Jump to content

Timo

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Timo
    This afternoon I had a new tab popping up because of the infection. This was just before i downloaded TFC. There aren't any other signs that show the infection, and it happens irregular. If you're running out of ideas I can also bring it to a repair guy, but thanks for your help anyway! I did not switch of my virusscanner before running the security check, but the log is below. security check log: Results of screen317's Security Check version 1.009 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` McAfee Antivirus en antispyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Reader XI Google Chrome (45.0.2454.101) Google Chrome (46.0.2490.71) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4% ````````````````````End of Log``````````````````````
  2. Timo
    I ran JavaRa and TFC. I'm guessing i have to download the newest version of Java again later? And i was wondering if upgrading windows to windows 10 could help solve the problem? After running TFC i deleted it again. Can I start deleting the previously used programs as well? The JavaRa log: JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Oct 20 17:19:25 2015 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\Classes\JavaPlugin.10512 ------------------------------------ Finished reporting.
  3. Timo
    BTW i've switched my virusscanner back on after scanning with step 8.
  4. Timo
    Step 5 I did not switch off my virusscanner for this step. It didnt say to switch it off in the step descriptions, but i thought i let you know for sure. log, adwcleaner: # AdwCleaner v5.013 - Logbestand aangemaakt 18/10/2015 op 11:39:26# Laatste update 09/10/2015 door Xplode# Database : 2015-10-18.3 [server]# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (x64)# Gebruikersnaam : panker - PANKER-PC# Gestart vanuit : C:\Users\panker\Desktop\AdwCleaner.exe# Optie : Verwijderen# Ondersteuning : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Mappen ] ***** ***** [ Bestanden ] ***** ***** [ DLLs ] ***** ***** [ Snelkoppelingen ] ***** ***** [ geplande taken ] ***** ***** [ Register ] ***** [-] Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}[-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} ***** [ Internetbrowsers ] ***** ************************* :: Winsock instellingen gereset ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [942 bytes] ########## STEP 6, Malwarebytes log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scandatum: 18-10-2015Scantijd: 12:32Logboekbestand: Beheerder: Ja Versie: 2.2.0.1024Malware-database: v2015.10.18.01Rootkit-database: v2015.10.16.01Licentie: GratisMalware-bescherming: UitgeschakeldBescherming tegen kwaadaardige websites: UitgeschakeldZelfbescherming: Uitgeschakeld Besturingssysteem: Windows 7 Service Pack 1Processor: x64Bestandssysteem: NTFSGebruiker: panker Scantype: BedreigingsscanResultaat: VoltooidObjecten gescand: 328331Verstreken tijd: 17 min, 26 sec Geheugen: IngeschakeldOpstarten: IngeschakeldBestandssysteem: IngeschakeldArchieven: IngeschakeldRootkits: IngeschakeldHeuristiek: IngeschakeldPOP: IngeschakeldPOA: Ingeschakeld Processen: 0(Geen kwaadaardige items gedetecteerd) Modules: 0(Geen kwaadaardige items gedetecteerd) Registersleutels: 0(Geen kwaadaardige items gedetecteerd) Registerwaarden: 0(Geen kwaadaardige items gedetecteerd) Registerdata: 0(Geen kwaadaardige items gedetecteerd) Mappen: 0(Geen kwaadaardige items gedetecteerd) Bestanden: 0(Geen kwaadaardige items gedetecteerd) Fysieke Sectoren: 0(Geen kwaadaardige items gedetecteerd) (end) STEP 7 Eset scanner. C:\Backup\Acer\AppData\Local\Temp\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Backup\Acer\AppData\Local\Temp\ASK1017.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Backup\Acer\AppData\Local\Temp\ASK868D.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Backup\Acer\AppData\Local\Temp\ASK8FB1.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Backup\Acer\AppData\Local\Temp\ASK9D87.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Backup\Acer\AppData\Local\Temp\ASKBF49.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Backup\Acer\AppData\Local\Temp\ASKC073.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Backup\Acer\AppData\Local\Temp\ASKE244.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Users\panker\Downloads\ccsetup509.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application STEP 8 FRST and Addition are attached. Addition.txt FRST.txt
  5. Timo
    Here is the JRT text file from step 5 already, i will now go on with step 6 but because that needs a reboot i will post this already. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 7.6.4 (09.28.2015:1)OS: Windows 7 Home Premium x64Ran by panker on zo 18-10-2015 at 11:22:35,42~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\ProgramData\partner ~~~ Chrome [C:\Users\panker\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\panker\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\panker\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\panker\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:[] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on zo 18-10-2015 at 11:26:22,25End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  6. Timo
    Ok, so I followed the steps above and if i'm correct i only have to post the log of the MBAM scan right? Also I will switch my antivirus back on till i hear what to do again. The log is in Dutch btw, dont know if thats a problem for you? Malwarebytes Anti-Malwarewww.malwarebytes.org Scandatum: 18-10-2015Scantijd: 0:11Logboekbestand: Beheerder: Ja Versie: 2.2.0.1024Malware-database: v2015.10.17.06Rootkit-database: v2015.10.16.01Licentie: GratisMalware-bescherming: UitgeschakeldBescherming tegen kwaadaardige websites: UitgeschakeldZelfbescherming: Uitgeschakeld Besturingssysteem: Windows 7 Service Pack 1Processor: x64Bestandssysteem: NTFSGebruiker: panker Scantype: BedreigingsscanResultaat: VoltooidObjecten gescand: 328172Verstreken tijd: 15 min, 44 sec Geheugen: IngeschakeldOpstarten: IngeschakeldBestandssysteem: IngeschakeldArchieven: IngeschakeldRootkits: IngeschakeldHeuristiek: IngeschakeldPOP: IngeschakeldPOA: Ingeschakeld Processen: 0(Geen kwaadaardige items gedetecteerd) Modules: 0(Geen kwaadaardige items gedetecteerd) Registersleutels: 0(Geen kwaadaardige items gedetecteerd) Registerwaarden: 0(Geen kwaadaardige items gedetecteerd) Registerdata: 0(Geen kwaadaardige items gedetecteerd) Mappen: 0(Geen kwaadaardige items gedetecteerd) Bestanden: 0(Geen kwaadaardige items gedetecteerd) Fysieke Sectoren: 0(Geen kwaadaardige items gedetecteerd) (end)
  7. Timo
    First, thank you very much for the help in advance! I am quite busy at the moment and therefore did not have time to try and fix the computer yet. I will have time later today so I will be following your instructions then. Just wanted to let you know so the topic doesn't get closed yet. After I followed the instructions I will let you know!
  8. Timo
    Hi, My computer seems to be infected with something which causes new tabs to open when on clicking somewhere in my browser. This will open a website tradeadexhange which transfers the tab to different websites. I cant get it off my computer using my antivirus or the free malwarebytes. Could you help me? These posts also have problems with tradeadexchange: https://forums.malwarebytes.org/index.php?/topic/171981-tradeadexchage-infection/ https://forums.malwarebytes.org/index.php?/topic/171668-tradeadexchange-infection/ I ran a scan with farbar and will attach the frst and addition results files. Thanks in advance! Timo Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.