# AdwCleaner v6.043 - Logbestand aangemaakt 14/02/2017 op 19:51:07 # Bijgewerkt op 27/01/2017 door Malwarebytes # Database : 2017-02-13.1 [Server] # Besturingssysteem : Windows 10 Home (X64) # Gebruikersnaam : Gebruiker - TOSHIBA # Gestart vanuit : C:\Users\Gebruiker\Desktop\adwcleaner_6.043.exe # Mode: Scannen # Ondersteuning : https://www.malwarebytes.com/support ***** [ Services ] ***** Geen kwaadaardige services gevonden. ***** [ Mappen ] ***** Map gevonden: C:\Users\Gebruiker\AppData\Roaming\eCyber Map gevonden: C:\Users\Gebruiker\AppData\Roaming\Elex-tech Map gevonden: C:\Users\Gebruiker\AppData\Roaming\MailUpdate Map gevonden: C:\ProgramData\MailUpdate Map gevonden: C:\ProgramData\Application Data\MailUpdate Map gevonden: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uncheckit Map gevonden: C:\WINDOWS\SysWoW64\upddf ***** [ Bestanden ] ***** Bestand gevonden: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log Bestand gevonden: C:\ProgramData\Microsoft\Windows\Start Menu\YAC.lnk ***** [ DLL ] ***** Geen kwaadaardige DLLs gevonden. ***** [ WMI ] ***** Geen kwaadaardige sleutels gevonden. ***** [ Snelkoppelingen ] ***** Geen geïnfecteerde snelkoppeling gevonden. ***** [ Geplande Taken ] ***** Geen kwaadaardige taak gevonden. ***** [ Register ] ***** Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.001 Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.7z Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.arj Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.bz2 Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.bzip2 Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.cab Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.cpio Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.deb Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.dmg Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.fat Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.gz Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.gzip Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.hfs Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.iso Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.lha Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.lzh Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.lzma Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.ntfs Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.rar Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.rpm Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.squashfs Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.swm Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.tar Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.taz Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.tbz Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.tbz2 Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.tgz Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.tpz Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.txz Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.vhd Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.wim Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.xar Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.xz Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.z Sleutel gevonden: HKLM\SOFTWARE\Classes\WinZippers.zip Sleutel gevonden: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc Sleutel gevonden: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc Sleutel gevonden: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Wpm Sleutel gevonden: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Wpm Sleutel gevonden: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WsysSvc Sleutel gevonden: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WsysSvc Sleutel gevonden: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\PicexaService Sleutel gevonden: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\PicexaService Sleutel gevonden: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\mailUpdate Sleutel gevonden: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\mailUpdate Sleutel gevonden: HKU\S-1-5-21-508932142-994307121-1577570936-1001\Software\Classes\ghokswaHTM Sleutel gevonden: HKCU\Software\Classes\ghokswaHTM Sleutel gevonden: HKLM\SOFTWARE\Classes\ghokswaHTM Sleutel gevonden: HKLM\SOFTWARE\Classes\qkseeViewer.bmp Sleutel gevonden: HKLM\SOFTWARE\Classes\qkseeViewer.gif Sleutel gevonden: HKLM\SOFTWARE\Classes\qkseeViewer.jpeg Sleutel gevonden: HKLM\SOFTWARE\Classes\qkseeViewer.jpg Sleutel gevonden: HKLM\SOFTWARE\Classes\qkseeViewer.png Sleutel gevonden: HKLM\SOFTWARE\Classes\qkseeViewer.tif Sleutel gevonden: HKLM\SOFTWARE\Classes\speedupmypc Sleutel gevonden: [x64] HKCU\Software\Classes\ghokswaHTM Sleutel gevonden: [x64] HKLM\SOFTWARE\Classes\ghokswaHTM Sleutel gevonden: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.bmp Sleutel gevonden: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.gif Sleutel gevonden: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.jpeg Sleutel gevonden: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.jpg Sleutel gevonden: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.png Sleutel gevonden: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.tif Sleutel gevonden: [x64] HKLM\SOFTWARE\Classes\speedupmypc Sleutel gevonden: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Sleutel gevonden: HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208} Waarde gevonden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] Waarde gevonden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}] Waarde gevonden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{1F91A9A1-01BA-4C81-863D-3BA0751E1419}] Sleutel gevonden: HKU\.DEFAULT\Software\Elex-tech Sleutel gevonden: HKU\S-1-5-21-508932142-994307121-1577570936-1001\Software\DriverFinder Sleutel gevonden: HKU\S-1-5-21-508932142-994307121-1577570936-1001\Software\Mozilla\Extends Sleutel gevonden: HKU\S-1-5-21-508932142-994307121-1577570936-1001\Software\V9 Sleutel gevonden: HKU\S-1-5-18\Software\Elex-tech Sleutel gevonden: HKCU\Software\DriverFinder Sleutel gevonden: HKCU\Software\Mozilla\Extends Sleutel gevonden: HKCU\Software\V9 Sleutel gevonden: HKLM\SOFTWARE\DriverFinder Sleutel gevonden: HKLM\SOFTWARE\Elex-tech Sleutel gevonden: HKLM\SOFTWARE\hdcode Sleutel gevonden: HKLM\SOFTWARE\TSv Sleutel gevonden: HKLM\SOFTWARE\Uniblue Sleutel gevonden: HKLM\SOFTWARE\V9 Sleutel gevonden: HKLM\SOFTWARE\qksee Sleutel gevonden: HKLM\SOFTWARE\WinZiper Sleutel gevonden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qksee Sleutel gevonden: [x64] HKCU\Software\DriverFinder Sleutel gevonden: [x64] HKCU\Software\Mozilla\Extends Sleutel gevonden: [x64] HKCU\Software\V9 Data gevonden: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://v9.com?type=hp&ts=1450258965&from=mych123&uid=toshibaxmq01abd050_33caspuzsxx33caspuzs&z=0434507c309b49529761c07gdzawd Data gevonden: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://v9.com?type=hp&ts=1450258965&from=mych123&uid=toshibaxmq01abd050_33caspuzsxx33caspuzs&z=0434507c309b49529761c07gdzawd Sleutel gevonden: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\bestpriceninja.com Sleutel gevonden: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com Sleutel gevonden: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\land.pckeeper.software Sleutel gevonden: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\onclicktop.com Sleutel gevonden: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pckeeper.software Sleutel gevonden: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.bestpriceninja.com Sleutel gevonden: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com Sleutel gevonden: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com Sleutel gevonden: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovit.be Sleutel gevonden: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com Sleutel gevonden: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\v9.com Sleutel gevonden: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\vacatures.trovit.be Sleutel gevonden: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.onclicktop.com Sleutel gevonden: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\foxi69.tlscdn.com Sleutel gevonden: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tlscdn.com Sleutel gevonden: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\foxi69.tlscdn.com Sleutel gevonden: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tlscdn.com Sleutel gevonden: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\bestpriceninja.com Sleutel gevonden: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com Sleutel gevonden: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\land.pckeeper.software Sleutel gevonden: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\onclicktop.com Sleutel gevonden: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pckeeper.software Sleutel gevonden: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.bestpriceninja.com Sleutel gevonden: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com Sleutel gevonden: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com Sleutel gevonden: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovit.be Sleutel gevonden: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com Sleutel gevonden: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\v9.com Sleutel gevonden: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\vacatures.trovit.be Sleutel gevonden: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.onclicktop.com Sleutel gevonden: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\foxi69.tlscdn.c Sleutel gevonden: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tlscdn.com Sleutel gevonden: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\foxi69.tlscdn.com Sleutel gevonden: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tlscdn.com Waarde gevonden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [mobilegeni daemon] Waarde gevonden: HKU\S-1-5-21-508932142-994307121-1577570936-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [DriverFinder] ***** [ Internetbrowsers ] ***** Geen kwaadaardige op Firefox gebaseerde browser items gevonden. Chromium pref gevonden: [C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences] - hxxp://yoursites123.com/wefavicon.ico ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [12451 bytes] - [14/02/2017 19:51:07] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12525 bytes] ##########