# AdwCleaner v6.046 - Logbestand aangemaakt 05/05/2017 op 20:30:23 # Bijgewerkt op 24/04/2017 door Malwarebytes # Database : 2017-05-04.2 [Server] # Besturingssysteem : Windows 10 Home (X64) # Gebruikersnaam : rossi - DESKTOP-D36CRM4 # Gestart vanuit : C:\Users\rossi\Desktop\adwcleaner_6.046.exe # Mode: Scannen # Ondersteuning : https://www.malwarebytes.com/support ***** [ Services ] ***** Service gevonden: iSafeKrnl Service gevonden: iSafeKrnlBoot Service gevonden: iSafeKrnlKit Service gevonden: iSafeKrnlMon Service gevonden: iSafeKrnlR3 Service gevonden: iSafeNetFilter Service gevonden: iSafeService Service gevonden: FirefoxU Service gevonden: WinSAPSvc Service gevonden: isafekrnl Service gevonden: isafekrnlboot Service gevonden: isafekrnlkit Service gevonden: isafekrnlmon Service gevonden: isafekrnlr3 Service gevonden: isafenetfilter Service gevonden: isafeservice Service gevonden: Kitty ***** [ Mappen ] ***** Map gevonden: C:\Users\rossi\AppData\Local\AdvinstAnalytics Map gevonden: C:\Users\rossi\AppData\Roaming\Elex-tech Map gevonden: C:\Users\rossi\AppData\Roaming\WinSAPSvc Map gevonden: C:\Users\rossi\AppData\Roaming\UCChannel Map gevonden: C:\Program Files (x86)\Elex-tech Map gevonden: C:\Program Files (x86)\Firefox Map gevonden: C:\Users\rossi\AppData\Roaming\Firefox Map gevonden: C:\Users\rossi\AppData\Local\Firefox Map gevonden: C:\Users\rossi\AppData\Local\Kitty Map gevonden: C:\Users\rossi\AppData\Roaming\Mozilla\Firefox\Profiles\9zl721p2.default\extensions\arthurj8283@gmail.com Map gevonden: C:\Users\rossi\AppData\Roaming\Mozilla\Firefox\Profiles\9zl721p2.default\extensions\arthurj8283@gmail.com Map gevonden: C:\Users\rossi\AppData\Roaming\Mozilla\Firefox\Profiles\9zl721p2.default\extensions\arthurj8283@gmail.com Map gevonden: C:\Users\rossi\AppData\Roaming\Mozilla\Firefox\Profiles\9zl721p2.default\extensions\arthurj8283@gmail.com ***** [ Bestanden ] ***** Bestand gevonden: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log Bestand gevonden: C:\WINDOWS\SysNative\drivers\iSafeKrnlBoot.sys Bestand gevonden: C:\WINDOWS\SysNative\drivers\iSafeNetFilter.sys Bestand gevonden: C:\Users\Public\Documents\temp.dat Bestand gevonden: C:\Users\Public\Documents\report.dat Bestand gevonden: C:\Users\rossi\AppData\Roaming\uninstall_temp.ico Bestand gevonden: C:\Users\rossi\AppData\Roaming\Mozilla\Firefox\Profiles\9zl721p2.default\searchplugins\luck.xml ***** [ DLL ] ***** Geen kwaadaardige DLLs gevonden. ***** [ WMI ] ***** Geen kwaadaardige sleutels gevonden. ***** [ Snelkoppelingen ] ***** Snelkoppeling geïnfecteerd: C:\Users\rossi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( hxxp://www.ourluckysites.com/?type=sc&ts=1493979368&z=1d7435144fd4cc5672f3e3fg3z6tdc1tdm7t5z3g5 ***** [ Geplande Taken ] ***** Taak gevonden: Thovuy Taak gevonden: Milimili Taak gevonden: Windows-PG ***** [ Register ] ***** Sleutel gevonden: HKU\S-1-5-21-581751278-323587240-2487430462-1001\Software\PRODUCTSETUP Sleutel gevonden: HKU\S-1-5-21-581751278-323587240-2487430462-1001\Software\csastats Sleutel gevonden: HKCU\Software\PRODUCTSETUP Sleutel gevonden: HKCU\Software\csastats Sleutel gevonden: HKLM\SOFTWARE\Elex-tech Sleutel gevonden: HKLM\SOFTWARE\ScreenShot Sleutel gevonden: HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971} Sleutel gevonden: HKLM\SOFTWARE\ourluckysitesSoftware Sleutel gevonden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe Sleutel gevonden: [x64] HKCU\Software\PRODUCTSETUP Sleutel gevonden: [x64] HKCU\Software\csastats Sleutel gevonden: [x64] HKLM\SOFTWARE\InterSect Alliance Data gevonden: HKU\S-1-5-21-581751278-323587240-2487430462-1001\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1493979368&z=1d7435144fd4cc5672f3e3fg3z6tdc1t Data gevonden: HKU\S-1-5-21-581751278-323587240-2487430462-1001\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1493979368&z=1d7435144fd4cc5672f3e3fg3 Data gevonden: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1493979368&z=1d7435144fd4cc5672f3e3fg3z6tdc1tdm7t5z3g5z&from=che0812&uid=HGSTXHTS721010A9 Data gevonden: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1493979368&z=1d7435144fd4cc5672f3e3fg3z6tdc1tdm7t5z3g5z&from=che0812&uid=HGSTXHTS7 Data gevonden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1493979368&z=1d7435144fd4cc5672f3e3fg3z6tdc1tdm7t5z3g5z&from=che0812&uid=HGSTXHTS7 Data gevonden: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1493979368&z=1d7435144fd4cc5672f3e3fg3z6tdc1tdm7t5z3g5z&from=che0812&uid=HGSTXHTS721010A9 Data gevonden: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1493979368&z=1d7435144fd4cc5672f3e3fg3z6tdc1tdm7t5z3g5z&from=che0812&uid=HGSTXHTS721010 Data gevonden: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1493979368&z=1d7435144fd4cc5672f3e3fg3z6tdc1tdm7t5z3g5z&from=che0812&uid=HGSTXHT Waarde gevonden: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc] Waarde gevonden: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Kitty] Waarde gevonden: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] Waarde gevonden: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] Waarde gevonden: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] Waarde gevonden: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] ***** [ Internetbrowsers ] ***** Firefox pref gevonden: [C:\Users\rossi\AppData\Roaming\Mozilla\Firefox\Profiles\9zl721p2.default\prefs.js] - "browser.search.searchengine.iconURL" - "hxxp://www.luckysearch123.com/favicon.ico?t=1" Firefox pref gevonden: [C:\Users\rossi\AppData\Roaming\Mozilla\Firefox\Profiles\9zl721p2.default\prefs.js] - "browser.search.searchengine.url" - "hxxp://www.luckysearch123.com/search.php?type=ds&ts=1493958354&from=d6440504& Firefox pref gevonden: [C:\Users\rossi\AppData\Roaming\Mozilla\Firefox\Profiles\9zl721p2.default\prefs.js] - "browser.startup.homepage" - "hxxp://www.luckysearch123.com?type=hp&ts=1493958354&from=d6440504&uid=hgstxhts721010 Firefox pref gevonden: [C:\Users\rossi\AppData\Roaming\Mozilla\Firefox\Profiles\9zl721p2.default\prefs.js] - "browser.newtab.url" - "hxxp://www.luckysearch123.com?type=hp&ts=1493958354&from=d6440504&uid=hgstxhts721010a9e630 Firefox pref gevonden: [C:\Users\rossi\AppData\Roaming\Mozilla\Firefox\Profiles\9zl721p2.default\user.js] - "browser.newtab.url" - "hxxp://www.luckysearch123.com?type=hp&ts=1493958354&from=d6440504&uid=hgstxhts721010a9e630_ Firefox pref gevonden: [C:\Users\rossi\AppData\Roaming\Mozilla\Firefox\Profiles\9zl721p2.default\user.js] - "browser.search.searchengine.iconURL" - "hxxp://www.luckysearch123.com/favicon.ico?t=1" Firefox pref gevonden: [C:\Users\rossi\AppData\Roaming\Mozilla\Firefox\Profiles\9zl721p2.default\user.js] - "browser.search.searchengine.url" - "hxxp://www.luckysearch123.com/search.php?type=ds&ts=1493958354&from=d6440504&u Firefox pref gevonden: [C:\Users\rossi\AppData\Roaming\Mozilla\Firefox\Profiles\9zl721p2.default\user.js] - "browser.startup.homepage" - "hxxp://www.luckysearch123.com?type=hp&ts=1493958354&from=d6440504&uid=hgstxhts721010a Chromium pref gevonden: [C:\Users\rossi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.luckysearch123.com?type=hp&ts=1493958354&from=d6440504&uid=hgstxhts721010a9e630_jr10044m0eh99n0eh99nx&z=c5 Chromium pref gevonden: [C:\Users\rossi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://www.luckysearch123.com?type=hp&ts=1493958354&from=d6440504&uid=hgstxhts721010a9e630_jr10044m0eh99n0eh99nx&z=c ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [8296 bytes] - [05/05/2017 20:30:23] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8369 bytes] ##########