[code] HitmanPro 3.7.9.234 www.hitmanpro.com Computer name . . . . : 1980PC Windows . . . . . . . : 6.1.1.7601.X64/2 User name . . . . . . : 1980PC\Katrien & Joachim UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2015-01-28 20:28:59 Scan mode . . . . . . : Normal Scan duration . . . . : 5m 29s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 47 Objects scanned . . . : 1.904.998 Files scanned . . . . : 61.305 Remnants scanned . . : 506.571 files / 1.337.122 keys Miniport ____________________________________________________________________ Primary DriverObject . . . : FFFFFA80046AEA40 DriverName . . . . : \Driver\atapi DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys StartIo . . . . . : 0000000000000000 +0 IRP_MJ_SCSI . . . : FFFFFA80045CB2C0 +0 Solution DriverObject . . . : FFFFFA80046AEA40 DriverName . . . . : \Driver\atapi DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys StartIo . . . . . : 0000000000000000 +0 IRP_MJ_SCSI . . . : FFFFF88000D944D8 \SystemRoot\system32\drivers\ataport.SYS+29912 Malware _____________________________________________________________________ C:\Users\Katrien & Joachim\Downloads\SoftonicDownloader_voor_avg-antivirus-free-2015.exe -> Quarantined Size . . . . . . . : 373.104 bytes Age . . . . . . . : 30.0 days (2014-12-29 19:58:15) Entropy . . . . . : 8.0 SHA-256 . . . . . : 3C4FA29792C1F5733001842A7EC6407D65F08AD313C19099E9EC89413217215A Product . . . . . : Application Installer Publisher Description . . . : Application Installer Version . . . . . : 1.41.10.6 RSA Key Size . . . : 2048 LanguageID . . . . : 3082 Authenticode . . . : Valid > Kaspersky . . . . : not-a-virus:Downloader.Win32.Agent.bxib Fuzzy . . . . . . : 104.0 Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Classes\IGIFAnimator.IGIFAnimatorCtrl.1\ (iMesh) -> Deleted HKLM\SOFTWARE\Classes\IGIFAnimator.IGIFAnimatorCtrl\ (iMesh) -> Deleted HKLM\SOFTWARE\Classes\IMWeb.IMWebControl.1\ (iMesh) -> Deleted HKLM\SOFTWARE\Classes\Interface\{596BB86E-F1E5-A1DE-3363-41AB634E77EF}\ (iMesh) -> Deleted HKLM\SOFTWARE\Classes\Interface\{A3492A3A-6715-9371-F8DB-1C48CC4DAAA1}\ (iMesh) -> Deleted HKLM\SOFTWARE\Classes\WMHelperiMesh.WMHelper.1\ (iMesh) -> Deleted HKLM\SOFTWARE\Classes\WMHelperiMesh.WMHelper\ (iMesh) -> Deleted HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{596BB86E-F1E5-A1DE-3363-41AB634E77EF}\ (iMesh) -> Deleted HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A3492A3A-6715-9371-F8DB-1C48CC4DAAA1}\ (iMesh) -> Deleted HKU\S-1-5-21-748706070-3823825615-209406529-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{9D717F81-9148-4F12-8568-69135F087DB0} (SearchQU) -> Deleted Repairs _____________________________________________________________________ hosts C:\Windows\system32\drivers\etc\ Cookies _____________________________________________________________________ C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:ad.360yield.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:ad.mlnadvertising.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:ad.zanox.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:ads.creative-serving.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:ads.pebblemedia.adhese.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:ads.pubmatic.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:ads.stickyadstv.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:ads.thinkmedia.adhese.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:adtech.de C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:adtechus.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:advertising.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:at.atwola.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:bs.serving-sys.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:burstnet.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:casalemedia.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:cstatic.weborama.fr C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:doubleclick.net C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:engine.pgmediaserve.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:fastclick.net C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:in.getclicky.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:media6degrees.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:mediaplex.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:microsoftsto.112.2o7.net C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:revsci.net C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:ru4.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:server.cpmstar.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:serving-sys.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:smartadserver.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:stat.onestat.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:stepstone.112.2o7.net C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:track.adform.net C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:tribalfusion.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:weborama.fr C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:www.burstnet.com C:\Users\Katrien & Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\hcqh7r3d.default\cookies.sqlite:xiti.com [/code]