Hello i have a problem with the above malware infection can someone help me to remove this it has something to do with winsap
It is the same as this one:
Thanks in advance
Greets Bjornorico
Edited by bjornorico, 21 April 2017 - 10:46 AM.
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
Firefoxupdate.exe
Started by
bjornorico
, Apr 21 2017 10:36 AM
-
This topic is locked
11 replies to this topic
#1
bjornorico
-
- Members
- 7 posts
- OFFLINE
- Local time:11:18 AM
Back to top
#2
nasdaq
-
- Malware Response Team
- 39,888 posts
- OFFLINE
- Gender:Male
- Location:Montreal, QC. Canada
- Local time:05:18 AM
Posted 22 April 2017 - 08:39 AM
Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
Please download Malwarebytes Anti-Malware from here
Note: If asked to restart the computer, please do so immediately.
===
Please download AdwCleaner by Xplode onto your Desktop.
Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===
Please post the logs.
Let me know what problems persists.
==============================
I'm nasdaq and will be helping you.
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
Please download Malwarebytes Anti-Malware from here
- Right-click on the MBAM icon and select Run as administrator to run the tool.
- Click Yes to accept any security warnings that may appear.
- Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
- On the left menu pane click the Settings tab, and then select the Protection tab on the top.
- Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
- Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
- Note: The scan may take some time to finish, so please be patient.
- If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
- While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
- The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Note: If asked to restart the computer, please do so immediately.
===
Please download AdwCleaner by Xplode onto your Desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click the Scan button and wait for the process to complete.
- Click the LogFile button and the report will open in Notepad.
- If you click the Clean button all items listed in the report will be removed.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click the Scan button and wait for the process to complete.
- Check off the element(s) you wish to keep.
- Click on the Clean button follow the prompts.
- A log file will automatically open after the scan has finished.
- Please post the content of that log file with your next answer.
- You can find the log file at C:\AdwCleanerCx.txt (x is a number).
Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===
Please post the logs.
Let me know what problems persists.
==============================
#3
bjornorico
- Topic Starter
-
- Members
- 7 posts
- OFFLINE
- Local time:11:18 AM
Posted 22 April 2017 - 11:32 AM
Hello thanks for the help here is the log for malwarebytes
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 22.apr.2017
Scan Time: 18:04
Logfile: Scan log Mailwarebytes.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2017.04.22.05
Rootkit Database: v2017.04.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 10
CPU: x64
File System: NTFS
User: Bjorn
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 468748
Time Elapsed: 11 min, 40 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 1
Adware.Elex, C:\Users\Bjorn\AppData\Local\3DM\Kitty.dll, , [44d9aa4a32767eb8c35a54afe61a29d7],
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 2
Adware.Elex, C:\Program Files (x86)\MIO\loader, , [140920d4e1c73006cc1a1878976a0000],
Adware.Elex, C:\Program Files (x86)\MIO, , [140920d4e1c73006cc1a1878976a0000],
Files: 6
Adware.Elex, C:\Users\Bjorn\AppData\Local\3DM\Kitty.dll, , [44d9aa4a32767eb8c35a54afe61a29d7],
Adware.Elex, C:\Users\Bjorn\AppData\Local\Temp\~bk179A.tmp, , [db426292acfc46f03d5c7b1d49b7748c],
CheatTool.CETTrainer, C:\Users\Bjorn\Desktop\BF1 MAP\Battlefield 1 V8083 Trainer +10 MrAntiFun.EXE, , [130aa64eebbd2d09a97a3a70af52c739],
CheatTool.CETTrainer, C:\Users\Bjorn\Desktop\Games\Mortal Kombat X V1.01 Trainer +9.EXE, , [78a528cc08a07abcdd46d2d8699823dd],
Adware.Elex, C:\Program Files (x86)\MIO\loader\SAMSUNGXSSDX850XEVOX120GB_S21UNSAG306633H.DAT, , [140920d4e1c73006cc1a1878976a0000],
Adware.Elex, C:\Program Files (x86)\MIO\MIO.exe, , [140920d4e1c73006cc1a1878976a0000],
Physical Sectors: 0
(No malicious items detected)
(end)
#4
bjornorico
- Topic Starter
-
- Members
- 7 posts
- OFFLINE
- Local time:11:18 AM
Posted 22 April 2017 - 11:43 AM
Here is the Adwcleaner logfile
# AdwCleaner v6.045 - Logbestand aangemaakt 22/04/2017 op 18:35:53
# Bijgewerkt op 28/03/2017 door Malwarebytes
# Database : 2017-04-22.1 [Server]
# Besturingssysteem : Windows 10 Pro (X64)
# Gebruikersnaam : Bjorn - BJORNPC
# Gestart vanuit : E:\Downloads\adwcleaner_6.045.exe
# Mode: Verwijderen
# Ondersteuning : https://www.malwarebytes.com/support
***** [ Services ] *****
***** [ Mappen ] *****
***** [ Bestanden ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Snelkoppelingen ] *****
***** [ Geplande Taken ] *****
***** [ Register ] *****
***** [ Browsers ] *****
[-] [C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default] [favicon_url] Verwijderd: hxxp://www.startpageing123.com/searchfavicon.ico
*************************
:: "Tracing" sleutels verwijderd
:: Winsock instellingen gereset
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [4425 bytes] - [19/04/2017 16:44:01]
C:\AdwCleaner\AdwCleaner[C2].txt - [2417 bytes] - [21/04/2017 17:40:49]
C:\AdwCleaner\AdwCleaner[C3].txt - [1074 bytes] - [22/04/2017 18:35:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [4114 bytes] - [19/04/2017 16:41:55]
C:\AdwCleaner\AdwCleaner[S1].txt - [2353 bytes] - [21/04/2017 17:32:31]
C:\AdwCleaner\AdwCleaner[S2].txt - [2344 bytes] - [21/04/2017 17:39:09]
C:\AdwCleaner\AdwCleaner[S3].txt - [1740 bytes] - [22/04/2017 18:34:45]
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1439 bytes] ##########
#5
bjornorico
- Topic Starter
-
- Members
- 7 posts
- OFFLINE
- Local time:11:18 AM
Posted 22 April 2017 - 11:48 AM
Here is the last one
Again thanks for the help
Attached Files
-
Addition.txt 90.75KB
1 downloads
-
FRST.txt 176.02KB
1 downloads
#6
nasdaq
-
- Malware Response Team
- 39,888 posts
- OFFLINE
- Gender:Male
- Location:Montreal, QC. Canada
- Local time:05:18 AM
Posted 22 April 2017 - 12:52 PM
Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
Remove this program in bold via the Control Panel > Programs > Programs and Features.
WinSnare (HKLM-x32\...\{6C097E4F-C70E-4EDF-A10F-E147DEE8C26A}) (Version: 4.2.5 - WinSnare) <==== AANDACHT
===
If not already done please run the Malwarebytes and the AdwCleaner programs and remove everything that will be reported.
===
Press the windows key
+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
The location is listed in the 3rd line of the Farbar log you have submitted.
Run FRST and click Fix only once and wait.
The tool will create a log (Fixlog.txt) please post it to your reply.
===
Please post the Fixldog.txt and let me know what problem persists.
I'm nasdaq and will be helping you.
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
Remove this program in bold via the Control Panel > Programs > Programs and Features.
WinSnare (HKLM-x32\...\{6C097E4F-C70E-4EDF-A10F-E147DEE8C26A}) (Version: 4.2.5 - WinSnare) <==== AANDACHT
===
If not already done please run the Malwarebytes and the AdwCleaner programs and remove everything that will be reported.
===
Press the windows key
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKU\S-1-5-21-3700930283-3343190170-522327778-1001\...\MountPoints2: {58664059-84ec-11e5-8261-902b34d9fc69} - "D:\setup.exe"
HKU\S-1-5-18\...\Run: [] => [X]
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - Geen bestand
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Bjorn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll -> Geen bestand
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Bjorn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll -> Geen bestand
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Bjorn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll -> Geen bestand
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Bjorn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll -> Geen bestand
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Bjorn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll -> Geen bestand
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Bjorn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll -> Geen bestand
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Bjorn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll -> Geen bestand
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Bjorn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll -> Geen bestand
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Bjorn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll -> Geen bestand
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuatoCalibrationLoader.lnk [2017-04-19]
ShortcutTarget: QuatoCalibrationLoader.lnk -> C:\Program Files (x86)\Quato\iColorDisplay\QuatoCalibrationLoader.exe (Geen bestand)
GroupPolicy: Restrictie <======= AANDACHT
GroupPolicyScripts: Restrictie <======= AANDACHT
GroupPolicyScripts-x32: Restrictie <======= AANDACHT
FF Plugin HKU\S-1-5-21-3700930283-3343190170-522327778-1001: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [Geen bestand]
CHR NewTab: Default -> Active:"chrome-extension://icpgjfneehieebagbmdbhnlpiopdcmna/main.html"
CHR Extension: (New Tab Redirect) - C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2017-04-20]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-04]
S2 3DM; C:\Users\Bjorn\AppData\Local\3DM\Kitty.dll [X]
Task: {0FB2D3A6-D7BC-4EF2-B5AF-78B191E9094C} - \RTSS -> Geen bestand <==== AANDACHT
Task: {177154B6-6E7B-4F5A-9005-E9288B8B7B96} - \NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> Geen bestand <==== AANDACHT
Task: {1977B3AE-9BB6-43E3-BC4D-0E83FF90F601} - \NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> Geen bestand <==== AANDACHT
Task: {1E4EC3A3-A574-4C9B-85D2-5EA36901CF4B} - \GoogleUpdateTaskMachineCore -> Geen bestand <==== AANDACHT
Task: {25C38CAB-6781-4162-BF27-72528CD05AB7} - \ScpUpdater -> Geen bestand <==== AANDACHT
Task: {2F2B39B3-EDBF-417B-8ECB-C50D93C1B38E} - \Girawardclefoly -> Geen bestand <==== AANDACHT
Task: {37E90BAC-0679-42F2-8807-493E65F8C2E7} - \CreateChoiceProcessTask -> Geen bestand <==== AANDACHT
Task: {3949F00F-DD59-4924-92D2-FA58F1982A55} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Geen bestand <==== AANDACHT
Task: {423CE8EB-49D1-40A2-AD40-29BACC796F8B} - \WinSysCleanUAC -> Geen bestand <==== AANDACHT
Task: {44ED5237-FB48-42EE-ABD1-9794274DF0C6} - \SnailDriverSkipUSC -> Geen bestand <==== AANDACHT
Task: {503AE211-A5F3-401D-952D-3E5C2E6AFE31} - \Optimize Start Menu Cache Files-S-1-5-21-3700930283-3343190170-522327778-500 -> Geen bestand <==== AANDACHT
Task: {5FBE670B-A92C-4382-9B4D-326F3B8D269E} - \EVGAPrecisionX -> Geen bestand <==== AANDACHT
Task: {6D273EAC-5AEF-47F7-91F6-E31D70BE0198} - \NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> Geen bestand <==== AANDACHT
Task: {75C1A8CC-F2E3-4FEA-84FB-768DA192BC32} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Geen bestand <==== AANDACHT
Task: {7F8F57FF-D30B-433D-BFD5-A661A80B10A5} - \Optimize Start Menu Cache Files-S-1-5-21-3700930283-3343190170-522327778-1001 -> Geen bestand <==== AANDACHT
Task: {8DA308FC-A845-4A5A-B7A7-C9CBB6EAA744} - \NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> Geen bestand <==== AANDACHT
Task: {9492DB62-02B8-46D2-8651-7FE8CC56AB84} - \NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> Geen bestand <==== AANDACHT
Task: {96E211B9-42A8-44B0-9750-64D0010DB782} - \GoogleUpdateTaskMachineUA -> Geen bestand <==== AANDACHT
Task: {988CD99D-CF89-47AA-8A32-58F10385ABD2} - \{EA2B12A8-A205-41C0-861A-165BBDF97861} -> Geen bestand <==== AANDACHT
Task: {A418385A-2599-4767-A647-F82DB6CDAF14} - \SamsungMagician -> Geen bestand <==== AANDACHT
Task: {AA7328BB-5ECF-460E-88AE-23FD4224ACC6} - \NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> Geen bestand <==== AANDACHT
Task: {C0ECE004-4D1C-40EB-8482-104F8C6E5629} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Geen bestand <==== AANDACHT
Task: {CFD5AED6-2263-4726-BDA6-66A3F034C907} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Geen bestand <==== AANDACHT
Task: {E26099FF-BE6D-4EB1-9977-596E79804B6A} - \NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> Geen bestand <==== AANDACHT
Task: {F29F3096-6A3E-4D64-B537-3F9A48B46CD5} - \MSISW_Host -> Geen bestand <==== AANDACHT
Task: {F6073987-5F63-4D7A-9DC8-9BE75C1456B1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Geen bestand <==== AANDACHT
Task: {FDD74F29-0418-43B7-8B06-87B819121509} - \SnailDriverSkipUAC -> Geen bestand <==== AANDACHT
AlternateDataStreams: C:\ProgramData\Spotnet:spn.k [428]
AlternateDataStreams: C:\ProgramData\TEMP:A4F602C6 [121]
HKU\S-1-5-21-3700930283-3343190170-522327778-1001\Software\Classes\regfile: regedit.exe "%1" <===== AANDACHT
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuatoCalibrationLoader.lnk
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.The location is listed in the 3rd line of the Farbar log you have submitted.
Run FRST and click Fix only once and wait.
The tool will create a log (Fixlog.txt) please post it to your reply.
===
Please post the Fixldog.txt and let me know what problem persists.
#7
bjornorico
- Topic Starter
-
- Members
- 7 posts
- OFFLINE
- Local time:11:18 AM
Posted 22 April 2017 - 02:49 PM
Here is the log
Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 22-04-2017 01
Gestart door Bjorn (22-04-2017 21:42:50) Run:1
Gestart vanaf C:\Users\Bjorn\Desktop\Antimalware map
Geladen Profielen: Bjorn (Beschikbare Profielen: Bjorn)
Boot Modus: Normal
==============================================
fixlist inhoud:
*****************
start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKU\S-1-5-21-3700930283-3343190170-522327778-1001\...\MountPoints2: {58664059-84ec-11e5-8261-902b34d9fc69} - "D:\setup.exe"
HKU\S-1-5-18\...\Run: [] => [X]
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - Geen bestand
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Bjorn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll -> Geen bestand
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Bjorn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll -> Geen bestand
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Bjorn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll -> Geen bestand
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Bjorn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll -> Geen bestand
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Bjorn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll -> Geen bestand
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Geen bestand
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Bjorn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll -> Geen bestand
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Bjorn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll -> Geen bestand
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Bjorn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll -> Geen bestand
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Bjorn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll -> Geen bestand
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuatoCalibrationLoader.lnk [2017-04-19]
ShortcutTarget: QuatoCalibrationLoader.lnk -> C:\Program Files (x86)\Quato\iColorDisplay\QuatoCalibrationLoader.exe (Geen bestand)
GroupPolicy: Restrictie <======= AANDACHT
GroupPolicyScripts: Restrictie <======= AANDACHT
GroupPolicyScripts-x32: Restrictie <======= AANDACHT
FF Plugin HKU\S-1-5-21-3700930283-3343190170-522327778-1001: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [Geen bestand]
CHR NewTab: Default -> Active:"chrome-extension://icpgjfneehieebagbmdbhnlpiopdcmna/main.html"
CHR Extension: (New Tab Redirect) - C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2017-04-20]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-04]
S2 3DM; C:\Users\Bjorn\AppData\Local\3DM\Kitty.dll [X]
Task: {0FB2D3A6-D7BC-4EF2-B5AF-78B191E9094C} - \RTSS -> Geen bestand <==== AANDACHT
Task: {177154B6-6E7B-4F5A-9005-E9288B8B7B96} - \NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> Geen bestand <==== AANDACHT
Task: {1977B3AE-9BB6-43E3-BC4D-0E83FF90F601} - \NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> Geen bestand <==== AANDACHT
Task: {1E4EC3A3-A574-4C9B-85D2-5EA36901CF4B} - \GoogleUpdateTaskMachineCore -> Geen bestand <==== AANDACHT
Task: {25C38CAB-6781-4162-BF27-72528CD05AB7} - \ScpUpdater -> Geen bestand <==== AANDACHT
Task: {2F2B39B3-EDBF-417B-8ECB-C50D93C1B38E} - \Girawardclefoly -> Geen bestand <==== AANDACHT
Task: {37E90BAC-0679-42F2-8807-493E65F8C2E7} - \CreateChoiceProcessTask -> Geen bestand <==== AANDACHT
Task: {3949F00F-DD59-4924-92D2-FA58F1982A55} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Geen bestand <==== AANDACHT
Task: {423CE8EB-49D1-40A2-AD40-29BACC796F8B} - \WinSysCleanUAC -> Geen bestand <==== AANDACHT
Task: {44ED5237-FB48-42EE-ABD1-9794274DF0C6} - \SnailDriverSkipUSC -> Geen bestand <==== AANDACHT
Task: {503AE211-A5F3-401D-952D-3E5C2E6AFE31} - \Optimize Start Menu Cache Files-S-1-5-21-3700930283-3343190170-522327778-500 -> Geen bestand <==== AANDACHT
Task: {5FBE670B-A92C-4382-9B4D-326F3B8D269E} - \EVGAPrecisionX -> Geen bestand <==== AANDACHT
Task: {6D273EAC-5AEF-47F7-91F6-E31D70BE0198} - \NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> Geen bestand <==== AANDACHT
Task: {75C1A8CC-F2E3-4FEA-84FB-768DA192BC32} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Geen bestand <==== AANDACHT
Task: {7F8F57FF-D30B-433D-BFD5-A661A80B10A5} - \Optimize Start Menu Cache Files-S-1-5-21-3700930283-3343190170-522327778-1001 -> Geen bestand <==== AANDACHT
Task: {8DA308FC-A845-4A5A-B7A7-C9CBB6EAA744} - \NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> Geen bestand <==== AANDACHT
Task: {9492DB62-02B8-46D2-8651-7FE8CC56AB84} - \NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> Geen bestand <==== AANDACHT
Task: {96E211B9-42A8-44B0-9750-64D0010DB782} - \GoogleUpdateTaskMachineUA -> Geen bestand <==== AANDACHT
Task: {988CD99D-CF89-47AA-8A32-58F10385ABD2} - \{EA2B12A8-A205-41C0-861A-165BBDF97861} -> Geen bestand <==== AANDACHT
Task: {A418385A-2599-4767-A647-F82DB6CDAF14} - \SamsungMagician -> Geen bestand <==== AANDACHT
Task: {AA7328BB-5ECF-460E-88AE-23FD4224ACC6} - \NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> Geen bestand <==== AANDACHT
Task: {C0ECE004-4D1C-40EB-8482-104F8C6E5629} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Geen bestand <==== AANDACHT
Task: {CFD5AED6-2263-4726-BDA6-66A3F034C907} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Geen bestand <==== AANDACHT
Task: {E26099FF-BE6D-4EB1-9977-596E79804B6A} - \NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> Geen bestand <==== AANDACHT
Task: {F29F3096-6A3E-4D64-B537-3F9A48B46CD5} - \MSISW_Host -> Geen bestand <==== AANDACHT
Task: {F6073987-5F63-4D7A-9DC8-9BE75C1456B1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Geen bestand <==== AANDACHT
Task: {FDD74F29-0418-43B7-8B06-87B819121509} - \SnailDriverSkipUAC -> Geen bestand <==== AANDACHT
AlternateDataStreams: C:\ProgramData\Spotnet:spn.k [428]
AlternateDataStreams: C:\ProgramData\TEMP:A4F602C6 [121]
HKU\S-1-5-21-3700930283-3343190170-522327778-1001\Software\Classes\regfile: regedit.exe "%1" <===== AANDACHT
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuatoCalibrationLoader.lnk
End
*****************
Herstelpunt is succesvol gemaakt.
Proces succesvol afgesloten.
HKU\S-1-5-21-3700930283-3343190170-522327778-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58664059-84ec-11e5-8261-902b34d9fc69} => sleutel is succesvol verwijderd.
HKCR\CLSID\{58664059-84ec-11e5-8261-902b34d9fc69} => sleutel niet gevonden.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => waarde is succesvol verwijderd.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\IconPackager Repair => waarde is succesvol verwijderd.
HKLM\Software\Wow6432Node\Classes\CLSID\{1799460C-0BC8-4865-B9DF-4A36CD703FF0} => sleutel niet gevonden.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => sleutel is succesvol verwijderd.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => sleutel niet gevonden.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => sleutel is succesvol verwijderd.
HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => sleutel niet gevonden.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => sleutel is succesvol verwijderd.
HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => sleutel niet gevonden.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => sleutel is succesvol verwijderd.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => sleutel niet gevonden.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => sleutel is succesvol verwijderd.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => sleutel niet gevonden.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => sleutel is succesvol verwijderd.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => sleutel niet gevonden.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => sleutel is succesvol verwijderd.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => sleutel niet gevonden.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => sleutel is succesvol verwijderd.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => sleutel niet gevonden.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => sleutel is succesvol verwijderd.
HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => sleutel niet gevonden.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => sleutel is succesvol verwijderd.
HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => sleutel niet gevonden.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => sleutel is succesvol verwijderd.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => sleutel niet gevonden.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuatoCalibrationLoader.lnk => is succesvol verplaatst.
C:\Program Files (x86)\Quato\iColorDisplay\QuatoCalibrationLoader.exe => niet gevonden.
C:\WINDOWS\system32\GroupPolicy\Machine => is succesvol verplaatst.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => is succesvol verplaatst.
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => is succesvol verplaatst.
"C:\WINDOWS\system32\GroupPolicy\Machine" => niet gevonden.
C:\WINDOWS\SysWOW64\GroupPolicy\Machine => is succesvol verplaatst.
HKU\S-1-5-21-3700930283-3343190170-522327778-1001\Software\MozillaPlugins\torrents-time.com/TTPlugin => sleutel is succesvol verwijderd.
C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll => niet gevonden.
Chrome NewTab => is succesvol verwijderd.
C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna => is succesvol verplaatst.
C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => is succesvol verplaatst.
C:\Users\Bjorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => is succesvol verplaatst.
HKLM\System\CurrentControlSet\Services\3DM => sleutel is succesvol verwijderd.
3DM => dienst is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0FB2D3A6-D7BC-4EF2-B5AF-78B191E9094C} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FB2D3A6-D7BC-4EF2-B5AF-78B191E9094C} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RTSS => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{177154B6-6E7B-4F5A-9005-E9288B8B7B96} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{177154B6-6E7B-4F5A-9005-E9288B8B7B96} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1977B3AE-9BB6-43E3-BC4D-0E83FF90F601} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1977B3AE-9BB6-43E3-BC4D-0E83FF90F601} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1E4EC3A3-A574-4C9B-85D2-5EA36901CF4B} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E4EC3A3-A574-4C9B-85D2-5EA36901CF4B} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25C38CAB-6781-4162-BF27-72528CD05AB7} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25C38CAB-6781-4162-BF27-72528CD05AB7} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ScpUpdater => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F2B39B3-EDBF-417B-8ECB-C50D93C1B38E} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F2B39B3-EDBF-417B-8ECB-C50D93C1B38E} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Girawardclefoly => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37E90BAC-0679-42F2-8807-493E65F8C2E7} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37E90BAC-0679-42F2-8807-493E65F8C2E7} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateChoiceProcessTask => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3949F00F-DD59-4924-92D2-FA58F1982A55} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3949F00F-DD59-4924-92D2-FA58F1982A55} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{423CE8EB-49D1-40A2-AD40-29BACC796F8B} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{423CE8EB-49D1-40A2-AD40-29BACC796F8B} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinSysCleanUAC => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44ED5237-FB48-42EE-ABD1-9794274DF0C6} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44ED5237-FB48-42EE-ABD1-9794274DF0C6} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SnailDriverSkipUSC => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{503AE211-A5F3-401D-952D-3E5C2E6AFE31} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{503AE211-A5F3-401D-952D-3E5C2E6AFE31} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-3700930283-3343190170-522327778-500 => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5FBE670B-A92C-4382-9B4D-326F3B8D269E} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FBE670B-A92C-4382-9B4D-326F3B8D269E} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EVGAPrecisionX => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6D273EAC-5AEF-47F7-91F6-E31D70BE0198} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D273EAC-5AEF-47F7-91F6-E31D70BE0198} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{75C1A8CC-F2E3-4FEA-84FB-768DA192BC32} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75C1A8CC-F2E3-4FEA-84FB-768DA192BC32} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F8F57FF-D30B-433D-BFD5-A661A80B10A5} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F8F57FF-D30B-433D-BFD5-A661A80B10A5} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-3700930283-3343190170-522327778-1001 => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DA308FC-A845-4A5A-B7A7-C9CBB6EAA744} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DA308FC-A845-4A5A-B7A7-C9CBB6EAA744} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9492DB62-02B8-46D2-8651-7FE8CC56AB84} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9492DB62-02B8-46D2-8651-7FE8CC56AB84} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96E211B9-42A8-44B0-9750-64D0010DB782} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96E211B9-42A8-44B0-9750-64D0010DB782} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{988CD99D-CF89-47AA-8A32-58F10385ABD2} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{988CD99D-CF89-47AA-8A32-58F10385ABD2} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EA2B12A8-A205-41C0-861A-165BBDF97861} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A418385A-2599-4767-A647-F82DB6CDAF14} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A418385A-2599-4767-A647-F82DB6CDAF14} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SamsungMagician => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA7328BB-5ECF-460E-88AE-23FD4224ACC6} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA7328BB-5ECF-460E-88AE-23FD4224ACC6} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0ECE004-4D1C-40EB-8482-104F8C6E5629} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0ECE004-4D1C-40EB-8482-104F8C6E5629} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD5AED6-2263-4726-BDA6-66A3F034C907} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD5AED6-2263-4726-BDA6-66A3F034C907} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E26099FF-BE6D-4EB1-9977-596E79804B6A} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E26099FF-BE6D-4EB1-9977-596E79804B6A} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F29F3096-6A3E-4D64-B537-3F9A48B46CD5} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F29F3096-6A3E-4D64-B537-3F9A48B46CD5} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MSISW_Host => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6073987-5F63-4D7A-9DC8-9BE75C1456B1} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6073987-5F63-4D7A-9DC8-9BE75C1456B1} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDD74F29-0418-43B7-8B06-87B819121509} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDD74F29-0418-43B7-8B06-87B819121509} => sleutel is succesvol verwijderd.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SnailDriverSkipUAC => sleutel is succesvol verwijderd.
C:\ProgramData\Spotnet => ":spn.k" ADS is succesvol verwijderd..
C:\ProgramData\TEMP => ":A4F602C6" ADS is succesvol verwijderd..
HKU\S-1-5-21-3700930283-3343190170-522327778-1001\Software\Classes\regfile => sleutel is succesvol verwijderd.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuatoCalibrationLoader.lnk" => niet gevonden.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 186422565 B
Java, Flash, Steam htmlcache => 318274171 B
Windows/system/drivers => 43505304 B
Edge => 36158433 B
Chrome => 597282076 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 8606655 B
LocalService => 120272 B
NetworkService => 14372 B
Bjorn => 3314833328 B
RecycleBin => 0 B
EmptyTemp: => 4.2 GB tijdelijke gegevens verwijderd.
================================
Het systeem moest herstart worden.
==== Eind van Fixlog 21:43:15 ====
#8
nasdaq
-
- Malware Response Team
- 39,888 posts
- OFFLINE
- Gender:Male
- Location:Montreal, QC. Canada
- Local time:05:18 AM
#9
bjornorico
- Topic Starter
-
- Members
- 7 posts
- OFFLINE
- Local time:11:18 AM
#10
nasdaq
-
- Malware Response Team
- 39,888 posts
- OFFLINE
- Gender:Male
- Location:Montreal, QC. Canada
- Local time:05:18 AM
Posted 24 April 2017 - 07:27 AM
One last scan.
Sophos Virus Removal Tool
Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
Sophos Virus Removal Tool
Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
- Right-click the icon and select Run as administrator.
- Click Yes to accept any security warnings that may appear.
- Click the Next button.
- Select 'I accept the terms in the license agreement', then click Next twice.
- Click the Install button and wait until the installation is complete.
- Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
- Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
- Click Yes to accept any security warnings that may appear.
- After it updates and a "Start Scanning" button appears in the lower right:
- Disconnect from the Internet or physically unplug your Internet cable connection.
- Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
- Temporarily disable your anti-virus and real-time anti-spyware protection.
- Click the "Start Scanning" button in the lower right to start the scan.
- After starting the scan, do not use the computer until the scan has completed.
- When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
- When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
- If any threats are found click Details, then View Log file (bottom left-hand corner).
- Copy and paste its contents in your next reply and note any errors encountered.
- Close the Notepad document, close the Threat Details screen, then click Start cleanup.
- Click Exit to close the program.
- If no threats were found, please confirm that result.
Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
#11
bjornorico
- Topic Starter
-
- Members
- 7 posts
- OFFLINE
- Local time:11:18 AM
Posted 25 April 2017 - 08:02 AM
------------------------------------------------------------
2017-04-25 12:24:10.202 Sophos Virus Removal Tool version 2.5.6
2017-04-25 12:24:10.202 Copyright © 2009-2016 Sophos Limited. All rights reserved.
2017-04-25 12:24:10.203 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
2017-04-25 12:24:10.203 Windows version 6.2 SP 0.0 build 9200 SM=0x100 PT=0x1 WOW64
2017-04-25 12:24:10.203 Checking for updates...
2017-04-25 12:24:10.557 Update progress: proxy server not available
2017-04-25 12:24:12.195 Downloading updates...
2017-04-25 12:24:12.200 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-04-25 12:24:12.200 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-04-25 12:24:12.200 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-04-25 12:24:12.200 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-04-25 12:24:12.200 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-04-25 12:24:12.200 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-04-25 12:24:12.200 Update progress: [I49502] sdds.data0910.xml: found supplement IDE539 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-04-25 12:24:12.200 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE539 LATEST path=
2017-04-25 12:24:12.200 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE539 LATEST path=
2017-04-25 12:24:12.200 Update progress: [I49502] sdds.data0910.xml: found supplement IDE540 LATEST path= baseVersion= [included from product IDE539 LATEST path=]
2017-04-25 12:24:12.200 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE540 LATEST path=
2017-04-25 12:24:12.200 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE540 LATEST path=
2017-04-25 12:24:12.200 Update progress: [I49502] sdds.data0910.xml: found supplement IDE541 LATEST path= baseVersion= [included from product IDE540 LATEST path=]
2017-04-25 12:24:12.201 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE541 LATEST path=
2017-04-25 12:24:12.201 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE541 LATEST path=
2017-04-25 12:24:12.201 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-04-25 12:24:12.245 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-04-25 12:24:12.272 Update progress: [I19463] Syncing product IDE539 LATEST path=
2017-04-25 12:24:12.291 Update progress: [I19463] Syncing product IDE540 LATEST path=
2017-04-25 12:24:12.294 Update progress: [I19463] Syncing product IDE541 LATEST path=
2017-04-25 12:24:12.322 Installing updates...
2017-04-25 12:24:19.072 Option all = no
2017-04-25 12:24:19.673 Option recurse = yes
2017-04-25 12:24:19.673 Option archive = no
2017-04-25 12:24:19.674 Option service = yes
2017-04-25 12:24:19.674 Option confirm = yes
2017-04-25 12:24:19.674 Option sxl = yes
2017-04-25 12:24:19.674 Option max-data-age = 35
2017-04-25 12:24:19.674 Option vdl-logging = yes
2017-04-25 12:24:19.674 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-04-25 12:24:19.674 Machine ID: 65a4a6e6dbc94237a6c0084f21c9777a
2017-04-25 12:24:19.674 Component SVRTcli.exe version 2.5.6
2017-04-25 12:24:19.674 Component control.dll version 2.5.6
2017-04-25 12:24:19.674 Component SVRTservice.exe version 2.5.6
2017-04-25 12:24:19.674 Component engine\osdp.dll version 1.44.1.2281
2017-04-25 12:24:19.674 Component engine\veex.dll version 3.68.1.2281
2017-04-25 12:24:19.674 Component engine\savi.dll version 9.0.7.2281
2017-04-25 12:24:19.674 Component rkdisk.dll version 1.5.31.1
2017-04-25 12:24:19.674 Version info: Product version 2.5.6
2017-04-25 12:24:19.674 Version info: Detection engine 3.68.1
2017-04-25 12:24:19.674 Version info: Detection data 5.38
2017-04-25 12:24:19.674 Version info: Build date 4-4-2017
2017-04-25 12:24:19.674 Version info: Data files added 248
2017-04-25 12:24:19.674 Version info: Last successful update 25-4-2017 12:26:09
2017-04-25 12:24:19.674 Error level 1
2017-04-25 12:24:19.925 Update successful
2017-04-25 12:24:26.873 Option all = no
2017-04-25 12:24:26.873 Option recurse = yes
2017-04-25 12:24:26.874 Option archive = no
2017-04-25 12:24:26.874 Option service = yes
2017-04-25 12:24:26.874 Option confirm = yes
2017-04-25 12:24:26.874 Option sxl = yes
2017-04-25 12:24:26.875 Option max-data-age = 35
2017-04-25 12:24:26.875 Option vdl-logging = yes
2017-04-25 12:24:26.877 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-04-25 12:24:26.877 Machine ID: 65a4a6e6dbc94237a6c0084f21c9777a
2017-04-25 12:24:26.877 Component SVRTcli.exe version 2.5.6
2017-04-25 12:24:26.878 Component control.dll version 2.5.6
2017-04-25 12:24:26.878 Component SVRTservice.exe version 2.5.6
2017-04-25 12:24:26.878 Component engine\osdp.dll version 1.44.1.2281
2017-04-25 12:24:26.878 Component engine\veex.dll version 3.68.1.2281
2017-04-25 12:24:26.878 Component engine\savi.dll version 9.0.7.2281
2017-04-25 12:24:26.878 Component rkdisk.dll version 1.5.31.1
2017-04-25 12:24:26.878 Version info: Product version 2.5.6
2017-04-25 12:24:26.878 Version info: Detection engine 3.68.1
2017-04-25 12:24:26.879 Version info: Detection data 5.38
2017-04-25 12:24:26.879 Version info: Build date 4-4-2017
2017-04-25 12:24:26.879 Version info: Data files added 248
2017-04-25 12:24:26.879 Version info: Last successful update 25-4-2017 14:24:19
2017-04-25 12:29:01.192 >>> Virus 'Mal/Generic-S' found in file C:\AdwCleaner\quarantine\files\pxmfvbabvqglmdcxcumpjbzotnnygmoj\Snarer.dll
2017-04-25 12:29:01.192 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2017-04-25 12:29:01.192 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2017-04-25 12:40:55.779 Could not open C:\swapfile.sys
2017-04-25 12:40:55.805 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-04-25 12:40:55.806 Could not open C:\System Volume Information\{3b548003-299a-11e7-866a-902b34d9fc69}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-04-25 12:40:55.806 Could not open C:\System Volume Information\{3b54800e-299a-11e7-866a-902b34d9fc69}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-04-25 12:40:55.806 Could not open C:\System Volume Information\{4e6b3be5-2909-11e7-8669-902b34d9fc69}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-04-25 12:40:55.806 Could not open C:\System Volume Information\{7e094212-28e7-11e7-8668-902b34d9fc69}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-04-25 12:45:42.756 Could not open C:\WINDOWS\System32\config\BBI
2017-04-25 12:45:42.772 Could not open C:\WINDOWS\System32\config\RegBack\DEFAULT
2017-04-25 12:45:42.772 Could not open C:\WINDOWS\System32\config\RegBack\SAM
2017-04-25 12:45:42.773 Could not open C:\WINDOWS\System32\config\RegBack\SECURITY
2017-04-25 12:45:42.773 Could not open C:\WINDOWS\System32\config\RegBack\SOFTWARE
2017-04-25 12:45:42.774 Could not open C:\WINDOWS\System32\config\RegBack\SYSTEM
2017-04-25 12:52:07.685 The following items will be cleaned up:
2017-04-25 12:52:07.685 Mal/Generic-S
2017-04-25 12:58:37.273 Threat 'Mal/Generic-S' has been cleaned up.
2017-04-25 12:58:37.273 File "C:\AdwCleaner\quarantine\files\pxmfvbabvqglmdcxcumpjbzotnnygmoj\Snarer.dll" belongs to malware 'Mal/Generic-S'.
2017-04-25 12:58:37.273 File "C:\AdwCleaner\quarantine\files\pxmfvbabvqglmdcxcumpjbzotnnygmoj\Snarer.dll" has been cleaned up.
2017-04-25 12:58:37.273 Removal successful
2017-04-25 12:58:37.752 Error level 0
Edited by bjornorico, 25 April 2017 - 08:06 AM.
#12
nasdaq
-
- Malware Response Team
- 39,888 posts
- OFFLINE
- Gender:Male
- Location:Montreal, QC. Canada
- Local time:05:18 AM
Posted 25 April 2017 - 09:43 AM
You are clean.
The items removed were in the Farbar quarantine folders and not causing any problems.
If all is well.
To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===
The items removed were in the Farbar quarantine folders and not causing any problems.
If all is well.
To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
