• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

Virus ?

Status
Niet open voor verdere reacties.

eik518

Nieuw lid
Lid geworden
1 jul 2017
Berichten
12
Waarderingsscore
0
Toevallig ontdekte ik bij mijn "Documents" een folder die mij niet bekend voorkwam. Toen ik er op klikte kreeg ik de volgende boodschap :
"Adding information can unintentionally change or delete values and cause components to stop working correctly. If you do not trust the source of this information in myFile.reg, do not add it to the registry. Are you sure you want to continue?"

Daarna volgde "yes" en "no". Omdat ik nieuwsgierig was klikte ik op "yes" waarna ik nog steeds niet wist om wat voor folder het gaat.
Is dit een virus. ? Zo ja, hoe kom ik er van af ?
 
Voor mij is het duidelijk dat jij dus nog niet wat een regfile is.
Je hebt dus iets volkomen onbekends in het Windows register gezet.

Gebruik systeemherstel om terug te gaan naar een eerdere datum om de eventuele gevolgen van dat toevoegen aan het register ongedaan te maken.

Laat weten of het gelukt is.
 
Ik heb systeemherstel gedaan. Er stond 1 datum op en die heb ik aangeklikt. Er werd vermeld dat 3 programma's verwijderd zouden worden (Google, Opera en Skype).
Daarna kreeg ik het bericht dat het Systeemherstel succesvol was verlopen en dat de documenten niet waren aangetast. Wel zag ik dat Skype nog steeds geinstalleerd was. Ook de vreemde folder die ik aangeklikt had staat nog steeds in mijn Documenten. Maar als ik nu rechts-klik kan ik deze folder verwijderen of eventueel scannen. Voor het systeemherstel gaf deze folder bij rechts-klikken de boodschap in het Engels die ik in het eerste bericht vermeld heb en nu dus niet meer.
1) Is het goed om bij systeemherstel aan te klikken op de enigste datum die vermeld staat ?
2) Is de folder nu uit het register verwijderd ?
3) Kan ik er achter komen om welke folder het gaat, het is een folder met cijfers die mij verder niets zeggen.
4) Valt er iets te zeggen over hoe deze folder in mijn Documenten terecht is gekomen ?
 
Ik heb geen idee hoe die folder in jouw Windows terecht is gekomen.
Ben jij de enigste gebruiker van deze PC?


Download
52063a40e2e64-Farbar_Recovery_Scan_Tool_canned.png
Farbar Recovery Scan Tool 32 of 64 bit van één van de onderstaande links
Farbar Recovery Scan Tool 32 bit (x86)
Farbar Recovery Scan Tool 64 bit (x64)
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
Opmerkingen
: Alle openstaande programma's en webpagina's dienen afgesloten te zijn.

Antivirusprogramma en actieve malwarescanners dienen al voor je FRST.exe start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

FRST opstarten:
  • Windows 2000 en Windows XP: dubbelklik op FRST.exe.
  • Windows Vista, Windows 7, Windows 8/8.1 en Windows 10: via rechtsklik op FRST.exe of FRST64.exe en kies voor "Als Administrator uitvoeren".

FRST start op:
  • Wanneer het programma is geopend klik dan op de knop Yes bij de disclaimer.
  • Druk vervolgens op de Scan knop.
  • Aansluitend zal een logbestand - FRST.txt en Addition-txt aangemaakt worden en op het bureaublad opgeslagen worden.
  • Post de inhoud van beide logbestanden in jouw volgende bericht.
.

In geval de inhoud van een van de logs of van beide logs te groot is om te posten, kijk dan hier: Hoe een bijlage toevoegen?
 
Ja, ik ben de enigste gebruiker.
Hieronder de 2 logbestanden :

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2017
Ran by Mr. ERIK (administrator) on ACER (02-07-2017 12:03:54)
Running from C:\Users\Mr. ERIK\Downloads\Programs
Loaded Profiles: Mr. ERIK (Available Profiles: Mr. ERIK)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(OpenVPN Technologies) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\privatetunnel2.7.0.exe
(OpenVPN Technologies) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\privatetunnel2.7.0.exe
(OpenVPN Technologies) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\privatetunnel2.7.0.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\QueryAppBlock.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-07-01] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-16] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PowerDVD13Agent] => C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [513048 2013-03-20] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [255208 2011-11-29] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®)
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3898960 2015-05-03] (Tonec Inc.)
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-16] (Piriform Ltd)
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [1277016 2017-03-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\MountPoints2: {29819bb1-b085-11e6-82bc-346895914fd4} - "E:\AutoRun.exe"
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\MountPoints2: {2e5b6634-ca29-11e5-8267-346895914fd4} - "E:\AutoRun.exe"
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\MountPoints2: {2e5b668e-ca29-11e5-8267-346895914fd4} - "E:\AutoRun.exe"
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\MountPoints2: {8e60fe2e-c87c-11e5-8265-346895914fd4} - "E:\AutoRun.exe"
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-16] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-16] (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{7134C6D0-31BD-448D-94FB-F2F2E8C8B206}: [NameServer] 10.9.0.1
Tcpip\..\Interfaces\{9EEFBD93-D88E-4C2F-9EC8-02A2D51DF6EC}: [NameServer] 172.18.13.1,172.18.11.1,172.18.12.1,8.8.8.8
Tcpip\..\Interfaces\{9EEFBD93-D88E-4C2F-9EC8-02A2D51DF6EC}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/vi-vn/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-02] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-25] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-10] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-02] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-02] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-25] (Oracle Corporation)
BHO: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO64.dll [2015-01-15] (iTools.hk)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-24] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-02] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-10] (AVAST Software)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-02] (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll [2007-02-16] (IDM)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-02] (Microsoft Corporation)
BHO-x32: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO.dll [2015-01-15] (iTools.hk)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-24] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-02] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: rj8s4z3f.default
FF ProfilePath: C:\Users\Mr. ERIK\AppData\Roaming\Mozilla\Firefox\Profiles\rj8s4z3f.default [2017-07-02]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\rj8s4z3f.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\rj8s4z3f.default -> Google
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-01-15] [not signed]
FF HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Mr. ERIK\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Mr. ERIK\AppData\Roaming\IDM\idmmzcc5 [2017-07-02] [not signed]
FF HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Mr. ERIK\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-30] ()
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2015-01-15] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-30] ()
FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2015-01-15] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-02] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-02] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default [2017-07-02]
CHR Extension: (Google Docs) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-28]
CHR Extension: (Google Drive) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-28]
CHR Extension: (YouTube) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-28]
CHR Extension: (Google Search) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-03]
CHR Extension: (Avast SafePrice) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-01]
CHR Extension: (Google Docs Offline) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Avast Online Security) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-07-02]
CHR Extension: (IDM Integration Module) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-07-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-28]
CHR Extension: (Chrome Media Router) - C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
CHR HKU\S-1-5-21-1449482339-140858233-3706602266-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-16] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-16] (AVAST Software)
R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-20] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-20] (CyberLink)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-18] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-18] (Intel Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-31] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 ovpnagent; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe [949480 2016-08-30] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-16] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-16] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-16] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-16] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [83312 2016-09-16] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-16] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-16] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-16] (AVAST Software)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-18] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-18] (Intel Corporation)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [256000 2016-02-03] (MBB Technologies Co., Ltd.)
S3 ew_mbbusbdev; C:\Windows\system32\DRIVERS\ew_mbbusbdev.sys [115584 2016-02-03] (MBB Technologies Co., Ltd.)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-12] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-12] (Intel Corporation)
S3 mbbdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [121600 2016-02-03] (MBB Technologies Co., Ltd.)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-12-11] (Intel Corporation)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\neo_vpn.sys [30504 2016-07-15] (PureVPN)
R3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project)
S3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2014-09-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-20] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-02 12:00 - 2017-07-02 12:03 - 00000000 ____D C:\FRST
2017-07-01 19:05 - 2017-07-01 19:05 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-01 18:25 - 2017-05-16 15:29 - 00400456 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-01 13:17 - 2017-07-01 13:17 - 09543873 _____ C:\Users\Mr. ERIK\Downloads\archive.zip
2017-06-25 10:22 - 2017-07-01 16:12 - 00000000 ____D C:\Users\Mr. ERIK\Downloads\Skype Viet

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-02 12:04 - 2016-11-05 13:29 - 00000000 ____D C:\Users\Mr. ERIK\AppData\Local\PrivateTunnel
2017-07-02 12:00 - 2015-01-15 14:58 - 00000000 ____D C:\Users\Mr. ERIK\AppData\Roaming\IDM
2017-07-02 12:00 - 2015-01-15 14:16 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1449482339-140858233-3706602266-1003
2017-07-02 11:54 - 2015-01-15 14:48 - 00002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-02 11:54 - 2015-01-15 14:48 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-02 11:45 - 2013-08-22 22:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-02 11:45 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\AppReadiness
2017-07-02 11:38 - 2016-01-28 15:24 - 00000000 ____D C:\Program Files (x86)\Opera
2017-07-02 11:36 - 2015-01-15 15:29 - 00000000 ____D C:\Users\Mr. ERIK\Documents\Youcam
2017-07-02 11:35 - 2015-01-15 15:16 - 00003270 _____ C:\Windows\System32\Tasks\iToolsDaemon
2017-07-02 11:35 - 2015-01-15 15:16 - 00000334 _____ C:\Windows\Tasks\iToolsDaemon.job
2017-07-01 19:28 - 2015-01-15 14:58 - 00000000 ____D C:\Users\Mr. ERIK\AppData\Roaming\DMCache
2017-07-01 19:24 - 2016-06-10 19:40 - 00003884 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1465562444
2017-07-01 19:24 - 2016-06-10 19:40 - 00001070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-07-01 19:04 - 2013-08-22 21:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-01 18:55 - 2013-08-22 20:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-07-01 18:54 - 2017-03-29 12:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-07-01 18:53 - 2015-01-15 15:04 - 00000000 ____D C:\Users\Mr. ERIK\AppData\Roaming\Skype
2017-07-01 18:51 - 2013-08-22 20:36 - 00000000 ____D C:\Windows\Inf
2017-07-01 18:36 - 2015-01-15 14:25 - 00000000 ____D C:\Users\Mr. ERIK\AppData\Local\Microsoft Help
2017-07-01 18:28 - 2016-01-29 14:21 - 00001949 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-07-01 18:26 - 2017-02-09 11:47 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-01 18:20 - 2015-01-15 14:11 - 00000000 ____D C:\Users\Mr. ERIK
2017-07-01 18:19 - 2016-01-29 14:20 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-07-01 18:19 - 2015-01-15 16:42 - 00000000 ____D C:\ProgramData\Atheros
2017-07-01 18:19 - 2015-01-15 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-07-01 18:19 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\rescache
2017-07-01 18:19 - 2013-08-22 20:36 - 00000000 ____D C:\Windows\system32\Sysprep
2017-07-01 18:08 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\WinStore
2017-07-01 18:08 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\registration
2017-07-01 18:07 - 2015-01-15 15:21 - 00000000 ____D C:\Users\Mr. ERIK\AppData\Local\Mozilla
2017-07-01 18:07 - 2015-01-15 15:04 - 00000000 ____D C:\ProgramData\Skype
2017-07-01 18:07 - 2015-01-15 14:11 - 00000000 ____D C:\Users\Mr. ERIK\AppData\Local\Packages
2017-07-01 18:07 - 2013-08-22 22:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-07-01 18:07 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\FileManager
2017-07-01 18:07 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\Camera
2017-07-01 18:05 - 2015-01-15 14:25 - 00000000 ____D C:\Program Files\Microsoft Office
2017-06-30 11:09 - 2016-02-08 09:56 - 00000000 ____D C:\Users\Mr. ERIK\AppData\Local\CrashDumps
2017-06-07 10:40 - 2016-01-31 12:00 - 00009920 _____ C:\Users\Mr. ERIK\Documents\reislist b.xlsx
2017-06-04 12:15 - 2014-11-21 13:54 - 00000000 ____D C:\Windows\SysWOW64\WCN
2017-06-04 12:15 - 2014-11-21 13:54 - 00000000 ____D C:\Windows\system32\WCN
2017-06-04 09:08 - 2016-01-28 15:27 - 00003838 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1453969637
2017-06-04 09:08 - 2016-01-28 15:27 - 00001074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

==================== Files in the root of some directories =======

2017-02-11 10:01 - 2016-11-23 20:37 - 0000570 _____ () C:\Users\Mr. ERIK\AppData\Local\TroubleshooterConfig.json
2015-01-15 15:56 - 2015-01-15 15:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-11 09:32

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Mr. ERIK (02-07-2017 12:06:19)
Running from C:\Users\Mr. ERIK\Downloads\Programs
Windows 8.1 Pro (Update) (X64) (2015-01-15 07:10:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1449482339-140858233-3706602266-500 - Administrator - Disabled)
Guest (S-1-5-21-1449482339-140858233-3706602266-501 - Limited - Disabled)
Mr. ERIK (S-1-5-21-1449482339-140858233-3706602266-1003 - Administrator - Enabled) => C:\Users\Mr. ERIK

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
ANT Dictionary 2011 PE (HKLM-x32\...\{4F303BB1-5B9B-47E5-8812-D5FE64D1C3D4}) (Version: 1.0.1 - ANT Magazine)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
BitTorrent (HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\BitTorrent) (Version: 7.9.9.43389 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cambridge Advanced Learner's Dictionary - 3rd Edition (HKLM-x32\...\NSIS_cald3) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
CyberLink PowerDVD 13 (HKLM-x32\...\InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}) (Version: 13.0.2720.57 - CyberLink Corp.)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1129 - CyberLink Corp.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.12.5268 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2208 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTools 3 (HKLM-x32\...\ThinkSky) (Version: - Shenzhen Thinksky Technology Co., Ltd.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Khmer - NiDA Standard 1.0 (HKLM\...\{17CD3E4A-7328-44E5-A59F-5EBB8AD80FA6}) (Version: 1.0.3.40 - NiDA)
Khmer Dictionary 1.0 (HKLM-x32\...\{687FC5A5-8BAD-4601-B255-15B4D26A4997}) (Version: 1.0.0 - Buddhist Institute)
Khmer Unicode 2.0.1 (HKLM-x32\...\Khmer Unicode_is1) (Version: - )
Metfone 3G (HKLM-x32\...\Metfone 3G) (Version: 21.005.15.02.592 - Huawei Technologies Co.,Ltd)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
New Khmer Dictionary (HKLM-x32\...\New Khmer Dictionary) (Version: - )
Opera Stable 45.0.2552.888 (HKLM-x32\...\Opera 45.0.2552.888) (Version: 45.0.2552.888 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Oxford Advanced Learner's Dictionary - 8th Edition (HKLM-x32\...\NSIS_oald8) (Version: - )
PrivateTunnel (HKLM-x32\...\PrivateTunnel) (Version: 2.7.0.10 - OpenVPN Technologies)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
QUICKfind server v1.1 (HKLM-x32\...\QUICKfind) (Version: - IDM)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7283 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.607 (HKLM-x32\...\SafeZone 3.55.2393.607) (Version: 3.55.2393.607 - Avast Software) Hidden
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1449482339-140858233-3706602266-1003_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1DCDF100-90A7-4305-9436-0209094E327F} - \Optimize Start Menu Cache Files-S-1-5-21-1449482339-140858233-3706602266-1001 -> No File <==== ATTENTION
Task: {328D0866-417C-4E1A-8D24-FD2E57FD986C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-16] (AVAST Software)
Task: {4D92506D-CCB7-4B2F-AB6B-0F1914A027D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-30] (Adobe Systems Incorporated)
Task: {5A359349-2466-40AB-AB7C-445B182480D1} - \WPD\SqmUpload_S-1-5-21-1449482339-140858233-3706602266-1001 -> No File <==== ATTENTION
Task: {625771E4-7E57-4048-BFE7-D7CA2FD6044F} - System32\Tasks\iToolsDaemon => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe [2015-01-15] ()
Task: {89088A7D-1EE3-442B-A223-694E3CFA0A9B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.)
Task: {8EBC9648-AC2C-45AF-9A2C-1F4901B33E49} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-16] (Piriform Ltd)
Task: {95BFA6DA-B0AF-4AD7-ADD9-359582496A17} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-02] (Microsoft Corporation)
Task: {AA6B8853-E976-442A-914C-6AF2D887B3CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.)
Task: {D509C9B4-F0E3-484F-852E-0B482D0A4E69} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation)
Task: {D5663965-F9BA-4D71-A1CF-6B3787379714} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation)
Task: {D98BA23A-7DA4-48AA-B0A1-DEBD53C763F3} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-20] (AVAST Software)
Task: {DF435A0C-445C-484A-B080-6627089B2188} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-14] (Adobe Systems Incorporated)
Task: {F5EF0043-1354-4B9A-9380-EF5DB82EEA3D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {F8E1F50A-441B-4CFD-B83B-EB512BC6DDAD} - System32\Tasks\Opera scheduled Autoupdate 1453969637 => C:\Program Files (x86)\Opera\launcher.exe [2017-05-31] (Opera Software)
Task: {F9A09D9B-31A4-42BD-AEE4-538CDD12D90D} - System32\Tasks\SafeZone scheduled Autoupdate 1465562444 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\iToolsDaemon.job => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2010-11-16 20:38 - 2010-11-16 20:38 - 00339456 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2016-08-30 00:31 - 2016-08-30 00:31 - 00949480 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
2015-01-15 15:16 - 2015-01-15 15:16 - 00465784 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
2012-10-02 11:36 - 2012-10-02 11:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-26 13:14 - 2014-02-26 13:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-26 13:11 - 2014-02-26 13:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-26 13:17 - 2014-02-26 13:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-01-15 15:16 - 2015-01-15 15:16 - 00546168 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MiscCore.dll
2015-01-15 15:16 - 2015-01-15 15:16 - 00267128 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\TSLib.dll
2015-01-15 15:16 - 2015-01-15 15:16 - 00534392 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\UICore.dll
2015-01-15 15:16 - 2015-01-15 15:16 - 00548728 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Sqlite.dll
2015-01-15 15:16 - 2015-01-15 15:16 - 00103288 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\ZLib.dll
2017-05-16 15:28 - 2017-05-16 15:28 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-16 15:28 - 2017-05-16 15:28 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-16 15:28 - 2017-05-16 15:29 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-16 15:28 - 2017-05-16 15:28 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-16 15:28 - 2017-05-16 15:28 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-16 15:28 - 2017-05-16 15:28 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-16 15:28 - 2017-05-16 15:28 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-06-15 13:02 - 2016-06-15 13:02 - 38713856 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\libcef.dll
2016-06-15 13:02 - 2016-06-15 13:02 - 00880128 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\libglesv2.dll
2016-06-15 13:02 - 2016-06-15 13:02 - 00102400 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 20:25 - 2017-01-28 14:59 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1449482339-140858233-3706602266-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.9.0.1 - 172.18.13.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5EC8A163-226A-477A-97EC-DDCAA1CBF0C8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{BEAA0952-DCCA-407E-AC7F-95BCE2257A5D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{785A132B-BB62-4B73-8BFA-E63A902FE1C1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D5DBC1BE-D96F-467B-8955-D12D37E5DB45}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A48393B4-9D49-4B17-9B22-D8D2630150C6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13.exe
FirewallRules: [{B4E26FAE-946E-4BD6-A7A3-28F74A2C091E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
FirewallRules: [{D8F5469F-AFBC-4081-9066-4ADC06D33D99}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe
FirewallRules: [{3E86BE6A-1912-4822-A8B3-3F4E510DE11E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13ML.exe
FirewallRules: [{E753ECAD-8AC0-4155-8246-DF1DB3AD5489}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\Movie\PowerDVD.exe
FirewallRules: [{D6DFFE4C-34A2-4744-A89D-F585FC3E7C60}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\Movie\PowerDVD Cinema\PowerDVDCinema13.exe
FirewallRules: [{CA31BC63-7C85-46AD-925C-17A7C4535425}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3C779D1E-23F8-4EA1-8A76-793AD83CB8FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E83E378E-F4F7-49BF-BC5F-2275C62F8A3A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B5540329-0872-4A51-905F-0E8542255FA6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{758D39DC-1F98-4BEC-A247-6416E6E3E931}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7F8D8371-9FCA-4F3B-B33B-CE17D35B23AD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{358F5387-21F2-4073-B801-09D8AE7EA8C8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{8699FC5C-68A6-419E-844F-5D78DF834B2A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{78AE58E7-C1CE-40D5-88F7-7520CB42F245}] => (Allow) C:\Users\Mr. ERIK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3C04A7A1-C459-4FCA-A565-1BCD836447C6}] => (Allow) C:\Users\Mr. ERIK\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C27242E9-F14C-493F-A68F-9A66538DABA9}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.881\opera.exe
FirewallRules: [{4C24D03C-8434-4952-A611-CAA206FB4DEA}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
FirewallRules: [{442A3773-6599-4120-BD46-425645352267}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{BA085FD4-5C0D-414E-88C4-B5DC2300A692}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607_0\SZBrowser.exe
FirewallRules: [{89C24CD7-557E-4137-B50E-EE8BCB9ED92D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

04-06-2017 12:10:56 Windows Update
01-07-2017 17:58:12 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2017 11:55:15 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/02/2017 11:39:36 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/02/2017 11:39:30 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/02/2017 11:35:37 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (07/02/2017 11:35:33 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/01/2017 07:06:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/01/2017 07:06:48 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/01/2017 07:06:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mDNSResponder.exe, version: 3.0.0.10, time stamp: 0x4e5dcc07
Faulting module name: mDNSResponder.exe, version: 3.0.0.10, time stamp: 0x4e5dcc07
Exception code: 0xc0000409
Fault offset: 0x000000000004395b
Faulting process id: 0x7b8
Faulting application start time: 0x01d2f2622c42ce04
Faulting application path: C:\Program Files\Bonjour\mDNSResponder.exe
Faulting module path: C:\Program Files\Bonjour\mDNSResponder.exe
Report Id: b60fc2f4-5e55-11e7-82e4-346895914fd4
Faulting package full name:
Faulting package-relative application ID:

Error: (07/01/2017 07:05:25 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/01/2017 07:05:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


System errors:
=============
Error: (07/01/2017 07:28:08 PM) (Source: DCOM) (EventID: 10010) (User: acer)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.

Error: (07/01/2017 07:28:08 PM) (Source: DCOM) (EventID: 10010) (User: acer)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.

Error: (07/01/2017 07:06:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/01/2017 07:03:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/01/2017 06:56:00 PM) (Source: DCOM) (EventID: 10016) (User: acer)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user acer\Mr. ERIK SID (S-1-5-21-1449482339-140858233-3706602266-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/01/2017 06:56:00 PM) (Source: DCOM) (EventID: 10016) (User: acer)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user acer\Mr. ERIK SID (S-1-5-21-1449482339-140858233-3706602266-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/01/2017 06:56:00 PM) (Source: DCOM) (EventID: 10016) (User: acer)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user acer\Mr. ERIK SID (S-1-5-21-1449482339-140858233-3706602266-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/01/2017 06:56:00 PM) (Source: DCOM) (EventID: 10016) (User: acer)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user acer\Mr. ERIK SID (S-1-5-21-1449482339-140858233-3706602266-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/01/2017 06:55:59 PM) (Source: DCOM) (EventID: 10016) (User: acer)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user acer\Mr. ERIK SID (S-1-5-21-1449482339-140858233-3706602266-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/01/2017 06:53:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2016-01-29 14:02:47.641
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-29 14:02:47.023
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-29 14:02:45.648
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-29 14:02:45.021
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-29 14:02:44.084
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-29 14:02:43.491
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-29 14:02:42.626
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-29 14:02:41.939
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-29 14:02:41.328
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-29 14:02:40.545
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
Percentage of memory in use: 59%
Total physical RAM: 1929.7 MB
Available physical RAM: 788.01 MB
Total Virtual: 2825.7 MB
Available Virtual: 1418.11 MB

==================== Drives ================================

Drive c: (WINDOWS 8.1) (Fixed) (Total:99.97 GB) (Free:66.64 GB) NTFS
Drive d: (Data) (Fixed) (Total:365.27 GB) (Free:357.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 
Waarschuwing: onderstaande bewerking is enkel voor deze computer bedoeld, het toepassen hiervan in een andere computer kan tot schade in Windows leiden.


We gaan
51a5c8edc4692-icon1337952077.png


Farbar Recovery Scan Tool (FRST.exe) opnieuw gebruiken.

Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\Kladblok (of Notepad)".
Kopieer en plak de tekst in het code-venster in het lege kladblokvenster.

Code:
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\MountPoints2: {2e5b6634-ca29-11e5-8267-346895914fd4} - "E:\AutoRun.exe"
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\MountPoints2: {2e5b668e-ca29-11e5-8267-346895914fd4} - "E:\AutoRun.exe"
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\MountPoints2: {8e60fe2e-c87c-11e5-8265-346895914fd4} - "E:\AutoRun.exe"
Task: {1DCDF100-90A7-4305-9436-0209094E327F} - \Optimize Start Menu Cache Files-S-1-5-21-1449482339-140858233-3706602266-1001 -> No File
Task: {5A359349-2466-40AB-AB7C-445B182480D1} - \WPD\SqmUpload_S-1-5-21-1449482339-140858233-3706602266-1001 -> No File
Task: {8EBC9648-AC2C-45AF-9A2C-1F4901B33E49} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe

cmd: ipconfig /flushdns
cmd: netsh winsock reset
end

Sla nu dit kladblokbestand in de dezelfde locatie waar ook FRST.exe aanwezig is op als Fixlist.txt

Farbar Recovery Scan Tool (FRST.exe) met de fixlist.txt gebruiken
  • Windows Vista, Windows 7, Windows 8 en Windows 10: via rechtsklik op FRST.exe en kies voor "Als Administrator uitvoeren".
  • Als het programma wordt gestart, klik dan op Ja in de popup.
  • Druk op de Fix knop.
  • Na de fix wordt een logbestand - Fixlog.txt - in dezelfde locatie aangemaakt van waaruit FRST.exe is gestart.
  • Post de inhoud van dit logbestand in jouw volgende bericht.
 
Ik heb de fixlist.txt opgeslagen op dezelfde lokatie als FRST64 onder "Programma's".
Kan ik direkt hierna de FRST64 als administrator uitvoeren en op de Fix knop drukken ?
 
Indien de Fixlist in deze map staat Mr. ERIK\Downloads\Programs, dan kan je inderdaad datgene doen wat jij denkt kunnen te doen.
 
Hier is het resultaat :


Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Mr. ERIK (02-07-2017 18:01:41) Run:1
Running from C:\Users\Mr. ERIK\Downloads\Programs
Loaded Profiles: Mr. ERIK (Available Profiles: Mr. ERIK)
Boot Mode: Normal
==============================================

fixlist content:
*****************

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\MountPoints2: {2e5b6634-ca29-11e5-8267-346895914fd4} - "E:\AutoRun.exe"
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\MountPoints2: {2e5b668e-ca29-11e5-8267-346895914fd4} - "E:\AutoRun.exe"
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\...\MountPoints2: {8e60fe2e-c87c-11e5-8265-346895914fd4} - "E:\AutoRun.exe"
Task: {1DCDF100-90A7-4305-9436-0209094E327F} - \Optimize Start Menu Cache Files-S-1-5-21-1449482339-140858233-3706602266-1001 -> No File
Task: {5A359349-2466-40AB-AB7C-445B182480D1} - \WPD\SqmUpload_S-1-5-21-1449482339-140858233-3706602266-1001 -> No File
Task: {8EBC9648-AC2C-45AF-9A2C-1F4901B33E49} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe

cmd: ipconfig /flushdns
cmd: netsh winsock reset
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e5b6634-ca29-11e5-8267-346895914fd4} => key removed successfully
HKLM\Software\Classes\CLSID\{2e5b6634-ca29-11e5-8267-346895914fd4} => key not found.
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e5b668e-ca29-11e5-8267-346895914fd4} => key removed successfully
HKLM\Software\Classes\CLSID\{2e5b668e-ca29-11e5-8267-346895914fd4} => key not found.
HKU\S-1-5-21-1449482339-140858233-3706602266-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e60fe2e-c87c-11e5-8265-346895914fd4} => key removed successfully
HKLM\Software\Classes\CLSID\{8e60fe2e-c87c-11e5-8265-346895914fd4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DCDF100-90A7-4305-9436-0209094E327F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DCDF100-90A7-4305-9436-0209094E327F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-1449482339-140858233-3706602266-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A359349-2466-40AB-AB7C-445B182480D1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A359349-2466-40AB-AB7C-445B182480D1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1449482339-140858233-3706602266-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8EBC9648-AC2C-45AF-9A2C-1F4901B33E49} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EBC9648-AC2C-45AF-9A2C-1F4901B33E49} => key removed successfully
C:\Windows\System32\Tasks\CCleanerSkipUAC => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24643799 B
Java, Flash, Steam htmlcache => 726 B
Windows/system/drivers => 568339610 B
Edge => 0 B
Chrome => 40940831 B
Firefox => 34269850 B
Opera => 10320608 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 3162 B
NetworkService => 0 B
Mr. ERIK => 57798248 B

RecycleBin => 23072 B
EmptyTemp: => 710.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:03:45 ====
 
Download
51a46ae42d560-malwarebytes_anti_malware.png
MalwareBytes Anti-Malware.

  • Windows 2000 en Windows XP: dubbelklik op mbam-setup.exe.
  • Windows Vista, Windows 7, Windows 8: en Windows 10: via rechtsklik op mbam-setup.exe en kies voor "Als Administrator uitvoeren".
  • Klik in het menu van Malwarebytes ANTI-MALWARE op Instellingen" en daar op "Detectie en Bescherming" en zet vervolgens een vinkje bij "Scan naar rootkits".
  • Klik vervolgens op de knop Scan nu om een bedreigingsscan uit te voeren.
  • Er zal nu gecontroleerd worden op beschikbare updates, klik hier op "Nu bijwerken als er beschikbare updates zijn.
  • De scan wordt nu automatisch gestart,wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijgt u hier een overzicht van.

  • Wanneer er geen bedreigingen zijn gedetecteerd klikt u na de scan op Bekijk gedetailleerd logboek.
  • Klik vervolgens op de knop Exporteer en kies de optie "Tekstbestand (*.txt)".
  • Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog.
  • Kies bijvoorbeeld het bureaublad als opslaglocatie en klik vervolgens op de knop Opslaan.

  • Wanneer er wel bedreigingen zijn gedetecteerd klikt u na de scan op Acties toepassen.
  • Bij de melding om de computer opnieuw op te starten klikt u op Ja / Yes.
  • Open na de herstart MalwareBytes Anti-Malware en klik bovenaan op Historie en selecteer Programmalogboeken.
  • Klik op de nieuwste Scan Log.
  • Klik op "Exporteer" en kies de optie "Tekstbestand (*.txt)".
    5557b93ba94ab-Malwarebytes_Exporteer_ScanLog.png
  • Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog.
  • Kies bijvoorbeeld het bureaublad als opslaglocatie en klik vervolgens op de knop Opslaan.
    532aab157609a-MBAM-Scan.png

MBAM-Log posten:
  • Kopieer nu de inhoud van het zojuist opgeslagen log en plak dit in uw nieuwe antwoord erbij.


Indien jij MBAM meteen als gratis versie wil gebruiken in plaatst van de veertien dagen durende demo met al zijn toeters en bellen te gebruiken, kijk dan hier
 
Hier het resultaat van de MBAM scan :

Malwarebytes
www.malwarebytes.com

-Logboekdetails-
Scandatum: 02-07-17
Scantijd: 18:54
Logbestand: MBAM Scanlog.txt
Beheerder: Ja

-Software-informatie-
Versie: 3.1.2.1733
Versie componenten: 1.0.160
Update pakketversie: 1.0.2276
Licentie: Gratis

-Systeeminformatie-
Besturingssysteem: Windows 8.1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: acer\Mr. ERIK

-Scansamenvatting-
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten gescand: 344158
Dreigingen herkend: 6
Dreigingen in quarantaine: 5
Verstreken tijd: 15 min, 27 sec

-Scanopties-
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Ingeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld

-Scandetails-
Proces: 0
(Geen kwaadaardige items gedetecteerd)

Module: 0
(Geen kwaadaardige items gedetecteerd)

Registersleutel: 4
PUP.Optional.InstallCore, HKU\S-1-5-21-1449482339-140858233-3706602266-1003\SOFTWARE\csastats, In quarantaine, [3], [260986],1.0.2276
PUP.Optional.ProductSetup, HKU\S-1-5-21-1449482339-140858233-3706602266-1003\SOFTWARE\PRODUCTSETUP, In quarantaine, [15060], [242047],1.0.2276
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASAPI32, In quarantaine, [651], [389038],1.0.2276
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASMANCS, In quarantaine, [651], [389038],1.0.2276

Registerwaarde: 1
PUP.Optional.ProductSetup, HKU\S-1-5-21-1449482339-140858233-3706602266-1003\SOFTWARE\PRODUCTSETUP|TB, In quarantaine, [15060], [242047],1.0.2276

Registerdata: 0
(Geen kwaadaardige items gedetecteerd)

Gegevensstroom: 0
(Geen kwaadaardige items gedetecteerd)

Map: 0
(Geen kwaadaardige items gedetecteerd)

Bestand: 1
RiskWare.Tool.HCK, C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\64BIT PATCH BUILD 11.EXE, Verwijdering mislukt, [2271], [67651],1.0.2276

Fysieke sector: 0
(Geen kwaadaardige items gedetecteerd)


(end)
 
Graag de twee logs in één keer posten - gebruik de tools in de volgorde zoals aangegeven.

Stap •1•
Download
51e281a62c183-Junkware_Removal_Tool_icon_Canned_1351185104.png.jpg
Junkware Removal Tool by Thisisu.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
Opmerkingen:
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
  • Het is raadzaam de actieve beveiligingssoftware te de-activeren, zodat mogelijke conflicten met JRT.exe uitgsloten worden.:
  • Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.
  • Dat tijdens de scan van JRT.exe tijdelijk de snelkoppelingen verdwijnen van het bureaublad, is normaal.
Junkware Removal Tool by Thisisu opstarten:
  • Windows 2000 en Windows XP: dubbelklik op JRT.exe.
  • Windows Vista, Windows 7, Windows 8 en Windows 10: via rechtsklik op JRT.exe en kies voor "Als Administrator uitvoeren".
  • JRT.exe zal daarna Windows gaan scannen.
  • Deze scan kan afhankelijk van de systeemspecificaties soms vrij lang duren, wees dus geduldig.
  • Indien de scan voltooid is, zal een logje (JRT.txt) op het bureaublad opgeslagen worden en automatisch openen.
  • Post de inhoud van dit log in je volgende bericht.

Stap •2•
Download
52186926180a1-adwcleaner_nieuw.png
AdwCleaner by Xplode.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
Opmerkingen:
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
AdwCleaner opstarten:
  • Windows 2000 en Windows XP: dubbelklik op adwcleaner.exe.
  • Windows Vista, Windows 7, Windows 8 en Windows 10: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".
AdwCleaner is opgestart:
  • Klik op de knop Scan
  • Is de scan gereed, klik dan op de knop Verwijderen
  • Klik bij AdwCleaner – Afsluiting van de programma's op OK
  • Klik bij AdwCleaner – Herstarten noodzakelijk op OK
AdwCleaner logbestand:
  • Nadat de PC opnieuw is opgestart, opent een logfile.
  • Ingeval het log niet opent, is dit alsnog terug te vinden in C:\AdwCleaner\AdwCleaner[R0, of 1, of 2].txt
  • Post vervolgens de inhoud van dit log in je volgende bericht.
 
Hier de resultaten van Junkware Removal Tool en AdwCleaner :




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8.1 Pro x64
Ran by Mr. ERIK (Administrator) on Sun 07/02/2017 at 20:07:55.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/02/2017 at 20:11:58.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



# AdwCleaner v6.047 - Logfile created 02/07/2017 at 20:20:08
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-29.3 [Server]
# Operating System : Windows 8.1 Pro (X64)
# Username : Mr. ERIK - ACER
# Running from : C:\Users\Mr. ERIK\Downloads\adwcleaner_6.047.exe
# Mode: Clean
# Support : Customer Support & Help Center



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****

[-] [C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Mr. ERIK\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [984 Bytes] - [02/07/2017 20:20:08]
C:\AdwCleaner\AdwCleaner[S0].txt - [1537 Bytes] - [02/07/2017 20:19:04]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1129 Bytes] ##########
 
Sofar so good.

Ondervind jij nog enig probleem of ben je weer tevreden hoe jou Windows nu draait?
 
Alles lijkt goed te draaien.
Nog steeds geen idee hoe die vreemde folder in mijn documenten is terechtgekomen, Die folder kan nu wel verwijderd worden ???
Is er een goede vervanging voor "Internet Download Manager" ?
 
Ik gebruik geen aparte downloadmanager - waarom zou ik met mijn verbinding van 150 mbps daar een voor nodig hebben?
Waarom zoek jij een andere downloadmanager?
 
Ok !
En die vreemde folder, kan ik die verwijderen ?
 
Download
522adc2487fb5-SecurityCheck_cannednieuw.jpg
Security Check
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
SecurityCheck.exe opstarten:
  • Windows 2000 en Windows XP: dubbelklik op SecurityCheck.exe.
  • Windows Vista, Windows 7, Windows 8: en Windows 10: rechtsklik op SecurityCheck.exe en kies "Als Administrator uitvoeren".
  • Let op de instrukties in het zwarte venster.
  • Een Kladblok document genaamd checkup.txt dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
  • Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.
Post de inhoud van checkup.txt in jouw volgende post

Ter info: ik heb nog ca een half uur internet via een hotspot van Deutsche Telekom, naar schatting ben ik vanavond voor 22:00 uur weer online.
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan