ekock76 Posted July 8, 2014 ID:850263 Share Posted July 8, 2014 As i could not start up malware anymore i started a topic elswehere in this forum. They looked at it and redirected me to here cause my pc is infected.Enclosed the FRST.txt and Addition.txt I am a premium user of malwarebytes andf have a license keyAddition.txtFRST.txt Link to post Share on other sites More sharing options...
Psychotic Posted July 8, 2014 ID:850371 Share Posted July 8, 2014 Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. Scan with aswMBRPlease download aswMBR ( 4.5MB ) to your desktop.Double click the aswMBR.exe icon, and click Run. There will be a short delay before the next dialog box comes up. Please just wait a minute or two. When asked if you'd like to "download the latest Avast! virus definitions", click Yes. Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready. Click the Scan button to start the scan once the update has finished downloading On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record). Link to post Share on other sites More sharing options...
ekock76 Posted July 9, 2014 Author ID:850731 Share Posted July 9, 2014 When i try to run aswMBR i ghet the following pop-up. see attachment.What do i need to answer: yes or no? Link to post Share on other sites More sharing options...
Psychotic Posted July 9, 2014 ID:850857 Share Posted July 9, 2014 select yes, please Link to post Share on other sites More sharing options...
ekock76 Posted July 10, 2014 Author ID:851032 Share Posted July 10, 2014 Hi there, i selected yes. then i tried to run a scan, but halfway the programm stops running. Link to post Share on other sites More sharing options...
Psychotic Posted July 11, 2014 ID:851427 Share Posted July 11, 2014 skip aswMBR. Please download Malwarebytes Anti-Rootkit from hereUnzip the contents to a folder in a convenient location. Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. If any threats are found, don´t click the Cleanup button - rather save the log and post it up in your topic. Link to post Share on other sites More sharing options...
ekock76 Posted July 14, 2014 Author ID:852624 Share Posted July 14, 2014 I did the scan and it says no malware found. ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1012 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17207 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, H:\ DRIVE_FIXED, K:\ DRIVE_FIXEDCPU speed: 3.392000 GHzMemory total: 6424133632, free: 2481565696 Could not load protection driverDownloaded database version: v2014.07.13.07Downloaded database version: v2014.07.09.01Initializing...======================------------ Kernel report ------------ 07/14/2014 09:32:49------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\drivers\mfehidk.sys\SystemRoot\System32\Drivers\PxHlpa64.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\mfewfpk.sys\SystemRoot\system32\DRIVERS\timntr.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\system32\DRIVERS\tdrpm273.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\system32\DRIVERS\snapman.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\MOBK.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\AVer7231_x64.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\BdaSup.SYS\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\nusb3xhc.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\kbdclass.sys\SystemRoot\system32\drivers\mouclass.sys\SystemRoot\system32\drivers\serscan.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\DRIVERS\circlass.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\drivers\nvvad64v.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\nusb3hub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\nvhda64v.sys\SystemRoot\system32\DRIVERS\stwrt64.sys\SystemRoot\system32\DRIVERS\hidir.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\drivers\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\drivers\mfeavfk.sys\SystemRoot\system32\drivers\mfefirek.sys\SystemRoot\system32\DRIVERS\mfencbdc.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\lvuvc64.sys\SystemRoot\system32\drivers\usbaudio.sys\SystemRoot\system32\DRIVERS\lvrs64.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\??\C:\Windows\system32\Drivers\rikvm_C6F09094.sys\SystemRoot\system32\drivers\McPvDrv.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\system32\DRIVERS\udfs.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\system32\drivers\mfeapfk.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\afcdp.sys\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\system32\drivers\cfwids.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\lpk.dll\Windows\System32\iertutil.dll\Windows\System32\ws2_32.dll\Windows\System32\msctf.dll\Windows\System32\wininet.dll\Windows\System32\clbcatq.dll\Windows\System32\kernel32.dll\Windows\System32\shlwapi.dll\Windows\System32\Wldap32.dll\Windows\System32\sechost.dll\Windows\System32\urlmon.dll\Windows\System32\rpcrt4.dll\Windows\System32\msvcrt.dll\Windows\System32\advapi32.dll\Windows\System32\user32.dll\Windows\System32\ole32.dll\Windows\System32\normaliz.dll\Windows\System32\imm32.dll\Windows\System32\setupapi.dll\Windows\System32\usp10.dll\Windows\System32\gdi32.dll\Windows\System32\difxapi.dll\Windows\System32\comdlg32.dll\Windows\System32\imagehlp.dll\Windows\System32\shell32.dll\Windows\System32\psapi.dll\Windows\System32\oleaut32.dll\Windows\System32\nsi.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\devobj.dll\Windows\System32\KernelBase.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\userenv.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\crypt32.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\comctl32.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\wintrust.dll\Windows\System32\cfgmgr32.dll\Windows\System32\msasn1.dll\Windows\System32\profapi.dll\Windows\SysWOW64\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk7\DR7Upper Device Object: 0xfffffa8009c2c790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\000000a9\Lower Device Object: 0xfffffa80096f7b60Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk6\DR6Upper Device Object: 0xfffffa8009be0790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\000000a7\Lower Device Object: 0xfffffa8009bd2060Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk5\DR5Upper Device Object: 0xfffffa8009bdd060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\000000a6\Lower Device Object: 0xfffffa8009bd0b60Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk4\DR4Upper Device Object: 0xfffffa8009bd8060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\000000a5\Lower Device Object: 0xfffffa8009bd2b60Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk3\DR3Upper Device Object: 0xfffffa8009bcd060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\000000a4\Lower Device Object: 0xfffffa8009b94990Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk2\DR2Upper Device Object: 0xfffffa800888a440Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000097\Lower Device Object: 0xfffffa8009753b60Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xfffffa8007bdc060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-2\Lower Device Object: 0xfffffa80068db050Lower Device Driver Name: \Driver\iaStor\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8007bdb060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa80068d9050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8007bdb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8007a2f910, DeviceName: Unknown, DriverName: \Driver\tdrpman273\DevicePointer: 0xfffffa8007a2e980, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xfffffa8007a2eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8007bdbe30, DeviceName: Unknown, DriverName: \Driver\tdrpman273\DevicePointer: 0xfffffa8007bdb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa80068d9050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: Unknown, DriverName: \Driver\snapman\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...Done!Drive 0This is a System driveScanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 108F921B Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 1925345729 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1925552577 Numsec = 27967488 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...Done!Physical Sector Size: 512Drive: 1, DevicePointer: 0xfffffa8007bdc060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8007a38940, DeviceName: Unknown, DriverName: \Driver\tdrpman273\DevicePointer: 0xfffffa8007a37980, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xfffffa8007a37b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8007a33900, DeviceName: Unknown, DriverName: \Driver\tdrpman273\DevicePointer: 0xfffffa8007bdc060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa80068db050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: Unknown, DriverName: \Driver\snapman\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 90767101 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1953519616 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytesSector size: 512 bytes Done!Physical Sector Size: 512Drive: 2, DevicePointer: 0xfffffa800888a440, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80099c3e30, DeviceName: Unknown, DriverName: \Driver\tdrpman273\DevicePointer: 0xfffffa80096f9e30, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xfffffa80097a4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800996da50, DeviceName: Unknown, DriverName: \Driver\tdrpman273\DevicePointer: 0xfffffa800888a440, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8009753b60, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: Unknown, DriverName: \Driver\snapman\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 2Scanning MBR on drive 2...Inspecting partition table:MBR Signature: 55AADisk Signature: 195159 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 3907027120 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2000398934016 bytesSector size: 512 bytes Done!Physical Sector Size: 0Drive: 3, DevicePointer: 0xfffffa8009bcd060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8009bcd940, DeviceName: Unknown, DriverName: \Driver\tdrpman273\DevicePointer: 0xfffffa8009bd6650, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xfffffa8009bd5310, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8009bd2720, DeviceName: Unknown, DriverName: \Driver\tdrpman273\DevicePointer: 0xfffffa8009bcd060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8009b94990, DeviceName: \Device\000000a4\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 4, DevicePointer: 0xfffffa8009bd8060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8009bdcc30, DeviceName: Unknown, DriverName: \Driver\tdrpman273\DevicePointer: 0xfffffa8009bdae30, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xfffffa8009bd9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8009bd6e30, DeviceName: Unknown, DriverName: \Driver\tdrpman273\DevicePointer: 0xfffffa8009bd8060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8009bd2b60, DeviceName: \Device\000000a5\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 5, DevicePointer: 0xfffffa8009bdd060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8009bd5830, DeviceName: Unknown, DriverName: \Driver\tdrpman273\DevicePointer: 0xfffffa8009bde4a0, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xfffffa8009bdd940, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8009bda730, DeviceName: Unknown, DriverName: \Driver\tdrpman273\DevicePointer: 0xfffffa8009bdd060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8009bd0b60, DeviceName: \Device\000000a6\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 6, DevicePointer: 0xfffffa8009be0790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8009be1040, DeviceName: Unknown, DriverName: \Driver\tdrpman273\DevicePointer: 0xfffffa8009be0560, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xfffffa8009be3040, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8009be18b0, DeviceName: Unknown, DriverName: \Driver\tdrpman273\DevicePointer: 0xfffffa8009be0790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8009bd2060, DeviceName: \Device\000000a7\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 512Drive: 7, DevicePointer: 0xfffffa8009c2c790, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8009bebc60, DeviceName: Unknown, DriverName: \Driver\tdrpman273\DevicePointer: 0xfffffa8009c2db10, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xfffffa8009c686a0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8009c4dd90, DeviceName: Unknown, DriverName: \Driver\tdrpman273\DevicePointer: 0xfffffa8009c2c790, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa80096f7b60, DeviceName: \Device\000000a9\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: Unknown, DriverName: \Driver\snapman\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 7Scanning MBR on drive 7...Inspecting partition table:MBR Signature: 55AADisk Signature: 791E6 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1463773184 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 749452918784 bytesSector size: 512 bytes Done!Scan finished Link to post Share on other sites More sharing options...
ekock76 Posted July 14, 2014 Author ID:852625 Share Posted July 14, 2014 Still i cannot run malwarebytes anti malware Link to post Share on other sites More sharing options...
Psychotic Posted July 14, 2014 ID:852696 Share Posted July 14, 2014 CombofixCombofix should only be run when adviced by a team member!LinkImportant - Save the file to your desktop! Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work. Run Combofix.exeWhen finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this. Link to post Share on other sites More sharing options...
ekock76 Posted July 15, 2014 Author ID:852953 Share Posted July 15, 2014 ComboFix 14-07-14.01 - ekock 15-07-2014 8:35.1.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6127.3114 [GMT 2:00]Gestart vanuit: c:\users\ekock\Desktop\Malwarebytes probleem\ComboFix.exeAV: McAfee Antivirus en antispyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}SP: McAfee Antivirus en antispyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\2d223c37245f292b443c32293b3a2d_cC:\Thumbs.dbc:\users\ekock\AppData\Local\Temp\7zS50F6\HPSLPSVC64.DLLc:\users\ekock\Documents\DAVA370.tmpc:\users\ekock\Documents\DAVE226.tmpc:\users\ekock\Documents\DAVF88B.tmpc:\users\ekock\Documents\DAVFBEE.tmpc:\windows\security\Database\tmp.edbK:\Autorun.inf..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_HPSLPSVC..(((((((((((((((((((( Bestanden Gemaakt van 2014-06-15 to 2014-07-15 ))))))))))))))))))))))))))))))..2014-07-15 06:43 . 2014-07-15 06:43 -------- d-----w- c:\users\Default\AppData\Local\temp2014-07-14 08:35 . 2014-07-14 08:35 -------- d-----w- c:\program files (x86)\Common Files\Java2014-07-14 08:35 . 2014-07-14 08:35 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-07-14 07:32 . 2014-07-14 08:34 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2014-07-14 07:32 . 2014-07-14 07:32 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-07-09 06:36 . 2014-06-20 20:14 810160 ----a-w- c:\program files\Internet Explorer\iexplore.exe2014-06-26 19:30 . 2014-07-08 07:57 -------- d-----w- C:\FRST2014-06-26 19:22 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-06-26 19:22 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-06-26 19:22 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-06-19 05:10 . 2014-06-20 10:15 -------- d-----w- c:\users\ekock\AppData\Local\Adobe2014-06-18 20:30 . 2014-06-18 20:30 -------- d-----w- c:\users\ekock\AppData\Local\Macromedia...((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-07-10 01:02 . 2013-06-06 14:36 96441528 ----a-w- c:\windows\system32\MRT.exe2014-07-09 13:25 . 2013-07-05 05:19 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-07-09 13:25 . 2013-07-05 05:19 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-06-03 08:41 . 2013-06-06 16:27 589008 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe2014-05-29 23:07 . 2014-06-04 07:11 1291232 ----a-w- c:\windows\SysWow64\nvspbridge.dll2014-05-29 23:07 . 2013-11-01 09:27 1122312 ----a-w- c:\windows\SysWow64\nvspcap.dll2014-05-29 23:07 . 2014-06-04 07:11 1715176 ----a-w- c:\windows\system32\nvspbridge64.dll2014-05-29 23:07 . 2013-11-01 09:27 1279480 ----a-w- c:\windows\system32\nvspcap64.dll2014-05-20 02:44 . 2014-06-02 08:12 9697640 ----a-w- c:\windows\SysWow64\nvopencl.dll2014-05-20 02:44 . 2014-06-02 08:12 895776 ----a-w- c:\windows\system32\NvIFR64.dll2014-05-20 02:44 . 2014-06-02 08:12 892704 ----a-w- c:\windows\system32\NvFBC64.dll2014-05-20 02:44 . 2014-06-02 08:12 867784 ----a-w- c:\windows\SysWow64\NvIFR.dll2014-05-20 02:44 . 2014-06-02 08:12 861128 ----a-w- c:\windows\SysWow64\NvFBC.dll2014-05-20 02:44 . 2014-06-02 08:12 837056 ----a-w- c:\windows\SysWow64\nvumdshim.dll2014-05-20 02:44 . 2014-06-02 08:12 354016 ----a-w- c:\windows\system32\nvoglshim64.dll2014-05-20 02:44 . 2014-06-02 08:12 31387936 ----a-w- c:\windows\system32\nvoglv64.dll2014-05-20 02:44 . 2014-06-02 08:12 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll2014-05-20 02:44 . 2014-06-02 08:12 24025376 ----a-w- c:\windows\SysWow64\nvoglv32.dll2014-05-20 02:44 . 2014-06-02 08:12 1889112 ----a-w- c:\windows\system32\nvdispco6433788.dll2014-05-20 02:44 . 2014-06-02 08:12 166568 ----a-w- c:\windows\system32\nvinitx.dll2014-05-20 02:44 . 2014-06-02 08:12 1541576 ----a-w- c:\windows\system32\nvdispgenco6433788.dll2014-05-20 02:44 . 2014-06-02 08:12 146480 ----a-w- c:\windows\SysWow64\nvinit.dll2014-05-20 02:44 . 2014-06-02 08:12 12688328 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys2014-05-20 02:44 . 2014-06-02 08:12 11599072 ----a-w- c:\windows\system32\nvopencl.dll2014-05-20 02:44 . 2014-06-02 08:12 9735256 ----a-w- c:\windows\SysWow64\nvcuda.dll2014-05-20 02:44 . 2014-06-02 08:12 3141976 ----a-w- c:\windows\system32\nvcuvid.dll2014-05-20 02:44 . 2014-06-02 08:12 2953672 ----a-w- c:\windows\SysWow64\nvcuvid.dll2014-05-20 02:44 . 2014-06-02 08:12 2785568 ----a-w- c:\windows\system32\nvcuvenc.dll2014-05-20 02:44 . 2014-06-02 08:12 25256224 ----a-w- c:\windows\system32\nvcompiler.dll2014-05-20 02:44 . 2014-06-02 08:12 2412376 ----a-w- c:\windows\SysWow64\nvcuvenc.dll2014-05-20 02:44 . 2014-06-02 08:12 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll2014-05-20 02:44 . 2014-06-02 08:12 11644928 ----a-w- c:\windows\system32\nvcuda.dll2014-05-20 02:44 . 2014-03-11 09:00 16003912 ----a-w- c:\windows\SysWow64\nvwgf2um.dll2014-05-20 02:44 . 2013-07-02 10:47 17480432 ----a-w- c:\windows\system32\nvd3dumx.dll2014-05-20 02:44 . 2013-06-10 07:08 2730208 ----a-w- c:\windows\SysWow64\nvapi.dll2014-05-20 02:44 . 2013-06-10 07:08 14434704 ----a-w- c:\windows\SysWow64\nvd3dum.dll2014-05-20 02:44 . 2013-02-25 22:32 3109248 ----a-w- c:\windows\system32\nvapi64.dll2014-05-20 02:44 . 2013-02-25 22:32 952952 ----a-w- c:\windows\system32\nvumdshimx.dll2014-05-20 02:44 . 2013-02-25 22:32 18531568 ----a-w- c:\windows\system32\nvwgf2umx.dll2014-05-20 01:25 . 2010-08-09 06:12 6769096 ----a-w- c:\windows\system32\nvcpl.dll2014-05-20 01:25 . 2010-08-09 06:12 3514144 ----a-w- c:\windows\system32\nvsvc64.dll2014-05-20 01:25 . 2010-08-09 06:12 927520 ----a-w- c:\windows\system32\nvvsvc.exe2014-05-20 01:25 . 2010-08-09 06:12 62808 ----a-w- c:\windows\system32\nvshext.dll2014-05-20 01:25 . 2010-08-09 06:12 387528 ----a-w- c:\windows\system32\nvmctray.dll2014-05-20 01:25 . 2010-08-09 06:12 2560968 ----a-w- c:\windows\system32\nvsvcr.dll2014-05-19 23:10 . 2014-06-02 08:20 601432 ----a-w- c:\windows\SysWow64\nvStreaming.exe2014-05-14 23:49 . 2013-06-06 13:49 3774821 ----a-w- c:\windows\system32\nvcoproc.bin2014-05-08 09:32 . 2014-06-12 08:53 3178496 ----a-w- c:\windows\system32\rdpcorets.dll2014-05-08 09:32 . 2014-06-12 08:53 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll2014-04-25 02:34 . 2014-06-12 08:53 801280 ----a-w- c:\windows\system32\usp10.dll2014-04-25 02:06 . 2014-06-12 08:53 626688 ----a-w- c:\windows\SysWow64\usp10.dll2014-04-22 13:10 . 2014-04-22 13:10 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys2014-04-22 13:10 . 2014-04-22 13:10 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys2014-04-22 13:10 . 2014-04-22 13:10 970336 ----a-w- c:\windows\system32\drivers\timntr.sys2014-04-22 13:10 . 2014-04-22 13:10 277088 ----a-w- c:\windows\system32\drivers\snapman.sys2014-04-22 13:08 . 2014-04-22 13:08 86016 ----a-r- c:\users\ekock\AppData\Roaming\Microsoft\Installer\{58053C71-35D9-4F16-9E5A-50C97504B2D0}\Seagate_NAS_Discov_25095144CDA545069117E7B7657B7840.exe2014-04-22 13:08 . 2014-04-22 13:08 86016 ----a-r- c:\users\ekock\AppData\Roaming\Microsoft\Installer\{58053C71-35D9-4F16-9E5A-50C97504B2D0}\BlackArmor_Discove_90FF9289A03D4ED88DE6D3E499E65F57_1.exe2014-04-22 13:08 . 2014-04-22 13:08 86016 ----a-r- c:\users\ekock\AppData\Roaming\Microsoft\Installer\{58053C71-35D9-4F16-9E5A-50C97504B2D0}\ARPPRODUCTICON.exe2014-04-21 07:26 . 2014-04-21 07:26 119512 ----a-w- c:\windows\system32\drivers\48230029.sys..((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))..*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2014-06-10 08:39 1730264 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2014-06-10 08:39 1730264 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2014-06-10 08:39 1730264 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\ekock\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\ekock\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\ekock\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Spotify"="c:\users\ekock\AppData\Roaming\Spotify\Spotify.exe" [2014-07-10 6162488]"Spotify Web Helper"="c:\users\ekock\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-10 1178168]"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-06-09 122200]"HP Officejet Pro 8600 (NET)"="c:\program files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]"Wunderlist"="c:\program files (x86)\Wunderlist2\Wunderlist.exe" [2013-12-02 13021792]"GoogleChromeAutoLaunch_449783D3B0AA6CBEBA9A499D6CC0B0E0"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-06-05 860488].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-05-08 41336]"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-05-08 840568]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]"BlackArmorBackupMonitor.exe"="c:\program files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe" [2012-10-31 5547704]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-26 152392]"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-05-28 310064]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-06-09 122200].c:\users\ekock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\ekock\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-9-28 1040952].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"EnableShellExecuteHooks"= 1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]@="".R2 CLKMSVC10_C6F09094;CyberLink Product - 2011/03/29 22:42;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR_64.sys;c:\windows\SYSNATIVE\DRIVERS\AVer888RCIR_64.sys [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm273.sys [x]S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys;c:\windows\SYSNATIVE\DRIVERS\MOBK.sys [x]S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]S2 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x]S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]S2 MOBKbackup;1%;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [x]S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]S2 sfcdpsrv;Seagate Nonstop Backup-service ;c:\program files (x86)\Common Files\Seagate\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Seagate\CDP\afcdpsrv.exe [x]S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVer7231_x64.sys [x]S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]..--- Andere Services/Drivers In Geheugen ---.*NewlyCreated* - WS2IFSL*Deregistered* - CLKMDRV10_C6F09094.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-06-12 19:40 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe.Inhoud van de 'Gedeelde Taken' map.2014-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-05 13:25].2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-13 05:03].2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf27458081f822.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-13 05:03].2014-07-14 c:\windows\Tasks\HPCeeScheduleForEKOCK-PC-OFFICE$.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15].2014-07-14 c:\windows\Tasks\HPCeeScheduleForekock.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2014-06-10 10:07 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2014-06-10 10:07 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2014-06-10 10:07 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\ekock\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\ekock\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\ekock\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\ekock\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]2010-04-13 18:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]2010-04-13 18:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]@="{b4caf489-1eec-c617-49ad-8d7088598c06}"[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]2010-04-13 18:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-04-24 1425408]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-05-29 1279480]"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-05-29 2352072]"Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2012-10-31 395320].------- Bijkomende Scan -------.uStart Page = about:TabsuLocal Page = c:\windows\system32\blank.htmmDefault_Page_URL = hxxp://www.google.commStart Page = hxxp://www.google.commLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.10.1FF - ProfilePath - c:\users\ekock\AppData\Roaming\Mozilla\Firefox\Profiles\81niafhp.default-1379351311305\.- - - - ORPHANS VERWIJDERD - - - -.Wow6432Node-HKCU-Run-AdobeBridge - (no file)Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exeWow6432Node-HKLM-Run-<NO NAME> - (no file)Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exec:\users\ekock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Officejet Pro 8600 (netwerk).lnk - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startHKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exeAddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService".--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.14".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Andere Aktieve Processen ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\windows\SysWOW64\ezSharedSvcHost.exec:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exec:\program files (x86)\Common Files\LightScribe\LSSrvc.exec:\windows\SysWOW64\rundll32.exec:\program files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exec:\program files (x86)\TeamViewer\Version9\TeamViewer.exec:\program files (x86)\TeamViewer\Version9\tv_w32.exec:\program files\Microsoft Office 15\Root\Office15\MsoSync.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Voltooingstijd: 2014-07-15 08:52:59 - machine werd herstartComboFix-quarantined-files.txt 2014-07-15 06:52.Pre-Run: 845.602.017.280 bytes beschikbaarPost-Run: 845.294.407.680 bytes beschikbaar.- - End Of File - - BB8F592440FA292B25D6D29677E9F0EE Link to post Share on other sites More sharing options...
Psychotic Posted July 15, 2014 ID:852999 Share Posted July 15, 2014 Scan with ESET Online ScanPlease go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
ekock76 Posted July 15, 2014 Author ID:853198 Share Posted July 15, 2014 eset logfile C:\Users\ekock\Downloads\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\ekock\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\ekock\Downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationE:\Downloads Spotnet\Downloads\_UNPACK_CCleaner Professional + Business Edition v4084428 Incl Crack\CCleaner_4.08\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationE:\Downloads Spotnet\Uitgepakt\Software\Joomla Add-on Pack 75\Templates\Icetheme\Community (Joomla 2.5)\icetools\default.php PHP/Obfuscated.F potentially unwanted applicationE:\Downloads Spotnet\Uitgepakt\Software\Joomla Add-on Pack 75\Templates\Icetheme\Community (Joomla 2.5)\templates\it_community\icetools\default.php PHP/Obfuscated.F potentially unwanted applicationE:\Downloads Spotnet\Uitgepakt\Software\Joomla Add-on Pack 75\Templates\Icetheme\Motor (Joomla 2.5)\icetools\default.php PHP/Obfuscated.F potentially unwanted applicationE:\Downloads Spotnet\Uitgepakt\Software\Joomla Add-on Pack 75\Templates\Icetheme\Motor (Joomla 2.5)\templates\it_motor\icetools\default.php PHP/Obfuscated.F potentially unwanted applicationE:\Downloads Spotnet\Uitgepakt\Software\Joomla Add-on Pack 75_1\Templates\Icetheme\Community (Joomla 2.5)\icetools\default.php PHP/Obfuscated.F potentially unwanted applicationE:\Downloads Spotnet\Uitgepakt\Software\Joomla Add-on Pack 75_1\Templates\Icetheme\Community (Joomla 2.5)\templates\it_community\icetools\default.php PHP/Obfuscated.F potentially unwanted applicationE:\Downloads Spotnet\Uitgepakt\Software\Joomla Add-on Pack 75_1\Templates\Icetheme\Motor (Joomla 2.5)\icetools\default.php PHP/Obfuscated.F potentially unwanted applicationE:\Downloads Spotnet\Uitgepakt\Software\Joomla Add-on Pack 75_1\Templates\Icetheme\Motor (Joomla 2.5)\templates\it_motor\icetools\default.php PHP/Obfuscated.F potentially unwanted applicationK:\Elements HD\SOFTWARE\Branden\SetupImgBurn_2.5.6.0.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationK:\Elements HD\SOFTWARE\Branden\Ashampoo-Burning-Studio-10.10.0.1\Ashampoo Burning Studio 10.10.0.1\ashampoo_burning_studio_10_10.0.1_sm.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationK:\Elements HD\SOFTWARE\Branden\DVDFab_Platinum_5.0.7.5_-_Final\universal.dvdfab.platinum.5-patch.2.0.exe a variant of Win32/HackTool.Patcher.A potentially unsafe applicationK:\Elements HD\SOFTWARE\Grafische vormgeving & Foto\Photo_Collage_Creator_Versie_2.25\Photo Collage Creator Versie 2.25\setup.exe Win32/Induc virusK:\Elements HD\SOFTWARE\Muziek & Video\7mediaplayers\Gomplayerensetup.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe applicationK:\Elements HD\SOFTWARE\Muziek & Video\limewire\LimeWireProWin_v5.4.8.exe multiple threatsK:\Elements HD\SOFTWARE\Muziek & Video\limewire\LimeWireWin_v5.4.7.exe multiple threatsK:\Elements HD\SOFTWARE\Muziek & Video\limewire\LimeWire.Pro.v5.4.8.Multilingual.Retail-EAT\LimeWireProWin_v5.4.8.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe applicationK:\Elements HD\SOFTWARE\Muziek & Video\Magic Video Converter 8.0.2.18\Magic Video Converter 8.0.2.18\MagicVideoConverter.exe a variant of Win32/TrojanDownloader.Small.OOT trojanK:\Elements HD\SOFTWARE\Uitzoeken\cavebox.com_Web_Palette_Pro_v4.0.2.0\Web_Palette_Pro_v4.0.2.0\Web Palette Pro v4.0.2.0\KG\Keygen.exe a variant of Win32/Keygen.AS potentially unsafe applicationK:\Elements HD\SOFTWARE\Webdesign\Swish\SwishmaxAdd-ons\Swishmax Add-ons\guestbooks\Mogelijkheden\03\upload\gbook.php PHP/Obfuscated.F potentially unwanted application Link to post Share on other sites More sharing options...
Psychotic Posted July 16, 2014 ID:853449 Share Posted July 16, 2014 K:\Elements HD\SOFTWARE\Muziek & Video\Magic Video Converter 8.0.2.18\Magic Video Converter 8.0.2.18\MagicVideoConverter.exeDelete this file! C:\Users\ekock\Downloads\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\ekock\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\ekock\Downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationE:\Downloads Spotnet\Downloads\_UNPACK_CCleaner Professional + Business Edition v4084428 Incl Crack\CCleaner_4.08\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationE:\Downloads Spotnet\Uitgepakt\Software\Joomla Add-on Pack 75\Templates\Icetheme\Community (Joomla 2.5)\icetools\default.php PHP/Obfuscated.F potentially unwanted applicationE:\Downloads Spotnet\Uitgepakt\Software\Joomla Add-on Pack 75\Templates\Icetheme\Community (Joomla 2.5)\templates\it_community\icetools\default.php PHP/Obfuscated.F potentially unwanted applicationE:\Downloads Spotnet\Uitgepakt\Software\Joomla Add-on Pack 75\Templates\Icetheme\Motor (Joomla 2.5)\icetools\default.php PHP/Obfuscated.F potentially unwanted applicationE:\Downloads Spotnet\Uitgepakt\Software\Joomla Add-on Pack 75\Templates\Icetheme\Motor (Joomla 2.5)\templates\it_motor\icetools\default.php PHP/Obfuscated.F potentially unwanted applicationE:\Downloads Spotnet\Uitgepakt\Software\Joomla Add-on Pack 75_1\Templates\Icetheme\Community (Joomla 2.5)\icetools\default.php PHP/Obfuscated.F potentially unwanted applicationE:\Downloads Spotnet\Uitgepakt\Software\Joomla Add-on Pack 75_1\Templates\Icetheme\Community (Joomla 2.5)\templates\it_community\icetools\default.php PHP/Obfuscated.F potentially unwanted applicationE:\Downloads Spotnet\Uitgepakt\Software\Joomla Add-on Pack 75_1\Templates\Icetheme\Motor (Joomla 2.5)\icetools\default.php PHP/Obfuscated.F potentially unwanted applicationE:\Downloads Spotnet\Uitgepakt\Software\Joomla Add-on Pack 75_1\Templates\Icetheme\Motor (Joomla 2.5)\templates\it_motor\icetools\default.php PHP/Obfuscated.F potentially unwanted applicationK:\Elements HD\SOFTWARE\Branden\SetupImgBurn_2.5.6.0.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationK:\Elements HD\SOFTWARE\Branden\Ashampoo-Burning-Studio-10.10.0.1\Ashampoo Burning Studio 10.10.0.1\ashampoo_burning_studio_10_10.0.1_sm.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationK:\Elements HD\SOFTWARE\Branden\DVDFab_Platinum_5.0.7.5_-_Final\universal.dvdfab.platinum.5-patch.2.0.exe a variant of Win32/HackTool.Patcher.A potentially unsafe applicationK:\Elements HD\SOFTWARE\Grafische vormgeving & Foto\Photo_Collage_Creator_Versie_2.25\Photo Collage Creator Versie 2.25\setup.exe Win32/Induc virusK:\Elements HD\SOFTWARE\Muziek & Video\7mediaplayers\Gomplayerensetup.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe applicationK:\Elements HD\SOFTWARE\Muziek & Video\limewire\LimeWireProWin_v5.4.8.exe multiple threatsK:\Elements HD\SOFTWARE\Muziek & Video\limewire\LimeWireWin_v5.4.7.exe multiple threatsK:\Elements HD\SOFTWARE\Muziek & Video\limewire\LimeWire.Pro.v5.4.8.Multilingual.Retail-EAT\LimeWireProWin_v5.4.8.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe applicationK:\Elements HD\SOFTWARE\Uitzoeken\cavebox.com_Web_Palette_Pro_v4.0.2.0\Web_Palette_Pro_v4.0.2.0\Web Palette Pro v4.0.2.0\KG\Keygen.exe a variant of Win32/Keygen.AS potentially unsafe applicationK:\Elements HD\SOFTWARE\Webdesign\Swish\SwishmaxAdd-ons\Swishmax Add-ons\guestbooks\Mogelijkheden\03\upload\gbook.php PHP/Obfuscated.F potentially unwanted application These files are no malware but contain security risks. I´d delete them immediately - your choice. Then we can do the cleanup - if you are facing any issues, report that immediately.Delete junk with adwCleanerPlease download AdwCleaner to your desktop.Run adwcleaner.exeHit Scan and wait for the scan to finish.Confirm the message but don´t uncheck anything.Hit CleanWhen the run is finished, it will open up a text filePlease post its contents within your next replyYou´ll find the log file at C:\AdwCleaner[s1].txt alsoDelete junk with JRT Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.SecurityCheckReboot your system before starting!Please download SecurityCheck: LINK1 LINK2Save it to your desktop, start it and follow the instructions in the window.After the scan finished the (checkup.txt) will open. Copy its content to your thread. Link to post Share on other sites More sharing options...
ekock76 Posted July 21, 2014 Author ID:855634 Share Posted July 21, 2014 # AdwCleaner v3.216 - Rapport aangemaakt 21/07/2014 op 10:10:32# Laatste Update 17/07/2014 door Xplode# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)# Gebruikersnaam : ekock - EKOCK-PC-OFFICE# Gestart vanuit : C:\Users\ekock\Desktop\adwcleaner_3.216.exe# Optie : Verwijderen ***** [ Services ] ***** ***** [ Bestanden / Mappen ] ***** Map Verwijderd : C:\ProgramData\eSafeMap Verwijderd : C:\Program Files (x86)\Common Files\337Bestand Verwijderd : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser ***** [ Snelkoppelingen ] ***** Snelkoppeling Gedesinfecteerd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnkSnelkoppeling Gedesinfecteerd : C:\Users\ekock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnkSnelkoppeling Gedesinfecteerd : C:\Users\ekock\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnkSnelkoppeling Gedesinfecteerd : C:\Users\ekock\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ***** [ Register ] ***** Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\secman.DLLSleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsSleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCSSleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvcSleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvcSleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}Sleutel Verwijderd : HKCU\Software\Myfree CodecSleutel Verwijderd : HKCU\Software\powerpackSleutel Verwijderd : HKCU\Software\SoftonicSleutel Verwijderd : HKLM\Software\DesksvcSleutel Verwijderd : HKLM\Software\hdcodeSleutel Verwijderd : HKLM\Software\Myfree CodecSleutel Verwijderd : HKLM\Software\portaldositesSoftwareSleutel Verwijderd : HKLM\Software\V9Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Description ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 Instelling Hersteld : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] -\\ Mozilla Firefox v29.0.1 (nl) [ Bestand : C:\Users\ekock\AppData\Roaming\Mozilla\Firefox\Profiles\81niafhp.default-1379351311305\prefs.js ] -\\ Google Chrome v36.0.1985.125 [ Bestand : C:\Users\ekock\AppData\Local\Google\Chrome\User Data\Default\preferences ] Verwijderd [search Provider] : hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF ************************* AdwCleaner[R0].txt - [5582 octets] - [21/07/2014 10:08:41]AdwCleaner[s0].txt - [4383 octets] - [21/07/2014 10:10:32] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4443 octets] ########## Link to post Share on other sites More sharing options...
ekock76 Posted July 21, 2014 Author ID:855635 Share Posted July 21, 2014 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows 7 Home Premium x64Ran by ekock on ma 21-07-2014 at 10:16:30,96~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on ma 21-07-2014 at 10:23:43,51End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
ekock76 Posted July 21, 2014 Author ID:855637 Share Posted July 21, 2014 Results of screen317's Security Check version 0.99.86 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` McAfee Antivirus en antispyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Duplicate Cleaner Pro 3.2.3 Java 7 Update 60 Java version out of Date! Adobe Flash Player 14.0.0.145 Adobe Reader XI Mozilla Firefox 29.0.1 Firefox out of Date! Google Chrome 35.0.1916.153 Google Chrome 36.0.1985.125 ````````Process Check: objlist.exe by Laurent```````` Symantec Norton Online Backup NOBuAgent.exe McAfee Online Backup MOBKbackup.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Psychotic Posted August 5, 2014 ID:862641 Share Posted August 5, 2014 Your system is clean now! Mozilla Firefox out of dateYour Firefox browser is outdated. Please follow these instructions to update it:Get the actual firefox from here. Run setup and follow the instructions on your monitor. Report any problems you have with the update. Java runtime Environment out of dateYour Java runtime environment is outdated. We will fix this. Get the actual JRE from here Save jxpiinstall.exe to your desktop Close all running programs, especially your browser(s) Run jxpiinstall.exe. This will download the newest JRE installer and install the software when finished, go toStart-->control panel-->add/remove programs and remove all older Java versions. (if existing) When finished, reboot your computer.After the reboot Open control panel again and click the java symbol. Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears. Click Delete Files.The Delete Temporary Files dialog box appearsClick OK on Delete Temporary Files window.Click OK again. Uninstall our tools using delfixPlease follow these steps in order: In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed. In any case please download delfix to your desktop. Close all other programms and start delfix. Please check all the boxes and run the tool. delfix will now delete all found traces of our removal process [*] If there is still something left please delete it manualy.Delete System Restore PointsTo ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.Temp File CleanerWe need to download Temp File Cleaner (TFC) by OldTimer: Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2 Save and close all running applications Double-click on TFC.exe to run the program Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup When the scan is complete, if you were not asked to reboot the computer, please do so now More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/ Recommendations: How to protect yourselfSystem UpdatesPlease ensure to have automatic updates activated in your control panel.For further information and a tutorial, see this Microsoft Support article. ProtectionWhat you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.To keep your browser free of advertising, you may install the Adblock Plus browser extension.It will filter unwanted advertising out of the website´s content. To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.In addition, before accessing a dangerous classified web site, a warning screen is displayed. [*]Up to date SoftwareKeep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:Secunia Personal Software Inspector - checks if your software has updates available. SecurityCheck (by screen317) - scans your computer for most vulnerable outdated software. Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins running in your Firefox browser. [*]BackupHardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]BehaviourThe commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware. Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything. When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system. Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Link to post Share on other sites More sharing options...
ekock76 Posted August 8, 2014 Author ID:864005 Share Posted August 8, 2014 Im on holiday now.Will do al the last steps next week when i am back. and will let you know if I can run malwarebytes. thnx so far. Link to post Share on other sites More sharing options...
Psychotic Posted August 8, 2014 ID:864068 Share Posted August 8, 2014 ok Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 22, 2014 Root Admin ID:869804 Share Posted August 22, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts