Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with stubborn adware/pop-ups (adsupply, getprivate, provider,... )


  • This topic is locked This topic is locked
4 replies to this topic

#1 Nickel28

Nickel28

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:25 AM

Posted 27 November 2015 - 12:51 PM

Hi,

 

Since awhile I get pop-up messages on every internet browser (IE, Chrome & Firefox). The pop-ups appear on the same tab, but also opening in new tabs. On some websites a grey banner appears on top of the page with the message "Ads by GetPrivate", other pop-ups have a banner with 'GetPrivate', 'AdSupply' or 'Provider'. 

 

I tried a few things (malwarebytes, ccleaner, other anti virus scanner,... ) but they keep coming back. I can't find any malicious program in the "remove program" list or in Google Chrome Extensions. I'm currently also running adblock in Chrome, which "holds" a few adds and keeps loading times reasonable (IE and Firefox where much slower without adblock running).

 

On websites, specific words (update, download, giveaway, bonus, support,... ) are underlined and have a hyperlink attached to them (green square with arrow pointing to top right corner).

 

At the start of all these problems I also had 'protectedio search' every time I booted up chrome on my home tab and the standard search engine was also changed. At that time, when you closed Google Chrome it would appear to open again and close very fast. If you would access it after that, the home tab and search engine would be changed. Somehow I managed to get rid of those two issues.

 

Around the time of infection I can remember downloading YTD (Youtube video downloader) and Vuze.

 

Best regards

 

Nick

 

(oh and it appears that the FRST log is in Dutch, so have fun  :P )

 

FRST.txt log:

 

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie:26-11-2015
Gestart door Nick (Beheerder) op ACERNICK (27-11-2015 18:08:25)
Gestart vanaf C:\Users\Nick\Downloads
Geladen Profielen: Nick (Beschikbare Profielen: Nick)
Platform: Windows 8.1 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\IT Viewer\privoxy.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Register (gefilterd) ===========================
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-11-20] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-15] (Advanced Micro Devices, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NOFOLDEROPTIONS] 0
HKU\S-1-5-21-2166276234-4274847127-2701523346-1001\...\Run: [AcerCloud] => C:\Program Files (x86)\Acer\Acer Cloud\acpanel_win.exe [11064904 2013-01-24] (Acer Incorporated)
HKU\S-1-5-21-2166276234-4274847127-2701523346-1001\...\Run: [Spotify Web Helper] => C:\Users\Nick\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-11-16] (Spotify Ltd)
HKU\S-1-5-21-2166276234-4274847127-2701523346-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-2166276234-4274847127-2701523346-1001\...\MountPoints2: {20b0b86d-4015-11e4-8046-0002723bef99} - "G:\Startme.exe" 
HKU\S-1-5-21-2166276234-4274847127-2701523346-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [133632 2014-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  Geen bestand
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  Geen bestand
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  Geen bestand
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  Geen bestand
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  Geen bestand
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  Geen bestand
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk [2013-04-04]
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
 
==================== Internet (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)
 
ProxyEnable: [S-1-5-21-2166276234-4274847127-2701523346-1001] => Proxy is ingeschakeld.
ProxyServer: [S-1-5-21-2166276234-4274847127-2701523346-1001] => 127.0.0.1:8118
Tcpip\..\Interfaces\{05B3D73B-0D75-49E2-A9B7-9B4A6D414D1D}: [NameServer] 192.168.2.1
Tcpip\..\Interfaces\{642EB114-24F3-4968-A889-48361CF876EE}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2166276234-4274847127-2701523346-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
SearchScopes: HKU\S-1-5-21-2166276234-4274847127-2701523346-1001 -> {491969B0-DDDA-41C8-8403-EAEB988F658E} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2166276234-4274847127-2701523346-1001 -> {7BD0FE58-40E8-410E-892D-C834754E2E43} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\c7yuiz3s.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?u=bd5dfe9f40e18293685b016af80426e5&c=p1&src=hp&inst=1444053788
FF NetworkProxy: "user_pref("network.proxy.type", 5)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2014-03-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-07-16] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin HKU\S-1-5-21-2166276234-4274847127-2701523346-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-07-16] (Pando Networks)
FF Plugin HKU\S-1-5-21-2166276234-4274847127-2701523346-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-10-23] ()
FF Extension: Geen Naam - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\c7yuiz3s.default\extensions\firefox@helper [niet gevonden]
FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be => niet gevonden
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => niet gevonden
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.be/webhp?sourceid=chrome-instant&ion=1&espv=2&es_th=1&ie=UTF-8
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => Geen bestand
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-19]
CHR Extension: (Angry Birds) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-12]
CHR Extension: (Google Documenten) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (BeFunky Photo Editor) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2015-04-12]
CHR Extension: (Turn Off the Lights) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-08-31]
CHR Extension: (YouTube) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Fun Switcher) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddeoimiimmmfddbiggnbipkjomlalanb [2013-03-29]
CHR Extension: (Pixlr-o-matic) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2014-04-14]
CHR Extension: (Hangman) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekpfaaakmnhcembbiennfjiaodandmhg [2013-03-29]
CHR Extension: (Causality Games) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2015-03-18]
CHR Extension: (Offline Documenten) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (AdBlock) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-25]
CHR Extension: (Break The Wall) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhfgnobmdkblmbdahcnpajbjnfmknpn [2013-03-29]
CHR Extension: (Little Alchemy) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2015-06-12]
CHR Extension: (Water's Valley) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhpodmbdlgmgffpgbennemfkjhhaocfl [2015-10-08]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Picky Wallpapers) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj [2015-08-17]
CHR Extension: (Mijn Chrome-thema) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-08-27]
CHR Extension: (Gmail) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Canvas Rider) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-05-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (gefilterd) ========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2013-06-25] (Atheros Commnucations) [Bestand niet getekend]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-01-24] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [Bestand niet getekend]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-06] (Electronic Arts)
R2 PrivoxyService; C:\Program Files (x86)\IT Viewer\privoxy.exe [371200 2015-11-26] (The Privoxy team - www.privoxy.org) [Bestand niet getekend] <==== AANDACHT
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [Bestand niet getekend]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [305200 2012-09-18] () [Bestand niet getekend]
 
===================== Drivers (gefilterd) ==========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
S3 ACSSCR; C:\Windows\system32\DRIVERS\a38usb.sys [72208 2015-07-10] (Advanced Card Systems Ltd.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [498032 2012-07-12] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-09-19] (Sony Mobile Communications)
R3 MotioninJoyXFilter; C:\Windows\System32\drivers\MijXfilt.sys [121416 2014-03-14] (MotioninJoy) [Bestand niet getekend]
S3 NPF; C:\Windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [29472 2012-09-05] (SerComm Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
 
==================== Een Maand Aangemaakt bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2015-11-27 18:08 - 2015-11-27 18:08 - 00022921 _____ C:\Users\Nick\Downloads\FRST.txt
2015-11-27 18:07 - 2015-11-27 18:08 - 00000000 ____D C:\FRST
2015-11-27 18:07 - 2015-11-27 18:07 - 02348544 _____ (Farbar) C:\Users\Nick\Downloads\FRST64.exe
2015-11-27 17:59 - 2015-11-27 17:59 - 00000000 ___SH C:\DkHyperbootSync
2015-11-23 18:16 - 2015-11-23 18:16 - 00000000 ____D C:\Users\Nick\Downloads\__MACOSX
2015-11-15 16:48 - 2015-11-15 16:48 - 00000000 ___RD C:\Users\Nick\AppData\Roaming\Brother
2015-11-15 16:07 - 2015-11-15 16:51 - 00012744 _____ C:\Users\Nick\Documents\Londen list.xlsx
2015-11-13 18:22 - 2015-11-13 18:29 - 00000000 ____D C:\ProgramData\ParetoLogic
2015-11-13 18:22 - 2015-11-13 18:22 - 00000000 ____D C:\Users\Nick\AppData\Roaming\ParetoLogic
2015-11-13 18:22 - 2015-11-13 18:22 - 00000000 ____D C:\Users\Nick\AppData\Roaming\DriverCure
2015-11-13 18:21 - 2015-11-13 18:21 - 05239920 _____ (ParetoLogic Inc.) C:\Users\Nick\Downloads\ParetoLogic PC Health Advisor_nl.exe
2015-11-12 17:35 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-12 17:35 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-12 17:35 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-12 17:35 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-12 17:35 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-12 17:35 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-12 17:35 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-12 17:35 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-12 17:35 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-12 17:35 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-12 17:35 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-12 17:35 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-12 17:35 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-12 17:35 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-12 17:35 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-12 17:35 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-12 17:35 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-12 17:35 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-12 17:35 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-12 17:35 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-12 17:35 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-12 17:35 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-12 17:35 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-12 17:35 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-12 17:35 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-12 17:35 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-12 17:35 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-12 17:35 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-12 17:35 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-12 17:35 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-12 17:35 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-12 17:35 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-12 17:35 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-12 17:35 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-12 17:35 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-12 17:35 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-12 17:35 - 2015-09-12 14:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-12 17:35 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-12 17:34 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-12 17:34 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-12 17:34 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-12 17:34 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-12 17:34 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-12 17:34 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-12 17:34 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-12 17:34 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-12 17:34 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-12 17:34 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-12 17:34 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-12 17:34 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-12 17:34 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-12 17:34 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-12 17:34 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-12 17:34 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-12 17:34 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-12 17:34 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-12 17:34 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-12 17:34 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-12 17:34 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-12 17:34 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-12 17:34 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-12 17:34 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-12 17:34 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-12 17:34 - 2015-09-29 13:24 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-12 17:34 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-12 17:34 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-12 17:34 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-12 17:34 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-12 17:34 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-12 17:34 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-12 17:34 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-12 17:34 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-12 17:34 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-12 17:34 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-12 17:34 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-12 17:34 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-11-12 17:34 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-11-12 17:34 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-11-05 17:32 - 2015-11-05 17:32 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-11-05 17:32 - 2015-11-05 17:32 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-10-29 19:27 - 2015-11-27 17:46 - 00003256 _____ C:\WINDOWS\System32\Tasks\IT Viewer Viewer
2015-10-29 19:27 - 2015-11-16 18:23 - 00000000 ____D C:\Program Files (x86)\IT Viewer
 
==================== Een Maand Gewijzigd bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2015-11-27 18:07 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-11-27 17:49 - 2013-03-29 21:35 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2166276234-4274847127-2701523346-1001
2015-11-27 17:32 - 2014-08-10 20:09 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{02D34BA4-3889-4963-9CC5-8B51C023AECE}
2015-11-27 17:30 - 2014-05-24 19:43 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Raptr
2015-11-27 17:29 - 2014-01-22 17:49 - 00000000 ___DO C:\Users\Nick\SkyDrive
2015-11-27 17:29 - 2013-03-29 23:44 - 00001066 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-27 17:28 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-26 20:34 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-26 20:17 - 2013-03-29 20:14 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Spotify
2015-11-26 20:17 - 2013-03-29 20:14 - 00000000 ____D C:\Users\Nick\AppData\Local\Spotify
2015-11-26 20:14 - 2013-03-29 23:44 - 00001070 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-25 17:06 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-25 17:05 - 2013-03-29 22:16 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-25 16:54 - 2014-05-24 19:43 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-11-23 18:13 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-16 20:23 - 2013-11-14 13:39 - 01823174 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-16 20:23 - 2013-11-14 13:23 - 00805462 _____ C:\WINDOWS\system32\perfh013.dat
2015-11-16 20:23 - 2013-11-14 13:23 - 00161964 _____ C:\WINDOWS\system32\perfc013.dat
2015-11-16 20:23 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2015-11-15 20:44 - 2015-04-14 12:44 - 00000080 _____ C:\Users\Nick\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-11-14 23:13 - 2015-10-18 11:28 - 00000000 ____D C:\Users\Nick\AppData\Local\AvgSetupLog
2015-11-14 23:13 - 2015-10-18 11:28 - 00000000 ____D C:\Program Files (x86)\AVG
2015-11-14 23:11 - 2015-10-18 11:29 - 00000000 ____D C:\ProgramData\MFAData
2015-11-14 23:11 - 2015-10-18 11:28 - 00000000 ____D C:\Users\Nick\AppData\Local\Avg
2015-11-14 23:11 - 2015-10-18 11:28 - 00000000 ____D C:\ProgramData\Avg
2015-11-14 23:08 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-11-14 23:06 - 2013-06-28 18:42 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-14 19:39 - 2015-05-11 18:54 - 00120832 ___SH C:\Users\Nick\Desktop\Thumbs.db
2015-11-13 20:14 - 2015-04-14 13:07 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Skype
2015-11-13 18:52 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-13 17:32 - 2013-08-22 15:44 - 00482488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-12 20:24 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-12 17:59 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-12 17:58 - 2013-08-16 11:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-12 17:53 - 2013-03-30 16:48 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-08 19:27 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-11-07 17:36 - 2013-06-28 19:34 - 00000434 _____ C:\WINDOWS\BRWMARK.INI
2015-11-07 11:35 - 2015-10-18 11:31 - 00000000 ____D C:\Users\Nick\AppData\Roaming\AVG
2015-11-07 11:35 - 2013-03-29 21:24 - 00000000 ____D C:\Users\Nick\AppData\Local\VirtualStore
2015-11-06 17:41 - 2015-05-05 17:59 - 00143872 ___SH C:\Users\Nick\Downloads\Thumbs.db
2015-11-06 17:15 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-03 17:58 - 2015-05-13 18:25 - 00000000 ___RD C:\Users\Nick\OneDrive
2015-11-03 17:58 - 2014-07-23 18:05 - 00003094 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2166276234-4274847127-2701523346-1001
2015-11-03 01:23 - 2013-08-22 16:38 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 01:23 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Bestanden in de root van sommige mappen =======
 
2012-05-03 12:12 - 2012-05-03 12:12 - 0000532 _____ () C:\Users\Nick\AppData\Local\datos.txt
2014-07-22 19:31 - 2014-07-22 19:44 - 0005120 _____ () C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-05 21:08 - 2014-02-05 21:08 - 0193744 _____ () C:\Users\Nick\AppData\Local\lateral1.bmp
2010-11-12 10:10 - 2010-11-12 10:10 - 0193744 _____ () C:\Users\Nick\AppData\Local\lateral2.bmp
2014-02-05 21:10 - 2014-02-05 21:10 - 0195108 _____ () C:\Users\Nick\AppData\Local\lateral3.bmp
2014-05-26 14:50 - 2014-05-26 14:50 - 0000000 ___SH () C:\Users\Nick\AppData\Local\LumaEmu
2014-02-05 22:50 - 2014-02-05 22:50 - 0043976 _____ () C:\Users\Nick\AppData\Local\save_en.bmp
2014-02-05 22:49 - 2014-02-05 22:49 - 0043976 _____ () C:\Users\Nick\AppData\Local\save_es.bmp
 
Sommige bestanden in TEMP:
====================
C:\Users\Nick\AppData\Local\Temp\hp_u2_32321.exe
C:\Users\Nick\AppData\Local\Temp\hp_upd2_1267.exe
C:\Users\Nick\AppData\Local\Temp\h_u2_32992.exe
C:\Users\Nick\AppData\Local\Temp\i4jdel0.exe
C:\Users\Nick\AppData\Local\Temp\tmpBCBE.exe
 
 
==================== Bamital & volsnap =================
 
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
 
C:\WINDOWS\system32\winlogon.exe => Bestand is getekend
C:\WINDOWS\system32\wininit.exe => Bestand is getekend
C:\WINDOWS\explorer.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend
C:\WINDOWS\system32\svchost.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend
C:\WINDOWS\system32\services.exe => Bestand is getekend
C:\WINDOWS\system32\User32.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend
C:\WINDOWS\system32\userinit.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend
C:\WINDOWS\system32\rpcss.dll => Bestand is getekend
C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend
C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend
 
 
LastRegBack: 2015-11-26 17:59
 
==================== Eind van FRST.txt ============================
 

Attached File  Addition.txt   62.01KB   3 downloads



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 AM

Posted 28 November 2015 - 09:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I found this bad infection. Read about it.
https://www.reasoncoresecurity.com/astask.exe-f09f9438e6830b3ef297645a4b01e14aec82e3c4.aspx
Ramnit steals your sensitive information, such as user names and passwords and can give a malicious attacker access and control of the PC, and stop security software from running.

I sugges you change all you passwords.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:

(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\IT Viewer\privoxy.exe
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  Geen bestand
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  Geen bestand
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  Geen bestand
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  Geen bestand
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  Geen bestand
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  Geen bestand
FF Extension: Geen Naam - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\c7yuiz3s.default\extensions\firefox@helper [niet gevonden]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => Geen bestand
R2 PrivoxyService; C:\Program Files (x86)\IT Viewer\privoxy.exe [371200 2015-11-26] (The Privoxy team - www.privoxy.org) [Bestand niet getekend] <==== AANDACHT
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
Task: {78B5A8B9-97A4-444C-9DBE-A06DBCA1B86E} - System32\Tasks\Application Security Viewer => C:\Program Files (x86)\Application Security\ApplicationSecurity.exe [2015-10-09] (Backup Updater) <==== AANDACHT
Task: {9D61DD79-01D6-45ED-B89F-580F2DDB9956} - System32\Tasks\IT Viewer Viewer => C:\Program Files (x86)\IT Viewer\astask.exe [2015-11-26] (West CH Soft) <==== AANDACHT
Task: {EEA22B89-037B-4DE1-BCD0-9F8BE67BE8FE} - System32\Tasks\Fenix Installer => C:\Users\Nick\AppData\Roaming\Fenix Installer\Fenix Installer.exe <==== AANDACHT
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
C:\Program Files (x86)\Application Security
C:\Program Files (x86)\IT Viewer
C:\Users\Nick\AppData\Roaming\Fenix Installer
C:\Users\Nick\AppData\Local\Temp\hp_u2_32321.exe
C:\Users\Nick\AppData\Local\Temp\hp_upd2_1267.exe
C:\Users\Nick\AppData\Local\Temp\h_u2_32992.exe
C:\Users\Nick\AppData\Local\Temp\i4jdel0.exe
C:\Users\Nick\AppData\Local\Temp\tmpBCBE.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

How is the computer running now?

#3 Nickel28

Nickel28
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:25 AM

Posted 28 November 2015 - 02:54 PM

Hi,

 

I just got through all of the steps you described, and it feels like my computer is running smoother, no more pop-ups or hyperlinks, etc. 

 

As requested FRST fixlog and Adwcleaner log beneath. I ran the adwcleaner twice and removed one item, since I'm not sure what to do with the rest (appears to be a PC health advisor tool, but isn't listed in the Control Panel under programs). I also used adwcleaner awhile back, when i first encountered the pop-ups. If necessary, I can give you those logs as well. 

 

Best regards and a big thank you!

 

Nick

 

 

FRST Fixlog.txt

 

Fix resultaat van Farbar Recovery Scan Tool (x64) Versie:28-11-2015
Gestart door Nick (2015-11-28 20:13:49) Run:1
Gestart vanaf C:\Users\Nick\Downloads
Geladen Profielen: Nick (Beschikbare Profielen: Nick)
Boot Modus: Normal
==============================================
 
fixlist inhoud:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:
 
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\IT Viewer\privoxy.exe
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  Geen bestand
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  Geen bestand
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  Geen bestand
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  Geen bestand
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  Geen bestand
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  Geen bestand
FF Extension: Geen Naam - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\c7yuiz3s.default\extensions\firefox@helper [niet gevonden]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => Geen bestand
R2 PrivoxyService; C:\Program Files (x86)\IT Viewer\privoxy.exe [371200 2015-11-26] (The Privoxy team - www.privoxy.org) [Bestand niet getekend] <==== AANDACHT
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
Task: {78B5A8B9-97A4-444C-9DBE-A06DBCA1B86E} - System32\Tasks\Application Security Viewer => C:\Program Files (x86)\Application Security\ApplicationSecurity.exe [2015-10-09] (Backup Updater) <==== AANDACHT
Task: {9D61DD79-01D6-45ED-B89F-580F2DDB9956} - System32\Tasks\IT Viewer Viewer => C:\Program Files (x86)\IT Viewer\astask.exe [2015-11-26] (West CH Soft) <==== AANDACHT
Task: {EEA22B89-037B-4DE1-BCD0-9F8BE67BE8FE} - System32\Tasks\Fenix Installer => C:\Users\Nick\AppData\Roaming\Fenix Installer\Fenix Installer.exe <==== AANDACHT
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
C:\Program Files (x86)\Application Security
C:\Program Files (x86)\IT Viewer
C:\Users\Nick\AppData\Roaming\Fenix Installer
C:\Users\Nick\AppData\Local\Temp\hp_u2_32321.exe
C:\Users\Nick\AppData\Local\Temp\hp_upd2_1267.exe
C:\Users\Nick\AppData\Local\Temp\h_u2_32992.exe
C:\Users\Nick\AppData\Local\Temp\i4jdel0.exe
C:\Users\Nick\AppData\Local\Temp\tmpBCBE.exe
 
End
*****************
 
Herstelpunt is succesfol gemaakt.
Proces succesvol afgesloten.
 
========= RemoveProxy: =========
 
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => waarde is succesvol verwijderd.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => waarde is succesvol verwijderd.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => waarde is succesvol verwijderd.
HKU\S-1-5-21-2166276234-4274847127-2701523346-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => waarde is succesvol verwijderd.
HKU\S-1-5-21-2166276234-4274847127-2701523346-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => waarde is succesvol verwijderd.
HKU\S-1-5-21-2166276234-4274847127-2701523346-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => waarde is succesvol verwijderd.
HKU\S-1-5-21-2166276234-4274847127-2701523346-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => waarde is succesvol verwijderd.
 
 
========= Eind van RemoveProxy: =========
 
C:\Program Files (x86)\IT Viewer\privoxy.exe => Geen lopend proces gevonden
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => waarde is succesvol verwijderd.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => sleutel is succesvol verwijderd.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => sleutel niet gevonden. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => sleutel is succesvol verwijderd.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => sleutel niet gevonden. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => sleutel is succesvol verwijderd.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => sleutel niet gevonden. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => sleutel is succesvol verwijderd.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => sleutel niet gevonden. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => sleutel is succesvol verwijderd.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => sleutel niet gevonden. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => sleutel is succesvol verwijderd.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => sleutel niet gevonden. 
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\c7yuiz3s.default\extensions\firefox@helper => pad is succesvol verwijderd.
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => niet gevonden.
PrivoxyService => Service succesvol gestopt.
PrivoxyService => dienst is succesvol verwijderd.
MBAMSwissArmy => dienst is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78B5A8B9-97A4-444C-9DBE-A06DBCA1B86E}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78B5A8B9-97A4-444C-9DBE-A06DBCA1B86E}" => sleutel is succesvol verwijderd.
C:\WINDOWS\System32\Tasks\Application Security Viewer => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Application Security Viewer" => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D61DD79-01D6-45ED-B89F-580F2DDB9956} => sleutel niet gevonden. 
C:\WINDOWS\System32\Tasks\IT Viewer Viewer => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IT Viewer Viewer" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EEA22B89-037B-4DE1-BCD0-9F8BE67BE8FE}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEA22B89-037B-4DE1-BCD0-9F8BE67BE8FE}" => sleutel is succesvol verwijderd.
C:\WINDOWS\System32\Tasks\Fenix Installer => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Fenix Installer" => sleutel is succesvol verwijderd.
"C:\WINDOWS\SysWOW64\zlib.dll" => ":DocumentSummaryInformation" ADS niet gevonden.
"C:\WINDOWS\SysWOW64\zlib.dll" => ":SummaryInformation" ADS niet gevonden.
C:\WINDOWS\SysWOW64\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS is succesvol verwijderd..
C:\Program Files (x86)\Application Security => is succesvol verplaatst.
C:\Program Files (x86)\IT Viewer => is succesvol verplaatst.
C:\Users\Nick\AppData\Roaming\Fenix Installer => is succesvol verplaatst.
C:\Users\Nick\AppData\Local\Temp\hp_u2_32321.exe => is succesvol verplaatst.
C:\Users\Nick\AppData\Local\Temp\hp_upd2_1267.exe => is succesvol verplaatst.
C:\Users\Nick\AppData\Local\Temp\h_u2_32992.exe => is succesvol verplaatst.
"C:\Users\Nick\AppData\Local\Temp\i4jdel0.exe" => niet gevonden.
C:\Users\Nick\AppData\Local\Temp\tmpBCBE.exe => is succesvol verplaatst.
EmptyTemp: => 919.2 MB tijdelijke gegevens verwijderd.
 
 
Het systeem moest herstart worden.
 

 

==== Eind van Fixlog 20:14:11 ====
 
 
 
Adwcleaner first log
 
# AdwCleaner v5.022 - Logbestand aangemaakt 28/11/2015 op 20:25:59
# Laatste update 22/11/2015 door Xplode
# Database : 2015-11-22.2 [Server]
# Besturingssysteem : Windows 8.1  (x64)
# Gebruikersnaam : Nick - ACERNICK
# Gestart vanuit : C:\Users\Nick\Downloads\adwcleaner_5.022.exe
# Optie : Verwijderen
# Ondersteuning : http://toolslib.net/forum
 
***** [ Services ] *****
 
 
***** [ Mappen ] *****
 
[x] Map Niet Verwijderd : C:\ProgramData\ParetoLogic
[x] Map Niet Verwijderd : C:\Users\Nick\AppData\Roaming\DriverCure
[x] Map Niet Verwijderd : C:\Users\Nick\AppData\Roaming\ParetoLogic
[x] Map Niet Verwijderd : C:\Users\Nick\AppData\Roaming\Interstat
 
***** [ Bestanden ] *****
 
[x] Bestand Niet Verwijderd : C:\END
***** [ DLLs ] *****
 
 
***** [ Snelkoppelingen ] *****
 
 
***** [ geplande taken ] *****
 
 
***** [ Register ] *****
 
[x] Sleutel Niet Verwijderd : HKCU\Software\ParetoLogic
[x] Sleutel Niet Verwijderd : HKCU\Software\Interstat
[x] Sleutel Niet Verwijderd : HKLM\SOFTWARE\ParetoLogic
[x] Sleutel Niet Verwijderd : HKLM\SOFTWARE\SecureWebChannel
[x] Sleutel Niet Verwijderd : HKLM\SOFTWARE\SecureWeb
[-] Gegevens Hersteld : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
 
***** [ Internetbrowsers ] *****
 
 
*************************
 
:: "Tracing" sleutels verwijderd
:: Winsock instellingen gereset
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1374 bytes] ##########
 
 
 
Adwcleaner second log
 
# AdwCleaner v5.022 - Logbestand aangemaakt 28/11/2015 op 20:29:08
# Laatste update 22/11/2015 door Xplode
# Database : 2015-11-22.2 [Server]
# Besturingssysteem : Windows 8.1  (x64)
# Gebruikersnaam : Nick - ACERNICK
# Gestart vanuit : C:\Users\Nick\Downloads\adwcleaner_5.022.exe
# Optie : Verwijderen
# Ondersteuning : http://toolslib.net/forum
 
***** [ Services ] *****
 
 
***** [ Mappen ] *****
 
[x] Map Niet Verwijderd : C:\ProgramData\ParetoLogic
[x] Map Niet Verwijderd : C:\Users\Nick\AppData\Roaming\DriverCure
[x] Map Niet Verwijderd : C:\Users\Nick\AppData\Roaming\ParetoLogic
[x] Map Niet Verwijderd : C:\Users\Nick\AppData\Roaming\Interstat
 
***** [ Bestanden ] *****
 
[x] Bestand Niet Verwijderd : C:\END
***** [ DLLs ] *****
 
 
***** [ Snelkoppelingen ] *****
 
 
***** [ geplande taken ] *****
 
 
***** [ Register ] *****
 
[x] Sleutel Niet Verwijderd : HKCU\Software\ParetoLogic
[x] Sleutel Niet Verwijderd : HKCU\Software\Interstat
[x] Sleutel Niet Verwijderd : HKLM\SOFTWARE\ParetoLogic
[x] Sleutel Niet Verwijderd : HKLM\SOFTWARE\SecureWebChannel
[x] Sleutel Niet Verwijderd : HKLM\SOFTWARE\SecureWeb
 
***** [ Internetbrowsers ] *****
 
 
*************************
 
:: "Tracing" sleutels verwijderd
:: Winsock instellingen gereset
 
########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1290 bytes] ##########
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 AM

Posted 28 November 2015 - 03:20 PM

Glad we could help.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 AM

Posted 04 December 2015 - 10:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users