepage.exe
HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\Run: [icq] => C:\Users\mPnR_\AppData\Roaming\ICQM\icq.exe [36705800 2015-04-20] (ICQ)
HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [6611464 2015-10-27] (Steganos Software GmbH)
HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\MountPoints2: {899be3ee-b7f5-11e3-bec4-e1c3d053300c} - G:\LGAutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Geen bestand
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  Geen bestand
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
Startup: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-01-06]
ShortcutTarget: Dropbox.lnk -> C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete
GroupPolicyUsers\S-1-5-21-799834153-1171727689-305855866-1175\User: Restrictie <======= AANDACHT
GroupPolicyScripts\User: Restrictie <======= AANDACHT
CHR HKLM\SOFTWARE\Policies\Google: Restrictie <======= AANDACHT

==================== Internet (gefilterd) ====================

(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)

AutoConfigURL: [S-1-5-21-799834153-1171727689-305855866-1173] => hxxp://127.0.0.1:8445/okayfreedom.pac
Hosts: 127.0.0.1 blackshades.ru
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{C5E2AF81-5767-4968-A261-CF4DB35D9C3D}: [DhcpNameServer] 192.168.2.254

Internet Explorer:
==================
HKU\S-1-5-21-799834153-1171727689-305855866-1173\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://nl.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-799834153-1171727689-305855866-1173 -> DefaultScope {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?sid=101&q={searchTerms}
SearchScopes: HKU\S-1-5-21-799834153-1171727689-305855866-1173 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?sid=101&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489
FF NetworkProxy: "socks", "194.50.177.187"
FF NetworkProxy: "socks_port", 37847
FF DefaultSearchEngine: terra.im
FF SelectedSearchEngine: terra.im
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-29] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-02-18] (Unity Technologies ApS)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-29] ()
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [Geen bestand]
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [Geen bestand]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Geen bestand]
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [Geen bestand]
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [Geen bestand]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-799834153-1171727689-305855866-1173: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\mPnR_\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\mPnR_\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
FF Extension: iMacros for Firefox - C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-10-03]
FF Extension: Live HTTP headers - C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2015-08-09]
FF Extension: Browser A.I - C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\browserai@jetpack.xpi [2015-07-01] [ niet getekend]
FF Extension: anonymoX - C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\client@anonymox.net.xpi [2015-10-02]
FF Extension: sozi - C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\sozi@jetpack.xpi [2015-02-19] [ niet getekend]
FF Extension: TrackMeNot - C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\trackmenot@mrl.nyu.edu.xpi [2015-06-10]
FF Extension: Vlc context menu - C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\vlcplaylist@helgatauscher.de.xpi [2015-08-30]
FF Extension: Adblock Plus - C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-02]
FF Extension: OkayFreedom - C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2015-09-08]
FF Extension: HackBar - C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi [2015-08-22]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-08-30] [ niet getekend]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => niet gevonden

Chrome: 
=======
CHR HomePage: Default -> hxxp://public-box.ru/start
CHR StartupUrls: Default -> "hxxp://public-box.ru/start"
CHR Profile: C:\Users\mPnR_\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (uBlock Origin) - C:\Users\mPnR_\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-11-10]
CHR Extension: (Tampermonkey) - C:\Users\mPnR_\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-10-04]
CHR Extension: (anonymoX) - C:\Users\mPnR_\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpklikeghomkemdellmmkoifgfbakio [2015-10-02]
CHR Extension: (LiveReload) - C:\Users\mPnR_\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnihajbhpnppcggbcgedagnkighmdlei [2015-09-21]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\mPnR_\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-01]

==================== Services (gefilterd) ========================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Bestand niet getekend]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-10-26] (LogMeIn, Inc.)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-15] (Nero AG) [Bestand niet getekend]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [266240 2007-01-15] (Nero AG) [Bestand niet getekend]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5132656 2013-11-25] (INCA Internet Co., Ltd.)
S2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [347680 2015-10-27] (Steganos Software GmbH)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12732608 2015-05-31] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [73728 2009-09-23] (Tablet Driver) [Bestand niet getekend]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]

===================== Drivers (gefilterd) ==========================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-30] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-07-17] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-01-03] (AnchorFree Inc.)
S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2015-03-23] ()
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [223696 2015-02-07] (QFX Software Corporation)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49264 2014-07-28] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2013-12-11] (Razer, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [30720 2005-04-13] (The OpenVPN Project) [Bestand niet getekend]
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-01-03] (Anchorfree Inc.)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-07-11] (Spotflux, Inc.)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-08-01] ()
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [192344 2015-03-14] (IDRIX)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-05-21] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


==================== Een Maand Aangemaakt bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2015-11-11 08:54 - 2015-11-11 08:55 - 00022097 _____ C:\Users\mPnR_\Desktop\FRST.txt
2015-11-11 08:54 - 2015-11-11 08:54 - 02198528 _____ (Farbar) C:\Users\mPnR_\Desktop\FRST64.exe
2015-11-11 08:53 - 2015-11-11 08:54 - 02198528 _____ (Farbar) C:\Users\mPnR_\Downloads\FRST64.exe
2015-11-10 23:04 - 2015-11-10 23:10 - 34121245 _____ (COMODO) C:\Users\mPnR_\Downloads\cav_installer.exe
2015-11-10 21:58 - 2015-11-10 21:58 - 00073228 _____ C:\Users\mPnR_\Downloads\Satoshi_GUI.zip
2015-11-10 21:54 - 2015-11-10 22:02 - 00000000 ____D C:\Users\mPnR_\Desktop\SatoBot
2015-11-10 21:54 - 2015-11-10 21:54 - 00113870 _____ C:\Users\mPnR_\Downloads\Satobot-Cracked-By-TheBlackCrack.zip
2015-11-10 21:40 - 2015-11-10 21:40 - 00000000 ____D C:\Users\mPnR_\AppData\Local\ninjapinner.com
2015-11-10 21:37 - 2015-11-10 21:37 - 26115010 _____ C:\Users\mPnR_\Downloads\ninjagram_exclusive_v2.zip
2015-11-10 21:35 - 2015-11-10 21:39 - 00000000 ____D C:\Users\mPnR_\Desktop\NinjaGram
2015-11-09 12:11 - 2015-11-09 12:11 - 00339849 _____ C:\Users\mPnR_\Downloads\WiFiKill-1.7.apk
2015-11-09 12:06 - 2015-11-09 12:06 - 00001129 _____ C:\Users\Public\Desktop\OkayFreedom.lnk
2015-11-09 12:06 - 2015-11-09 12:06 - 00000000 __SHD C:\Nsi.pending
2015-11-09 12:01 - 2015-11-09 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-11-08 22:40 - 2015-11-08 22:41 - 48789392 _____ C:\Users\mPnR_\Desktop\InstaKnight.rar
2015-11-07 20:16 - 2015-11-07 20:28 - 38403754 _____ C:\Users\mPnR_\Downloads\3.000.000 Mail Pass.rar
2015-11-07 19:39 - 2015-11-07 19:39 - 02676182 _____ C:\Users\mPnR_\Downloads\porn2.txt
2015-11-04 19:05 - 2015-11-04 19:04 - 07370682 _____ C:\Users\mPnR_\Desktop\zbigni3w_720p.mp4
2015-11-04 19:02 - 2015-11-04 19:04 - 07370682 _____ C:\Users\mPnR_\Downloads\zbigni3w_720p.mp4
2015-11-02 23:39 - 2015-11-02 23:39 - 00033234 _____ C:\Users\mPnR_\Downloads\raw.php
2015-11-01 12:55 - 2015-11-01 12:55 - 00000000 ____D C:\Users\mPnR_\AppData\Roaming\Python
2015-11-01 06:07 - 2015-11-01 06:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-11-01 06:07 - 2015-11-01 06:07 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-10-31 23:57 - 2015-10-31 23:57 - 00000000 ____D C:\Program Files\TAP-Windows
2015-10-31 23:56 - 2015-11-01 00:09 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-10-31 23:56 - 2015-10-31 23:56 - 09744656 _____ (CyberGhost S.R.L. ) C:\Users\mPnR_\Downloads\CG_5.0.15.14_72.exe
2015-10-31 20:06 - 2015-10-31 20:06 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-31 19:35 - 2015-10-31 19:35 - 06774262 _____ C:\Users\mPnR_\Downloads\Ermelo Snelkraak PhoneHouse aan De Enk.mp4
2015-10-31 18:39 - 2015-10-31 18:39 - 04492587 _____ C:\Users\mPnR_\Downloads\iTurbo - Cracked by Meth.zip
2015-10-31 16:45 - 2015-10-31 16:45 - 02111750 _____ C:\Users\mPnR_\Downloads\zkbcty.csv
2015-10-31 15:21 - 2015-10-31 15:21 - 06901675 _____ C:\Users\mPnR_\Downloads\Whatsapp Bulk Sender Cracked by TheProxy.rar
2015-10-31 11:03 - 2015-10-31 11:04 - 10912349 _____ C:\Users\mPnR_\Downloads\mpv-x86_64-20151029 (2).7z
2015-10-31 11:00 - 2015-10-31 11:00 - 07972434 _____ C:\Users\mPnR_\Downloads\win-builds-1.5.0.exe
2015-10-31 10:57 - 2015-10-31 10:57 - 00042926 _____ C:\Users\mPnR_\Downloads\mpv-install-master.zip
2015-10-31 10:56 - 2015-10-31 10:56 - 10912349 _____ C:\Users\mPnR_\Downloads\mpv-x86_64-20151029 (1).7z
2015-10-31 10:50 - 2015-10-31 10:50 - 00000000 ____D C:\Users\mPnR_\AppData\Roaming\mpv
2015-10-31 10:49 - 2015-10-31 10:50 - 10912349 _____ C:\Users\mPnR_\Downloads\mpv-x86_64-20151029.7z
2015-10-31 01:00 - 2015-10-31 01:00 - 00005697 _____ C:\Users\mPnR_\Downloads\androidpatternlock-master.zip
2015-10-29 17:05 - 2015-10-29 17:05 - 01618296 _____ C:\Users\mPnR_\Downloads\arcade-basic.1.0.6.zip
2015-10-28 23:32 - 2015-10-29 00:08 - 00000547 _____ C:\Users\mPnR_\Desktop\fire.txt
2015-10-24 20:11 - 2015-07-16 17:35 - 00014336 _____ C:\Users\mPnR_\Desktop\osu! console v1.1.exe
2015-10-24 20:10 - 2015-10-24 20:10 - 00006677 _____ C:\Users\mPnR_\Downloads\osu! console v1.1.rar
2015-10-23 18:33 - 2015-11-09 12:01 - 00000000 ____D C:\Program Files\Java
2015-10-23 18:33 - 2015-10-23 18:41 - 00000000 ____D C:\ProgramData\Oracle
2015-10-18 14:23 - 2015-10-18 14:23 - 13280448 _____ C:\Users\mPnR_\Downloads\Lange Ritchie - El Fdiha Videoclip -Gruwlijke Overval-.mp4
2015-10-18 14:19 - 2015-10-18 14:20 - 23525602 _____ C:\Users\mPnR_\Downloads\Ghaza ft Lange Ritch ft Pietju-Bell  Sergio - Free Ghaza Stroke.mp4
2015-10-15 11:00 - 2015-10-15 11:00 - 00000940 _____ C:\Users\mPnR_\Downloads\-usersecure.php
2015-10-14 17:22 - 2015-10-31 20:05 - 00001114 _____ C:\Users\mPnR_\Desktop\CABAL Online (NA - Global).lnk
2015-10-14 17:04 - 2015-10-23 20:23 - 00000000 ____D C:\Program Files (x86)\CABAL Online (NA - Global)
2015-10-14 13:12 - 2015-10-14 16:23 - 2001415088 _____ C:\Users\mPnR_\Downloads\11132014_US_Setup.exe
2015-10-14 10:24 - 2015-10-14 10:26 - 00000000 ____D C:\Users\mPnR_\AppData\Roaming\PixelChampions
2015-10-14 10:23 - 2015-10-14 10:23 - 00101888 _____ C:\Users\mPnR_\Downloads\PixelChampions.exe
2015-10-13 14:02 - 2015-10-13 14:03 - 01911555 _____ C:\Users\mPnR_\Downloads\gophish-master.zip

==================== Een Maand Gewijzigd bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2015-11-11 08:55 - 2015-04-05 17:26 - 00000000 ____D C:\FRST
2015-11-11 08:22 - 2014-07-21 22:35 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-11 07:56 - 2013-06-09 17:22 - 01128903 _____ C:\Windows\WindowsUpdate.log
2015-11-10 23:30 - 2014-09-25 18:16 - 00000000 ____D C:\Users\mPnR_\AppData\Roaming\.purple
2015-11-10 22:56 - 2015-07-19 17:40 - 00000000 ____D C:\ProgramData\NinjaGram
2015-11-10 21:39 - 2015-07-19 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NinjaGram
2015-11-10 21:28 - 2015-09-23 19:47 - 00000000 ____D C:\Users\mPnR_\Desktop\InstaKnight
2015-11-10 21:22 - 2014-07-21 22:35 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-09 17:04 - 2015-02-19 15:26 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-09 17:04 - 2014-05-09 20:29 - 00000000 ____D C:\Users\mPnR_\AppData\Local\LogMeIn Hamachi
2015-11-09 17:04 - 2014-02-17 01:16 - 00000000 ____D C:\Users\mPnR_\AppData\Roaming\TeamViewer
2015-11-09 17:04 - 2014-01-14 07:29 - 00000000 ____D C:\Users\mPnR_\AppData\Local\CrashDumps
2015-11-09 17:04 - 2014-01-12 15:11 - 00000000 ____D C:\Users\mPnR_\AppData\Roaming\Notepad++
2015-11-09 12:21 - 2015-01-17 16:53 - 00000000 ___RD C:\Dropbox
2015-11-09 12:06 - 2015-09-04 19:53 - 00000000 ____D C:\Program Files (x86)\OkayFreedom
2015-11-09 12:06 - 2015-02-21 23:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom
2015-11-09 12:05 - 2015-02-21 23:59 - 00000000 ____D C:\Users\mPnR_\AppData\Roaming\Steganos VPN
2015-11-09 12:03 - 2015-04-05 18:35 - 00005984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-09 12:03 - 2015-04-05 18:35 - 00005984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-09 12:02 - 2013-09-28 19:55 - 00744182 _____ C:\Windows\system32\perfh015.dat
2015-11-09 12:02 - 2013-09-28 19:55 - 00160106 _____ C:\Windows\system32\perfc015.dat
2015-11-09 12:02 - 2009-07-14 10:16 - 00748136 _____ C:\Windows\system32\perfh013.dat
2015-11-09 12:02 - 2009-07-14 10:16 - 00156906 _____ C:\Windows\system32\perfc013.dat
2015-11-09 12:02 - 2009-07-14 06:13 - 02628426 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-09 12:01 - 2015-10-09 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-09 11:58 - 2015-07-22 14:52 - 00000000 ____D C:\ProgramData\VMware
2015-11-09 11:58 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-09 11:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Speech
2015-11-09 01:01 - 2014-01-12 19:58 - 00000000 ____D C:\Users\mPnR_\AppData\Roaming\TS3Client
2015-11-08 20:05 - 2015-07-22 15:00 - 00000000 ____D C:\Users\mPnR_\AppData\Roaming\VMware
2015-11-08 20:05 - 2015-07-22 15:00 - 00000000 ____D C:\Users\mPnR_\AppData\Local\VMware
2015-11-07 23:30 - 2015-08-11 08:22 - 00001088 _____ C:\Users\mPnR_\Desktop\Crunchyroll.txt
2015-11-04 19:05 - 2014-05-27 11:05 - 00000000 ____D C:\Users\mPnR_\Desktop\CPA
2015-11-04 17:28 - 2014-04-14 10:59 - 00002046 ____H C:\Users\mPnR_\Documents\Default.rdp
2015-11-04 17:18 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-10-31 23:02 - 2014-08-31 13:19 - 00000000 ____D C:\Users\mPnR_\PycharmProjects
2015-10-31 20:06 - 2015-10-06 10:49 - 00001433 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-31 20:06 - 2015-10-06 10:49 - 00001399 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-10-31 20:06 - 2015-05-28 19:19 - 00001001 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-10-31 20:06 - 2015-03-15 01:43 - 00001041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2015-10-31 20:06 - 2014-10-20 22:56 - 00001913 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
2015-10-31 20:06 - 2014-09-06 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-10-31 20:06 - 2014-08-26 11:55 - 00000692 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
2015-10-31 20:06 - 2014-08-13 19:15 - 00002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.5 64-bits.lnk
2015-10-31 20:06 - 2014-07-21 18:32 - 00002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-10-31 20:06 - 2014-05-31 00:56 - 00000815 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2015-10-31 20:06 - 2014-05-31 00:54 - 00000770 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2015-10-31 20:06 - 2014-05-31 00:53 - 00000789 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2015-10-31 20:06 - 2014-05-31 00:53 - 00000744 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2015-10-31 20:06 - 2014-05-31 00:49 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2015-10-31 20:06 - 2014-05-31 00:49 - 00000864 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2015-10-31 20:06 - 2014-04-04 18:43 - 00000712 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-10-31 20:06 - 2014-01-12 04:38 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-31 20:06 - 2013-08-26 01:56 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2015-10-31 20:06 - 2013-06-09 17:23 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-10-31 20:06 - 2013-06-09 17:23 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-10-31 20:06 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-31 20:06 - 2009-07-14 06:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-10-31 20:06 - 2009-07-14 05:57 - 00001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-31 20:06 - 2009-07-14 05:57 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-10-31 20:06 - 2009-07-14 05:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-10-31 20:06 - 2009-07-14 05:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-10-31 20:06 - 2009-07-14 05:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-10-31 20:05 - 2015-06-29 21:20 - 00002062 _____ C:\Users\mPnR_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape.lnk
2015-10-31 20:05 - 2015-04-20 13:57 - 00001659 _____ C:\Users\mPnR_\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2015-10-31 20:05 - 2015-03-25 18:51 - 00002136 _____ C:\Users\mPnR_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gunz UniverseGamers.lnk
2015-10-31 20:05 - 2015-01-15 21:19 - 00000901 _____ C:\Users\mPnR_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2015-10-31 20:05 - 2014-12-11 15:15 - 00000945 _____ C:\Users\mPnR_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2015-10-31 20:05 - 2014-11-17 22:04 - 00001138 _____ C:\Users\mPnR_\AppData\Roaming\Microsoft\Windows\Start Menu\CABAL Online (NA - Global).lnk
2015-10-31 20:05 - 2014-05-30 23:14 - 00000000 ___RD C:\Users\mPnR_\Desktop\b
2015-10-31 20:05 - 2014-05-27 16:31 - 00001790 _____ C:\Users\mPnR_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-10-31 20:05 - 2014-01-12 13:26 - 00000000 ____D C:\Users\mPnR_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-10-31 20:05 - 2014-01-12 04:35 - 00001451 _____ C:\Users\mPnR_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-31 20:05 - 2014-01-12 04:35 - 00001417 _____ C:\Users\mPnR_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-10-31 18:58 - 2014-04-18 16:18 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-31 15:32 - 2013-09-22 20:35 - 00006102 _____ C:\Windows\Sandboxie.ini
2015-10-30 06:40 - 2015-10-11 17:36 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-29 21:39 - 2014-08-03 16:53 - 00000000 ____D C:\AdwCleaner
2015-10-26 15:33 - 2014-08-16 01:24 - 00000000 ____D C:\Program Files\Sublime Text 2
2015-10-26 11:15 - 2013-10-04 09:53 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-10-24 21:15 - 2014-12-11 15:13 - 00000000 ____D C:\Users\mPnR_\AppData\Local\osu!
2015-10-23 18:34 - 2015-09-07 15:51 - 00000000 ____D C:\Users\mPnR_\.oracle_jre_usage
2015-10-23 18:33 - 2015-10-09 15:41 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-10-19 22:12 - 2014-12-13 18:57 - 00000000 ____D C:\Users\mPnR_\AppData\Roaming\Skype
2015-10-17 22:21 - 2014-12-14 10:58 - 00000410 __RSH C:\ProgramData\ntuser.pol

==================== Bestanden in de root van sommige mappen =======

2014-01-17 20:01 - 2014-01-17 20:01 - 0111816 _____ (Sandboxie Holdings, LLC) C:\Program Files (x86)\License.exe
2013-02-24 15:28 - 2013-02-24 15:28 - 0007095 _____ () C:\Program Files (x86)\LICENSE.TXT
2010-11-01 16:52 - 2010-11-01 16:52 - 0000002 _____ () C:\Program Files (x86)\Manifest0.txt
2010-11-23 18:15 - 2010-11-23 18:15 - 0000364 _____ () C:\Program Files (x86)\Manifest1.txt
2010-11-23 22:19 - 2010-11-23 22:19 - 0000092 _____ () C:\Program Files (x86)\Manifest2.txt
2015-02-07 18:38 - 2015-02-07 18:38 - 0000961 _____ () C:\Program Files (x86)\QuickLaunch.lnk
2014-01-17 20:01 - 2014-01-17 20:01 - 0015048 _____ (Sandboxie Holdings, LLC) C:\Program Files (x86)\SandboxieBITS.exe
2014-01-17 20:01 - 2014-01-17 20:01 - 0016584 _____ (Sandboxie Holdings, LLC) C:\Program Files (x86)\SandboxieCrypto.exe
2014-01-17 20:01 - 2014-01-17 20:01 - 0020680 _____ (Sandboxie Holdings, LLC) C:\Program Files (x86)\SandboxieDcomLaunch.exe
2014-01-17 20:01 - 2014-01-17 20:01 - 0030408 _____ (Sandboxie Holdings, LLC) C:\Program Files (x86)\SandboxieRpcSs.exe
2014-01-17 20:01 - 2014-01-17 20:01 - 0017096 _____ (Sandboxie Holdings, LLC) C:\Program Files (x86)\SandboxieWUAU.exe
2014-01-17 20:01 - 2014-01-17 20:01 - 0759496 _____ (Sandboxie Holdings, LLC) C:\Program Files (x86)\SbieCtrl.exe
2014-01-17 20:01 - 2014-01-17 20:01 - 0465096 _____ (Sandboxie Holdings, LLC) C:\Program Files (x86)\SbieDll.dll
2014-01-17 20:01 - 2014-01-17 20:01 - 0202600 _____ (Sandboxie Holdings, LLC) C:\Program Files (x86)\SbieDrv.sys
2014-01-17 20:01 - 2014-01-17 20:01 - 0017096 _____ (Sandboxie Holdings, LLC) C:\Program Files (x86)\SbieIni.exe
2014-01-17 20:01 - 2014-01-17 20:01 - 2841288 _____ (Sandboxie Holdings, LLC) C:\Program Files (x86)\SbieMsg.dll
2014-01-17 20:01 - 2014-01-17 20:01 - 0187592 _____ (Sandboxie Holdings, LLC) C:\Program Files (x86)\SbieSvc.exe
2014-01-17 20:01 - 2014-01-17 20:01 - 0130760 _____ (Sandboxie Holdings, LLC) C:\Program Files (x86)\Start.exe
2013-11-27 08:01 - 2013-11-27 08:01 - 0169280 _____ () C:\Program Files (x86)\Templates.ini
2014-07-26 18:00 - 2014-07-26 18:00 - 0000132 _____ () C:\Users\mPnR_\AppData\Roaming\Adobe GIF Format CS6 Prefs
2014-01-21 17:51 - 2015-09-25 19:50 - 0000132 _____ () C:\Users\mPnR_\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-03-03 15:06 - 2014-03-03 15:40 - 0000132 _____ () C:\Users\mPnR_\AppData\Roaming\Adobe Targa Format CS6 Prefs
2014-06-23 00:09 - 2014-06-23 00:09 - 0099043 _____ () C:\Users\mPnR_\AppData\Roaming\icarus-dxdiag.xml
2014-12-07 13:55 - 2014-12-07 13:55 - 0006183 _____ () C:\Users\mPnR_\AppData\Roaming\MmzNb.torrent
2014-12-07 13:56 - 2014-12-07 13:56 - 0006183 _____ () C:\Users\mPnR_\AppData\Roaming\Pmn.torrent
2015-04-28 21:44 - 2015-04-28 21:44 - 4464145 _____ () C:\Users\mPnR_\AppData\Roaming\scan.exe
2015-04-28 21:49 - 2015-08-17 10:22 - 0007107 _____ () C:\Users\mPnR_\AppData\Roaming\sshds.txt
2014-08-30 08:19 - 2014-08-30 08:20 - 0016384 ___SH () C:\Users\mPnR_\AppData\Roaming\Thumbs.db
2015-03-15 02:21 - 2015-05-31 11:55 - 0000600 _____ () C:\Users\mPnR_\AppData\Roaming\winscp.rnd
2014-12-07 14:10 - 2014-12-07 14:10 - 0006183 _____ () C:\Users\mPnR_\AppData\Roaming\WTfTI.torrent
2015-08-04 03:14 - 2015-08-04 03:14 - 0000152 _____ () C:\Users\mPnR_\AppData\Local\abajfvg.reg
2014-08-04 10:43 - 2014-08-04 10:54 - 0001456 _____ () C:\Users\mPnR_\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-11-23 02:59 - 2014-11-23 02:59 - 0024968 _____ () C:\Users\mPnR_\AppData\Local\debuggee.mdmp
2015-10-04 12:07 - 2015-10-04 12:07 - 0000093 _____ () C:\Users\mPnR_\AppData\Local\fusioncache.dat
2015-09-14 16:19 - 2015-09-14 16:19 - 0000167 _____ () C:\Users\mPnR_\AppData\Local\ofbtbkyhh.reg
2014-10-17 16:06 - 2015-09-06 19:17 - 0000600 _____ () C:\Users\mPnR_\AppData\Local\PUTTY.RND
2015-10-03 14:24 - 2015-10-03 14:24 - 0000218 _____ () C:\Users\mPnR_\AppData\Local\recently-used.xbel
2014-02-10 20:12 - 2015-08-23 18:06 - 0007624 _____ () C:\Users\mPnR_\AppData\Local\Resmon.ResmonCfg
2014-07-05 23:19 - 2014-07-05 23:19 - 0000003 _____ () C:\Users\mPnR_\AppData\Local\updater.log
2014-07-05 23:20 - 2014-07-05 23:20 - 0000436 _____ () C:\Users\mPnR_\AppData\Local\UserProducts.xml
2015-06-06 21:18 - 2015-06-06 21:18 - 1752377 _____ () C:\ProgramData\Tibia_dat.bak

==================== Bamital & volsnap =================

(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)

C:\Windows\system32\winlogon.exe => Bestand is getekend
C:\Windows\system32\wininit.exe => Bestand is getekend
C:\Windows\SysWOW64\wininit.exe => Bestand is getekend
C:\Windows\explorer.exe => Bestand is getekend
C:\Windows\SysWOW64\explorer.exe => Bestand is getekend
C:\Windows\system32\svchost.exe => Bestand is getekend
C:\Windows\SysWOW64\svchost.exe => Bestand is getekend
C:\Windows\system32\services.exe => Bestand is getekend
C:\Windows\system32\User32.dll => Bestand is getekend
C:\Windows\SysWOW64\User32.dll => Bestand is getekend
C:\Windows\system32\userinit.exe => Bestand is getekend
C:\Windows\SysWOW64\userinit.exe => Bestand is getekend
C:\Windows\system32\rpcss.dll => Bestand is getekend
C:\Windows\system32\dnsapi.dll => Bestand is getekend
C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend
C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend


LastRegBack: 2015-11-10 00:45

==================== Eind van FRST.txt ============================
Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie:07-11-2015
Gestart door mPnR_ (2015-11-11 08:56:30)
Gestart vanaf C:\Users\mPnR_\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-06-09 17:17:51)
Boot Modus: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-799834153-1171727689-305855866-500 - Administrator - Disabled)
ASPNET (S-1-5-21-799834153-1171727689-305855866-1179 - Limited - Enabled)
dell (S-1-5-21-799834153-1171727689-305855866-1000 - Administrator - Enabled) => C:\Users\dell
fbwuser319E (S-1-5-21-799834153-1171727689-305855866-1174 - Limited - Enabled)
fbwuserDC06 (S-1-5-21-799834153-1171727689-305855866-1176 - Limited - Enabled)
fbwuserF3ED (S-1-5-21-799834153-1171727689-305855866-1175 - Limited - Enabled)
Gast (S-1-5-21-799834153-1171727689-305855866-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-799834153-1171727689-305855866-1037 - Limited - Enabled)
mPnR_ (S-1-5-21-799834153-1171727689-305855866-1173 - Administrator - Enabled) => C:\Users\mPnR_

==================== Security Center ========================

(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Geïnstalleerde programma's ======================

(Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)

.NET Reflector Desktop (HKLM-x32\...\{067796E0-7973-4882-BB41-FE94453D4CAA}) (Version: 8.2.0.7 - Red Gate Software Ltd)
Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.96 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated)
ARIS EXPRESS (HKLM-x32\...\{49ABE0DF-5BC9-40E8-8996-7A2938BFB5C2}) (Version: 2.4 - Software AG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{3792811C-832F-4392-B44A-24092901EDDC}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
CABAL Online (NA - Global) (HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\CabalOnline(NA - Global)) (Version:  - )
CADE Pro 2.20.3 (HKLM-x32\...\{0D050176-09B9-437C-9E9C-B3E84614D32E}) (Version: 2.20.3 - Weresc)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Deluge 1.3.11 (HKLM-x32\...\Deluge) (Version:  - )
Dropbox (HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
f.lux (HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\Flux) (Version:  - )
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Freemake Video Converter wersja 4.0.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.2 - Ellora Assets Corporation)
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.49 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat)
HxD Hex Editor wersja 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
ICQ 8.3 (build 7317) (HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\ICQ) (Version: 8.3.7317.0 - ICQ)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
JetBrains PyCharm Community Edition 3.4.1 (HKLM-x32\...\PyCharm Community Edition 3.4.1) (Version: 135.1057 - JetBrains s.r.o.)
JetBrains PyCharm Community Edition 4.5.3 (HKLM-x32\...\PyCharm Community Edition 4.5.3) (Version: 141.1899 - JetBrains s.r.o.)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.6.0.0 - QFX Software Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Litecoin (HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\Litecoin) (Version: 0.8.7.2 - Litecoin project)
LiveReload (HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\7ec527eb7361b1c2) (Version: 0.9.4.0 - LiveReload)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.406 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.406 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware wersja 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - PLK (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - PLK) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.41 - mIRC Co. Ltd.)
MorphVOX Junior (HKLM-x32\...\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}) (Version: 2.8.1 - Screaming Bee)
Mozilla Firefox 40.0.3 (x86 nl) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 nl)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NEO Scavenger (HKLM-x32\...\1207667263_is1) (Version: 2.5.0.6 - GOG.com)
Nero 7 Ultra Edition (HKLM-x32\...\{FC98FBE9-E931-494C-8717-497185371043}) (Version: 7.02.4712 - Nero AG)
NinjaGram (HKLM-x32\...\NinjaGram_is1) (Version:  - ninjapinner.com)
Nmap 6.49BETA4 (HKLM-x32\...\Nmap) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
OkayFreedom (HKLM-x32\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.6.2 - Steganos Software GmbH)
OldSchool RuneScape Launcher 1.2.5 (HKLM-x32\...\{375893B6-C8DB-42B0-9547-6E4437542C33}) (Version: 1.2.5 - Jagex Ltd)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
osu! (HKLM-x32\...\{87c9772d-39e6-4dfd-a8f0-7bd5b49e30b7}) (Version: latest - ppy Pty Ltd)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
Python 2.4.4 (HKLM-x32\...\{60E2C8C9-6CF3-4B1A-9618-E304946C94E6}) (Version: 2.4.4150 - Martin v. Löwis)
Python 2.7.1 (64-bit) (HKLM\...\{32939827-d8e5-470a-b126-870db3c69fd0}) (Version: 2.7.1150 - Python Software Foundation)
Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
RedBot PRO 2.0.6 (10.81) - Edycja dla Tibia-Bot.pl (HKLM-x32\...\{54F8409A-E96B-4A85-A5C0-16FCAFAFB25B}_is1) (Version:  - Tibia-Bot.pl)
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )
San Andreas Mod Installer (HKLM-x32\...\San Andreas Mod Installer1.1) (Version: 1.1 - cpmusick)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
ShareX 9.9.0 (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 9.9.0 - ShareX Developers)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Sp5 (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5Intl (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5TTInt (x32 Version: 5.1.4324.0 - Microsoft) Hidden
SpCommon (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spotify (HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)
SpPhones (x32 Version: 6.0.3122.0 - Microsoft) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
System Requirements Lab Detection (HKLM-x32\...\{B1ACF90D-26E0-4164-9B0C-CC7A6C9A8F24}) (Version: 2.0.0.0 - Husdawg, LLC)
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (HKLM\...\Microsoft .NET Framework 4 Client Profile NLD Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Taalpakket voor Microsoft .NET Framework 4 Extended - NLD (HKLM\...\Microsoft .NET Framework 4 Extended NLD Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
The Enigma Protector v4.40 Build 20150619 (HKLM-x32\...\The Enigma Protector x64_is1) (Version:  - The Enigma Protector Developers Team)
Theme Manager (HKLM-x32\...\{C218ABCD-2C64-49D4-A891-83BD007D55D5}) (Version: 4.0.4 - Korbin Bickel)
Tibia (HKLM-x32\...\Tibia_is1) (Version: 10.81 - CipSoft GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Trust Tablet Driver (HKLM-x32\...\TabletDriver) (Version:  - )
Trust Wireless Mouse (HKLM-x32\...\TrustWirelessMouse) (Version: 13.03.0001 - OEM)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.9.2 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.3f1 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.0f-1 - IDRIX)
Visual Basic Libraries (HKLM-x32\...\{B51475E4-3D1C-4CF1-8D1D-21CF5945A38E}) (Version: 6.01.0000 - Common libraries)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 11.1.2 - VMware, Inc)
VMware Workstation (Version: 11.1.2 - VMware, Inc.) Hidden
Volume Serial Number Editor (HKLM-x32\...\{661E9D49-76E8-4335-9202-34FF75965448}) (Version: 1.82.29 - KRyLack Software)
WinDirStat 1.1.2 (HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\WinDirStat) (Version:  - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinHTTrack Website Copier 3.48-19 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.19 - HTTrack)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - Ruiware)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinSCP 5.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7 - Martin Prikryl)
Wireshark 1.12.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.1 - The Wireshark developer community, hxxp://www.wireshark.org)
Workspace Macro Pro 6.5 (HKLM-x32\...\{5E344807-222A-4930-B3AE-FB6E7C422911}) (Version:  - Tethys Solutions, LLC)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)
X-Mouse Button Control 2.6.2 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.6.2 - Highresolution Enterprises)

==================== Aangepaste CLSID (gefilterd): ==========================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

CustomCLSID: HKU\S-1-5-21-799834153-1171727689-305855866-1173_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-799834153-1171727689-305855866-1173_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-799834153-1171727689-305855866-1173_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-799834153-1171727689-305855866-1173_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-799834153-1171727689-305855866-1173_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-799834153-1171727689-305855866-1173_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-799834153-1171727689-305855866-1173_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-799834153-1171727689-305855866-1173_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-799834153-1171727689-305855866-1173_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-799834153-1171727689-305855866-1173_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-799834153-1171727689-305855866-1173_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Herstelpunten =========================

04-11-2015 00:00:02 Gepland controlepunt
11-11-2015 00:07:16 Gepland controlepunt

==================== Hosts inhoud: ===============================

(Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)

2009-07-14 03:34 - 2015-09-14 15:50 - 00000059 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 blackshades.ru

==================== Geplande Taken (gefilterd) =============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

Task: {01AC245C-7E68-468D-935F-169BF34897E3} - System32\Tasks\{AD2D4100-9E9A-4856-B34F-73142A32039D} => Chrome.exe hxxp://ui.skype.com/ui/0/7.5.80.102/pl/abandoninstall?page=tsProgressBar
Task: {131FB841-8A8C-4FC4-8DFB-DE453786C1CE} - System32\Tasks\Update\Google Update => Chrome.exe  <==== AANDACHT
Task: {1372EA62-B5CF-45D1-9BB0-CE1304528734} - System32\Tasks\{6F7FB86A-ACE8-4CE0-81AA-BF475817287E} => pcalua.exe -a C:\Users\mPnR_\Desktop\1337\AutoHotkey104805_Install.exe -d C:\Users\mPnR_\Desktop\1337
Task: {16B8DD00-6424-4314-9534-3C0CD5219D67} - System32\Tasks\{1547C56C-C7B9-455B-9CAC-F898247E8650} => pcalua.exe -a C:\Users\mPnR_\Downloads\MagebotSetupvT1033.exe -d C:\Users\mPnR_\Downloads
Task: {18C02DB0-193D-4513-8F94-33379A9E3E09} - System32\Tasks\{B37D8BD1-2CE3-4084-A8FA-8A428B11F5CC} => pcalua.exe -a C:\Users\mPnR_\Downloads\MagebotSetupvT1033(1).exe -d C:\Users\mPnR_\Downloads
Task: {1E6EC4BA-E238-4E19-B308-BC3D22C1D215} - System32\Tasks\VPNReactor => C:\Program Files (x86)\VPNReactor\VPNReactor.exe
Task: {258700D5-B200-49C1-9ED4-9BC8A6023C35} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {31DA3BEF-D061-4425-BC74-BCBB3582D213} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-799834153-1171727689-305855866-1173UA => C:\Users\mPnR_\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {57DFA002-5DB5-4DB4-90D1-6EEB4E20B7D0} - System32\Tasks\{63F055C1-8079-4734-8EDD-B7C493449D39} => D:\SteamLibrary\steamapps\common\Half-Life\hl.exe
Task: {6B998620-F0BD-4FCE-B400-D30D9C484BEA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-29] (Adobe Systems Incorporated)
Task: {78B522F0-5DF3-4997-884F-4AB5687F9131} - System32\Tasks\{98AAA4D4-5DD5-4978-9373-1166E4A91FEB} => pcalua.exe -a C:\Users\dell\Downloads\Pixelmon.exe -d C:\Users\dell\Downloads
Task: {78CE509D-3415-442A-9B5F-22FE2DE3CEFF} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {7F40BC1F-565A-4365-A394-4612B4C51869} - System32\Tasks\Disconnect Desktop Updater => C:\Program Files (x86)\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe
Task: {8601FA4B-F4BC-4089-97C2-7D78D887E08E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {8F83AF3F-FD3D-4178-B246-08B634AE5E3D} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe
Task: {9203FD0B-FF4C-4F0E-B2A6-949BEC75E46B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-799834153-1171727689-305855866-1173Core => C:\Users\mPnR_\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {9A7923DB-C2CA-476D-913E-5C3B1E874F38} - System32\Tasks\{8EA149C1-CA9A-48FE-B1A1-287BED2973E6} => pcalua.exe -a "C:\Users\dell\Downloads\vcredist_x64 (2).exe" -d C:\Users\dell\Downloads
Task: {AC70A31E-E063-4204-9276-023E3C116A19} - System32\Tasks\{1BD1E94B-42F3-42EA-88EF-B2C5C393DC7A} => D:\SteamLibrary\steamapps\common\Half-Life\hl.exe
Task: {B4CFC358-C660-449A-9C85-66BC0944FEB5} - System32\Tasks\{42C6515B-C5E2-48D5-B1A8-F8CEB5F114C8} => pcalua.exe -a "C:\Users\dell\Desktop\The Typing Of The Dead\The Typing of the Dead Full Version.exe" -d "C:\Users\dell\Desktop\The Typing Of The Dead"
Task: {BCE70E11-F28A-4FC3-A23A-A3B625635E0C} - System32\Tasks\{15D578A0-2D48-478E-BB5A-D7F62FD73556} => pcalua.exe -a C:\Users\dell\Downloads\NetFx64.exe -d C:\Users\dell\Downloads
Task: {C0FF1DD3-E34C-41F6-8B52-48EE627FE5A5} - System32\Tasks\{0B128D75-3B3C-475D-9017-C61F3C41D3C4} => pcalua.exe -a C:\Users\mPnR_\Downloads\MagebotSetupvT1034(2).exe -d C:\Users\mPnR_\Downloads
Task: {C4C83C1C-AE25-4CF9-9BCC-8806E34639D9} - System32\Tasks\{B2F3C825-F185-4CF4-9E8F-4CAA2E74F5DB} => Chrome.exe hxxp://ui.skype.com/ui/0/7.1.0.105/pl/abandoninstall?page=tsProgressBar
Task: {C60EF231-3DED-4A4E-B6A7-BA2ED7D60C21} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CA063141-86A1-4B25-B2A3-84FC8E15A40E} - System32\Tasks\{B254D715-5E9E-47B9-B404-815AE025B365} => pcalua.exe -a C:\Users\dell\Downloads\dotNetFx35setup(1).exe -d C:\Users\dell\Downloads
Task: {CB8D4C84-5BED-4476-ABAD-6BEF4B02BC84} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D047DA23-F54D-40BF-A4A8-207AD37574F8} - System32\Tasks\{356822CB-12AC-49E5-B24E-F5938B4FA32D} => pcalua.exe -a C:\Users\dell\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe -d C:\Users\dell\Downloads
Task: {E7DAA826-807F-4513-866B-E2324E7165CC} - System32\Tasks\{37D8DAE1-4DE3-44D4-ABE9-89ABA1EE961A} => pcalua.exe -a C:\Users\mPnR_\Downloads\MagebotSetupvT1031(1).exe -d C:\Users\mPnR_\Downloads
Task: {F6423F06-D9AA-43CD-84EC-79AB67CAC5F6} - System32\Tasks\{87774519-D0D0-42CF-81B1-1F24E5BE9856} => pcalua.exe -a C:\Users\dell\Downloads\15356_03.exe -d C:\Users\dell\Downloads
Task: {FD92A110-CC63-4DD7-8192-8154E24D0FF6} - System32\Tasks\{ACE0AAE4-768E-4C37-8071-425D14A2E9A3} => pcalua.exe -a "C:\Program Files (x86)\OkayFreedom\setuptool.exe" -d "C:\Program Files (x86)\OkayFreedom"

(Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-799834153-1171727689-305855866-1173Core.job => C:\Users\mPnR_\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-799834153-1171727689-305855866-1173UA.job => C:\Users\mPnR_\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladen Modules (gefilterd) ==============

2015-05-31 06:36 - 2015-05-31 06:36 - 12732608 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-12-08 20:14 - 2014-05-13 03:20 - 00069632 _____ () C:\Program Files\ShareX\screen-capture-recorder-x64.dll
2015-11-04 23:32 - 2015-11-04 06:01 - 01971528 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.49\libglesv2.dll
2015-11-04 23:32 - 2015-11-04 06:00 - 00093512 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.49\libegl.dll
2013-06-29 16:38 - 2009-09-24 16:17 - 00267264 _____ () C:\Windows\system32\WinTab32.DLL
2015-05-31 06:59 - 2015-05-31 06:59 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-05-31 06:36 - 2015-05-31 06:36 - 00191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2015-05-31 06:36 - 2015-05-31 06:36 - 00388288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2015-05-31 06:36 - 2015-05-31 06:36 - 00194752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2013-06-29 16:38 - 2009-09-24 16:16 - 00200704 _____ () C:\Windows\SysWOW64\WinTab32.DLL

==================== Alternate Data Streams (gefilterd) =========

(Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)

AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\TEMP:6BE50C2B
AlternateDataStreams: C:\Users\dell\Application Data:NT
AlternateDataStreams: C:\Users\dell\AppData\Roaming:NT
AlternateDataStreams: C:\Users\mPnR_\Application Data:NT2
AlternateDataStreams: C:\Users\mPnR_\AppData\Roaming:NT2

==================== Veilige Modus (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\92575634.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\92575634.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Bestandskoppeling (gefilterd) ===============

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)


==================== Internet Explorer vertrouwde/beperkte toegang ===============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)

IE trusted site: HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\aeriagames.com -> hxxp://aeriagames.com

==================== Andere gebieden ============================

(Momenteel is er geen automatische fix voor dit onderdeel.)

HKU\S-1-5-21-799834153-1171727689-305855866-1173\Control Panel\Desktop\\Wallpaper -> C:\Users\mPnR_\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is uitgeschakeld.

==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==

(Momenteel is er geen automatische fix voor dit onderdeel.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dual Smart Solution.lnk => C:\Windows\pss\Dual Smart Solution.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Keyboard King.lnk => C:\Windows\pss\Keyboard King.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk => C:\Windows\pss\Workspace Macro Pro Hotkeys.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^xDownloader.lnk => C:\Windows\pss\xDownloader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^dell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^mPnR_^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^def78cbf8271d806aca48905401ff0d4.exe => C:\Windows\pss\def78cbf8271d806aca48905401ff0d4.exe.Startup
MSCONFIG\startupfolder: C:^Users^mPnR_^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^mPnR_^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ShareX.lnk => C:\Windows\pss\ShareX.lnk.Startup
MSCONFIG\startupreg: Adobe Acrobat Registration Service => C:\Users\mPnR_\AppData\Roaming\Local\Adobe\armhvt.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Adobearm.exe => C:\Users\mPnR_\AppData\Roaming\Micorsoft\NetStacic\Adobearm.exe
MSCONFIG\startupreg: AdobeBridge => 
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\mPnR_\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe"
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DAmianNNnNnnNnNN => C:\Users\mPnR_\AppData\Roaming\Damianananna\Damianananan\Damianananananan.exe
MSCONFIG\startupreg: Drmav.exe => C:\Users\mPnR_\AppData\Roaming\Micorsoft\NetStrict\Drmav.exe
MSCONFIG\startupreg: Dropbox Update => "C:\Users\mPnR_\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
MSCONFIG\startupreg: f.lux => "C:\Users\mPnR_\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
MSCONFIG\startupreg: GoogleChromeAutoLaunch_E9B49DEF27FD0A2A137FE04253B65E32 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: guzidll.exe => C:\Users\mPnR_\AppData\Roaming\Micorsoft\NetStacic\guzidll.exe
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: icq => C:\Users\mPnR_\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: LightShot => C:\Users\mPnR_\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: ntehid.exe => C:\Users\mPnR_\AppData\Roaming\Micorsoft\SQLS\ntehid.exe
MSCONFIG\startupreg: OKAYFREEDOM_Update => "C:\Program Files (x86)\OkayFreedom\Updater.exe" --resume --verbosity silent
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: screenSHU => "C:\Program Files (x86)\screenSHU\screenSHU.exe" --hidden
MSCONFIG\startupreg: Servicetool => C:\Program Files (x86)\KPN\Servicetool\KPNServicetool_Launcher.exe /auto
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\mPnR_\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\mPnR_\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\mPnR_\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
MSCONFIG\startupreg: WTClient => WTClient.exe
MSCONFIG\startupreg: XMouseButtonControl => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe /notportable

==================== Firewall regels (gefilterd) ===============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

FirewallRules: [TCP Query User{0D464BE5-667C-40D7-8665-94620DDAF198}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe
FirewallRules: [UDP Query User{EC78E5FB-FF2E-4158-8C4F-E7A0F76B16A6}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe
FirewallRules: [TCP Query User{89EC2BC3-4696-42DA-AA61-1409EB7527BC}C:\program files (x86)\java\jre7\launch4j-tmp\pixelmon.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\pixelmon.exe
FirewallRules: [UDP Query User{CB13A0AF-7B25-4A4C-BC66-A2BD16EC1CFA}C:\program files (x86)\java\jre7\launch4j-tmp\pixelmon.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\pixelmon.exe
FirewallRules: [{44FF4BBB-73EE-4D10-B47D-857DACE895AE}] => (Allow) LPort=7707
FirewallRules: [{9A6780E2-DC06-4CCB-AFFB-2ED27BC5B7A4}] => (Allow) C:\Users\dell\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0732D0A0-AEE8-4E48-8FC7-FCC184DA8D1F}] => (Allow) C:\Users\dell\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{89079074-B3B5-4536-A8D0-87B4DE84AA90}] => (Allow) C:\Users\dell\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C9970B53-2342-40E5-913A-A5A69C802F07}] => (Allow) C:\Users\dell\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A046BC1E-2F47-49F0-A7F0-3ADF43B420FF}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{6BD9FB50-845B-4F1D-81FD-5CA3E6636D6E}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{D12C3350-1EAD-4656-B765-C23E80FC2C10}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{16BC8A1C-68C9-4FFF-926F-25C10CE2C4CF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{070F20C6-5059-49CB-8BB9-F199DA3D74F6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{523A8C71-3089-4633-9080-EC1856FBD60E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5EC0A620-79B1-45A9-B1B1-2F10F0695A36}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{9B30903F-4A44-470B-8444-6C65D715FC26}C:\users\mpnr_\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mpnr_\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{00A72F85-3E54-44F0-9CA8-89A7207982B5}C:\users\mpnr_\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mpnr_\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5D20DF83-4C77-40AB-90BE-0C6C7345BCEF}] => (Allow) C:\Program Files (x86)\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{E41AA793-EE1E-4B18-AB9A-44AD3C1C9AB1}] => (Allow) C:\Program Files (x86)\Disconnect\Disconnect Desktop\\openvpn\bin\openvpnserv.exe
FirewallRules: [{E38C7E02-A653-4590-97A9-C350D3DD1520}] => (Allow) C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{894D6101-81D7-4406-9C90-3D01B3323196}] => (Allow) C:\Users\mPnR_\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{94C854F9-D65E-4DF0-BACF-C16679741EB0}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{AC3FF3C0-513C-4908-B06C-103968042EA6}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{A9D8E9A1-4ACF-48DA-B153-9BA3843B902B}C:\program files (x86)\universegamers\gunzv10\uggunz.exe] => (Allow) C:\program files (x86)\universegamers\gunzv10\uggunz.exe
FirewallRules: [UDP Query User{8E41C516-006B-4710-AACB-30F7709FD6FE}C:\program files (x86)\universegamers\gunzv10\uggunz.exe] => (Allow) C:\program files (x86)\universegamers\gunzv10\uggunz.exe
FirewallRules: [TCP Query User{59C5AC36-83AD-423A-8FDF-BD33E4E6F8ED}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{809CDCA3-1CA8-46BE-BBB6-224F608E20AF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{2C0795F0-AA80-434F-AD2F-2ECB0E81B1FA}C:\program files (x86)\steam\steamapps\common\half-life\hl.exe] => (Block) C:\program files (x86)\steam\steamapps\common\half-life\hl.exe
FirewallRules: [UDP Query User{B6D6AA0A-BFB5-453D-AAB1-29B6003E4782}C:\program files (x86)\steam\steamapps\common\half-life\hl.exe] => (Block) C:\program files (x86)\steam\steamapps\common\half-life\hl.exe
FirewallRules: [TCP Query User{EA24C1D4-CD32-44FD-A973-329C878D31F1}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{F941949D-6DF7-4C78-8842-5B36735981DD}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [TCP Query User{3F6681AD-CFF7-47C8-8E1E-7334D88306FF}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Block) C:\program files (x86)\litecoin\litecoin-qt.exe
FirewallRules: [UDP Query User{230E4629-6D4A-43C9-9D01-B9A63A18547C}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Block) C:\program files (x86)\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{C18E63E2-3829-429D-943E-52D66F8ACFA3}X:\internet explorer.exe\njrat\njrat v0.7d.exe] => (Allow) X:\internet explorer.exe\njrat\njrat v0.7d.exe
FirewallRules: [UDP Query User{4CF0F965-8659-4E88-9CC2-5611908D3EEE}X:\internet explorer.exe\njrat\njrat v0.7d.exe] => (Allow) X:\internet explorer.exe\njrat\njrat v0.7d.exe
FirewallRules: [{3BD5521A-73A4-4855-82DB-C587430F9CC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{1821A074-63FC-4637-B48F-621C366A0EAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{56F80919-4B1A-4BD5-BE03-CCF49C8DBDAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{01BD4E97-9698-4BCF-AFB5-31A4CA037830}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4C3D6E82-DE02-490F-9CE1-D19B7587797A}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{EAE7EB49-3E34-4F47-B2FB-49CBD96AB9AD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{B62BB85B-C9E7-44BA-9A93-7899F3592273}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{A3A04D26-3CEF-4C37-82AA-C9CD20241CD5}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{C22362B5-C666-4956-AA23-9D7DD4D3684D}] => (Allow) LPort=1604
FirewallRules: [{579AED9E-ABD2-4366-B545-DCE348430655}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{AF5E28A8-6855-4334-9CD8-86350564B5ED}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{59EDDDB8-943C-44A3-B6F8-01738121C30C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{90889B9F-D46C-4CCE-89AD-6EA42C28C2C6}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3BCF3BF4-8520-4426-A6F4-E4C83F46DA5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{1A82609F-5DF3-4A91-871E-0F9B64008958}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{06CFBF22-7B47-47D0-82A4-38501391EEB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Nest Europe\DragonNest\DragonNest.exe
FirewallRules: [{69B563F2-BBC9-4CE5-A5A4-32C93AC396F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Nest Europe\DragonNest\DragonNest.exe
FirewallRules: [{8DCB4E54-BBE6-4D2D-9965-C6C5EB7A38C0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{03A5EDE8-AC08-4720-A66B-D4BE4AF1C3A8}] => (Allow) C:\Users\mPnR_\AppData\Roaming\Steganos\OkayFreedom\Proxy\node.exe
DomainProfile\AuthorizedApplications: [C:\Nexon\Combat Arms EU\CombatArms.exe] => :*Enabled:CombatArms.exe
DomainProfile\AuthorizedApplications: [C:\Nexon\Combat Arms EU\Engine.exe] => :*Enabled:Engine.exe
StandardProfile\AuthorizedApplications: [D:\Combat Chujowe Arms\Combat Arms EU\CombatArms.exe] => :*Enabled:CombatArms.exe
StandardProfile\AuthorizedApplications: [D:\Combat Chujowe Arms\Combat Arms EU\Engine.exe] => :*Enabled:Engine.exe
StandardProfile\AuthorizedApplications: [C:\Nexon\Combat Arms EU\CombatArms.exe] => :*Enabled:CombatArms.exe
StandardProfile\AuthorizedApplications: [C:\Nexon\Combat Arms EU\Engine.exe] => :*Enabled:Engine.exe

==================== Defecte Apparaatbeheer Apparaten =============

Name: Zewnętrzne urządzenie Bluetooth
Description: Zewnętrzne urządzenie Bluetooth
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Podstawowe urządzenie systemowe
Description: Podstawowe urządzenie systemowe
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Zewnętrzne urządzenie Bluetooth
Description: Zewnętrzne urządzenie Bluetooth
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Podstawowe urządzenie systemowe
Description: Podstawowe urządzenie systemowe
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Laptop Integrated Webcam
Description: Urządzenie wideo USB
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Kontroler Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Description: Kontroler Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Zewnętrzne urządzenie Bluetooth
Description: Zewnętrzne urządzenie Bluetooth
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Atheros AR5007EG Wireless Network Adapter
Description: Atheros AR5007EG Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Urządzenie Bluetooth (sieć osobista)
Description: Urządzenie Bluetooth (sieć osobista)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Podstawowe urządzenie systemowe
Description: Podstawowe urządzenie systemowe
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Zewnętrzne urządzenie Bluetooth
Description: Zewnętrzne urządzenie Bluetooth
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Eventlog fouten: =========================

Applicatiefouten:
==================
Error: (11/11/2015 12:31:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla „C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1”. Błąd w pliku manifestu lub w pliku zasad „C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2” w wierszu C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna.
Składniki powodujące konflikt:
Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Składnik 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.


Systeemfouten:
=============
Error: (11/10/2015 01:53:22 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: System wykrył konflikt adresów między adresem IP 192.168.2.3 a komputerem o sieciowym
adresie sprzętowym 10-D3-8A-B4-C0-17. W rezultacie mogą być zakłócone operacje sieciowe na
tym komputerze.


CodeIntegrity:
===================================
  Date: 2015-10-09 15:54:47.145
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0801.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-09 15:54:47.098
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0801.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-09 15:54:46.989
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-09 15:54:46.942
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-08 07:11:44.271
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0801.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-08 07:11:44.224
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0801.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-08 07:11:44.131
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-08 07:11:44.084
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-07 22:14:41.363
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0801.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-07 22:14:41.301
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tap0801.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Geheugen info =========================== 

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage geheugen in gebruik: 44%
Totaal fysiek RAM-geheugen: 4086.04 MB
Beschikbaar fysiek RAM-geheugen: 2261.66 MB
Totaal Virtueel geheugen: 8170.27 MB
Beschikbaar Virtual geheugen: 5828.92 MB

==================== Schijven ================================

Drive c: () (Fixed) (Total:150.01 GB) (Free:51.09 GB) NTFS
Drive d: () (Fixed) (Total:73.11 GB) (Free:34.22 GB) NTFS ==>[systeem met boot componenten (verkregen van schijf)]

==================== MBR & Partitietabel ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C0F7394F)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=73.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150 GB) - (Type=07 NTFS)

==================== Eind van Addition.txt ============================

FRST.txt and Addition.txt

 

I was panicking so i ran first log tool i could find, not sure if this will be usefull for you.

Im 100% sure ive got some sort of malware on my computer, please help me asap 



#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 PM

Posted 16 November 2015 - 03:03 PM

Hi,

C:\Users\mPnR_\Downloads\Satobot-Cracked-By-TheBlackCrack.zip
C:\Users\mPnR_\Downloads\Whatsapp Bulk Sender Cracked by TheProxy.rar

They are cracking software
Do you use software crack-keygen
If you are using crack-keygen software , remove them all.

--------

Crack and keygen !
This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, we ask that you uninstall any such applications, as indicated in this sticky topic.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, BC does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

=====================================================================================

Download CKScanner from here

Important : Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on CKScanner.exe and select Run as Administrator)
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

=====================================================================================

hxxp://127.0.0.1:8445/okayfreedom.pac
Hosts: 127.0.0.1 blackshades.ru
FF NetworkProxy: "socks", "194.50.177.187"
FF NetworkProxy: "socks_port", 37847

 

This information belongs to you and do you know ?

====================================================================================

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.

C:\Users\mPnR_\Downloads\Satobot-Cracked-By-TheBlackCrack.zip
C:\Users\mPnR_\Downloads\Whatsapp Bulk Sender Cracked by TheProxy.rar
C:\Users\mPnR_\Downloads\zkbcty.csv
C:\Users\mPnR_\AppData\Local\abajfvg.reg
C:\Users\mPnR_\AppData\Local\ofbtbkyhh.reg
C:\ProgramData\Tibia_dat.bak

Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

=====================================================================================

def78cbf8271d806aca48905401ff0d4.exe

This file belongs to you and do you know ? What is this file?

=======================

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 help_meh

help_meh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 17 November 2015 - 10:22 AM

def78cbf8271d806aca48905401ff0d4.exe

 

I dont know this file.

 

ckfiles.txt

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_boom_v1.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_boom_v2.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_boom_v3.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_f1.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_f2.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_f3.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_f4.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_f5.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_gound_low.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_grav.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_grav2.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_ground.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_ice2_01.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_ice_1.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_ice_1r.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_ice_1rd.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_ice_2.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_ice_2r.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_ice_2rd.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_ice_3.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_ice_3rd.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_in.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_mid.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_out.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_piece_fire1.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_piece_fire1_low.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\crack_piece_fire2.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\dx2_trainup_crack.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\dx2_trainup_nocrack.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\icepillar_crack_t1.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\icepillar_crack_t2.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\icepillar_crack_t3.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\ncrack_001.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\ncrack_001_1.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\ncrack_002.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\ncrack_002_1.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebm\ncrack_003.ebm
c:\program files (x86)\cabal online (na - global)\data\fx\src\ebs\crack_floor.ebs
c:\program files (x86)\cabal online (na - global)\data\fx\src\efx\crack_circle.efx
c:\program files (x86)\cabal online (na - global)\data\fx\src\efx\exploe_crack1.efx
c:\program files (x86)\cabal online (na - global)\data\fx\src\efx\exploe_crack3.efx
c:\program files (x86)\cabal online (na - global)\data\fx\src\efx\exploe_crack4.efx
c:\program files (x86)\cabal online (na - global)\data\fx\src\efx\expole_crack.efx
c:\program files (x86)\cabal online (na - global)\data\fx\src\efx\expole_crack2.efx
c:\program files (x86)\cabal online (na - global)\data\fx\src\efx\expole_crack_np.efx
c:\program files (x86)\cabal online (na - global)\data\item\event\evt2_tex_crackegg.ebm
c:\program files (x86)\cabal online (na - global)\data\object\object\object_fx\fearofd\crackegg_a.efx
c:\program files (x86)\cabal online (na - global)\data\object\object\object_fx\fearofd\crackegg_a_add.ebm
c:\program files (x86)\cabal online (na - global)\data\object\object\object_fx\fearofd\fearofd_crackegg_a.ebm
c:\program files (x86)\the enigma protector\enigmasdk\bcb\enigma_keygen_ide.h
c:\program files (x86)\the enigma protector\enigmasdk\bcb\keygen.dll
c:\program files (x86)\the enigma protector\enigmasdk\bcb\keygen.lib
c:\program files (x86)\the enigma protector\enigmasdk\c# (.net)\enigma_keygen_ide.cs
c:\program files (x86)\the enigma protector\enigmasdk\c# (.net)\keygen.dll
c:\program files (x86)\the enigma protector\enigmasdk\c# x64 (.net)\enigma_keygen_ide64.cs
c:\program files (x86)\the enigma protector\enigmasdk\c# x64 (.net)\keygen64.dll
c:\program files (x86)\the enigma protector\enigmasdk\cgi keygen\linux\keygen
c:\program files (x86)\the enigma protector\enigmasdk\cgi keygen\linux\readme.txt
c:\program files (x86)\the enigma protector\enigmasdk\cgi keygen\windows\keygen.exe
c:\program files (x86)\the enigma protector\enigmasdk\cgi keygen\windows\readme.txt
c:\program files (x86)\the enigma protector\enigmasdk\delphi\enigma_keygen_ide.pas
c:\program files (x86)\the enigma protector\enigmasdk\delphi\keygen.dll
c:\program files (x86)\the enigma protector\enigmasdk\fpcx64\enigma_keygen_ide64.pas
c:\program files (x86)\the enigma protector\enigmasdk\fpcx64\keygen64.dll
c:\program files (x86)\the enigma protector\enigmasdk\linux\libkeygen.so
c:\program files (x86)\the enigma protector\enigmasdk\vb\enigma_keygen_ide.bas
c:\program files (x86)\the enigma protector\enigmasdk\vb\keygen.dll
c:\program files (x86)\the enigma protector\enigmasdk\vc\enigma_keygen_ide.h
c:\program files (x86)\the enigma protector\enigmasdk\vc\keygen.dll
c:\program files (x86)\the enigma protector\enigmasdk\vc\keygen.lib
c:\program files (x86)\the enigma protector\enigmasdk\vcx64\enigma_keygen_ide64.h
c:\program files (x86)\the enigma protector\enigmasdk\vcx64\keygen64.dll
c:\program files (x86)\the enigma protector\enigmasdk\vcx64\keygen64.lib
c:\program files (x86)\the enigma protector\enigmasdk\visual basic (.net)\enigma_keygen_ide.vb
c:\program files (x86)\the enigma protector\enigmasdk\visual basic (.net)\keygen.dll
c:\program files (x86)\the enigma protector\examples\keygen\bcb\default.enigma
c:\program files (x86)\the enigma protector\examples\keygen\bcb\keygen.bpr
c:\program files (x86)\the enigma protector\examples\keygen\bcb\keygen.cpp
c:\program files (x86)\the enigma protector\examples\keygen\bcb\keygen.dll
c:\program files (x86)\the enigma protector\examples\keygen\bcb\keygen.res
c:\program files (x86)\the enigma protector\examples\keygen\bcb\mainunit.cpp
c:\program files (x86)\the enigma protector\examples\keygen\bcb\mainunit.dfm
c:\program files (x86)\the enigma protector\examples\keygen\bcb\mainunit.h
c:\program files (x86)\the enigma protector\examples\keygen\c# (.net)\app.ico
c:\program files (x86)\the enigma protector\examples\keygen\c# (.net)\assemblyinfo.cs
c:\program files (x86)\the enigma protector\examples\keygen\c# (.net)\default.enigma
c:\program files (x86)\the enigma protector\examples\keygen\c# (.net)\enigma_keygen_ide.cs
c:\program files (x86)\the enigma protector\examples\keygen\c# (.net)\frmmain.cs
c:\program files (x86)\the enigma protector\examples\keygen\c# (.net)\frmmain.resx
c:\program files (x86)\the enigma protector\examples\keygen\c# (.net)\keygen.dll
c:\program files (x86)\the enigma protector\examples\keygen\c# (.net)\test.csproj
c:\program files (x86)\the enigma protector\examples\keygen\c# (.net)\test.sln
c:\program files (x86)\the enigma protector\examples\keygen\c# x64 (.net)\app.ico
c:\program files (x86)\the enigma protector\examples\keygen\c# x64 (.net)\assemblyinfo.cs
c:\program files (x86)\the enigma protector\examples\keygen\c# x64 (.net)\default.enigma
c:\program files (x86)\the enigma protector\examples\keygen\c# x64 (.net)\enigma_keygen_ide64.cs
c:\program files (x86)\the enigma protector\examples\keygen\c# x64 (.net)\frmmain.cs
c:\program files (x86)\the enigma protector\examples\keygen\c# x64 (.net)\frmmain.resx
c:\program files (x86)\the enigma protector\examples\keygen\c# x64 (.net)\keygen64.dll
c:\program files (x86)\the enigma protector\examples\keygen\c# x64 (.net)\test.csproj
c:\program files (x86)\the enigma protector\examples\keygen\c# x64 (.net)\test.sln
c:\program files (x86)\the enigma protector\examples\keygen\cgi linux\keygen
c:\program files (x86)\the enigma protector\examples\keygen\cgi linux\readme.txt
c:\program files (x86)\the enigma protector\examples\keygen\cgi linux\test.html
c:\program files (x86)\the enigma protector\examples\keygen\cgi linux\test_post.html
c:\program files (x86)\the enigma protector\examples\keygen\cgi windows\keygen.exe
c:\program files (x86)\the enigma protector\examples\keygen\cgi windows\readme.txt
c:\program files (x86)\the enigma protector\examples\keygen\cgi windows\test.html
c:\program files (x86)\the enigma protector\examples\keygen\cgi windows\test_post.html
c:\program files (x86)\the enigma protector\examples\keygen\delphi\default.enigma
c:\program files (x86)\the enigma protector\examples\keygen\delphi\keygen.dll
c:\program files (x86)\the enigma protector\examples\keygen\delphi\keygen.dpr
c:\program files (x86)\the enigma protector\examples\keygen\delphi\main.dfm
c:\program files (x86)\the enigma protector\examples\keygen\delphi\main.pas
c:\program files (x86)\the enigma protector\examples\keygen\fpcx64\default.enigma
c:\program files (x86)\the enigma protector\examples\keygen\fpcx64\keygen.lpi
c:\program files (x86)\the enigma protector\examples\keygen\fpcx64\keygen.lpr
c:\program files (x86)\the enigma protector\examples\keygen\fpcx64\keygen.res
c:\program files (x86)\the enigma protector\examples\keygen\fpcx64\keygen64.dll
c:\program files (x86)\the enigma protector\examples\keygen\fpcx64\main.dfm
c:\program files (x86)\the enigma protector\examples\keygen\fpcx64\main.pas
c:\program files (x86)\the enigma protector\examples\keygen\vb\default.enigma
c:\program files (x86)\the enigma protector\examples\keygen\vb\frmmain.frm
c:\program files (x86)\the enigma protector\examples\keygen\vb\frmmain.frx
c:\program files (x86)\the enigma protector\examples\keygen\vb\keygen.dll
c:\program files (x86)\the enigma protector\examples\keygen\vb\keygen.vbp
c:\program files (x86)\the enigma protector\examples\keygen\vb\keygen.vbw
c:\program files (x86)\the enigma protector\examples\keygen\vc\default.enigma
c:\program files (x86)\the enigma protector\examples\keygen\vc\keygen.cpp
c:\program files (x86)\the enigma protector\examples\keygen\vc\keygen.dll
c:\program files (x86)\the enigma protector\examples\keygen\vc\keygen.dsp
c:\program files (x86)\the enigma protector\examples\keygen\vc\keygen.dsw
c:\program files (x86)\the enigma protector\examples\keygen\vc\keygen.h
c:\program files (x86)\the enigma protector\examples\keygen\vc\keygen.ico
c:\program files (x86)\the enigma protector\examples\keygen\vc\keygen.rc
c:\program files (x86)\the enigma protector\examples\keygen\vc\keygen.rc2
c:\program files (x86)\the enigma protector\examples\keygen\vc\keygen.sln
c:\program files (x86)\the enigma protector\examples\keygen\vc\keygen.vcproj
c:\program files (x86)\the enigma protector\examples\keygen\vc\keygendlg.cpp
c:\program files (x86)\the enigma protector\examples\keygen\vc\keygendlg.h
c:\program files (x86)\the enigma protector\examples\keygen\vc\resource.h
c:\program files (x86)\the enigma protector\examples\keygen\vc\stdafx.cpp
c:\program files (x86)\the enigma protector\examples\keygen\vc\stdafx.h
c:\program files (x86)\the enigma protector\examples\keygen\vcx64\default.enigma64
c:\program files (x86)\the enigma protector\examples\keygen\vcx64\keygen.cpp
c:\program files (x86)\the enigma protector\examples\keygen\vcx64\keygen.h
c:\program files (x86)\the enigma protector\examples\keygen\vcx64\keygen.ico
c:\program files (x86)\the enigma protector\examples\keygen\vcx64\keygen.rc
c:\program files (x86)\the enigma protector\examples\keygen\vcx64\keygen.rc2
c:\program files (x86)\the enigma protector\examples\keygen\vcx64\keygen.sln
c:\program files (x86)\the enigma protector\examples\keygen\vcx64\keygen.vcproj
c:\program files (x86)\the enigma protector\examples\keygen\vcx64\keygen64.dll
c:\program files (x86)\the enigma protector\examples\keygen\vcx64\keygen64.lib
c:\program files (x86)\the enigma protector\examples\keygen\vcx64\keygendlg.cpp
c:\program files (x86)\the enigma protector\examples\keygen\vcx64\keygendlg.h
c:\program files (x86)\the enigma protector\examples\keygen\vcx64\resource.h
c:\program files (x86)\the enigma protector\examples\keygen\vcx64\stdafx.cpp
c:\program files (x86)\the enigma protector\examples\keygen\vcx64\stdafx.h
c:\program files (x86)\the enigma protector\examples\keygenunicode\c# (.net)\app.ico
c:\program files (x86)\the enigma protector\examples\keygenunicode\c# (.net)\assemblyinfo.cs
c:\program files (x86)\the enigma protector\examples\keygenunicode\c# (.net)\default.enigma
c:\program files (x86)\the enigma protector\examples\keygenunicode\c# (.net)\enigma_keygen_ide.cs
c:\program files (x86)\the enigma protector\examples\keygenunicode\c# (.net)\frmmain.cs
c:\program files (x86)\the enigma protector\examples\keygenunicode\c# (.net)\frmmain.resx
c:\program files (x86)\the enigma protector\examples\keygenunicode\c# (.net)\keygen.dll
c:\program files (x86)\the enigma protector\examples\keygenunicode\c# (.net)\test.csproj
c:\program files (x86)\the enigma protector\examples\keygenunicode\c# (.net)\test.sln
c:\program files (x86)\the enigma protector\examples\keygenunicode\c# x64 (.net)\app.ico
c:\program files (x86)\the enigma protector\examples\keygenunicode\c# x64 (.net)\assemblyinfo.cs
c:\program files (x86)\the enigma protector\examples\keygenunicode\c# x64 (.net)\default.enigma
c:\program files (x86)\the enigma protector\examples\keygenunicode\c# x64 (.net)\enigma_keygen_ide64.cs
c:\program files (x86)\the enigma protector\examples\keygenunicode\c# x64 (.net)\frmmain.cs
c:\program files (x86)\the enigma protector\examples\keygenunicode\c# x64 (.net)\frmmain.resx
c:\program files (x86)\the enigma protector\examples\keygenunicode\c# x64 (.net)\keygen64.dll
c:\program files (x86)\the enigma protector\examples\keygenunicode\c# x64 (.net)\test.csproj
c:\program files (x86)\the enigma protector\examples\keygenunicode\c# x64 (.net)\test.sln
c:\program files (x86)\the enigma protector\examples\keygenunicode\delphi_2009up\default.enigma
c:\program files (x86)\the enigma protector\examples\keygenunicode\delphi_2009up\keygen.cfg
c:\program files (x86)\the enigma protector\examples\keygenunicode\delphi_2009up\keygen.dll
c:\program files (x86)\the enigma protector\examples\keygenunicode\delphi_2009up\keygen.dpr
c:\program files (x86)\the enigma protector\examples\keygenunicode\delphi_2009up\keygen.dproj
c:\program files (x86)\the enigma protector\examples\keygenunicode\delphi_2009up\keygen.res
c:\program files (x86)\the enigma protector\examples\keygenunicode\delphi_2009up\main.dfm
c:\program files (x86)\the enigma protector\examples\keygenunicode\delphi_2009up\main.pas
c:\program files (x86)\the enigma protector\examples\keygenunicode\fpcx64\default.enigma
c:\program files (x86)\the enigma protector\examples\keygenunicode\fpcx64\keygen.lpi
c:\program files (x86)\the enigma protector\examples\keygenunicode\fpcx64\keygen.lpr
c:\program files (x86)\the enigma protector\examples\keygenunicode\fpcx64\keygen.res
c:\program files (x86)\the enigma protector\examples\keygenunicode\fpcx64\keygen64.dll
c:\program files (x86)\the enigma protector\examples\keygenunicode\fpcx64\main.dfm
c:\program files (x86)\the enigma protector\examples\keygenunicode\fpcx64\main.pas
c:\program files (x86)\the enigma protector\examples\keygenunicode\vc\default.enigma
c:\program files (x86)\the enigma protector\examples\keygenunicode\vc\keygen.cpp
c:\program files (x86)\the enigma protector\examples\keygenunicode\vc\keygen.dll
c:\program files (x86)\the enigma protector\examples\keygenunicode\vc\keygen.dsp
c:\program files (x86)\the enigma protector\examples\keygenunicode\vc\keygen.dsw
c:\program files (x86)\the enigma protector\examples\keygenunicode\vc\keygen.h
c:\program files (x86)\the enigma protector\examples\keygenunicode\vc\keygen.ico
c:\program files (x86)\the enigma protector\examples\keygenunicode\vc\keygen.rc
c:\program files (x86)\the enigma protector\examples\keygenunicode\vc\keygen.rc2
c:\program files (x86)\the enigma protector\examples\keygenunicode\vc\keygen.sln
c:\program files (x86)\the enigma protector\examples\keygenunicode\vc\keygen.vcproj
c:\program files (x86)\the enigma protector\examples\keygenunicode\vc\keygendlg.cpp
c:\program files (x86)\the enigma protector\examples\keygenunicode\vc\keygendlg.h
c:\program files (x86)\the enigma protector\examples\keygenunicode\vc\resource.h
c:\program files (x86)\the enigma protector\examples\keygenunicode\vc\stdafx.cpp
c:\program files (x86)\the enigma protector\examples\keygenunicode\vc\stdafx.h
c:\program files (x86)\the enigma protector\examples\keygenunicode\vcx64\default.enigma
c:\program files (x86)\the enigma protector\examples\keygenunicode\vcx64\keygen.cpp
c:\program files (x86)\the enigma protector\examples\keygenunicode\vcx64\keygen.dsp
c:\program files (x86)\the enigma protector\examples\keygenunicode\vcx64\keygen.dsw
c:\program files (x86)\the enigma protector\examples\keygenunicode\vcx64\keygen.h
c:\program files (x86)\the enigma protector\examples\keygenunicode\vcx64\keygen.ico
c:\program files (x86)\the enigma protector\examples\keygenunicode\vcx64\keygen.rc
c:\program files (x86)\the enigma protector\examples\keygenunicode\vcx64\keygen.rc2
c:\program files (x86)\the enigma protector\examples\keygenunicode\vcx64\keygen.sln
c:\program files (x86)\the enigma protector\examples\keygenunicode\vcx64\keygen.vcproj
c:\program files (x86)\the enigma protector\examples\keygenunicode\vcx64\keygen64.dll
c:\program files (x86)\the enigma protector\examples\keygenunicode\vcx64\keygen64.lib
c:\program files (x86)\the enigma protector\examples\keygenunicode\vcx64\keygendlg.cpp
c:\program files (x86)\the enigma protector\examples\keygenunicode\vcx64\keygendlg.h
c:\program files (x86)\the enigma protector\examples\keygenunicode\vcx64\resource.h
c:\program files (x86)\the enigma protector\examples\keygenunicode\vcx64\stdafx.cpp
c:\program files (x86)\the enigma protector\examples\keygenunicode\vcx64\stdafx.h
c:\program files (x86)\the enigma protector\system\keygen.bin
c:\programdata\bluestacks\userdata\inputmapper\com.fluik.plumbercrack.cfg
c:\programdata\bluestacks\userdata\inputmapper\com.polarbit.crackingsands.cfg
c:\programdata\bluestacks\userdata\inputmapper\com.polarbit.crackingsandsads.cfg
c:\programdata\bluestacks\userdata\inputmapper\org.supergonk.safecrackerpremium.cfg
c:\sandbox\mpnr_\defaultbox\drive\x\internet explorer.exe\cracking\ezleecherv3\data\ignore_list.txt
c:\sandbox\mpnr_\defaultbox\drive\x\internet explorer.exe\cracking\ezleecherv3\data\query_list.txt
c:\sandbox\mpnr_\defaultbox\drive\x\internet explorer.exe\cracking\ezleecherv3\data\history\leecher\leeched_all.txt
c:\sandbox\mpnr_\defaultbox\drive\x\internet explorer.exe\cracking\ezleecherv3\data\history\search\history_all.txt
c:\sandbox\mpnr_\defaultbox\drive\x\internet explorer.exe\cracking\rdpcracking\dubrute_2.1\config.ini
c:\sandbox\mpnr_\defaultbox\drive\x\internet explorer.exe\cracking\rdpcracking\dubrute_2.1\source.txt
c:\sandbox\mpnr_\defaultbox\drive\x\internet explorer.exe\cracking\steam cracker\project_steam-04_30_59\good_games.txt
c:\sandbox\mpnr_\defaultbox\drive\x\internet explorer.exe\cracking\steam cracker\project_steam-04_30_59\good_logins.txt
c:\sandbox\mpnr_\defaultbox\drive\x\internet explorer.exe\cracking\steam cracker\project_steam-04_30_59\good_mails.txt
c:\sandbox\mpnr_\defaultbox\drive\x\internet explorer.exe\cracking\steam cracker\project_steam-04_30_59\good_nogames.txt
c:\sandbox\mpnr_\defaultbox\drive\x\internet explorer.exe\cracking\steam cracker\project_steam-04_30_59\login_parser_ostatok_1 accs.txt
c:\sandbox\mpnr_\defaultbox\drive\x\internet explorer.exe\cracking\steam cracker\project_steam-04_30_59\spamblock_mails.txt
c:\sandbox\mpnr_\defaultbox\user\current\appdata\local\crashdumps\hawkeyekeylogger - cracked.exe.8596.dmp
c:\sandbox\mpnr_\defaultbox\user\current\appdata\local\crashdumps\oebuilderv4.2_cracked.exe.7532.dmp
c:\sandbox\mpnr_\defaultbox\user\current\appdata\local\crashdumps\proxylite_cracked_by_anonymous.exe.7248.dmp
c:\sandbox\mpnr_\defaultbox\user\current\appdata\local\crashdumps\satobot-cracked-by-theblackcrack.exe.2624.dmp
c:\sandbox\mpnr_\defaultbox\user\current\appdata\local\microsoft\windows\wer\reportarchive\appcrash_bf cracked.exe_3c38596e5915b87fd92e8d1587127296d75d98a_088fccef\report.wer
c:\sandbox\mpnr_\defaultbox\user\current\appdata\local\microsoft\windows\wer\reportarchive\appcrash_debug cracker.ex_3c74e7603d8d96f242a35dec5e719cea985060_09fcfa75\report.wer
c:\sandbox\mpnr_\defaultbox\user\current\appdata\local\microsoft\windows\wer\reportarchive\appcrash_debug cracker.ex_3c74e7603d8d96f242a35dec5e719cea985060_0ceb5fac\report.wer
c:\sandbox\mpnr_\defaultbox\user\current\appdata\local\microsoft\windows\wer\reportarchive\appcrash_debug cracker.ex_3c74e7603d8d96f242a35dec5e719cea985060_33e7fb11\report.wer
c:\sandbox\mpnr_\defaultbox\user\current\appdata\local\microsoft\windows\wer\reportarchive\appcrash_iturbo - cracked_e44e5e4e66b7597c4bf0f6ff31884eb5f82835a_303a6ec3\report.wer
c:\sandbox\mpnr_\defaultbox\user\current\appdata\local\microsoft\windows\wer\reportarchive\appcrash_platinum cracker_f1f9cedd44f73d94df86e0d4a59c6234cac35e0_188031fc\report.wer
c:\sandbox\mpnr_\defaultbox\user\current\appdata\local\microsoft\windows\wer\reportarchive\appcrash_proxylite_cracke_ad4bf9748280e28e4f5a81845bb8a6cb8e182a4_283ca230\report.wer
c:\sandbox\mpnr_\defaultbox\user\current\appdata\local\microsoft\windows\wer\reportarchive\appcrash_satobot-cracked-_f88caac23029d0a33ee6e457309f39f49bffe73_067556dc\report.wer
c:\sandbox\mpnr_\defaultbox\user\current\appdata\local\microsoft\windows\wer\reportarchive\appcrash_tweetupcracked.e_b1d9f281e5994fbbf5bc7c8ce637a2e72ed182bb_27f84140\report.wer
c:\sandbox\mpnr_\defaultbox\user\current\appdata\local\temp\crack.exe
c:\sandbox\mpnr_\defaultbox\user\current\appdata\local\temp\plasma rat - cracked by theblackcrack.exe
c:\sandbox\mpnr_\defaultbox\user\current\desktop\vmwareworkstationuniversalkeygenishereupdated__15047_i1591613610_il785885.exe
c:\sandbox\mpnr_\defaultbox\user\current\desktop\lolcracker - cracked by anonymous\proxies.txt
c:\sandbox\mpnr_\defaultbox\user\current\desktop\rdp auto cracker\dubrute\config.ini
c:\users\dell\desktop\xeno bot cracked — skrót.lnk
c:\users\mpnr_\desktop\b\crack magebot\magebot\lua51.dll
c:\users\mpnr_\desktop\b\crack magebot\magebot\mtiles.bin
c:\users\mpnr_\desktop\b\crack magebot\magebot\newscript.lua
c:\users\mpnr_\desktop\b\crack magebot\magebot\noobsettings.txt
c:\users\mpnr_\desktop\b\crack magebot\magebot\otitenids.txt
c:\users\mpnr_\desktop\b\crack magebot\magebot\ot_100gptoplat.lua
c:\users\mpnr_\desktop\b\crack magebot\magebot\packet.dll
c:\users\mpnr_\desktop\b\crack magebot\magebot\paladinsettings.txt
c:\users\mpnr_\desktop\b\crack magebot\magebot\pzzones.txt
c:\users\mpnr_\desktop\b\crack magebot\magebot\record.sav
c:\users\mpnr_\desktop\b\crack magebot\magebot\recordnons.dat
c:\users\mpnr_\desktop\b\crack magebot\magebot\runemaker.lua
c:\users\mpnr_\desktop\b\crack magebot\magebot\runemonsterex.lua
c:\users\mpnr_\desktop\b\crack magebot\magebot\safelist.txt
c:\users\mpnr_\desktop\b\crack magebot\magebot\safemode1st.txt
c:\users\mpnr_\desktop\b\crack magebot\magebot\sample.lua
c:\users\mpnr_\desktop\b\crack magebot\magebot\script_gui.lua
c:\users\mpnr_\desktop\b\crack magebot\magebot\script_loader.lua
c:\users\mpnr_\desktop\b\crack magebot\magebot\server.exe
c:\users\mpnr_\desktop\b\crack magebot\magebot\settings.txt
c:\users\mpnr_\desktop\b\crack magebot\magebot\sorcerersettings.txt
c:\users\mpnr_\desktop\b\crack magebot\magebot\stoptiles.bin
c:\users\mpnr_\desktop\b\crack magebot\magebot\targeting.txt
c:\users\mpnr_\desktop\b\crack magebot\magebot\tradehelper.txt
c:\users\mpnr_\desktop\b\crack magebot\magebot\uninstall.exe
c:\users\mpnr_\desktop\b\crack magebot\magebot\utils.lua
c:\users\mpnr_\desktop\satobot\satobot-cracked-by-theblackcrack.exe
c:\users\mpnr_\documents\image-line\data\drumaxx\drum patches\sound fx\crack.dmpatch
c:\users\mpnr_\documents\image-line\data\hardcore\i cracked my tube!.hdprg
c:\users\mpnr_\documents\image-line\data\hardcore\default\i cracked my tube!.hdprg
c:\users\mpnr_\documents\image-line\data\sawer\ambient\mc cracked.sawer
scanner sequence 3.ZZ.11.JXAPAZ
 ----- EOF ----- 

hxxp://127.0.0.1:8445/okayfreedom.pac
Hosts: 127.0.0.1 blackshades.ru
FF NetworkProxy: "socks", "194.50.177.187"
FF NetworkProxy: "socks_port", 37847

 

This is probbably a reverse proxy feature from a malware!

Please help me find the malware ASAP!

I still dont know where the file is and still didint delete it.

 

I deleted all files i was suppsoed to upload to virustotal



#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 PM

Posted 17 November 2015 - 04:40 PM

If you are using crack-keygen software , remove them all.

 

 

Please help me find the malware ASAP!
I still dont know where the file is and still didint delete it.

 
We do not support any piracy. I told you to remove the crack-keygen softwares. But did you not remove them.
This situation, the topic requires shutdown.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 help_meh

help_meh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 18 November 2015 - 06:14 AM

 

If you are using crack-keygen software , remove them all.

 

 

Please help me find the malware ASAP!
I still dont know where the file is and still didint delete it.

 
We do not support any piracy. I told you to remove the crack-keygen softwares. But did you not remove them.
This situation, the topic requires shutdown.

 

I removed all pirated software i could find on my computer.

Please guide me what to remove so u can help me.



#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 PM

Posted 18 November 2015 - 12:04 PM

Hi help_meh,

 Please do the following,
Uninstall some programs:
We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • uTorrent
  • Tencent
  • Skillbrains
  • Gyazo
  • TeamViewer
  • Game Booster
  • Spotflux
  • Hotspot Shield Extension
  • C:\Program Files (x86)\IObit
  • C:\Program Files (x86)\Gyazo

After completing uninstalls, please manually reboot your machine!
:step1:    If you get the message like: An error occurred while trying to uninstall, just press Yes.
:step2:    If you are unable to uninstall all programs, please inform me, but continue with other steps.
 
Please PC restart now.
====================================================================================
IObit software products are installed on your system!

The company behind this product was found to be stealing our database. Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.

Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.

=====================================================================================
İnforming:
To protect these types of Ad-wares you have to be careful on some points.

  • You should not download any software from 3rd party downloading websites, Only download from their own website.
  • You should not keep ticked any unwanted check mark which are prompts while installing any software.
  • You should read the all agreement which is prompts while installing any software.
  • You should not open any executive file which is comes by e-mail if you really don’t know their publisher.

Before I conclude I would like to say a few things. Please create a system restore point first before you install any new software. Pay attention during the installation process. Don’t trust the word ‘Free’. Don’t just click on Next, Next, Next. Even the official installer of a legitimate software like Java includes third-party offers! Opt out where you can, if you cant, simply exit the installation process. So you have to be aware during the installation process!

 İt is important that you pay attention to the license agreements and installation screens when installing anything. ‘Think before you click on any Download link blindly’!
 

Step 1:
 FRST Script:
 Please download this attached Attached File  Fixlist.txt   8.25KB   5 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 5:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 help_meh

help_meh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 18 November 2015 - 05:05 PM

Thank for your reply!

I tried removing the software but i can't see more then 50% of it, such a utorrent and gyazo.

 

Also i would like you to help me remove the software of the company you mentioned as well!
I ran the fixlist, here is the fixlog

Fix resultaat van Farbar Recovery Scan Tool (x64) Versie:18-11-2015
Gestart door mPnR_ (2015-11-18 22:40:11) Run:2
Gestart vanaf C:\Users\mPnR_\Desktop
Geladen Profielen: dell & mPnR_ (Beschikbare Profielen: dell & mPnR_)
Boot Modus: Normal
==============================================

fixlist inhoud:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {01AC245C-7E68-468D-935F-169BF34897E3} - System32\Tasks\{AD2D4100-9E9A-4856-B34F-73142A32039D} => Chrome.exe hxxp://ui.skype.com/ui/0/7.5.80.102/pl/abandoninstall?page=tsProgressBar
Task: {131FB841-8A8C-4FC4-8DFB-DE453786C1CE} - System32\Tasks\Update\Google Update => Chrome.exe  <==== AANDACHT
Task: {78CE509D-3415-442A-9B5F-22FE2DE3CEFF} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {8F83AF3F-FD3D-4178-B246-08B634AE5E3D} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe
Task: {C4C83C1C-AE25-4CF9-9BCC-8806E34639D9} - System32\Tasks\{B2F3C825-F185-4CF4-9E8F-4CAA2E74F5DB} => Chrome.exe hxxp://ui.skype.com/ui/0/7.1.0.105/pl/abandoninstall?page=tsProgressBar
Task: {CA063141-86A1-4B25-B2A3-84FC8E15A40E} - System32\Tasks\{B254D715-5E9E-47B9-B404-815AE025B365} => pcalua.exe -a C:\Users\dell\Downloads\dotNetFx35setup(1).exe -d C:\Users\dell\Downloads
Task: {E7DAA826-807F-4513-866B-E2324E7165CC} - System32\Tasks\{37D8DAE1-4DE3-44D4-ABE9-89ABA1EE961A} => pcalua.exe -a C:\Users\mPnR_\Downloads\MagebotSetupvT1031(1).exe -d C:\Users\mPnR_\Downloads
Task: {C0FF1DD3-E34C-41F6-8B52-48EE627FE5A5} - System32\Tasks\{0B128D75-3B3C-475D-9017-C61F3C41D3C4} => pcalua.exe -a C:\Users\mPnR_\Downloads\MagebotSetupvT1034(2).exe -d C:\Users\mPnR_\Downloads
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\TEMP:6BE50C2B
AlternateDataStreams: C:\Users\dell\Application Data:NT
AlternateDataStreams: C:\Users\dell\AppData\Roaming:NT
AlternateDataStreams: C:\Users\mPnR_\Application Data:NT2
AlternateDataStreams: C:\Users\mPnR_\AppData\Roaming:NT2
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\92575634.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\92575634.sys => ""="Driver"
IE trusted site: HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\aeriagames.com -> hxxp://aeriagames.com
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gyazo
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightShot
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon
MSCONFIG\startupreg: LightShot => C:\Users\mPnR_\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-799834153-1171727689-305855866-1173\...\MountPoints2: {899be3ee-b7f5-11e3-bec4-e1c3d053300c} - G:\LGAutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Geen bestand
GroupPolicyUsers\S-1-5-21-799834153-1171727689-305855866-1175\User: Restrictie <======= AANDACHT
GroupPolicyScripts\User: Restrictie <======= AANDACHT
CHR HKLM\SOFTWARE\Policies\Google: Restrictie <======= AANDACHT
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [Geen bestand]
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [Geen bestand]
FF Extension: Browser A.I - C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\browserai@jetpack.xpi [2015-07-01] [ niet getekend]
FF Extension: sozi - C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\sozi@jetpack.xpi [2015-02-19] [ niet getekend]
FF Extension: TrackMeNot - C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\trackmenot@mrl.nyu.edu.xpi [2015-06-10]
FF Extension: Vlc context menu - C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\vlcplaylist@helgatauscher.de.xpi [2015-08-30]
FF Extension: Adblock Plus - C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-02]
FF Extension: HackBar - C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi [2015-08-22]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com
CHR HomePage: Default -> hxxp://public-box.ru/start
CHR StartupUrls: Default -> "hxxp://public-box.ru/start"
CHR Profile: C:\Users\mPnR_\AppData\Local\Google\Chrome\User Data\Default
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-07-11] (Spotflux, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
SearchScopes: HKU\S-1-5-21-799834153-1171727689-305855866-1173 -> DefaultScope {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?sid=101&q={searchTerms}
SearchScopes: HKU\S-1-5-21-799834153-1171727689-305855866-1173 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?sid=101&q={searchTerms}
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Users\mPnR_\Downloads\Satobot-Cracked-By-TheBlackCrack.zip
C:\Users\mPnR_\AppData\Roaming\Python
2015-10-14 10:24 - 2015-10-14 10:26 - 00000000 ____D C:\Users\mPnR_\AppData\Roaming\PixelChampions
C:\Users\mPnR_\AppData\Roaming\.purple
2015-11-09 17:04 - 2014-02-17 01:16 - 00000000 ____D C:\Users\mPnR_\AppData\Roaming\TeamViewer
2015-11-09 12:05 - 2015-02-21 23:59 - 00000000 ____D C:\Users\mPnR_\AppData\Roaming\Steganos VPN
2014-06-23 00:09 - 2014-06-23 00:09 - 0099043 _____ () C:\Users\mPnR_\AppData\Roaming\icarus-dxdiag.xml
2014-12-07 13:55 - 2014-12-07 13:55 - 0006183 _____ () C:\Users\mPnR_\AppData\Roaming\MmzNb.torrent
2014-12-07 13:56 - 2014-12-07 13:56 - 0006183 _____ () C:\Users\mPnR_\AppData\Roaming\Pmn.torrent
2015-04-28 21:44 - 2015-04-28 21:44 - 4464145 _____ () C:\Users\mPnR_\AppData\Roaming\scan.exe
2015-04-28 21:49 - 2015-08-17 10:22 - 0007107 _____ () C:\Users\mPnR_\AppData\Roaming\sshds.txt
2014-08-30 08:19 - 2014-08-30 08:20 - 0016384 ___SH () C:\Users\mPnR_\AppData\Roaming\Thumbs.db
2015-03-15 02:21 - 2015-05-31 11:55 - 0000600 _____ () C:\Users\mPnR_\AppData\Roaming\winscp.rnd
2014-12-07 14:10 - 2014-12-07 14:10 - 0006183 _____ () C:\Users\mPnR_\AppData\Roaming\WTfTI.torrent
AutoConfigURL: [S-1-5-21-799834153-1171727689-305855866-1173] => hxxp://127.0.0.1:8445/okayfreedom.pac
Hosts: 127.0.0.1 blackshades.ru
FF ProfilePath: C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489
FF NetworkProxy: "socks", "194.50.177.187"
FF NetworkProxy: "socks_port", 37847
FF DefaultSearchEngine: terra.im
FF SelectedSearchEngine: terra.im
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
hxxp://127.0.0.1:8445/okayfreedom.pac
FF NetworkProxy: "socks", "194.50.177.187"
FF NetworkProxy: "socks_port", 37847
C:\Users\mPnR_\Downloads\Satobot-Cracked-By-TheBlackCrack.zip
C:\Users\mPnR_\Downloads\Whatsapp Bulk Sender Cracked by TheProxy.rar
C:\Users\mPnR_\Downloads\zkbcty.csv
C:\Users\mPnR_\AppData\Local\abajfvg.reg
C:\Users\mPnR_\AppData\Local\ofbtbkyhh.reg
CMD: bitsadmin /reset /allusers
Hosts:
RemoveProxy:
cmd: netsh winsock reset
EmptyTemp:
Reboot:
*****************

Herstelpunt is succesfol gemaakt.
Proces succesvol afgesloten.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01AC245C-7E68-468D-935F-169BF34897E3}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01AC245C-7E68-468D-935F-169BF34897E3}" => sleutel is succesvol verwijderd.
C:\Windows\System32\Tasks\{AD2D4100-9E9A-4856-B34F-73142A32039D} => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AD2D4100-9E9A-4856-B34F-73142A32039D}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{131FB841-8A8C-4FC4-8DFB-DE453786C1CE}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{131FB841-8A8C-4FC4-8DFB-DE453786C1CE}" => sleutel is succesvol verwijderd.
C:\Windows\System32\Tasks\Update\Google Update => niet gevonden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update\Google Update" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{78CE509D-3415-442A-9B5F-22FE2DE3CEFF}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78CE509D-3415-442A-9B5F-22FE2DE3CEFF}" => sleutel is succesvol verwijderd.
C:\Windows\System32\Tasks\Game_Booster_AutoUpdate => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Booster_AutoUpdate" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F83AF3F-FD3D-4178-B246-08B634AE5E3D}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F83AF3F-FD3D-4178-B246-08B634AE5E3D}" => sleutel is succesvol verwijderd.
C:\Windows\System32\Tasks\GyazoUpdateTaskMachine => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GyazoUpdateTaskMachine" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4C83C1C-AE25-4CF9-9BCC-8806E34639D9}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4C83C1C-AE25-4CF9-9BCC-8806E34639D9}" => sleutel is succesvol verwijderd.
C:\Windows\System32\Tasks\{B2F3C825-F185-4CF4-9E8F-4CAA2E74F5DB} => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B2F3C825-F185-4CF4-9E8F-4CAA2E74F5DB}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA063141-86A1-4B25-B2A3-84FC8E15A40E}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA063141-86A1-4B25-B2A3-84FC8E15A40E}" => sleutel is succesvol verwijderd.
C:\Windows\System32\Tasks\{B254D715-5E9E-47B9-B404-815AE025B365} => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B254D715-5E9E-47B9-B404-815AE025B365}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7DAA826-807F-4513-866B-E2324E7165CC}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7DAA826-807F-4513-866B-E2324E7165CC}" => sleutel is succesvol verwijderd.
C:\Windows\System32\Tasks\{37D8DAE1-4DE3-44D4-ABE9-89ABA1EE961A} => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{37D8DAE1-4DE3-44D4-ABE9-89ABA1EE961A}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0FF1DD3-E34C-41F6-8B52-48EE627FE5A5}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0FF1DD3-E34C-41F6-8B52-48EE627FE5A5}" => sleutel is succesvol verwijderd.
C:\Windows\System32\Tasks\{0B128D75-3B3C-475D-9017-C61F3C41D3C4} => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0B128D75-3B3C-475D-9017-C61F3C41D3C4}" => sleutel is succesvol verwijderd.
C:\ProgramData => ":NT" ADS is succesvol verwijderd..
C:\ProgramData => ":NT2" ADS is succesvol verwijderd..
"C:\Users\All Users" => ":NT" ADS niet gevonden.
"C:\Users\All Users" => ":NT2" ADS niet gevonden.
"C:\ProgramData\Application Data" => ":NT" ADS niet gevonden.
"C:\ProgramData\Application Data" => ":NT2" ADS niet gevonden.
C:\ProgramData\TEMP => ":6BE50C2B" ADS is succesvol verwijderd..
"C:\Users\dell\Application Data" => ":NT" ADS niet gevonden.
C:\Users\dell\AppData\Roaming => ":NT" ADS is succesvol verwijderd..
"C:\Users\mPnR_\Application Data" => ":NT2" ADS niet gevonden.
C:\Users\mPnR_\AppData\Roaming => ":NT2" ADS is succesvol verwijderd..
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\92575634.sys => sleutel niet gevonden. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\92575634.sys => sleutel niet gevonden. 
"HKU\S-1-5-21-799834153-1171727689-305855866-1173\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aeriagames.com" => sleutel is succesvol verwijderd.
HKU\S-1-5-21-799834153-1171727689-305855866-1173\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aeriagames.com => sleutel niet gevonden. 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring => Fout: Geen automatische fix gevonden voor dit item.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gyazo => Fout: Geen automatische fix gevonden voor dit item.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightShot => Fout: Geen automatische fix gevonden voor dit item.
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe => Fout: Geen automatische fix gevonden voor dit item.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon => Fout: Geen automatische fix gevonden voor dit item.
MSCONFIG\startupreg: LightShot => C:\Users\mPnR_\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue => Fout: Geen automatische fix gevonden voor dit item.
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe => Fout: Geen automatische fix gevonden voor dit item.
HKU\S-1-5-21-799834153-1171727689-305855866-1173\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => waarde is succesvol verwijderd.
HKU\S-1-5-21-799834153-1171727689-305855866-1173\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => waarde is succesvol verwijderd.
HKU\S-1-5-21-799834153-1171727689-305855866-1173\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => waarde is succesvol verwijderd.
HKU\S-1-5-21-799834153-1171727689-305855866-1173\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{899be3ee-b7f5-11e3-bec4-e1c3d053300c} => sleutel niet gevonden. 
HKCR\CLSID\{899be3ee-b7f5-11e3-bec4-e1c3d053300c} => sleutel niet gevonden. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => sleutel is succesvol verwijderd.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => sleutel niet gevonden. 
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-799834153-1171727689-305855866-1175\User => is succesvol verplaatst.
C:\Windows\system32\GroupPolicy\GPT.ini => is succesvol verplaatst.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => is succesvol verplaatst.
C:\Windows\system32\GroupPolicy\User => is succesvol verplaatst.
"HKLM\SOFTWARE\Policies\Google" => sleutel is succesvol verwijderd.
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npchrome" => sleutel is succesvol verwijderd.
HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npqscall => sleutel niet gevonden. 
C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\browserai@jetpack.xpi => is succesvol verplaatst.
C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\sozi@jetpack.xpi => is succesvol verplaatst.
C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\trackmenot@mrl.nyu.edu.xpi => is succesvol verplaatst.
C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\vlcplaylist@helgatauscher.de.xpi => is succesvol verplaatst.
C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi => is succesvol verplaatst.
C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi => is succesvol verplaatst.
C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\Extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi => pad is succesvol verwijderd.
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com => niet gevonden.
Chrome HomePage => is succesvol verwijderd.
Chrome StartupUrls => is succesvol verwijderd.
CHR Profile: C:\Users\mPnR_\AppData\Local\Google\Chrome\User Data\Default => Fout: Geen automatische fix gevonden voor dit item.
TeamViewer => dienst niet gevonden.
tapSF0901 => dienst is succesvol verwijderd.
EagleX64 => dienst is succesvol verwijderd.
HKU\S-1-5-21-799834153-1171727689-305855866-1173\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => waarde is succesvol verwijderd.
HKU\S-1-5-21-799834153-1171727689-305855866-1173\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} => sleutel niet gevonden. 
HKCR\CLSID\{4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} => sleutel niet gevonden. 
VGPU => dienst is succesvol verwijderd.
WinRing0_1_2_0 => dienst is succesvol verwijderd.
X6va013 => dienst is succesvol verwijderd.
xhunter1 => dienst is succesvol verwijderd.
"C:\Users\mPnR_\Downloads\Satobot-Cracked-By-TheBlackCrack.zip" => niet gevonden.
C:\Users\mPnR_\AppData\Roaming\Python => is succesvol verplaatst.
C:\Users\mPnR_\AppData\Roaming\PixelChampions => is succesvol verplaatst.
C:\Users\mPnR_\AppData\Roaming\.purple => is succesvol verplaatst.
C:\Users\mPnR_\AppData\Roaming\TeamViewer => is succesvol verplaatst.
C:\Users\mPnR_\AppData\Roaming\Steganos VPN => is succesvol verplaatst.
C:\Users\mPnR_\AppData\Roaming\icarus-dxdiag.xml => is succesvol verplaatst.
C:\Users\mPnR_\AppData\Roaming\MmzNb.torrent => is succesvol verplaatst.
C:\Users\mPnR_\AppData\Roaming\Pmn.torrent => is succesvol verplaatst.
"C:\Users\mPnR_\AppData\Roaming\scan.exe" => niet gevonden.
C:\Users\mPnR_\AppData\Roaming\sshds.txt => is succesvol verplaatst.
C:\Users\mPnR_\AppData\Roaming\Thumbs.db => is succesvol verplaatst.
C:\Users\mPnR_\AppData\Roaming\winscp.rnd => is succesvol verplaatst.
C:\Users\mPnR_\AppData\Roaming\WTfTI.torrent => is succesvol verplaatst.
HKU\S-1-5-21-799834153-1171727689-305855866-1173\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => waarde is succesvol verwijderd.
C:\Windows\System32\Drivers\etc\hosts => is succesvol verplaatst.
Hosts met succes hersteld.
FF ProfilePath: C:\Users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489 => FRST zal deze map niet verplaatsen.
Firefox Proxy-instellingen zijn hersteld.
FF NetworkProxy: "socks_port", 37847 => niet gevonden
FF DefaultSearchEngine: terra.im => niet gevonden
FF SelectedSearchEngine: terra.im => niet gevonden
Firefox "homepage" is succesvol verwijderd.
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/ => niet gevonden
hxxp://127.0.0.1:8445/okayfreedom.pac => Fout: Geen automatische fix gevonden voor dit item.
FF NetworkProxy: "socks", "194.50.177.187" => niet gevonden
FF NetworkProxy: "socks_port", 37847 => niet gevonden
"C:\Users\mPnR_\Downloads\Satobot-Cracked-By-TheBlackCrack.zip" => niet gevonden.
"C:\Users\mPnR_\Downloads\Whatsapp Bulk Sender Cracked by TheProxy.rar" => niet gevonden.
"C:\Users\mPnR_\Downloads\zkbcty.csv" => niet gevonden.
C:\Users\mPnR_\AppData\Local\abajfvg.reg => is succesvol verplaatst.
C:\Users\mPnR_\AppData\Local\ofbtbkyhh.reg => is succesvol verplaatst.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= Eind van CMD: =========

C:\Windows\System32\Drivers\etc\hosts => is succesvol verplaatst.
Hosts met succes hersteld.

========= RemoveProxy: =========

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => waarde is succesvol verwijderd.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => waarde is succesvol verwijderd.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => waarde is succesvol verwijderd.
HKU\S-1-5-21-799834153-1171727689-305855866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => waarde is succesvol verwijderd.
HKU\S-1-5-21-799834153-1171727689-305855866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => waarde is succesvol verwijderd.
HKU\S-1-5-21-799834153-1171727689-305855866-1173\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => waarde is succesvol verwijderd.
HKU\S-1-5-21-799834153-1171727689-305855866-1173\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => waarde is succesvol verwijderd.


========= Eind van RemoveProxy: =========


=========  netsh winsock reset =========


Pomyslnie zresetowano Winsock Catalog.
Musisz ponownie uruchomic komputer, aby ukonczyc resetowanie.


========= Eind van CMD: =========

EmptyTemp: => 661.9 MB tijdelijke gegevens verwijderd.


Het systeem moest herstart worden.

==== Eind van Fixlog 22:41:26 ====

I couldn't run the rest of the programs such as adwcleaner casus it gives me error saying there is a update and redirects me to a malicious download file.

 

Please let me know what do do now.



#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 PM

Posted 18 November 2015 - 07:01 PM

I couldn't run the rest of the programs such as adwcleaner casus it gives me error saying there is a update and redirects me to a malicious download file.

Under Vista/Seven, right click -> Run as Administrator

 

first run Malwarebytes.

Next >> Junkware and ZHP

lastly >> run Adwcleaner


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 help_meh

help_meh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 19 November 2015 - 01:50 PM

 

I couldn't run the rest of the programs such as adwcleaner casus it gives me error saying there is a update and redirects me to a malicious download file.

Under Vista/Seven, right click -> Run as Administrator

 

first run Malwarebytes.

Next >> Junkware and ZHP

lastly >> run Adwcleaner

 

 

ZHPCleaner.txt
 

~ ZHPCleaner v2015.11.18.381 by Nicolas Coolman (2015/11/18)
~ Run by mPnR_ (Administrator)  (19/11/2015 19:36:50)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\mPnR_\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\mPnR_\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (1)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (132)
MOVED folder: C:\Program Files (x86)\32  =>Heuristique.Suspect
MOVED folder: C:\Users\mPnR_\Documents\Tencent Files  =>PUP.Optional.TencentAddressBar
MOVED folder: C:\Users\mPnR_\AppData\Local\Google\Chrome\User Data\Default\File System\008  =>PUP.Optional.DomaIQ
MOVED folder: C:\Windows\Installer\MSI10C6.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI10E5.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI11BF.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI1230.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI139C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI1523.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI18BB.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI18C0.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI19EC.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI1AA.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI1D67.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI1DB1.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI1E21.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI1F35.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI21EB.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI2236.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI2263.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI2286.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI22BB.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI2521.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI2631.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI28CA.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI2967.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI2987.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI2C0B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI2DDA.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI2DDB.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI2E01.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI2FCF.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI33F5.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI350.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI352C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI3793.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI37F9.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI39AF.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI3A2C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI3AE1.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI3B9.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI3D03.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI3D01.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI3EDD.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI40FF.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI442C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI4516.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI4592.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI4782.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI4812.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI494B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI4C29.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI4F27.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI5244.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI535A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI559A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI5C6B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI5D41.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI5F5B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI629F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI63BF.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI64E8.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI666.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI6834.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI6881.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI6BC9.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI6D15.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI6DC7.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI6E83.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7205.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI724B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI73A0.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7502.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI768C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI769C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7778.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7782.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7998.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7A1.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7C92.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI812A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8386.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8447.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI865F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8AC8.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8B57.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8E66.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI902F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI92AB.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9650.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9685.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI97CA.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9CD4.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9DA8.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9F2B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA20A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA2AC.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA363.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA47F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA5E2.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA60A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA601.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA62E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA8DF.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA906.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIADB2.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIAF15.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIB3B9.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIB51F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIB5A5.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC1C0.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC26B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC501.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC79A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSICC7B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSICF3A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSICF6E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID1C3.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID256.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID5B2.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID7E0.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID94.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIDB73.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIDE6E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE318.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE70F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIEA43.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIEBD4.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIEDEB.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF867.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF8CF.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIFF55.tmp-  =>Empty


---\\  Registry ( Key, Value, Data) (21)
DELETED key*: HKEY_USERS\S-1-5-21-799834153-1171727689-305855866-1173\Software\Classes\Tencent []  =>PUP.Optional.TencentAddressBar
DELETED key*: [X64] HKLM\SOFTWARE\Classes\TorchFlvPlayer.flv []  =>.Superfluous.Torch
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Applications\TorchSetup.exe []  =>.Superfluous.Torch
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightShot [C:\Users\mPnR_\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue (Not File)]  =>PUP.Optional.Skillbrains
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon [C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (Not File)]  =>PUP.Optional.Mobogenie
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\driverscanner_RASAPI32 []  =>PUP.Optional.DriverScanner
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\driverscanner_RASMANCS []  =>PUP.Optional.DriverScanner
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Keyword Advantage_RASAPI32 []  =>PUP.Optional.MediaAdVantage
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Keyword Advantage_RASMANCS []  =>PUP.Optional.MediaAdVantage
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Offercast2802_MYC__RASAPI32 []  =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Offercast2802_MYC__RASMANCS []  =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Sharecash Survey Helper_RASAPI32 []  =>PUP.Optional.Elex
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Sharecash Survey Helper_RASMANCS []  =>PUP.Optional.Elex
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmartbarExeInstaller_RASAPI32 []  =>PUP.Optional.QuickShare
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmartbarExeInstaller_RASMANCS []  =>PUP.Optional.QuickShare
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TorchSetup_RASAPI32 []  =>.Superfluous.Torch
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TorchSetup_RASMANCS []  =>.Superfluous.Torch
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\torch_RASAPI32 []  =>.Superfluous.Torch
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\torch_RASMANCS []  =>.Superfluous.Torch
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\webcake_5202013-11E4_RASAPI32 []  =>PUP.Optional.WebCake
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\webcake_5202013-11E4_RASMANCS []  =>PUP.Optional.WebCake


---\\  Summary of the elements found (13)
http://www.nicolascoolman.fr/blog  =>Heuristique.Suspect
http://www.nicolascoolman.fr/adware-tencentaddressbar/  =>PUP.Optional.TencentAddressBar
http://www.nicolascoolman.fr/adware-domaiq/  =>PUP.Optional.DomaIQ

http://www.nicolascoolman.fr/blog  =>.Superfluous.Torch
http://www.nicolascoolman.fr/blog  =>PUP.Optional.Skillbrains
http://www.nicolascoolman.fr/pup-mobogenie/  =>PUP.Optional.Mobogenie
http://www.nicolascoolman.fr/blog  =>PUP.Optional.DriverScanner
http://www.nicolascoolman.fr/blog  =>PUP.Optional.MediaAdVantage
http://www.nicolascoolman.fr/toolbar-ask/  =>Toolbar.Ask
http://www.nicolascoolman.fr/pup-elex/  =>PUP.Optional.Elex
http://www.nicolascoolman.fr/pup-quickshare/  =>PUP.Optional.QuickShare
http://www.nicolascoolman.fr/adware-webcake/  =>PUP.Optional.WebCake


---\\  Other deletions. (0)
~ Registry Keys Tracing deleted (0)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully


---\\ Statistics
~ Items scanned : 1012
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 153


~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-19112015-19_37_37.txt
ZHPCleaner-[S]-19112015-19_36_31.txt

AdwCleaner.txt

# AdwCleaner v5.021 - Logbestand aangemaakt 19/11/2015 op 19:43:27
# Laatste update 14/11/2015 door Xplode
# Database : 2015-11-19.3 [Server]
# Besturingssysteem : Windows 7 Ultimate Service Pack 1 (x64)
# Gebruikersnaam : mPnR_ - DELL-PC
# Gestart vanuit : C:\Users\mPnR_\Desktop\AdwCleaner.exe
# Optie : Verwijderen
# Ondersteuning : http://toolslib.net/forum

***** [ Services ] *****


***** [ Mappen ] *****


***** [ Bestanden ] *****


***** [ DLLs ] *****


***** [ Snelkoppelingen ] *****


***** [ geplande taken ] *****


***** [ Register ] *****


***** [ Internetbrowsers ] *****


*************************

:: "Tracing" sleutels verwijderd
:: Winsock instellingen gereset

########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [724 bytes] ##########

Ive also ran malware bytes but my computer randomly rebooted after the scan.

 

Please continue on guiding me. I really appreaciate the help!



#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 PM

Posted 20 November 2015 - 11:22 AM

Hi help_meh,

Step1:
ComboFix run:
Please be sure to run our tools with administrator rights.
* IMPORTAN: 1   Place ComboFix.exe on your Desktop
* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.
 
Step2:
Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 help_meh

help_meh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 20 November 2015 - 01:14 PM

Here are the logs

 

==ComboFix==

ComboFix 15-11-17.01 - mPnR_ 20-11-2015  18:30:27.2.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.31.1043.18.4086.2607 [GMT 1:00]
Gestart vanuit: c:\users\mPnR_\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2015-10-20 to 2015-11-20  ))))))))))))))))))))))))))))))
.
.
2015-11-20 17:43 . 2015-11-20 17:43 -------- d-----w- c:\users\dell\AppData\Local\temp
2015-11-20 17:43 . 2015-11-20 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-19 18:25 . 2015-11-19 18:37 -------- d-----w- c:\users\mPnR_\AppData\Roaming\ZHP
2015-11-18 21:46 . 2015-11-18 21:46 -------- d-----w- c:\users\mPnR_\AppData\Roaming\Steganos VPN
2015-11-18 21:08 . 2015-11-18 21:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-11-18 15:19 . 2015-11-18 15:19 -------- d-----w- c:\users\mPnR_\AppData\Roaming\Blender Foundation
2015-11-18 13:50 . 2015-11-18 13:50 -------- d-----w- C:\Ruby22
2015-11-17 22:01 . 2015-11-17 22:01 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2015-11-16 09:24 . 2015-11-16 09:24 -------- d-----w- c:\programdata\Emurasoft
2015-11-16 09:24 . 2015-11-16 09:24 -------- d-----w- c:\users\mPnR_\AppData\Local\Emurasoft
2015-11-16 09:20 . 2015-11-16 09:20 -------- d-----w- c:\program files\EmEditor
2015-11-10 20:40 . 2015-11-10 20:40 -------- d-----w- c:\users\mPnR_\AppData\Local\ninjapinner.com
2015-10-31 22:57 . 2015-10-31 22:57 -------- d-----w- c:\program files\TAP-Windows
2015-10-31 22:56 . 2015-10-31 23:09 -------- d-----w- c:\program files\CyberGhost 5
2015-10-31 10:00 . 2015-10-31 10:00 -------- d-----w- c:\users\mPnR_\AppData\Local\fontconfig
2015-10-31 09:50 . 2015-10-31 09:50 -------- d-----w- c:\users\mPnR_\AppData\Roaming\mpv
2015-10-23 17:33 . 2015-10-23 17:41 -------- d-----w- c:\programdata\Oracle
2015-10-23 17:33 . 2015-11-18 21:11 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-20 11:12 . 2014-04-18 15:18 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-18 21:08 . 2015-10-09 14:41 110176 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-11-12 10:51 . 2013-10-04 08:53 34720 ---ha-w- c:\windows\system32\hamachi.sys
2015-10-05 08:50 . 2014-04-18 15:18 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-05 08:50 . 2014-04-18 15:18 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 08:50 . 2014-04-18 15:18 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-29 19:32 . 2014-12-09 12:14 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-29 19:32 . 2014-12-09 12:14 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-17 19:01 . 2014-01-17 19:01 17096 ----a-w- c:\program files (x86)\SandboxieWUAU.exe
2014-01-17 19:01 . 2014-01-17 19:01 15048 ----a-w- c:\program files (x86)\SandboxieBITS.exe
2014-01-17 19:01 . 2014-01-17 19:01 20680 ----a-w- c:\program files (x86)\SandboxieDcomLaunch.exe
2014-01-17 19:01 . 2014-01-17 19:01 16584 ----a-w- c:\program files (x86)\SandboxieCrypto.exe
2014-01-17 19:01 . 2014-01-17 19:01 30408 ----a-w- c:\program files (x86)\SandboxieRpcSs.exe
2014-01-17 19:01 . 2014-01-17 19:01 17096 ----a-w- c:\program files (x86)\SbieIni.exe
2014-01-17 19:01 . 2014-01-17 19:01 759496 ----a-w- c:\program files (x86)\SbieCtrl.exe
2014-01-17 19:01 . 2014-01-17 19:01 130760 ----a-w- c:\program files (x86)\Start.exe
2014-01-17 19:01 . 2014-01-17 19:01 111816 ----a-w- c:\program files (x86)\License.exe
2014-01-17 19:01 . 2014-01-17 19:01 465096 ----a-w- c:\program files (x86)\SbieDll.dll
2014-01-17 19:01 . 2014-01-17 19:01 187592 ----a-w- c:\program files (x86)\SbieSvc.exe
2014-01-17 19:01 . 2014-01-17 19:01 2841288 ----a-w- c:\program files (x86)\SbieMsg.dll
2014-01-17 19:01 . 2014-01-17 19:01 202600 ----a-w- c:\program files (x86)\SbieDrv.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"icq"="c:\users\mPnR_\AppData\Roaming\ICQM\icq.exe" [2015-04-20 36705800]
"OKAYFREEDOM_Agent"="c:\program files (x86)\OkayFreedom\OkayFreedomClient.exe" [2015-11-12 6609832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2015-02-16 509216]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-11-12 5565448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-11-09 596528]
.
c:\users\mPnR_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EmEditor.lnk - c:\program files\EmEditor\emedtray.exe [2015-10-29 210712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0"
"UpdatesDisableNotify"="0"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 hxsyol;hxsyol;c:\windows\system32\hxsy64.sys;c:\windows\SYSNATIVE\hxsy64.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys;c:\windows\SYSNATIVE\DRIVERS\PTSimHid.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys;c:\windows\SYSNATIVE\DRIVERS\tap0801.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 OkayFreedom VPN Starter Service;OkayFreedom VPN Starter Service;c:\program files (x86)\OkayFreedom\OkayFreedomService.exe;c:\program files (x86)\OkayFreedom\OkayFreedomService.exe [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys;c:\windows\SYSNATIVE\DRIVERS\PTSimBus.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2015-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09 19:32]
.
2015-09-01 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-799834153-1171727689-305855866-1173Core.job
- c:\users\mPnR_\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 05:22]
.
2015-09-01 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-799834153-1171727689-305855866-1173UA.job
- c:\users\mPnR_\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 05:22]
.
2015-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-21 12:17]
.
2015-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-21 12:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\mPnR_\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &P&obierz &za pomoca BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Pobierz wszystko za pomoca BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{605E5D27-BFA0-471F-87ED-98A2623D633C} - c:\program files (x86)\CADE Pro 2.20.3\Web\new.htm
TCP: DhcpNameServer = 192.168.2.254
FF - ProfilePath - c:\users\mPnR_\AppData\Roaming\Mozilla\Firefox\Profiles\38xxqdut.default-1421196589489\
.
.
------- Bestandsassociaties -------
.
.txt=emeditor64.txt
.
- - - - ORPHANS VERWIJDERD - - - -
.
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
AddRemove-Tibia_is1 - c:\users\mPnR_\Desktop\rb\Tibia\unins000.exe
AddRemove-{54F8409A-E96B-4A85-A5C0-16FCAFAFB25B}_is1 - c:\users\mPnR_\Desktop\rb\RedBot\unins000.exe
AddRemove-{6A206A04-6BC1-411B-AA04-4E52EDEEADF2} - c:\progra~3\INSTAL~1\{6A206~1\Setup.exe
AddRemove-{A8D40B63-D786-9549-6CB9-FCE2A1C43661} - c:\progra~3\INSTAL~1\{23653~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Voltooingstijd: 2015-11-20  18:46:36
ComboFix-quarantined-files.txt  2015-11-20 17:46
ComboFix2.txt  2015-11-14 11:29
.
Pre-Run: 57.329.709.056 bajtów wolnych
Post-Run: 57.018.261.504 bajtów wolnych
.
- - End Of File - - F64D87BA5FCE327944BF87B08BF8548C
A36C5E4F47E84449FF07ED3517B43A31
==Combofix==
 
Now rogue killer
 
==RogueKiller=
RogueKiller V10.11.6.0 [Nov 16 2015] (Free) door Adlice Software 
 
Besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestart in : Normale mode
Gebruiker : mPnR_ [Administrator]
Started from : C:\Users\mPnR_\Desktop\RogueKiller.exe
Mode : Scan -- Datum : 11/20/2015 19:12:53
 
¤¤¤ Processen : 0 ¤¤¤
 
¤¤¤ Register : 23 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\RK_dell_ON_D_9CC0\Software\Microsoft\Windows\CurrentVersion\Run | mwcm2.exe : C:\Users\dell\AppData\Roaming\Micorsoft\AoLmwcm2.exe [x] -> Gevonden
[Suspicious.Path] (X86) HKEY_USERS\RK_dell_ON_D_9CC0\Software\Microsoft\Windows\CurrentVersion\Run | mwcm2.exe : C:\Users\dell\AppData\Roaming\Micorsoft\AoLmwcm2.exe [x] -> Gevonden
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tsusbhub (system32\drivers\tsusbhub.sys) -> Gevonden
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Gevonden
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Gevonden
[PUM.SecurityCenter] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | AntiVirusDisableNotify : 0  -> Gevonden
[PUM.SecurityCenter] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | UpdatesDisableNotify : 0  -> Gevonden
[PUM.StartMenu] (X64) HKEY_USERS\RK_Dell_ON_D_5DDC\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Gevonden
[PUM.StartMenu] (X64) HKEY_USERS\RK_Dell_ON_D_5DDC\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Gevonden
[PUM.StartMenu] (X64) HKEY_USERS\RK_Dell_ON_D_5DDC\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Gevonden
[PUM.StartMenu] (X64) HKEY_USERS\RK_Dell_ON_D_5DDC\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Gevonden
[PUM.StartMenu] (X64) HKEY_USERS\RK_Dell_ON_D_5DDC\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Gevonden
[PUM.StartMenu] (X64) HKEY_USERS\RK_Dell_ON_D_5DDC\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Gevonden
[PUM.StartMenu] (X86) HKEY_USERS\RK_Dell_ON_D_5DDC\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Gevonden
[PUM.StartMenu] (X86) HKEY_USERS\RK_Dell_ON_D_5DDC\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Gevonden
[PUM.StartMenu] (X86) HKEY_USERS\RK_Dell_ON_D_5DDC\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Gevonden
[PUM.StartMenu] (X86) HKEY_USERS\RK_Dell_ON_D_5DDC\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Gevonden
[PUM.StartMenu] (X86) HKEY_USERS\RK_Dell_ON_D_5DDC\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Gevonden
[PUM.StartMenu] (X86) HKEY_USERS\RK_Dell_ON_D_5DDC\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Gevonden
[PUM.StartMenu] (X64) HKEY_USERS\RK_dell_ON_D_9CC0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Gevonden
[PUM.StartMenu] (X86) HKEY_USERS\RK_dell_ON_D_9CC0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Gevonden
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-799834153-1171727689-305855866-1173\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Gevonden
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-799834153-1171727689-305855866-1173\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Gevonden
 
¤¤¤ Taken : 0 ¤¤¤
 
¤¤¤ Bestanden : 0 ¤¤¤
 
¤¤¤ Host-bestand : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Niet geladen [0xc000036b]) ¤¤¤
 
¤¤¤ Web Browsers : 1 ¤¤¤
[PUP][FIREFX:Addon] 38xxqdut.default-1421196589489 : Hotspot Shield Extension [afproxy@anchorfree.com] -> Gevonden
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 70476d1617234cefb3273f368eff16c5
[BSP] 81eb9e034ecfa4033591f618bcb4b186 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20482048 | Size: 74860 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 173795328 | Size: 153613 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
==RogueKiller==
 
Here you go :)
 
Once more thanks for helping me so far and please tell me what to do now.


#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 PM

Posted 20 November 2015 - 06:20 PM

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
C:\Users\dell\AppData\Roaming\Micorsoft\AoLmwcm2.exe
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

======================================================================================

Run TDSSKiller by Kaspersky

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.

-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".


Edited by olgun52, 20 November 2015 - 06:21 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users