Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Notified by family about possible infections


  • This topic is locked This topic is locked
15 replies to this topic

#1 axe0

axe0

  • Malware Study Hall Junior
  • 189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:11:27 PM

Posted 25 August 2016 - 05:28 AM

I just heard about a possible infection from family on her system, I only know that this indeed may be the cause.

Adwcleaner has identified possible infection, but not yet done anything else.

 

 

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 21-08-2016 01
Gestart door Maart (Beheerder) op MAARTJE-LAPTOP (25-08-2016 12:10:40)
Gestart vanaf C:\Users\Maart\Desktop
Geladen Profielen: Maart &  (Beschikbare Profielen: Maart)
Platform: Windows 10 Pro Versie 1511 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Spotify Ltd) C:\Users\Maart\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
() C:\Program Files\WindowsApps\Microsoft.XboxApp_19.19.28029.0_x64__8wekyb3d8bbwe\XboxApp.exe
(BitTorrent Inc.) C:\Users\Maart\AppData\Roaming\BitTorrent\BitTorrent.exe
(BitTorrent Inc.) C:\Users\Maart\AppData\Roaming\BitTorrent\updates\7.9.8_42450\utorrentie.exe
(BitTorrent Inc.) C:\Users\Maart\AppData\Roaming\BitTorrent\updates\7.9.8_42450\utorrentie.exe
() C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Microsoft Corporation) C:\Windows\Temp\ose00000.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Maart\Downloads\adwcleaner_6.010.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40721.0_x64__8wekyb3d8bbwe\HxTsr.exe
 
 
==================== Register (gefilterd) ===========================
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3937448 2015-07-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\iTube Studio\DelayPluginI.exe
HKU\S-1-5-21-291301347-1870860508-2339252175-1006\...\Run: [Spotify Web Helper] => C:\Users\Maart\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-07-16] (Spotify Ltd)
HKU\S-1-5-21-291301347-1870860508-2339252175-1006\...\Run: [Spotify] => C:\Users\Maart\AppData\Roaming\Spotify\Spotify.exe [6913648 2016-07-16] (Spotify Ltd)
HKU\S-1-5-21-291301347-1870860508-2339252175-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => Geen bestand
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => Geen bestand
GroupPolicyScripts: Restrictie <======= AANDACHT
 
==================== Internet (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)
 
Hosts: Er zijn meer dan één item in Hosts. Zie Hosts deel van Addition.txt
Tcpip\Parameters: [DhcpNameServer] 88.159.1.200 88.159.1.201
Tcpip\..\Interfaces\{7f099d6a-4374-4dbf-90bc-c3fc564753f3}: [DhcpNameServer] 88.159.1.200 88.159.1.201
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://nl.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_16_34&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dnl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtAyD0B0BtC0Czy0B0BzytN0D0Tzu0StCyCzyyBtN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEyEyB0ByEzztByEtGyCyBtBtBtG0B0ByE0EtGtBtDtCyBtG0FzzyBtAyCtDtAtA0A0AyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0CzzzytDtB0C0CtG0EzytCzztGyE0BtBtAtG0AyDtAzytGtDzzyCtByC0E0C0BtC0B0CtB2QtN0A0LzutB%26cr%3D277386627%26a%3Dwbf_fsvideosft_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://nl.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_16_34&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dnl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtAyD0B0BtC0Czy0B0BzytN0D0Tzu0StCyCzyyBtN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEyEyB0ByEzztByEtGyCyBtBtBtG0B0ByE0EtGtBtDtCyBtG0FzzyBtAyCtDtAtA0A0AyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0CzzzytDtB0C0CtG0EzytCzztGyE0BtBtAtG0AyDtAzytGtDzzyCtByC0E0C0BtC0B0CtB2QtN0A0LzutB%26cr%3D277386627%26a%3Dwbf_fsvideosft_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
HKU\S-1-5-21-291301347-1870860508-2339252175-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://nl.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_16_34&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dnl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtAyD0B0BtC0Czy0B0BzytN0D0Tzu0StCyCzyyBtN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEyEyB0ByEzztByEtGyCyBtBtBtG0B0ByE0EtGtBtDtCyBtG0FzzyBtAyCtDtAtA0A0AyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0CzzzytDtB0C0CtG0EzytCzztGyE0BtBtAtG0AyDtAzytGtDzzyCtByC0E0C0BtC0B0CtB2QtN0A0LzutB%26cr%3D277386627%26a%3Dwbf_fsvideosft_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dnl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtAyD0B0BtC0Czy0B0BzytN0D0Tzu0StCyCzyyBtN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEyEyB0ByEzztByEtGyCyBtBtBtG0B0ByE0EtGtBtDtCyBtG0FzzyBtAyCtDtAtA0A0AyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0CzzzytDtB0C0CtG0EzytCzztGyE0BtBtAtG0AyDtAzytGtDzzyCtByC0E0C0BtC0B0CtB2QtN0A0LzutB%26cr%3D277386627%26a%3Dwbf_fsvideosft_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dnl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtAyD0B0BtC0Czy0B0BzytN0D0Tzu0StCyCzyyBtN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEyEyB0ByEzztByEtGyCyBtBtBtG0B0ByE0EtGtBtDtCyBtG0FzzyBtAyCtDtAtA0A0AyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0CzzzytDtB0C0CtG0EzytCzztGyE0BtBtAtG0AyDtAzytGtDzzyCtByC0E0C0BtC0B0CtB2QtN0A0LzutB%26cr%3D277386627%26a%3Dwbf_fsvideosft_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dnl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtAyD0B0BtC0Czy0B0BzytN0D0Tzu0StCyCzyyBtN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEyEyB0ByEzztByEtGyCyBtBtBtG0B0ByE0EtGtBtDtCyBtG0FzzyBtAyCtDtAtA0A0AyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0CzzzytDtB0C0CtG0EzytCzztGyE0BtBtAtG0AyDtAzytGtDzzyCtByC0E0C0BtC0B0CtB2QtN0A0LzutB%26cr%3D277386627%26a%3Dwbf_fsvideosft_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dnl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtAyD0B0BtC0Czy0B0BzytN0D0Tzu0StCyCzyyBtN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEyEyB0ByEzztByEtGyCyBtBtBtG0B0ByE0EtGtBtDtCyBtG0FzzyBtAyCtDtAtA0A0AyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0CzzzytDtB0C0CtG0EzytCzztGyE0BtBtAtG0AyDtAzytGtDzzyCtByC0E0C0BtC0B0CtB2QtN0A0LzutB%26cr%3D277386627%26a%3Dwbf_fsvideosft_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-291301347-1870860508-2339252175-1006 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333673&octid=EB_ORIGINAL_CTID&ISID=2972C8E8-0C6B-40BF-B839-97FAAE74EF7F&SearchSource=58&CUI=&UM=8&UP=SP21566A37-5D38-4F3D-AF13-9DBA7A06F1FB&D=060916&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-291301347-1870860508-2339252175-1006 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dnl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtAyD0B0BtC0Czy0B0BzytN0D0Tzu0StCyCzyyBtN1L2XzutAtFtByEtFyCtFyCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEyEyB0ByEzztByEtGyCyBtBtBtG0B0ByE0EtGtBtDtCyBtG0FzzyBtAyCtDtAtA0A0AyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0CzzzytDtB0C0CtG0EzytCzztGyE0BtBtAtG0AyDtAzytGtDzzyCtByC0E0C0BtC0B0CtB2QtN0A0LzutB%26cr%3D277386627%26a%3Dwbf_fsvideosft_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
BHO-x32: iSkysoft iTube Studio 4.9.0 -> {1A6B6AD0-2735-498F-834C-AFCEA37847C2} -> C:\PROGRA~3\iSkysoft\ITUBES~1\WSBROW~1.DLL => Geen bestand
Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA -  Geen bestand
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [ISAllmytube@iSkysoft.com] - C:\ProgramData\iSkysoft\iTube Studio\ISAllmytube@iSkysoft.com_xpi => niet gevonden
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.nl/
CHR Profile: C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Presentaties) - C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-25]
CHR Extension: (Google Documenten) - C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-25]
CHR Extension: (Google Drive) - C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-25]
CHR Extension: (YouTube) - C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-25]
CHR Extension: (Google Spreadsheets) - C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-25]
CHR Extension: (Offline Documenten) - C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-25]
CHR Extension: (AdBlock) - C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-24]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-25]
CHR Extension: (Gmail) - C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-25]
CHR Extension: (Chrome Media Router) - C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-25]
CHR Extension: (Extutil) - C:\Users\Maart\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B [2016-06-09]
CHR Extension: (Managera) - C:\Users\Maart\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42 [2016-06-09]
CHR HKU\S-1-5-21-291301347-1870860508-2339252175-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (gefilterd) ========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-21] (Synaptics Incorporated)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [254232 2016-08-25] (RaMMicHaeL)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [Bestand niet getekend]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
 
===================== Drivers (gefilterd) ==========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-25] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-10-30] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
 
==================== Een Maand Aangemaakt bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2016-08-25 12:10 - 2016-08-25 12:11 - 00020750 _____ C:\Users\Maart\Desktop\FRST.txt
2016-08-25 12:09 - 2016-08-25 12:10 - 00000000 ____D C:\FRST
2016-08-25 12:08 - 2016-08-25 12:08 - 02396672 _____ (Farbar) C:\Users\Maart\Desktop\FRST64.exe
2016-08-25 11:54 - 2016-08-25 11:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-25 11:54 - 2016-08-25 11:54 - 03826240 _____ C:\Users\Maart\Downloads\adwcleaner_6.010.exe
2016-08-25 11:53 - 2016-08-25 11:53 - 22851472 _____ (Malwarebytes ) C:\Users\Maart\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-25 11:53 - 2016-08-25 11:53 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-25 11:53 - 2016-08-25 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-25 11:53 - 2016-08-25 11:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-25 11:53 - 2016-08-25 11:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-25 11:53 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-25 11:53 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-25 11:53 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-25 11:47 - 2016-08-25 11:47 - 00001095 _____ C:\Users\Public\Desktop\Unchecky.lnk
2016-08-25 11:47 - 2016-08-25 11:47 - 00000000 ____D C:\ProgramData\Unchecky
2016-08-25 11:47 - 2016-08-25 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2016-08-25 11:47 - 2016-08-25 11:47 - 00000000 ____D C:\Program Files (x86)\Unchecky
2016-08-25 11:46 - 2016-08-25 11:46 - 01453048 _____ (RaMMicHaeL) C:\Users\Maart\Downloads\unchecky_setup.exe
2016-08-25 11:44 - 2016-08-25 11:44 - 00001129 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-08-25 11:44 - 2016-08-25 11:44 - 00000000 ____D C:\Users\Maart\AppData\Local\VS Revo Group
2016-08-25 11:44 - 2016-08-25 11:44 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-08-25 11:44 - 2016-08-25 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-08-25 11:44 - 2016-08-25 11:44 - 00000000 ____D C:\Program Files\VS Revo Group
2016-08-25 11:44 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2016-08-25 11:43 - 2016-08-25 11:43 - 11374528 _____ (VS Revo Group ) C:\Users\Maart\Downloads\RevoUninProSetup.exe
2016-08-25 11:32 - 2016-08-25 11:32 - 00000000 ____D C:\Users\Maart\AppData\Local\ElevatedDiagnostics
2016-08-25 11:31 - 2016-08-25 11:31 - 00003566 _____ C:\WINDOWS\System32\Tasks\{8A69BA40-D5CD-493F-BD75-7EE08E31161C}
2016-08-24 17:30 - 2016-08-24 17:30 - 00000000 ____D C:\Users\Maart\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
2016-08-24 15:27 - 2016-08-24 15:27 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-08-24 15:24 - 2016-08-24 15:25 - 35766576 _____ (Aimersoft Software ) C:\Users\Maart\Downloads\aimer-youtube-downloader_full1602.exe
2016-08-24 15:23 - 2016-08-24 15:23 - 42028938 _____ C:\Users\Maart\Downloads\avc_free_mac_intel.dmg
2016-08-24 15:21 - 2016-08-24 15:21 - 00000000 ____D C:\Users\Maart\AppData\Local\iSkysoft
2016-08-24 15:21 - 2016-08-24 15:21 - 00000000 ____D C:\Program Files\Common Files\iSkysoft
2016-08-24 15:19 - 2016-08-24 15:19 - 00000000 ____D C:\Users\Public\Documents\iSkysoft
2016-08-24 15:18 - 2016-08-24 15:18 - 00804192 _____ C:\Users\Maart\Downloads\itube-studio_setup_full1169.exe
2016-08-24 15:11 - 2016-08-24 15:15 - 00000000 ____D C:\Users\Maart\AppData\Local\YoutubeSoft
2016-08-24 15:11 - 2016-08-24 15:11 - 00000000 ____D C:\Users\Maart\AppData\Roaming\YoutubeSoft
2016-08-24 15:11 - 2016-08-24 15:11 - 00000000 ____D C:\Users\Maart\AppData\Local\VideoConverter
2016-08-24 15:11 - 2016-08-24 15:11 - 00000000 ____D C:\ProgramData\YoutubeSoft
2016-08-24 15:10 - 2016-08-24 15:10 - 02332128 _____ (YouTubeSoft) C:\Users\Maart\Downloads\YoutubePlaylistDownloader-setup.exe
2016-08-24 15:06 - 2016-08-24 15:10 - 00000000 ____D C:\Users\Maart\AppData\Local\Downloaded Installations
2016-08-24 15:06 - 2016-08-24 15:06 - 17261792 _____ (YouTubeByClick.com) C:\Users\Maart\Downloads\setup.exe
2016-08-24 14:57 - 2016-08-24 14:57 - 00002386 _____ C:\Users\Maart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2016-08-24 14:55 - 2016-08-24 14:55 - 00002567 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
2016-08-24 14:52 - 2016-08-25 11:25 - 00000000 ____D C:\Users\Maart\AppData\Roaming\DVDVideoSoft
2016-08-24 14:52 - 2016-08-24 14:52 - 02267904 _____ (Digital Wave Ltd ) C:\Users\Maart\Downloads\FreeYouTubeToMP3Converter_4.1.26.721_o.exe
2016-08-15 14:03 - 2016-08-15 14:03 - 00000000 ____D C:\Users\Maart\AppData\LocalLow\BitTorrent
2016-08-15 12:04 - 2016-08-15 12:04 - 00392009 _____ C:\Users\Maart\Downloads\Handleiding MMC Medewerker gegevens wijzigen definitief (1).pdf-
2016-08-15 12:03 - 2016-08-15 12:03 - 00392009 _____ C:\Users\Maart\Downloads\Handleiding MMC Medewerker gegevens wijzigen definitief.pdf-
2016-08-15 11:28 - 2016-08-15 11:28 - 00090612 _____ C:\Users\Maart\Documents\Big registratie.pdf
2016-08-10 15:53 - 2016-08-10 15:53 - 00012706 _____ C:\Users\Maart\Documents\Kopie van gemiste uren (124785).xlsx
2016-08-03 18:04 - 2016-08-03 18:04 - 00014642 _____ C:\Users\Maart\Downloads\Full_Movie_720p_HDRip_NL_[DutchReleaseTeam].rar.torrent
2016-08-02 18:35 - 2016-08-02 14:37 - 00103368 _____ C:\Users\Maart\Downloads\Dirty.Grandpa.2016.1080p.BluRay.x264-GECKOS.srt
2016-08-02 18:35 - 2016-08-02 14:37 - 00006520 _____ C:\Users\Maart\Downloads\dirty.grandpa.(6683184).nfo
2016-08-02 18:34 - 2016-08-02 18:34 - 00043234 _____ C:\Users\Maart\Downloads\dirty.grandpa.(2016).dut.1cd.(6683184).zip
2016-08-02 16:50 - 2016-08-02 16:50 - 00112569 _____ C:\Users\Maart\Downloads\MI Jager - RA-BA Spreekuur vervolg6052016.pdf
2016-07-27 18:45 - 2016-07-27 18:45 - 00000000 ___HD C:\OneDriveTemp
2016-07-27 18:37 - 2016-07-27 18:37 - 00000000 ____D C:\Program Files\CMAK
2016-07-27 18:37 - 2016-07-27 18:37 - 00000000 ____D C:\Program Files (x86)\CMAK
 
==================== Een Maand Gewijzigd bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2016-08-25 12:08 - 2016-06-09 20:37 - 00000000 ____D C:\Users\Maart\AppData\Roaming\BitTorrent
2016-08-25 11:56 - 2014-01-17 16:49 - 00000000 ____D C:\AdwCleaner
2016-08-25 11:49 - 2015-07-26 23:12 - 00001094 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-25 11:38 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-25 11:38 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-25 11:37 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-25 11:35 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-25 11:27 - 2015-08-23 18:02 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2016-08-24 14:43 - 2016-05-25 12:12 - 00000000 ___RD C:\Users\Maart\OneDrive
2016-08-24 14:43 - 2016-05-20 12:07 - 01847504 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-24 14:43 - 2016-02-13 14:53 - 00818858 _____ C:\WINDOWS\system32\perfh013.dat
2016-08-24 14:43 - 2016-02-13 14:53 - 00159472 _____ C:\WINDOWS\system32\perfc013.dat
2016-08-24 14:43 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-15 14:08 - 2016-06-06 22:19 - 00000000 ____D C:\Users\Maart\Downloads\PopcornTime
2016-08-10 16:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 16:02 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 16:02 - 2015-07-26 21:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 15:54 - 2015-07-26 21:30 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 11:51 - 2015-07-26 23:13 - 00002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-10 11:51 - 2015-07-26 23:13 - 00002287 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-08 19:28 - 2016-05-25 12:04 - 00000000 ____D C:\Users\Maart\AppData\Local\Packages
2016-08-06 20:31 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-06 17:49 - 2015-07-26 23:12 - 00001090 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-03 17:27 - 2015-09-12 14:27 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-29 17:44 - 2015-07-26 23:12 - 00004152 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-29 17:44 - 2015-07-26 23:12 - 00003920 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-27 21:25 - 2015-07-26 21:16 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-27 18:45 - 2016-07-16 19:50 - 00000000 ____D C:\Users\Maart\AppData\Local\Spotify
2016-07-27 18:45 - 2016-07-16 19:49 - 00000000 ____D C:\Users\Maart\AppData\Roaming\Spotify
2016-07-27 18:45 - 2016-05-25 12:04 - 00000000 ____D C:\Users\Maart
2016-07-27 18:44 - 2016-02-13 15:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-07-27 18:41 - 2016-02-13 15:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-27 18:40 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-07-27 18:37 - 2016-02-13 15:13 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-27 18:37 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-07-27 18:37 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-07-27 18:37 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-07-27 18:37 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-07-27 18:37 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-07-27 18:37 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-07-27 18:37 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-07-27 18:37 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-07-27 18:37 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-07-27 18:37 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-07-27 18:37 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-07-27 18:37 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
 
Sommige bestanden in TEMP:
====================
C:\Users\Maart\AppData\Local\Temp\dlLogic.exe
C:\Users\Maart\AppData\Local\Temp\offer-43926537-3444-4FB9-9CD5-3140071A5A41.exe
C:\Users\Maart\AppData\Local\Temp\spstub.exe
 
 
==================== Bamital & volsnap =================
 
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
 
C:\WINDOWS\system32\winlogon.exe => Bestand is getekend
C:\WINDOWS\system32\wininit.exe => Bestand is getekend
C:\WINDOWS\explorer.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend
C:\WINDOWS\system32\svchost.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend
C:\WINDOWS\system32\services.exe => Bestand is getekend
C:\WINDOWS\system32\User32.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend
C:\WINDOWS\system32\userinit.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend
C:\WINDOWS\system32\rpcss.dll => Bestand is getekend
C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend
C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend
 
 
LastRegBack: 2016-08-15 15:30
 
==================== Eind van FRST.txt ============================

Attached Files


Kind regards,
Axe0

BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:27 PM

Posted 28 August 2016 - 08:36 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Jo*

Jo*

  • Malware Response Team
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:27 PM

Posted 31 August 2016 - 08:34 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Thread will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 axe0

axe0
  • Topic Starter

  • Malware Study Hall Junior
  • 189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:11:27 PM

Posted 31 August 2016 - 02:03 PM

Hi Jo*,
 
Sorry for the delay.
I'm still working on backing up everything, with the specs of the laptop, the amount of data and the available time per day it takes some time.
 
The SecurityCheck log:
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome (51.0.2704.103)
Google Chrome (52.0.2743.116)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
Windows Defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Kind regards,
Axe0

#5 axe0

axe0
  • Topic Starter

  • Malware Study Hall Junior
  • 189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:11:27 PM

Posted 02 September 2016 - 05:47 PM

An update on the situation, I'll finish backup today. The logs will come shortly after the backup today.


Kind regards,
Axe0

#6 axe0

axe0
  • Topic Starter

  • Malware Study Hall Junior
  • 189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:11:27 PM

Posted 03 September 2016 - 07:21 AM

Malwarebytes Anti-Rootkit BETA 1.9.3.1001

www.malwarebytes.org
 
Database version:
  main:    v2016.09.03.04
  rootkit: v2016.08.15.01
 
Windows 10 x64 NTFS
Internet Explorer 11.545.10586.0
Maart :: MAARTJE-LAPTOP [administrator]
 
3-9-2016 13:30:49
mbar-log-2016-09-03 (13-30-49).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 320257
Time elapsed: 34 minute(s), 27 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\settings.ini (Trojan.Injector.BHO) -> No action taken. [2f915e0f4951b2842bfef0abbb4925db]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 

 

 

# AdwCleaner v6.010 - Logbestand aangemaakt 03/09/2016 op 14:11:22

# *Updated on 12/08/2016 by ToolsLib
# Gebruik lokale database : 2016-09-03.1 [*Server]
# Besturingssysteem : Windows 10 Pro  (X64)
# Gebruikersnaam : Maart - MAARTJE-LAPTOP
# Gestart vanuit : C:\Users\Maart\Downloads\AdwCleaner.exe
# *Mode: Scan
# Ondersteuning : https://toolslib.net/forum
 
 
 
***** [ *Services ] *****
 
Service Update service
 
 
***** [ Mappen ] *****
 
gevonden C:\Users\Maart\AppData\Local\SearchProtect
gevonden C:\Users\Maart\AppData\Local\VideoConverter
gevonden C:\Users\Maart\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
gevonden C:\Users\Maart\AppData\Local\VirtualStore\Program Files (x86)\Popcorn Time
gevonden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
gevonden C:\Users\Public\Documents\Downloaded Installers
gevonden C:\Program Files (x86)\SearchProtect
gevonden C:\Program Files (x86)\Popcorn Time
 
 
***** [ Bestanden ] *****
 
gevonden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
gevonden C:\user.js
 
 
***** [ DLL ] *****
 
*No malicious DLLs found.
 
 
***** [ WMI ] *****
 
*No malicious keys found.
 
 
***** [ Snelkoppelingen ] *****
 
Zoeken naar bestanden ...
 
 
***** [ Geplande taken ] *****
 
*No malicious task found.
 
 
***** [ Register ] *****
 
gevonden HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
gevonden HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
gevonden [x64] HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
gevonden [x64] HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
gevonden HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
gevonden HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
gevonden HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
gevonden HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
gevonden HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
gevonden HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
gevonden HKU\S-1-5-21-291301347-1870860508-2339252175-1006\Software\PRODUCTSETUP
gevonden HKU\S-1-5-21-291301347-1870860508-2339252175-1006\Software\csastats
gevonden HKCU\Software\PRODUCTSETUP
gevonden HKCU\Software\csastats
gevonden HKLM\SOFTWARE\SPPDCOM
gevonden HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Popcorn Time_is1
gevonden [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxps://nl.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_16_34&param1=1&param2=f%3D1%26b%3DIE%26cc%3
gevonden HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxps://nl.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_16_34&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dn
gevonden [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
gevonden [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
gevonden HKU\S-1-5-21-291301347-1870860508-2339252175-1006\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
gevonden HKU\S-1-5-21-291301347-1870860508-2339252175-1006\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
gevonden HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
gevonden HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
gevonden HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
gevonden HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
gevonden HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
gevonden HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
 
 
***** [ Internetbrowsers ] *****
 
Zoeken naar register-items ...
*Chromium pref Found: [C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - booedmolknjekdopkepjjeckmjkdpfgl
*Chromium pref Found: [C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - flpcjncodpafbgdpnkljologafpionhb
*Chromium pref Found: [C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - pilplloabdedfmialnfchjomjmpjcoej
 
*************************
 
C:\AdwCleaner\AdwCleaner[R0].txt - [29184 bytes] - [17/01/2014 16:49:16]
C:\AdwCleaner\AdwCleaner[R1].txt - [26393 bytes] - [19/01/2014 22:33:28]
C:\AdwCleaner\AdwCleaner[R2].txt - [24228 bytes] - [10/04/2015 18:10:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [24226 bytes] - [19/01/2014 22:38:14]
C:\AdwCleaner\AdwCleaner[S1].txt - [9877 bytes] - [10/04/2015 18:13:19]
C:\AdwCleaner\AdwCleaner[S2].txt - [5411 bytes] - [25/08/2016 11:56:53]
C:\AdwCleaner\AdwCleaner[S3].txt - [4884 bytes] - [03/09/2016 14:11:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [4957 bytes] ##########
 

Kind regards,
Axe0

#7 Jo*

Jo*

  • Malware Response Team
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:27 PM

Posted 03 September 2016 - 08:08 AM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Double click mbar.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Scan your system for malware
  • If malware is found, click on the Cleanup
  • button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 axe0

axe0
  • Topic Starter

  • Malware Study Hall Junior
  • 189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:11:27 PM

Posted 03 September 2016 - 10:22 AM

For unknown reasons I can't copy/paste the Adwcleaner log so it is attached.
 
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2016.09.03.04
  rootkit: v2016.08.15.01
 
Windows 10 x64 NTFS
Internet Explorer 11.545.10586.0
Maart :: MAARTJE-LAPTOP [administrator]
 
3-9-2016 15:26:53
mbar-log-2016-09-03 (15-26-53).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 320955
Time elapsed: 33 minute(s), 55 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\settings.ini (Trojan.Injector.BHO) -> Delete on reboot. [ad1381ec9406f93d37f24a51dc28fd03]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Pro x64 
Ran by Maart (Administrator) on za 03-09-2016 at 16:54:24,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 4 
 
Successfully deleted: C:\WINDOWS\prefetch\FREEYOUTUBETOMP3CONVERTER_4.1-57E1E15F.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\FREEYOUTUBETOMP3CONVERTER_4.1-8B74F88A.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\FREEYOUTUBETOMP3CONVERTER_4.1-B7A797E7.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\FREEYOUTUBETOMP3CONVERTERBASE-2B779FA9.pf (File) 
 
 
 
Registry: 2 
 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A6B6AD0-2735-498F-834C-AFCEA37847C2} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A6B6AD0-2735-498F-834C-AFCEA37847C2} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on za 03-09-2016 at 17:07:37,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Attached File  AdwCleanerC0.txt   5.02KB   1 downloads

Kind regards,
Axe0

#9 Jo*

Jo*

  • Malware Response Team
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:27 PM

Posted 03 September 2016 - 10:37 AM

FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the box next to Addition.txt and press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 axe0

axe0
  • Topic Starter

  • Malware Study Hall Junior
  • 189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:11:27 PM

Posted 03 September 2016 - 10:47 AM

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 31-08-2016
Gestart door Maart (Beheerder) op MAARTJE-LAPTOP (03-09-2016 17:40:51)
Gestart vanaf C:\Users\Maart\Desktop
Geladen Profielen: Maart (Beschikbare Profielen: Maart)
Platform: Windows 10 Pro Versie 1511 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Spotify Ltd) C:\Users\Maart\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Maart\Downloads\AdwCleaner.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40721.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40721.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40721.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
() C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
 
 
==================== Register (gefilterd) ===========================
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3937448 2015-07-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\iTube Studio\DelayPluginI.exe
HKU\S-1-5-21-291301347-1870860508-2339252175-1006\...\Run: [Spotify Web Helper] => C:\Users\Maart\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-09-03] (Spotify Ltd)
HKU\S-1-5-21-291301347-1870860508-2339252175-1006\...\Run: [Spotify] => C:\Users\Maart\AppData\Roaming\Spotify\Spotify.exe [6930544 2016-09-03] (Spotify Ltd)
HKU\S-1-5-21-291301347-1870860508-2339252175-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
GroupPolicyScripts: Restrictie <======= AANDACHT
 
==================== Internet (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)
 
Hosts: Er zijn meer dan één item in Hosts. Zie Hosts deel van Addition.txt
Tcpip\Parameters: [DhcpNameServer] 88.159.1.200 88.159.1.201
Tcpip\..\Interfaces\{7f099d6a-4374-4dbf-90bc-c3fc564753f3}: [DhcpNameServer] 88.159.1.200 88.159.1.201
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA -  Geen bestand
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [ISAllmytube@iSkysoft.com] - C:\ProgramData\iSkysoft\iTube Studio\ISAllmytube@iSkysoft.com_xpi => niet gevonden
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.nl/
CHR Profile: C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Presentaties) - C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-25]
CHR Extension: (Google Documenten) - C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-25]
CHR Extension: (Google Drive) - C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-25]
CHR Extension: (YouTube) - C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-25]
CHR Extension: (Google Spreadsheets) - C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-25]
CHR Extension: (Offline Documenten) - C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-25]
CHR Extension: (AdBlock) - C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-24]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-25]
CHR Extension: (Gmail) - C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-25]
CHR Extension: (Chrome Media Router) - C:\Users\Maart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
 
==================== Services (gefilterd) ========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-21] (Synaptics Incorporated)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [254232 2016-08-25] (RaMMicHaeL)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
 
===================== Drivers (gefilterd) ==========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-10-30] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
 
==================== Een Maand Aangemaakt bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2016-09-03 17:40 - 2016-09-03 17:40 - 00000000 ____D C:\Users\Maart\Desktop\FRST-OlderVersion
2016-09-03 17:07 - 2016-09-03 17:07 - 00001248 _____ C:\Users\Maart\Desktop\JRT.txt
2016-09-03 16:53 - 2016-09-03 16:53 - 01610560 _____ (Malwarebytes) C:\Users\Maart\Downloads\JRT.exe
2016-09-03 16:06 - 2016-09-03 16:06 - 00000000 ___HD C:\OneDriveTemp
2016-09-03 16:01 - 2016-09-03 16:01 - 00002246 _____ C:\Users\Maart\Desktop\mbar-log-2016-09-03 (15-26-53).txt
2016-09-03 14:17 - 2016-09-03 14:10 - 00002244 _____ C:\Users\Maart\Desktop\mbar-log-2016-09-03 (13-30-49).txt
2016-09-03 14:08 - 2016-09-03 14:08 - 03826240 _____ C:\Users\Maart\Downloads\AdwCleaner.exe
2016-09-03 13:30 - 2016-09-03 16:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-09-03 13:28 - 2016-09-03 17:13 - 00000000 ____D C:\Users\Maart\Desktop\mbar
2016-09-03 13:26 - 2016-09-03 13:27 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Maart\Desktop\mbar-1.09.3.1001.exe
2016-09-03 13:26 - 2016-09-03 13:26 - 00025709 _____ C:\Users\Maart\Desktop\MBAM scan.txt
2016-08-30 20:29 - 2016-08-30 20:29 - 00852798 _____ C:\Users\Maart\Desktop\SecurityCheck.exe
2016-08-30 20:28 - 2016-08-30 20:29 - 00852798 _____ C:\Users\Maart\Downloads\SecurityCheck.exe
2016-08-26 16:50 - 2016-08-26 16:50 - 00003340 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-26 16:48 - 2016-08-26 16:48 - 00000000 ____D C:\Users\Maart\AppData\Roaming\Skype
2016-08-25 14:52 - 2016-08-25 14:52 - 03533757 _____ C:\Users\Maart\Downloads\Nick & Simon - Vrij  (Officiële Videoclip)
2016-08-25 14:51 - 2016-08-25 14:51 - 04639339 _____ C:\Users\Maart\Downloads\Nick & Simon - Ze Lijkt Net Niet Op Jou (Official Music Video) HQ
2016-08-25 14:51 - 2016-08-25 14:51 - 03424131 _____ C:\Users\Maart\Downloads\Nick & Simon - Wijzer (Dan Je Was)  (Officiële Videoclip)
2016-08-25 14:50 - 2016-08-25 14:50 - 04016643 _____ C:\Users\Maart\Downloads\Nick & Simon - Pak Van Mijn Hart (Officiële Videoclip)
2016-08-25 14:44 - 2016-08-25 14:44 - 04028737 _____ C:\Users\Maart\Downloads\James Bay - Hold Back The River (Live On Ellen)
2016-08-25 14:43 - 2016-08-25 14:43 - 04515365 _____ C:\Users\Maart\Downloads\Dotan - This Town
2016-08-25 12:10 - 2016-09-03 17:41 - 00013948 _____ C:\Users\Maart\Desktop\FRST.txt
2016-08-25 12:09 - 2016-09-03 17:40 - 00000000 ____D C:\FRST
2016-08-25 12:08 - 2016-09-03 17:40 - 02397696 _____ (Farbar) C:\Users\Maart\Desktop\FRST64.exe
2016-08-25 11:54 - 2016-09-03 17:10 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-25 11:54 - 2016-08-25 11:54 - 03826240 _____ C:\Users\Maart\Downloads\adwcleaner_6.010.exe
2016-08-25 11:53 - 2016-08-25 11:53 - 22851472 _____ (Malwarebytes ) C:\Users\Maart\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-25 11:53 - 2016-08-25 11:53 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-25 11:53 - 2016-08-25 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-25 11:53 - 2016-08-25 11:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-25 11:53 - 2016-08-25 11:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-25 11:53 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-25 11:53 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-25 11:53 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-25 11:47 - 2016-08-25 11:47 - 00001095 _____ C:\Users\Public\Desktop\Unchecky.lnk
2016-08-25 11:47 - 2016-08-25 11:47 - 00000000 ____D C:\ProgramData\Unchecky
2016-08-25 11:47 - 2016-08-25 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2016-08-25 11:47 - 2016-08-25 11:47 - 00000000 ____D C:\Program Files (x86)\Unchecky
2016-08-25 11:46 - 2016-08-25 11:46 - 01453048 _____ (RaMMicHaeL) C:\Users\Maart\Downloads\unchecky_setup.exe
2016-08-25 11:44 - 2016-08-25 11:44 - 00001129 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-08-25 11:44 - 2016-08-25 11:44 - 00000000 ____D C:\Users\Maart\AppData\Local\VS Revo Group
2016-08-25 11:44 - 2016-08-25 11:44 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-08-25 11:44 - 2016-08-25 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-08-25 11:44 - 2016-08-25 11:44 - 00000000 ____D C:\Program Files\VS Revo Group
2016-08-25 11:44 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2016-08-25 11:43 - 2016-08-25 11:43 - 11374528 _____ (VS Revo Group ) C:\Users\Maart\Downloads\RevoUninProSetup.exe
2016-08-25 11:32 - 2016-08-25 11:32 - 00000000 ____D C:\Users\Maart\AppData\Local\ElevatedDiagnostics
2016-08-25 11:31 - 2016-08-25 11:31 - 00003566 _____ C:\WINDOWS\System32\Tasks\{8A69BA40-D5CD-493F-BD75-7EE08E31161C}
2016-08-24 15:27 - 2016-08-24 15:27 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-08-24 15:24 - 2016-08-24 15:25 - 35766576 _____ (Aimersoft Software ) C:\Users\Maart\Downloads\aimer-youtube-downloader_full1602.exe
2016-08-24 15:23 - 2016-08-24 15:23 - 42028938 _____ C:\Users\Maart\Downloads\avc_free_mac_intel.dmg
2016-08-24 15:21 - 2016-08-24 15:21 - 00000000 ____D C:\Users\Maart\AppData\Local\iSkysoft
2016-08-24 15:21 - 2016-08-24 15:21 - 00000000 ____D C:\Program Files\Common Files\iSkysoft
2016-08-24 15:19 - 2016-08-24 15:19 - 00000000 ____D C:\Users\Public\Documents\iSkysoft
2016-08-24 15:18 - 2016-08-24 15:18 - 00804192 _____ C:\Users\Maart\Downloads\itube-studio_setup_full1169.exe
2016-08-24 15:11 - 2016-08-24 15:15 - 00000000 ____D C:\Users\Maart\AppData\Local\YoutubeSoft
2016-08-24 15:11 - 2016-08-24 15:11 - 00000000 ____D C:\Users\Maart\AppData\Roaming\YoutubeSoft
2016-08-24 15:11 - 2016-08-24 15:11 - 00000000 ____D C:\ProgramData\YoutubeSoft
2016-08-24 15:10 - 2016-08-24 15:10 - 02332128 _____ (YouTubeSoft) C:\Users\Maart\Downloads\YoutubePlaylistDownloader-setup.exe
2016-08-24 15:06 - 2016-08-24 15:10 - 00000000 ____D C:\Users\Maart\AppData\Local\Downloaded Installations
2016-08-24 15:06 - 2016-08-24 15:06 - 17261792 _____ (YouTubeByClick.com) C:\Users\Maart\Downloads\setup.exe
2016-08-24 14:57 - 2016-08-24 14:57 - 00002386 _____ C:\Users\Maart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2016-08-24 14:52 - 2016-08-25 11:25 - 00000000 ____D C:\Users\Maart\AppData\Roaming\DVDVideoSoft
2016-08-24 14:52 - 2016-08-24 14:52 - 02267904 _____ (Digital Wave Ltd ) C:\Users\Maart\Downloads\FreeYouTubeToMP3Converter_4.1.26.721_o.exe
2016-08-15 14:03 - 2016-08-15 14:03 - 00000000 ____D C:\Users\Maart\AppData\LocalLow\BitTorrent
2016-08-15 12:04 - 2016-08-15 12:04 - 00392009 _____ C:\Users\Maart\Downloads\Handleiding MMC Medewerker gegevens wijzigen definitief (1).pdf-
2016-08-15 12:03 - 2016-08-15 12:03 - 00392009 _____ C:\Users\Maart\Downloads\Handleiding MMC Medewerker gegevens wijzigen definitief.pdf-
2016-08-15 11:28 - 2016-08-15 11:28 - 00090612 _____ C:\Users\Maart\Documents\Big registratie.pdf
2016-08-10 15:53 - 2016-08-10 15:53 - 00012706 _____ C:\Users\Maart\Documents\Kopie van gemiste uren (124785).xlsx
2016-08-10 14:46 - 2016-08-03 12:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 14:46 - 2016-08-03 12:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 14:46 - 2016-08-03 12:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 14:46 - 2016-08-03 12:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 14:46 - 2016-08-03 12:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 14:46 - 2016-08-03 12:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 14:46 - 2016-08-03 12:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 14:46 - 2016-08-03 12:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 14:46 - 2016-08-03 12:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 14:46 - 2016-08-03 12:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 14:46 - 2016-08-03 11:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 14:46 - 2016-08-03 11:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 14:46 - 2016-08-03 11:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 14:46 - 2016-08-03 11:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 14:46 - 2016-08-03 11:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 14:46 - 2016-08-03 11:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 14:46 - 2016-08-03 11:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 14:46 - 2016-08-03 11:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 14:46 - 2016-08-03 11:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 14:46 - 2016-08-03 11:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 14:46 - 2016-08-03 11:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 14:46 - 2016-08-03 11:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 14:46 - 2016-08-03 11:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 14:46 - 2016-08-03 11:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 14:46 - 2016-08-03 11:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 14:46 - 2016-08-03 11:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 14:46 - 2016-08-03 11:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 14:46 - 2016-08-03 11:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 14:46 - 2016-08-03 11:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 14:46 - 2016-08-03 11:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 14:46 - 2016-08-03 11:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 14:46 - 2016-08-03 11:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 14:46 - 2016-08-03 11:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 14:46 - 2016-08-03 11:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 14:46 - 2016-08-03 11:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 14:46 - 2016-08-03 07:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 14:46 - 2016-08-03 07:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 14:46 - 2016-08-03 07:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 14:46 - 2016-08-03 07:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 14:46 - 2016-08-03 07:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 14:46 - 2016-08-03 07:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 14:46 - 2016-08-03 06:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 14:46 - 2016-08-03 06:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 14:46 - 2016-08-03 06:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 14:46 - 2016-08-03 06:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 14:46 - 2016-08-03 06:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 14:46 - 2016-08-03 06:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 14:46 - 2016-08-03 06:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 14:46 - 2016-08-03 06:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 14:46 - 2016-08-03 06:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 14:46 - 2016-08-03 06:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 14:46 - 2016-08-03 06:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 14:46 - 2016-08-03 06:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 14:46 - 2016-08-03 06:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 14:46 - 2016-08-03 06:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-10 14:45 - 2016-08-03 13:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 14:45 - 2016-08-03 13:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 14:45 - 2016-08-03 13:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 14:45 - 2016-08-03 12:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 14:45 - 2016-08-03 12:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 14:45 - 2016-08-03 12:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 14:45 - 2016-08-03 12:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 14:45 - 2016-08-03 12:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 14:45 - 2016-08-03 12:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 14:45 - 2016-08-03 12:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 14:45 - 2016-08-03 12:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 14:45 - 2016-08-03 12:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 14:45 - 2016-08-03 12:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 14:45 - 2016-08-03 12:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 14:45 - 2016-08-03 12:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 14:45 - 2016-08-03 12:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 14:45 - 2016-08-03 11:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 14:45 - 2016-08-03 11:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 14:45 - 2016-08-03 11:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 14:45 - 2016-08-03 11:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 14:45 - 2016-08-03 11:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 14:45 - 2016-08-03 11:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 14:45 - 2016-08-03 11:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 14:45 - 2016-08-03 11:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 14:45 - 2016-08-03 11:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 14:45 - 2016-08-03 11:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 14:45 - 2016-08-03 11:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 14:45 - 2016-08-03 11:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 14:45 - 2016-08-03 11:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 14:45 - 2016-08-03 11:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 14:45 - 2016-08-03 11:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 14:45 - 2016-08-03 11:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 14:45 - 2016-08-03 11:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 14:45 - 2016-08-03 11:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 14:45 - 2016-08-03 11:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 14:45 - 2016-08-03 11:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 14:45 - 2016-08-03 11:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 14:45 - 2016-08-03 11:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 14:45 - 2016-08-03 11:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 14:45 - 2016-08-03 11:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 14:45 - 2016-08-03 11:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 14:45 - 2016-08-03 11:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 14:45 - 2016-08-03 11:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 14:45 - 2016-08-03 11:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 14:45 - 2016-08-03 11:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 14:45 - 2016-08-03 11:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 14:45 - 2016-08-03 11:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 14:45 - 2016-08-03 11:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 14:45 - 2016-08-03 11:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 14:45 - 2016-08-03 11:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 14:45 - 2016-08-03 11:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 14:45 - 2016-08-03 07:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 14:45 - 2016-08-03 07:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 14:45 - 2016-08-03 07:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 14:45 - 2016-08-03 07:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 14:45 - 2016-08-03 06:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 14:45 - 2016-08-03 06:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 14:45 - 2016-08-03 06:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 14:45 - 2016-08-03 06:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 14:45 - 2016-08-03 06:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 14:45 - 2016-08-03 06:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 14:45 - 2016-08-03 06:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 14:45 - 2016-08-03 06:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 14:45 - 2016-08-03 06:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 14:45 - 2016-08-03 06:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 14:45 - 2016-08-03 06:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 14:45 - 2016-08-03 06:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 14:45 - 2016-08-03 06:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 14:45 - 2016-08-03 06:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 14:45 - 2016-08-03 06:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 14:45 - 2016-08-03 06:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 14:45 - 2016-08-03 06:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 14:45 - 2016-08-03 06:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 14:45 - 2016-08-03 06:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
 
==================== Een Maand Gewijzigd bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2016-09-03 17:15 - 2016-05-20 12:07 - 01847504 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-03 17:15 - 2016-02-13 14:53 - 00818858 _____ C:\WINDOWS\system32\perfh013.dat
2016-09-03 17:15 - 2016-02-13 14:53 - 00159472 _____ C:\WINDOWS\system32\perfc013.dat
2016-09-03 17:15 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-03 17:11 - 2016-07-16 19:50 - 00000000 ____D C:\Users\Maart\AppData\Local\Spotify
2016-09-03 17:11 - 2016-07-16 19:49 - 00000000 ____D C:\Users\Maart\AppData\Roaming\Spotify
2016-09-03 17:11 - 2016-05-25 12:12 - 00000000 ___RD C:\Users\Maart\OneDrive
2016-09-03 17:10 - 2015-07-26 23:12 - 00001090 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-03 17:09 - 2016-02-13 15:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-03 17:08 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-03 16:49 - 2015-07-26 23:12 - 00001094 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-03 16:21 - 2014-01-17 16:49 - 00000000 ____D C:\AdwCleaner
2016-09-03 13:00 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-03 13:00 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-03 12:49 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-03 12:49 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-30 21:15 - 2016-05-26 13:20 - 00000000 ____D C:\Users\Maart\Documents\School
2016-08-26 16:50 - 2016-05-25 12:12 - 00002435 _____ C:\Users\Maart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-25 14:27 - 2016-02-13 15:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-25 13:09 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-25 12:53 - 2016-05-25 12:04 - 00000000 ____D C:\Users\Maart
2016-08-25 12:49 - 2016-02-13 15:13 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-25 12:49 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-25 12:46 - 2016-06-09 20:37 - 00000000 ____D C:\Users\Maart\AppData\Roaming\BitTorrent
2016-08-25 11:37 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-25 11:35 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-25 11:27 - 2015-08-23 18:02 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2016-08-15 14:08 - 2016-06-06 22:19 - 00000000 ____D C:\Users\Maart\Downloads\PopcornTime
2016-08-10 16:02 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 16:02 - 2015-07-26 21:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 15:54 - 2015-07-26 21:30 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 11:51 - 2015-07-26 23:13 - 00002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-10 11:51 - 2015-07-26 23:13 - 00002287 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-08 19:28 - 2016-05-25 12:04 - 00000000 ____D C:\Users\Maart\AppData\Local\Packages
 
Sommige bestanden in TEMP:
====================
C:\Users\Maart\AppData\Local\Temp\libeay32.dll
C:\Users\Maart\AppData\Local\Temp\msvcr120.dll
C:\Users\Maart\AppData\Local\Temp\offer-43926537-3444-4FB9-9CD5-3140071A5A41.exe
C:\Users\Maart\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
 
C:\WINDOWS\system32\winlogon.exe => Bestand is getekend
C:\WINDOWS\system32\wininit.exe => Bestand is getekend
C:\WINDOWS\explorer.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend
C:\WINDOWS\system32\svchost.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend
C:\WINDOWS\system32\services.exe => Bestand is getekend
C:\WINDOWS\system32\User32.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend
C:\WINDOWS\system32\userinit.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend
C:\WINDOWS\system32\rpcss.dll => Bestand is getekend
C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend
C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend
 
 
LastRegBack: 2016-09-03 17:01
 
==================== Eind van FRST.txt ============================
 
 
 
 
Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 31-08-2016
Gestart door Maart (03-09-2016 17:42:53)
Gestart vanaf C:\Users\Maart\Desktop
Windows 10 Pro Versie 1511 (X64) (2016-05-20 10:19:56)
Boot Modus: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-291301347-1870860508-2339252175-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-291301347-1870860508-2339252175-503 - Limited - Disabled)
Gast (S-1-5-21-291301347-1870860508-2339252175-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-291301347-1870860508-2339252175-1002 - Limited - Enabled)
Maart (S-1-5-21-291301347-1870860508-2339252175-1006 - Administrator - Enabled) => C:\Users\Maart
 
==================== Security Center ========================
 
(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Geïnstalleerde programma's ======================
 
(Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)
 
Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-291301347-1870860508-2339252175-1006\...\BitTorrent) (Version: 7.9.8.42450 - BitTorrent Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Malwarebytes Anti-Malware versie 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.1.0 - Popcorn Time) <==== AANDACHT
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-291301347-1870860508-2339252175-1006\...\Spotify) (Version: 1.0.36.124.g1cba1920 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
Unchecky v1.0.1 (HKLM-x32\...\Unchecky) (Version: 1.0.1 - RaMMicHaeL)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
 
==================== Aangepaste CLSID (gefilterd): ==========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
CustomCLSID: HKU\S-1-5-21-291301347-1870860508-2339252175-1006_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Maart\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
 
==================== Geplande Taken (gefilterd) =============
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {13827287-27F5-4364-BC01-B8D89C576827} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-26] (Google Inc.)
Task: {1FE8A0F4-377F-4688-A78A-38995F679470} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Geen bestand <==== AANDACHT
Task: {203A3C8A-407E-46BE-912B-B277E8CC0246} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Geen bestand <==== AANDACHT
Task: {2B85B8A3-D49B-43E4-86F4-A59B2863F02C} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Maart\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-26] (Microsoft Corporation)
Task: {388F8676-6004-4057-A173-089B437AA1C3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Geen bestand <==== AANDACHT
Task: {41F6736C-2875-4A34-9141-26D90236F7BD} - System32\Tasks\{8A69BA40-D5CD-493F-BD75-7EE08E31161C} => pcalua.exe -a C:\Users\Maart\AppData\Local\{C513F34F-E1BB-9FF7-8C23-BA1FA84B4687}\uninst.exe -c -FN="C:\Users\Maart\AppData\Roaming\{C54EF3F5-E01C-9E83-8B2A-B95157F8446F}\synctask.exe"-P=/Uninstall /s /noun /DelSelfDir
Task: {47A44448-573F-4BFE-9047-D0581E199A8F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Geen bestand <==== AANDACHT
Task: {47F35EA0-5DD7-4E38-B101-F404950AE3EF} - \CCleanerSkipUAC -> Geen bestand <==== AANDACHT
Task: {6799C84A-4920-47E0-9713-6CB1CE2BCFB1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-26] (Google Inc.)
Task: {73006B1A-1987-4B88-A90B-A94C51BF1B35} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {95D6E3ED-F708-4DCC-A959-10BDDBCA03F3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Geen bestand <==== AANDACHT
Task: {A623B565-2AD9-4A0E-BCE9-6A7656E5B3C9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Geen bestand <==== AANDACHT
Task: {AE1B97D0-4CE5-42A3-A70E-036E48ACDDD7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Geen bestand <==== AANDACHT
Task: {B3F7B560-7706-47E3-BAC4-13526684CD1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Geen bestand <==== AANDACHT
Task: {B972614E-6483-4EEE-A22A-200740157BAB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Geen bestand <==== AANDACHT
Task: {BAF4D407-CD0A-4B19-9ABE-9A5B06A7EAF0} - \Microsoft\Windows\Setup\gwx\rundetector -> Geen bestand <==== AANDACHT
Task: {C5221870-5234-488B-83E9-2587440F8373} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Geen bestand <==== AANDACHT
Task: {C8870B23-F91A-4343-ACB9-DA8FA35DE2EE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Geen bestand <==== AANDACHT
Task: {D695586F-774E-4A08-8695-D23CA7FAFEAA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Geen bestand <==== AANDACHT
Task: {E34EA744-3A01-419F-AC59-5FEFBC0E3603} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Geen bestand <==== AANDACHT
 
(Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Snelkoppelingen =============================
 
(De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.)
 
==================== Geladen Modules (gefilterd) ==============
 
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 19:45 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-26 16:49 - 2016-08-26 16:49 - 01864384 _____ () C:\Users\Maart\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-05-24 22:39 - 2016-05-24 22:39 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-07-16 19:45 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-02-13 14:57 - 2016-02-13 14:57 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 19:47 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-16 19:45 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-16 19:45 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-16 19:45 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-16 19:45 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-03 14:08 - 2016-09-03 14:08 - 03826240 _____ () C:\Users\Maart\Downloads\AdwCleaner.exe
2016-08-24 15:28 - 2016-08-24 18:27 - 04028608 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40721.0_x64__8wekyb3d8bbwe\gfxim.dll
2016-08-24 15:28 - 2016-08-24 18:27 - 00071872 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40721.0_x64__8wekyb3d8bbwe\icui18n56.dll
2016-08-16 11:06 - 2016-08-16 11:06 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-08-16 11:06 - 2016-08-16 11:06 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-03 18:51 - 2016-06-03 18:51 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-05-24 22:35 - 2016-05-24 22:35 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-10-30 09:18 - 2015-10-30 09:18 - 02100064 _____ () C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
2016-05-24 22:39 - 2016-05-24 22:39 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-24 22:39 - 2016-05-24 22:39 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-08-26 16:48 - 2016-08-26 16:49 - 01383616 _____ () C:\Users\Maart\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-26 16:49 - 2016-08-26 16:49 - 00118976 _____ () C:\Users\Maart\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-08-10 11:50 - 2016-08-03 02:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-10 11:50 - 2016-08-03 02:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
 
==================== Alternate Data Streams (gefilterd) =========
 
(Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)
 
 
==================== Veilige Modus (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)
 
 
==================== Bestandskoppeling (gefilterd) ===============
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)
 
 
==================== Internet Explorer vertrouwde/beperkte toegang ===============
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)
 
IE trusted site: HKU\S-1-5-21-291301347-1870860508-2339252175-1006\...\sharepoint.com -> hxxps://rocteraa365-files.sharepoint.com
 
==================== Hosts inhoud: ==========================
 
(Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)
 
2013-08-22 15:25 - 2016-09-03 17:09 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
 
Er zijn 4 meer regels.
 
 
==================== Andere gebieden ============================
 
(Momenteel is er geen automatische fix voor dit onderdeel.)
 
HKU\S-1-5-21-291301347-1870860508-2339252175-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Maart\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 88.159.1.200 - 88.159.1.201
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is ingeschakeld.
 
==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==
 
(Momenteel is er geen automatische fix voor dit onderdeel.)
 
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "CitrixReceiver"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"
HKU\S-1-5-21-291301347-1870860508-2339252175-1006\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-291301347-1870860508-2339252175-1006\...\StartupApproved\Run: => "Spotify Web Helper"
 
==================== Firewall regels (gefilterd) ===============
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{E5FA30EC-841C-4737-8404-DB407FFB6AA4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5AD8D78F-FC43-4001-AEE0-F797F5730C56}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{8CAAA44D-DA31-43BF-AE0C-6B662C3D33D0}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [TCP Query User{8868709F-9457-46FB-B4E2-5D02E97EDF5A}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [UDP Query User{9841E57B-7FD3-45A7-AC65-8898D9185BC2}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{B07BE076-BD70-430B-B7AC-B016CDCD3A46}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [{699F1459-2733-4BE0-B3A2-17D7CEA833F2}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{35DE21DB-741B-4E0C-A0CA-2872BBD8256B}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{7888AA0B-CC81-403F-ABE2-D4CEA200252F}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{824B243F-79E4-4276-8F28-07EA7D382AE9}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{D4273E8A-F963-4984-81CC-61F5A5652E31}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{FEF14972-0F78-4BE1-9736-107420A053B9}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [UDP Query User{88E7576E-0036-43C6-9C97-7E7BEE2F0249}C:\users\maartje\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\maartje\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{A84D3062-AF16-4003-BF56-CC0D2D44C288}C:\users\maartje\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\maartje\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{750AF208-CC6C-452C-BA21-5EFC4B4E264A}C:\users\maartje\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\maartje\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{590C8C88-F007-4EB7-AB1B-956246B74B02}C:\users\maartje\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\maartje\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{5B42A77E-6C7E-4880-AFC0-9037DF84B3D1}C:\users\maartje\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\maartje\appdata\local\popcorn time\nw.exe
FirewallRules: [TCP Query User{C3E147A7-81E6-4D92-9496-C9B0FBD0E5FB}C:\users\maartje\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\maartje\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{5A5966F2-A51D-4B31-B287-10A0922FECE5}C:\program files (x86)\diablo iii\diablo iii.exe] => (Block) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{8B723729-9461-4319-B858-7235D7565456}C:\program files (x86)\diablo iii\diablo iii.exe] => (Block) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{F240C249-D3E3-4950-8E3D-02CAFC960716}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E4E47EA7-D7C0-4D4A-8C34-50E3C3BC65B8}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{B701300E-6A27-4EAF-BB5A-2279E0AB091E}C:\users\maart\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\maart\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{3BBB6507-E12D-467C-9BA4-CF13AE7331BF}C:\users\maart\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\maart\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{F0503805-EF05-48E4-A690-507E9CD9D5B9}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{7FB1A8EE-F164-4068-A9A2-65AFA1437425}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{7A88845C-225C-4F00-AF1D-DFCCB310C93C}C:\users\maart\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\maart\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3BDBD53F-87FC-4458-9B94-6BE9A84E487D}C:\users\maart\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\maart\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6C97278A-C1FC-4B85-AFE6-16674DD74F97}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{00F22E90-FDCA-4172-8C59-451B1C2181AD}C:\users\maart\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\maart\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{888318F3-3320-47D4-8115-A9D8DC2774AC}C:\users\maart\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\maart\appdata\roaming\bittorrent\bittorrent.exe
 
==================== Herstelpunten =========================
 
10-08-2016 15:46:43 Windows Update
24-08-2016 15:07:10 Installed YouTubeByClick.
03-09-2016 12:58:37 Windows Update
03-09-2016 16:01:19 Malwarebytes Anti-Rootkit Restore Point
03-09-2016 16:54:30 JRT Pre-Junkware Removal
 
==================== Defecte Apparaatbeheer Apparaten =============
 
 
==================== Eventlog fouten: =========================
 
Applicatiefouten:
==================
Error: (09/03/2016 05:11:19 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLL' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST op regel 5.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definitie is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Gebruik sxstrace.exe voor gedetailleerde diagnose.
 
Error: (09/03/2016 04:54:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
Error: (09/03/2016 04:25:17 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLL' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST op regel 5.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definitie is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Gebruik sxstrace.exe voor gedetailleerde diagnose.
 
Error: (09/03/2016 04:06:04 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLL' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST op regel 5.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definitie is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Gebruik sxstrace.exe voor gedetailleerde diagnose.
 
Error: (09/03/2016 04:01:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
Error: (09/03/2016 12:59:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
Error: (09/03/2016 12:03:08 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLL' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST op regel 5.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definitie is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Gebruik sxstrace.exe voor gedetailleerde diagnose.
 
Error: (08/25/2016 02:28:19 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLL' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST op regel 5.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definitie is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Gebruik sxstrace.exe voor gedetailleerde diagnose.
 
Error: (08/25/2016 11:33:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAARTJE-LAPTOP)
Description: Het activeren van de app Microsoft.WindowsMaps_8wekyb3d8bbwe!App is mislukt door de fout -2144927148. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie.
 
Error: (08/24/2016 06:26:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAARTJE-LAPTOP)
Description: Het activeren van de app Microsoft.Windows.Photos_8wekyb3d8bbwe!App is mislukt door de fout -2144927141. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie.
 
 
Systeemfouten:
=============
Error: (09/03/2016 05:38:22 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (09/03/2016 05:08:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De User Data Access_7dc75-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (09/03/2016 05:08:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De User Data Storage_7dc75-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (09/03/2016 05:08:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Contact Data_7dc75-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (09/03/2016 05:08:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Host synchroniseren_7dc75-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (09/03/2016 04:26:04 PM) (Source: DCOM) (EventID: 10016) (User: MAARTJE-LAPTOP)
Description: In de machtigingsinstellingen standaard voor deze computer wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 en APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 aan de gebruiker Maartje-Laptop\Maart SID (S-1-5-21-291301347-1870860508-2339252175-1006) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (09/03/2016 04:21:46 PM) (Source: DCOM) (EventID: 10010) (User: MAARTJE-LAPTOP)
Description: De server {F9717507-6651-4EDB-BFF7-AE615179BCCF} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
Error: (09/03/2016 04:21:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De User Data Access_584f2-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (09/03/2016 04:21:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De User Data Storage_584f2-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (09/03/2016 04:21:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Contact Data_584f2-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 10000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
 
CodeIntegrity:
===================================
  Date: 2016-09-03 16:08:51.936
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-25 12:53:43.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-25 11:35:19.379
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-15 11:26:37.068
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-06 18:25:45.148
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-04 18:44:31.881
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-27 18:44:38.317
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-27 18:42:53.754
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-26 20:57:14.951
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-26 20:37:51.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Geheugen info =========================== 
 
Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage geheugen in gebruik: 49%
Totaal fysiek RAM-geheugen: 3954.67 MB
Beschikbaar fysiek RAM-geheugen: 2005.73 MB
Totaal Virtueel geheugen: 5426.67 MB
Beschikbaar Virtual geheugen: 2950.18 MB
 
==================== Schijven ================================
 
Drive c: (WINDOWS) (Fixed) (Total:297.65 GB) (Free:194.84 GB) NTFS
Drive d: (Data) (Fixed) (Total:297.69 GB) (Free:180.41 GB) NTFS ==>[systeem met boot componenten (verkregen van schijf)]
 
==================== MBR & Partitietabel ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 43C43517)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=297.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=297.7 GB) - (Type=07 NTFS)
 
==================== Eind van Addition.txt ============================

Kind regards,
Axe0

#11 Jo*

Jo*

  • Malware Response Team
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:27 PM

Posted 03 September 2016 - 11:17 AM

Hello,

:step1: Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.


---


:step2: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.4.5.2467.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


:step3: Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt




Start
CloseProcesses:
Task: {1FE8A0F4-377F-4688-A78A-38995F679470} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Geen bestand <==== AANDACHT
Task: {203A3C8A-407E-46BE-912B-B277E8CC0246} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Geen bestand <==== AANDACHT
Task: {388F8676-6004-4057-A173-089B437AA1C3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Geen bestand <==== AANDACHT
Task: {47A44448-573F-4BFE-9047-D0581E199A8F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Geen bestand <==== AANDACHT
Task: {47F35EA0-5DD7-4E38-B101-F404950AE3EF} - \CCleanerSkipUAC -> Geen bestand <==== AANDACHT
Task: {95D6E3ED-F708-4DCC-A959-10BDDBCA03F3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Geen bestand <==== AANDACHT
Task: {A623B565-2AD9-4A0E-BCE9-6A7656E5B3C9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Geen bestand <==== AANDACHT
Task: {AE1B97D0-4CE5-42A3-A70E-036E48ACDDD7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Geen bestand <==== AANDACHT
Task: {B3F7B560-7706-47E3-BAC4-13526684CD1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Geen bestand <==== AANDACHT
Task: {B972614E-6483-4EEE-A22A-200740157BAB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Geen bestand <==== AANDACHT
Task: {BAF4D407-CD0A-4B19-9ABE-9A5B06A7EAF0} - \Microsoft\Windows\Setup\gwx\rundetector -> Geen bestand <==== AANDACHT
Task: {BAF4D407-CD0A-4B19-9ABE-9A5B06A7EAF0} - \Microsoft\Windows\Setup\gwx\rundetector -> Geen bestand <==== AANDACHT
Task: {C5221870-5234-488B-83E9-2587440F8373} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Geen bestand <==== AANDACHT
Task: {C8870B23-F91A-4343-ACB9-DA8FA35DE2EE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Geen bestand <==== AANDACHT
Task: {D695586F-774E-4A08-8695-D23CA7FAFEAA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Geen bestand <==== AANDACHT
Task: {E34EA744-3A01-419F-AC59-5FEFBC0E3603} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Geen bestand <==== AANDACHT
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 axe0

axe0
  • Topic Starter

  • Malware Study Hall Junior
  • 189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:11:27 PM

Posted 06 September 2016 - 11:30 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3-9-2016
Scan Time: 18:35
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.09.03.05
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Maart
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320844
Time Elapsed: 1 hr, 14 min, 5 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.Managera, C:\Users\Maart\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [279a5518f2a84beb956c9a2814eed12f], 
PUP.Optional.ExTutil, C:\Users\Maart\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [922fd5981585d16566b12d95c042ca36], 
 
Files: 6
PUP.Optional.Conduit, C:\Users\Maart\AppData\Local\Temp\offer-43926537-3444-4FB9-9CD5-3140071A5A41.exe, Quarantined, [f1d08de03f5bb6800050983fac548080], 
PUP.Optional.Managera, C:\Users\Maart\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [279a5518f2a84beb956c9a2814eed12f], 
PUP.Optional.Managera, C:\Users\Maart\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [279a5518f2a84beb956c9a2814eed12f], 
PUP.Optional.ExTutil, C:\Users\Maart\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [922fd5981585d16566b12d95c042ca36], 
PUP.Optional.ExTutil, C:\Users\Maart\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [922fd5981585d16566b12d95c042ca36], 
PUP.Optional.ExTutil, C:\Users\Maart\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [922fd5981585d16566b12d95c042ca36], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 31-08-2016
Gestart door Maart (03-09-2016 20:15:57) Run:1
Gestart vanaf C:\Users\Maart\Desktop
Geladen Profielen: Maart (Beschikbare Profielen: Maart)
Boot Modus: Normal
==============================================
 
fixlist inhoud:
*****************
Start
CloseProcesses:
Task: {1FE8A0F4-377F-4688-A78A-38995F679470} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Geen bestand <==== AANDACHT
Task: {203A3C8A-407E-46BE-912B-B277E8CC0246} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Geen bestand <==== AANDACHT
Task: {388F8676-6004-4057-A173-089B437AA1C3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Geen bestand <==== AANDACHT
Task: {47A44448-573F-4BFE-9047-D0581E199A8F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Geen bestand <==== AANDACHT
Task: {47F35EA0-5DD7-4E38-B101-F404950AE3EF} - \CCleanerSkipUAC -> Geen bestand <==== AANDACHT
Task: {95D6E3ED-F708-4DCC-A959-10BDDBCA03F3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Geen bestand <==== AANDACHT
Task: {A623B565-2AD9-4A0E-BCE9-6A7656E5B3C9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Geen bestand <==== AANDACHT
Task: {AE1B97D0-4CE5-42A3-A70E-036E48ACDDD7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Geen bestand <==== AANDACHT
Task: {B3F7B560-7706-47E3-BAC4-13526684CD1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Geen bestand <==== AANDACHT
Task: {B972614E-6483-4EEE-A22A-200740157BAB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Geen bestand <==== AANDACHT
Task: {BAF4D407-CD0A-4B19-9ABE-9A5B06A7EAF0} - \Microsoft\Windows\Setup\gwx\rundetector -> Geen bestand <==== AANDACHT
Task: {BAF4D407-CD0A-4B19-9ABE-9A5B06A7EAF0} - \Microsoft\Windows\Setup\gwx\rundetector -> Geen bestand <==== AANDACHT
Task: {C5221870-5234-488B-83E9-2587440F8373} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Geen bestand <==== AANDACHT
Task: {C8870B23-F91A-4343-ACB9-DA8FA35DE2EE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Geen bestand <==== AANDACHT
Task: {D695586F-774E-4A08-8695-D23CA7FAFEAA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Geen bestand <==== AANDACHT
Task: {E34EA744-3A01-419F-AC59-5FEFBC0E3603} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Geen bestand <==== AANDACHT
EmptyTemp:
End
*****************
 
Proces succesvol afgesloten.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FE8A0F4-377F-4688-A78A-38995F679470}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FE8A0F4-377F-4688-A78A-38995F679470}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{203A3C8A-407E-46BE-912B-B277E8CC0246}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{203A3C8A-407E-46BE-912B-B277E8CC0246}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{388F8676-6004-4057-A173-089B437AA1C3}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{388F8676-6004-4057-A173-089B437AA1C3}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47A44448-573F-4BFE-9047-D0581E199A8F}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47A44448-573F-4BFE-9047-D0581E199A8F}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47F35EA0-5DD7-4E38-B101-F404950AE3EF}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47F35EA0-5DD7-4E38-B101-F404950AE3EF}" => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => sleutel niet gevonden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95D6E3ED-F708-4DCC-A959-10BDDBCA03F3}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95D6E3ED-F708-4DCC-A959-10BDDBCA03F3}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A623B565-2AD9-4A0E-BCE9-6A7656E5B3C9}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A623B565-2AD9-4A0E-BCE9-6A7656E5B3C9}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE1B97D0-4CE5-42A3-A70E-036E48ACDDD7}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE1B97D0-4CE5-42A3-A70E-036E48ACDDD7}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3F7B560-7706-47E3-BAC4-13526684CD1C}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3F7B560-7706-47E3-BAC4-13526684CD1C}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B972614E-6483-4EEE-A22A-200740157BAB}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B972614E-6483-4EEE-A22A-200740157BAB}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAF4D407-CD0A-4B19-9ABE-9A5B06A7EAF0}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAF4D407-CD0A-4B19-9ABE-9A5B06A7EAF0}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAF4D407-CD0A-4B19-9ABE-9A5B06A7EAF0} => sleutel niet gevonden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => sleutel niet gevonden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5221870-5234-488B-83E9-2587440F8373}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5221870-5234-488B-83E9-2587440F8373}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8870B23-F91A-4343-ACB9-DA8FA35DE2EE}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8870B23-F91A-4343-ACB9-DA8FA35DE2EE}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D695586F-774E-4A08-8695-D23CA7FAFEAA}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D695586F-774E-4A08-8695-D23CA7FAFEAA}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E34EA744-3A01-419F-AC59-5FEFBC0E3603}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E34EA744-3A01-419F-AC59-5FEFBC0E3603}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => sleutel is succesvol verwijderd.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 116836419 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 40639283 B
Edge => 0 B
Chrome => 55812394 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 177608 B
Maart => 392462479 B
 
RecycleBin => 1107165365 B
EmptyTemp: => 1.6 GB tijdelijke gegevens verwijderd.
 
================================
 
 
Het systeem moest herstart worden.
 
==== Eind van Fixlog 20:16:41 ====
 
 
Attached File  MBAM 3-9-2016 scan-removal.txt   2.17KB   0 downloads

 


Kind regards,
Axe0

#13 Jo*

Jo*

  • Malware Response Team
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:27 PM

Posted 06 September 2016 - 12:33 PM

:step1: ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.
 

***


:step2: How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 axe0

axe0
  • Topic Starter

  • Malware Study Hall Junior
  • 189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:11:27 PM

Posted 09 September 2016 - 02:04 PM

So far I know the computer has always been running fine.
 
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir Win32/Toolbar.Conduit.S potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\deltaApp.dll.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\deltaEng.dll.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\deltasrv.exe.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll.vir a variant of Win32/Toolbar.Babylon.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\escortShld.dll.vir Win32/Toolbar.Montiera.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\uninstall.exe.vir Win32/Toolbar.Montiera.B potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll.vir a variant of Win32/Toolbar.Escort.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\MgAssist.exe.vir a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64auxstb.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe.vir Win32/Toolbar.MyWebSearch.X potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64dlghk.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64feedmg.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64highin.exe.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64hkstub.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64httpct.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64idle.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64ieovr.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64impipe.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64medint.exe.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64mlbtn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64msg.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64regiet.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64script.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64skin.dll.vir a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64sknlcr.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64skplay.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrchMn.exe.vir a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64tpinst.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64uabtn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8EXTEX.DLL.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8EXTPEX.DLL.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Vid-Saver\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.E potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Vid-Saver\Vid-Saver.exe.vir a variant of Win32/Toolbar.CrossRider.E potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Vid-Saver\Vid-SaverGui.exe.vir a variant of Win32/Toolbar.CrossRider.F potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Maartje\AppData\Local\genienext\nengine.dll.vir Win32/NextLive.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Maartje\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx.vir JS/Toolbar.Crossrider.H potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Users\Maartje\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVDV.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Maartje\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Maartje\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Maartje\AppData\LocalLow\Vuze_Remote\hk64tbVuz0.dll.vir Win64/Toolbar.Conduit.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Maartje\AppData\LocalLow\Vuze_Remote\hk64tbVuz2.dll.vir Win64/Toolbar.Conduit.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Maartje\AppData\LocalLow\Vuze_Remote\hktbVuz0.dll.vir Win32/Toolbar.Conduit.W potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Maartje\AppData\LocalLow\Vuze_Remote\hktbVuz2.dll.vir Win32/Toolbar.Conduit.W potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Maartje\AppData\LocalLow\Vuze_Remote\ldrtbVuz0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Maartje\AppData\LocalLow\Vuze_Remote\ldrtbVuz2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Maartje\AppData\LocalLow\Vuze_Remote\ldrtbVuze.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Maartje\AppData\LocalLow\Vuze_Remote\tbVuz0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Maartje\AppData\LocalLow\Vuze_Remote\tbVuz1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Maartje\AppData\LocalLow\Vuze_Remote\tbVuz2.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Maartje\AppData\LocalLow\Vuze_Remote\tbVuze.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Maartje\AppData\LocalLow\Vuze_Remote\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Maartje\AppData\Roaming\newnext.me\nengine.dll.vir Win32/NextLive.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\files\atpbboddwsxghoyvyptmoptmwrbudbgr\{76B0EC2C-CB14-422D-AD07-BDAEC0D1BEEB}\setup.msi a variant of Win32/Adware.ErrorRepair.A application deleted
C:\AdwCleaner\Quarantine\files\atpbboddwsxghoyvyptmoptmwrbudbgr\{EFCCCA5E-6F4B-4B7B-903F-24D752DFDC64}\setup.msi a variant of Win32/Adware.ErrorRepair.A application deleted
C:\Users\Maart\Downloads\FreeYouTubeToMP3Converter_4.1.26.721_o.exe a variant of Win32/FusionCore.I potentially unwanted application cleaned by deleting

Kind regards,
Axe0

#15 Jo*

Jo*

  • Malware Response Team
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:27 PM

Posted 09 September 2016 - 02:52 PM

***


It Appears That Your Pc Is Now Clean!


***


Clean up:


***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.


***


Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Browse more secure :step2: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
:step3: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
:step4: Use only one anti-virus software and keep it up-to-date.

:step5: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step6: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step7: Use Strong passwords!

:step8: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users