Inhoud van Mango - Pagina 2

Harde schijf bijsteken

Mango reageerde op Mango's topic in Archief Aan- en verkoopadvies

MIjn moederbord is de Asrock Z77 Pro3

Harde schijf bijsteken

Mango reageerde op Mango's topic in Archief Aan- en verkoopadvies

Ik heb al 2 hardeschijfen dus dit wordt mijn derde, maakt dit iets uit?

Harde schijf bijsteken

Mango reageerde op Mango's topic in Archief Aan- en verkoopadvies

Moet ik die voedingsconnector en dat SATA kabeltje apart kopen? En ook nog een bracket of zo iets?

Harde schijf bijsteken

Mango reageerde op Mango's topic in Archief Aan- en verkoopadvies

Hij ziet er heel goed uit. Ik had nog een vraagje? Hoe moet ik die harde schijf der bij doen? Krijg ik hier een handleiding bij?

Harde schijf bijsteken

Mango plaatste een topic in Archief Aan- en verkoopadvies

Beste, Ik heb een tijdje geleden een pc gekocht en ik zou nu graag een harde schijf bijsteken. Kunnen jullie me der een adviseren met geheugen tussen 500 GB - 1TB. Niet meer dan 60 Euro zou ik zeggen. Alvast bedankt, Marco

Politie virus

Mango reageerde op Mango's topic in Archief Bestrijding malware & virussen

Helemaal perfect. Heel erg bedankt voor uw tijd en hulp!

Politie virus

Mango reageerde op Mango's topic in Archief Bestrijding malware & virussen

Hallo, Zoek.exe Version 4.0.0.2 Updated 12-May-2013 Tool run by Marco on di 14-05-2013 at 15:48:34,12. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== Older Logs ====================== C:\zoek-results12-05-2013-1404.log 17043 bytes ==== Deleting Files \ Folders ====================== "C:\users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt" deleted "C:\Windows\tasks\ROC_REG_JAN_DELETE.job" deleted "C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948" deleted ======== System Restore Points ======== RP101: 12-5-2013 19:00:12 - Windows Back-up RP102: 12-5-2013 19:01:00 - Windows Back-up

Politie virus

Mango reageerde op Mango's topic in Archief Bestrijding malware & virussen

Hier het mbam logje: Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2013.05.12.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Marco :: MARCOS-PC [administrator] Bescherming: Ingeschakeld 12-5-2013 13:54:09 mbam-log-2013-05-12 (13-54-09).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 268857 Verstreken tijd: 1 minuut/minuten, 19 seconde(n) Geheugenprocessen gedetecteerd: 1 C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe (Trojan.MWF.Gen) -> 468 -> Zal worden verwijderd tijdens het herstarten. Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Windows Manager (Trojan.MWF.Gen) -> Data: C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 1 C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe (Trojan.MWF.Gen) -> Zal worden verwijderd tijdens het herstarten. (einde) En hier het zoek.exe logje: Zoek.exe Version 4.0.0.2 Updated 12-May-2013 Tool run by Marco on zo 12-05-2013 at 13:58:49,89. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1855381489-1449304910-2271455802-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe E:\Malwarebytes' Anti-Malware\mbamscheduler.exe E:\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe E:\Malwarebytes' Anti-Malware\mbamgui.exe C:\Origin\Origin.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Users\Marco.Marcos-PC\AppData\Local\Akamai\netsession_win.exe C:\Users\Marco.Marcos-PC\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe E:\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe E:\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Marco.Marcos-PC\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe C:\Windows\SysWOW64\cmd.exe ==== FireFox Fix ====================== ProfilePath: C:\Users\Marco.Marcos-PC\AppData\Roaming\Mozilla\Firefox\Profiles\c7isuqlk.default user.js not found ---- Lines snap.do removed from prefs.js ---- user_pref("keyword.URL", "http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=NL&userid=fd92bbb4-eefa-4137-b1d5-55519a993edd&searchtype=ds&q="); ---- Lines snap.do modified from prefs.js ---- ---- Lines helperbar removed from prefs.js ---- user_pref("extensions.helperbar.DockingPositionDown", false); user_pref("extensions.helperbar.LastHiddenTime", 22567335); user_pref("extensions.helperbar.SmartbarDisabled", false); user_pref("extensions.helperbar.SmartbarStateMinimaized", false); ---- Lines helperbar modified from prefs.js ---- ---- Lines smartbar removed from prefs.js ---- ---- Lines smartbar modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs_12-05-2013_1402_.backup ==== Deleting Files \ Folders ====================== "C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f" not found "C:\ProgramData\9593d.pad" not found "C:\Users\Marco.Marcos-PC\AppData\Roaming\skype.ini" deleted "C:\Users\Marco.Marcos-PC\AppData\Roaming\Mozilla\Firefox\Profiles\c7isuqlk.default\searchplugins\Web Search.xml" deleted "C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f" deleted "C:\Windows\syswow64\appdata" deleted "C:\Program Files (x86)\Common Files\DVDVideoSoft\TB" deleted "C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted "C:\Program Files (x86)\Common Files\Wondershare" deleted "C:\Users\Marco.Marcos-PC\AppData\Roaming\OpenCandy" deleted "C:\Users\Marco.Marcos-PC\AppData\Local\Wondershare" deleted "C:\Windows\SysWow64\AI_RecycleBin" deleted ==== Registry Search Results for "$a3a5dff2beec6f70883664bf297a197f" ====================== No instances of string "$a3a5dff2beec6f70883664bf297a197f" found. ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\MARCO~1.MAR\AppData\Local\Temp ==== 2013-05-12 09:47:49 CFB6778EEA0AE50BDF4124F9BFA49D27 287 ----a-w- C:\Users\MARCO~1.MAR\AppData\Local\Temp\0727114825.exe 2013-05-12 08:55:45 2FF9B590342C62748885D459D082295F 89248 --sha-w- C:\Users\MARCO~1.MAR\AppData\Local\Temp\InstallFlashPlayer.exe ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-05-12 09:45:10 D527F4855DBB46CDD7E9BD8492B95B5B 6736 ----a-w- C:\Windows\Sysnative\.crusader ====== C:\Windows\Sysnative\drivers ===== 2013-04-24 06:04:01 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-05-12 09:43:30 -------- d-----w- C:\Program Files\HitmanPro ======= C:\Program Files (x86) ===== ======= C: ===== ====== C:\Users\Marco.Marcos-PC\AppData\Roaming ====== 2013-05-12 08:55:43 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt ====== C:\Users\Marco.Marcos-PC ====== 2013-05-12 09:43:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2013-05-12 09:42:47 -------- d-----w- C:\ProgramData\HitmanPro 2013-05-12 08:55:41 -------- d-sh--r- C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948 ====== C: exe-files == 2013-05-12 11:28:59 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Marco.Marcos-PC\Downloads\mbam-setup-1.75.0.1300.exe 2013-05-12 09:47:49 CFB6778EEA0AE50BDF4124F9BFA49D27 287 ----a-w- C:\Users\Marco.Marcos-PC\AppData\Local\Temp\0727114825.exe 2013-05-12 09:43:31 BE3B1DD6B8F89BD38B5C9ADF9C937B75 109352 ----a-w- C:\Program Files\HitmanPro\hmpsched.exe 2013-05-12 09:43:30 509401F6EC88BAB5463C996197E5EA08 9741664 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe 2013-05-12 08:55:45 2FF9B590342C62748885D459D082295F 89248 --sha-w- C:\Users\Marco.Marcos-PC\AppData\Local\Temp\InstallFlashPlayer.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1855381489-1449304910-2271455802-1000\Software\Microsoft\Windows\CurrentVersion\Run] "EADM"="C:\Origin\Origin.exe -AutoStart" "Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent" "Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" "Akamai NetSession Interface"="C:\Users\Marco.Marcos-PC\AppData\Local\Akamai\netsession_win.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe /TRAYONLY" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Wondershare Helper Compact.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "iTunesHelper"="E:\iTunesHelper.exe" "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "EADM"="C:\Origin\Origin.exe -AutoStart" "Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent" "Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" "Akamai NetSession Interface"="C:\Users\Marco.Marcos-PC\AppData\Local\Akamai\netsession_win.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10-04-2013 15:43] C:\Windows\tasks\ROC_REG_JAN_DELETE.job --a------ [undertermined Task] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Marco.Marcos-PC\AppData\Roaming\Mozilla\Firefox\Profiles\c7isuqlk.default - DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff AppDir: C:\Program Files (x86)\Mozilla Firefox - Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Marco.Marcos-PC\AppData\Roaming\Mozilla\Firefox\Profiles\c7isuqlk.default F7E72D3A281F922BACEC1A71A826D4C2 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll - Shockwave Flash F00A0EF5835E1B96F783D617F1948704 - E:\Mozilla Plugins\npitunes.dll - iTunes Application Detector ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=NL&userid=fd92bbb4-eefa-4137-b1d5-55519a993edd&searchtype=ds&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=NL&userid=fd92bbb4-eefa-4137-b1d5-55519a993edd&searchtype=ds&q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=NL&userid=fd92bbb4-eefa-4137-b1d5-55519a993edd&searchtype=ds&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully HKEY_USERS\S-1-5-21-1855381489-1449304910-2271455802-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully HKEY_USERS\S-1-5-21-1855381489-1449304910-2271455802-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully HKEY_USERS\S-1-5-21-1855381489-1449304910-2271455802-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_USERS\S-1-5-21-1855381489-1449304910-2271455802-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_CLASSES_ROOT\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Marco.Marcos-PC\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Marco.Marcos-PC\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Marco.Marcos-PC\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\users\Marco.Marcos-PC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully After Reboot ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\MARCO~1.MAR\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

Politie virus

Mango reageerde op Mango's topic in Archief Bestrijding malware & virussen

Heel erg bedankt voor de snelle reactie hier het logje: HitmanPro 3.7.3.194 www.hitmanpro.com Computer name . . . . : MARCOS-PC Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : NT AUTHORITY\SYSTEM UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2013-05-12 11:43:31 Scan mode . . . . . . : Normal Scan duration . . . . : 42s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 28 Traces . . . . . . . : 39 Objects scanned . . . : 1.286.512 Files scanned . . . . : 18.950 Remnants scanned . . : 275.975 files / 991.587 keys Malware _____________________________________________________________________ C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\n -> Quarantined Size . . . . . . . : 42.496 bytes Age . . . . . . . : 0.0 days (2013-05-12 10:55:50) Entropy . . . . . : 5.3 SHA-256 . . . . . : 8244DDFCBA327A3F67A5582642C53241EE5E58D75808547CD74808BCDED272D0 > G Data . . . . . . : Trojan.Sirefef.KH > Ikarus . . . . . . : Trojan.Win64!IK Fuzzy . . . . . . : 138.0 One or more antivirus vendors have indicated that the file is malicious. This file was most recently added as automatic startup. The file name extension of this program is not common. The hidden file attribute bit is set. This is not common to most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. Time indicates that the file appeared recently on this computer. Startup HKLM\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\ Forensic Cluster -9.8s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\ -9.8s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe -7.8s C:\Users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt -7.1s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\6829803844.exe -7.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$R28AFB608 -6.5s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\2\05\05E1Ed01 -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\ -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\ -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\ -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\@ -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\n -5.7s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\InstallFlashPlayer.exe -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$RA49A1934 -4.2s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$I28AFB608 -4.2s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\15FF.tmp -0.0s C:\$Recycle.Bin\S-1-5-18\ -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\ -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\ -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\@ -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\ 0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\n 0.0s C:\Windows\assembly\gac_64\Desktop.ini 0.0s C:\Windows\assembly\gac_32\Desktop.ini 0.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$IA49A1934 15.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@ 15.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@ 15.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@ 15.9s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@ 18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@ 18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@ 18.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@ 23.1s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\1\41\A2A35d01 36.8s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\incalladwidget[2].htm 37.1s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\index-b7304d2291ffbd00555d74590ccfa04a.min[1].js 39.9s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\thumbnails\7b596b88b849c5a64a66ff6fd4fc1633.png 40.2s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\ads-in-client[2].js 45.7s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\startupCache\startupCache.4.little 49.2s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\ 49.2s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\7D487d01 C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@ -> Quarantined Size . . . . . . . : 15.360 bytes Age . . . . . . . : 0.0 days (2013-05-12 10:56:06) Entropy . . . . . : 5.4 SHA-256 . . . . . : E483D414588EA9E002CFADD9786088D90557AEB473C0C5C62C8E4B34C58DBDB9 > G Data . . . . . . : Trojan.Generic.8044919 > Ikarus . . . . . . : Trojan.Win64!IK Fuzzy . . . . . . : 112.0 Forensic Cluster -25.7s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\ -25.7s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe -23.7s C:\Users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt -22.9s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\6829803844.exe -22.9s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$R28AFB608 -22.4s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\2\05\05E1Ed01 -21.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\ -21.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\ -21.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\ -21.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\@ -21.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\n -21.6s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\InstallFlashPlayer.exe -21.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$RA49A1934 -20.1s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$I28AFB608 -20.0s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\15FF.tmp -15.9s C:\$Recycle.Bin\S-1-5-18\ -15.9s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\ -15.9s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\ -15.9s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\@ -15.9s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\ -15.9s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\n -15.9s C:\Windows\assembly\gac_64\Desktop.ini -15.9s C:\Windows\assembly\gac_32\Desktop.ini -15.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$IA49A1934 -0.3s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@ -0.3s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@ -0.3s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@ 0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@ 2.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@ 2.8s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@ 2.8s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@ 7.2s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\1\41\A2A35d01 21.0s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\incalladwidget[2].htm 21.2s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\index-b7304d2291ffbd00555d74590ccfa04a.min[1].js 24.1s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\thumbnails\7b596b88b849c5a64a66ff6fd4fc1633.png 24.3s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\ads-in-client[2].js 29.8s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\startupCache\startupCache.4.little 33.3s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\ 33.3s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\7D487d01 C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@ -> Quarantined Size . . . . . . . : 90.624 bytes Age . . . . . . . : 0.0 days (2013-05-12 10:56:09) Entropy . . . . . : 6.6 SHA-256 . . . . . : EF8766EFC0DDC7A56A71DBCC65200537988163512C70F9CE8CD44398943DE5AD > Ikarus . . . . . . : Trojan.Win32.Alureon!IK Fuzzy . . . . . . : 112.0 Forensic Cluster -28.4s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\ -28.4s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe -26.4s C:\Users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt -25.7s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\6829803844.exe -25.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$R28AFB608 -25.1s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\2\05\05E1Ed01 -24.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\ -24.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\ -24.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\ -24.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\@ -24.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\n -24.3s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\InstallFlashPlayer.exe -24.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$RA49A1934 -22.8s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$I28AFB608 -22.8s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\15FF.tmp -18.6s C:\$Recycle.Bin\S-1-5-18\ -18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\ -18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\ -18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\@ -18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\ -18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\n -18.6s C:\Windows\assembly\gac_64\Desktop.ini -18.6s C:\Windows\assembly\gac_32\Desktop.ini -18.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$IA49A1934 -3.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@ -3.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@ -3.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@ -2.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@ 0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@ 0.1s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@ 0.1s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@ 4.5s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\1\41\A2A35d01 18.2s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\incalladwidget[2].htm 18.5s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\index-b7304d2291ffbd00555d74590ccfa04a.min[1].js 21.3s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\thumbnails\7b596b88b849c5a64a66ff6fd4fc1633.png 21.6s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\ads-in-client[2].js 27.1s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\startupCache\startupCache.4.little 30.6s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\ 30.6s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\7D487d01 C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@ -> Quarantined Size . . . . . . . : 77.312 bytes Age . . . . . . . : 0.0 days (2013-05-12 10:56:09) Entropy . . . . . : 6.1 SHA-256 . . . . . : DBDAEA813662144D3D37323DDAB9C9DC63501FB09E9DA3C70325BE5CA816C92B > Ikarus . . . . . . : Trojan.Win64!IK Fuzzy . . . . . . : 112.0 Forensic Cluster -28.5s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\ -28.5s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe -26.4s C:\Users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt -25.7s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\6829803844.exe -25.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$R28AFB608 -25.2s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\2\05\05E1Ed01 -24.4s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\ -24.4s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\ -24.4s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\ -24.4s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\@ -24.4s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\n -24.4s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\InstallFlashPlayer.exe -24.4s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$RA49A1934 -22.8s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$I28AFB608 -22.8s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\15FF.tmp -18.6s C:\$Recycle.Bin\S-1-5-18\ -18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\ -18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\ -18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\@ -18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\ -18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\n -18.6s C:\Windows\assembly\gac_64\Desktop.ini -18.6s C:\Windows\assembly\gac_32\Desktop.ini -18.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$IA49A1934 -3.1s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@ -3.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@ -3.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@ -2.8s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@ -0.1s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@ 0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@ 0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@ 4.4s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\1\41\A2A35d01 18.2s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\incalladwidget[2].htm 18.4s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\index-b7304d2291ffbd00555d74590ccfa04a.min[1].js 21.3s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\thumbnails\7b596b88b849c5a64a66ff6fd4fc1633.png 21.5s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\ads-in-client[2].js 27.0s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\startupCache\startupCache.4.little 30.5s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\ 30.5s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\7D487d01 C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\n -> Quarantined Size . . . . . . . : 42.496 bytes Age . . . . . . . : 0.0 days (2013-05-12 10:55:45) Entropy . . . . . : 5.3 SHA-256 . . . . . : 8244DDFCBA327A3F67A5582642C53241EE5E58D75808547CD74808BCDED272D0 > G Data . . . . . . : Trojan.Sirefef.KH > Ikarus . . . . . . : Trojan.Win64!IK Fuzzy . . . . . . : 117.0 Forensic Cluster -4.1s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\ -4.1s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe -2.1s C:\Users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt -1.3s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\6829803844.exe -1.2s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$R28AFB608 -0.8s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\2\05\05E1Ed01 -0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\ -0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\ -0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\ -0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\@ 0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\n 0.0s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\InstallFlashPlayer.exe 0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$RA49A1934 1.5s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$I28AFB608 1.6s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\15FF.tmp 5.7s C:\$Recycle.Bin\S-1-5-18\ 5.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\ 5.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\ 5.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\@ 5.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\ 5.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\n 5.7s C:\Windows\assembly\gac_64\Desktop.ini 5.7s C:\Windows\assembly\gac_32\Desktop.ini 6.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$IA49A1934 21.3s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@ 21.3s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@ 21.3s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@ 21.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@ 24.3s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@ 24.4s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@ 24.4s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@ 28.8s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\1\41\A2A35d01 42.6s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\incalladwidget[2].htm 42.8s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\index-b7304d2291ffbd00555d74590ccfa04a.min[1].js 45.7s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\thumbnails\7b596b88b849c5a64a66ff6fd4fc1633.png 45.9s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\ads-in-client[2].js 51.4s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\startupCache\startupCache.4.little 54.9s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\ 54.9s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\7D487d01 C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@ -> Quarantined Size . . . . . . . : 15.360 bytes Age . . . . . . . : 0.0 days (2013-05-12 11:20:39) Entropy . . . . . : 5.4 SHA-256 . . . . . : E483D414588EA9E002CFADD9786088D90557AEB473C0C5C62C8E4B34C58DBDB9 > G Data . . . . . . : Trojan.Generic.8044919 > Ikarus . . . . . . : Trojan.Win64!IK Fuzzy . . . . . . : 112.0 Forensic Cluster -0.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@ -0.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@ -0.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@ 0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@ 0.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@ 0.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@ 0.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@ C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@ -> Quarantined Size . . . . . . . : 90.624 bytes Age . . . . . . . : 0.0 days (2013-05-12 11:20:40) Entropy . . . . . : 6.6 SHA-256 . . . . . : EF8766EFC0DDC7A56A71DBCC65200537988163512C70F9CE8CD44398943DE5AD > Ikarus . . . . . . : Trojan.Win32.Alureon!IK Fuzzy . . . . . . : 112.0 Forensic Cluster -0.9s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@ -0.9s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@ -0.9s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@ -0.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@ 0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@ 0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@ 0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@ C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@ -> Quarantined Size . . . . . . . : 77.312 bytes Age . . . . . . . : 0.0 days (2013-05-12 11:20:40) Entropy . . . . . : 6.1 SHA-256 . . . . . : DBDAEA813662144D3D37323DDAB9C9DC63501FB09E9DA3C70325BE5CA816C92B > Ikarus . . . . . . : Trojan.Win64!IK Fuzzy . . . . . . : 112.0 Forensic Cluster -0.9s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@ -0.9s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@ -0.9s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@ -0.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@ -0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@ 0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@ 0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@ C:\Users\Marco.Marcos-PC\AppData\Local\Temp\1761647130.exe -> Quarantined Size . . . . . . . : 107.520 bytes Age . . . . . . . : 0.0 days (2013-05-12 11:06:58) Entropy . . . . . : 5.4 SHA-256 . . . . . : 45588A043504B8047C2FED0CD8B54CA931B6EADEC3749B2C0B494B8A649DA755 > Emsisoft . . . . . : Trojan.Ransom.Win32.Foreign.cjgu.AMN!A2 Fuzzy . . . . . . : 108.0 Forensic Cluster -3.0s C:\Users\Marco.Marcos-PC\AppData\Roaming\Apple Computer\Logs\asl.110655_12May13.log 0.0s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\1761647130.exe 3.3s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\60577[1] C:\Users\Marco.Marcos-PC\AppData\Local\Temp\3645093495.exe -> Quarantined Size . . . . . . . : 107.520 bytes Age . . . . . . . : 0.0 days (2013-05-12 11:19:20) Entropy . . . . . : 5.4 SHA-256 . . . . . : 45588A043504B8047C2FED0CD8B54CA931B6EADEC3749B2C0B494B8A649DA755 > Emsisoft . . . . . : Trojan.Ransom.Win32.Foreign.cjgu.AMN!A2 Fuzzy . . . . . . : 108.0 Forensic Cluster -2.8s C:\Users\Marco.Marcos-PC\AppData\Roaming\Apple Computer\Logs\asl.111917_12May13.log 0.0s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\3645093495.exe 2.4s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\WPDNSE\ 3.3s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3P7OJCUM\ 3.3s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3P7OJCUM\desktop.ini 3.3s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPC30HLA\ 3.3s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPC30HLA\desktop.ini 3.3s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0EXLVJ6\ 3.3s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT75R2DP\ 3.3s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT75R2DP\desktop.ini 3.3s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0EXLVJ6\desktop.ini 4.6s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3P7OJCUM\17214[1] C:\Users\Marco.Marcos-PC\AppData\Local\Temp\6829803844.exe -> Quarantined Size . . . . . . . : 107.520 bytes Age . . . . . . . : 0.0 days (2013-05-12 10:55:43) Entropy . . . . . : 5.4 SHA-256 . . . . . : 45588A043504B8047C2FED0CD8B54CA931B6EADEC3749B2C0B494B8A649DA755 > Emsisoft . . . . . : Trojan.Ransom.Win32.Foreign.cjgu.AMN!A2 Fuzzy . . . . . . : 108.0 Forensic Cluster -2.7s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\ -2.7s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe -0.7s C:\Users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt 0.0s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\6829803844.exe 0.1s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$R28AFB608 0.6s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\2\05\05E1Ed01 1.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\ 1.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\ 1.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\ 1.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\@ 1.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\n 1.3s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\InstallFlashPlayer.exe 1.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$RA49A1934 2.9s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$I28AFB608 2.9s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\15FF.tmp 7.1s C:\$Recycle.Bin\S-1-5-18\ 7.1s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\ 7.1s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\ 7.1s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\@ 7.1s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\ 7.1s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\n 7.1s C:\Windows\assembly\gac_64\Desktop.ini 7.1s C:\Windows\assembly\gac_32\Desktop.ini 7.4s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$IA49A1934 22.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@ 22.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@ 22.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@ 22.9s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@ 25.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@ 25.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@ 25.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@ 30.1s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\1\41\A2A35d01 43.9s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\incalladwidget[2].htm 44.1s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\index-b7304d2291ffbd00555d74590ccfa04a.min[1].js 47.0s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\thumbnails\7b596b88b849c5a64a66ff6fd4fc1633.png 47.2s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\ads-in-client[2].js 52.7s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\startupCache\startupCache.4.little 56.3s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\ 56.3s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\7D487d01 C:\Users\Marco.Marcos-PC\AppData\Roaming\skype.dat -> Quarantined Size . . . . . . . : 107.520 bytes Age . . . . . . . : 183.1 days (2012-11-10 08:58:41) Entropy . . . . . : 5.4 SHA-256 . . . . . : 45588A043504B8047C2FED0CD8B54CA931B6EADEC3749B2C0B494B8A649DA755 > Emsisoft . . . . . : Trojan.Ransom.Win32.Foreign.cjgu.AMN!A2 Fuzzy . . . . . . : 138.0 Startup HKU\S-1-5-21-1855381489-1449304910-2271455802-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell C:\Windows\assembly\gac_32\Desktop.ini -> Quarantined Size . . . . . . . : 5.120 bytes Age . . . . . . . : 0.0 days (2013-05-12 10:55:51) Entropy . . . . . : 3.8 SHA-256 . . . . . : EDC48416BF17933E73F73C82B2E31F27C9A937389BFB18FC56871C29730D2B04 > G Data . . . . . . : Trojan.Generic.7743326 > Ikarus . . . . . . : Backdoor.Win32.ZAccess!IK Fuzzy . . . . . . : 117.0 Forensic Cluster -9.8s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\ -9.8s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe -7.8s C:\Users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt -7.1s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\6829803844.exe -7.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$R28AFB608 -6.5s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\2\05\05E1Ed01 -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\ -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\ -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\ -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\@ -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\n -5.7s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\InstallFlashPlayer.exe -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$RA49A1934 -4.2s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$I28AFB608 -4.2s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\15FF.tmp -0.0s C:\$Recycle.Bin\S-1-5-18\ -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\ -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\ -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\@ -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\ -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\n -0.0s C:\Windows\assembly\gac_64\Desktop.ini 0.0s C:\Windows\assembly\gac_32\Desktop.ini 0.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$IA49A1934 15.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@ 15.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@ 15.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@ 15.9s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@ 18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@ 18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@ 18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@ 23.1s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\1\41\A2A35d01 36.8s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\incalladwidget[2].htm 37.1s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\index-b7304d2291ffbd00555d74590ccfa04a.min[1].js 39.9s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\thumbnails\7b596b88b849c5a64a66ff6fd4fc1633.png 40.2s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\ads-in-client[2].js 45.7s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\startupCache\startupCache.4.little 49.2s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\ 49.2s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\7D487d01 C:\Windows\assembly\gac_64\Desktop.ini -> Quarantined Size . . . . . . . : 6.144 bytes Age . . . . . . . : 0.0 days (2013-05-12 10:55:51) Entropy . . . . . : 3.6 SHA-256 . . . . . : 2D5832D2CE829B0C4B2BB45CAC4F691423AC8E685F3ADE7BC8941AB1CCA538B5 > G Data . . . . . . : Trojan.Generic.7700709 > Ikarus . . . . . . : Trojan.Win64!IK Fuzzy . . . . . . : 117.0 Forensic Cluster -9.8s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\ -9.8s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe -7.8s C:\Users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt -7.1s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\6829803844.exe -7.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$R28AFB608 -6.5s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\2\05\05E1Ed01 -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\ -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\ -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\ -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\@ -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\n -5.7s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\InstallFlashPlayer.exe -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$RA49A1934 -4.2s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$I28AFB608 -4.2s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\15FF.tmp -0.0s C:\$Recycle.Bin\S-1-5-18\ -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\ -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\ -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\@ -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\ -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\n 0.0s C:\Windows\assembly\gac_64\Desktop.ini 0.0s C:\Windows\assembly\gac_32\Desktop.ini 0.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$IA49A1934 15.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@ 15.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@ 15.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@ 15.9s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@ 18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@ 18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@ 18.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@ 23.1s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\1\41\A2A35d01 36.8s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\incalladwidget[2].htm 37.1s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\index-b7304d2291ffbd00555d74590ccfa04a.min[1].js 39.9s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\thumbnails\7b596b88b849c5a64a66ff6fd4fc1633.png 40.2s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\ads-in-client[2].js 45.7s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\startupCache\startupCache.4.little 49.2s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\ 49.2s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\7D487d01 Suspicious files ____________________________________________________________ C:\Users\Marco.Marcos-PC\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll Size . . . . . . . : 949.613 bytes Age . . . . . . . : 182.8 days (2012-11-10 17:24:40) Entropy . . . . . : 7.6 SHA-256 . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Marco.Marcos-PC\AppData\Local\PunkBuster\BF3\pb\dll\wc002325.dll Size . . . . . . . : 959.376 bytes Age . . . . . . . : 74.8 days (2013-02-26 15:59:48) Entropy . . . . . : 7.6 SHA-256 . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\Marco.Marcos-PC\AppData\Local\PunkBuster\BF3\pb\pbcl.dll Size . . . . . . . : 959.376 bytes Age . . . . . . . : 17.6 days (2013-04-24 21:45:37) Entropy . . . . . : 7.6 SHA-256 . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 23.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\Marco.Marcos-PC\AppData\Local\PunkBuster\BF3\pb\pbclold.dll Size . . . . . . . : 959.376 bytes Age . . . . . . . : 183.6 days (2012-11-09 21:08:00) Entropy . . . . . : 7.6 SHA-256 . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\Marco.Marcos-PC\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys Size . . . . . . . : 137.992 bytes Age . . . . . . . : 183.6 days (2012-11-09 21:08:22) Entropy . . . . . : 7.8 SHA-256 . . . . . : 21A3D2E3A063EA2F986EF1BAFD1A71F7FC9EDB3F69E0265E51A18DBC111084F1 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\Marco.Marcos-PC\AppData\Local\PunkBuster\BLR\pb\pbcl.dll Size . . . . . . . : 949.190 bytes Age . . . . . . . : 112.6 days (2013-01-19 21:04:15) Entropy . . . . . : 7.6 SHA-256 . . . . . : DAF43E93528BEEECC015FA98D6EE6D6FD6D19A049321E47A65665144E4511F41 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Marco.Marcos-PC\AppData\Local\PunkBuster\BLR\pb\PnkBstrK.sys Size . . . . . . . : 140.360 bytes Age . . . . . . . : 112.6 days (2013-01-19 21:04:26) Entropy . . . . . : 7.8 SHA-256 . . . . . : 0F41B3843E2D2D1BB1ACF8B7CAA293309CC1CF8CF478B1AC86DD6BB214928DC4 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe Size . . . . . . . : 62.976 bytes Age . . . . . . . : 0.0 days (2013-05-12 10:55:41) Entropy . . . . . : 7.1 SHA-256 . . . . . : 66C1E15DEAD761C9790A083B027DD134BBD2515DBEE54FE173FD9819272D951C Fuzzy . . . . . . : 23.0 The hidden file attribute bit is set. This is not common to most programs. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Uses the Windows Registry to run each time the user logs on. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. Time indicates that the file appeared recently on this computer. Program contains PE structure anomalies. This is not typical for most programs. Startup HKU\S-1-5-21-1855381489-1449304910-2271455802-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Manager Forensic Cluster -0.0s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\ 0.0s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe 2.0s C:\Users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt 2.7s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\6829803844.exe 2.8s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$R28AFB608 3.3s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\2\05\05E1Ed01 4.1s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\ 4.1s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\ 4.1s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\ 4.1s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\@ 4.1s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\n 4.1s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\InstallFlashPlayer.exe 4.1s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$RA49A1934 5.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$I28AFB608 5.6s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\15FF.tmp 9.8s C:\$Recycle.Bin\S-1-5-18\ 9.8s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\ 9.8s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\ 9.8s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\@ 9.8s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\ 9.8s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\n 9.8s C:\Windows\assembly\gac_64\Desktop.ini 9.8s C:\Windows\assembly\gac_32\Desktop.ini 10.1s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$IA49A1934 25.4s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@ 25.4s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@ 25.4s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@ 25.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@ 28.4s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@ 28.5s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@ 28.5s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@ 32.9s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\1\41\A2A35d01 46.6s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\incalladwidget[2].htm 46.9s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\index-b7304d2291ffbd00555d74590ccfa04a.min[1].js 49.7s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\thumbnails\7b596b88b849c5a64a66ff6fd4fc1633.png 50.0s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\ads-in-client[2].js 55.5s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\startupCache\startupCache.4.little 59.0s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\ 59.0s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\7D487d01 Malware remnants ____________________________________________________________ C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\@ (ZeroAccess) -> Deleted C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\ (ZeroAccess) -> Deleted C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@ (ZeroAccess) -> Deleted C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\ (ZeroAccess) -> Deleted C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@ (ZeroAccess) -> Deleted C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@ (ZeroAccess) -> Deleted C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@ (ZeroAccess) -> Deleted C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\@ (ZeroAccess) -> Deleted C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\ (ZeroAccess) -> Deleted C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@ (ZeroAccess) -> Deleted C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\ (ZeroAccess) -> Deleted C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@ (ZeroAccess) -> Deleted C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@ (ZeroAccess) -> Deleted C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@ (ZeroAccess) -> Deleted

Politie virus

Mango plaatste een topic in Archief Bestrijding malware & virussen

Hallo, Ik heb weer eens het politie virus. Ik heb mijn pc geprobeerd op te starten in veilige modus met netwerkmogelijkheden maar dan sluit de pc zichzelf automatisch af, wat moet ik doen?? Alvast heel erg bedankt Marco

Laptop scherm aan pc scherm vast maken

Mango plaatste een topic in Archief Hardware algemeen

Hallo, Ik heb een normale pc met een beeldscherm maar ik heb ook een kleine laptop. Zou ik het scherm van mijn laptop aan mij pc kunnen koppelen? Alvast bedankt

22 januari 2013
- alvast
- hardware
- (en 6 meer)
  Getagd met:
  - alvast
  - hardware
  - kleine
  - laptop
  - maken
  - probleem
  - scherm
  - vast

Windows vraag

Mango reageerde op Mango's topic in Archief Windows Algemeen

Ok bedankt Ja klopt maar met een samenstelling moet je het er voor 99 euro bijkopen

1 oktober 2012
3 antwoorden
- installeren
- kopen
- (en 8 meer)
  Getagd met:
  - installeren
  - kopen
  - laptop
  - momenteel
  - nieuwe
  - oude
  - probleem
  - vraag
  - windows
  - windows 7

Windows vraag

Mango plaatste een topic in Archief Windows Algemeen

Hallo, Ik ga een nieuwe pc kopen en heb momenteel een oude laptop waar wel Windows 7 op staat. Kan ik dan Windows 7 van mijn oude laptop afhalen en het op die andere PC installeren? Alvast bedankt

1 oktober 2012
3 antwoorden
- installeren
- kopen
- (en 8 meer)
  Getagd met:
  - installeren
  - kopen
  - laptop
  - momenteel
  - nieuwe
  - oude
  - probleem
  - vraag
  - windows
  - windows 7

Aankoop nieuwe Game PC

Mango reageerde op Mango's topic in Archief Aan- en verkoopadvies

Ok, heel erg bedankt. Ik kan hier zeker wat mee!!

Aankoop nieuwe Game PC

Mango plaatste een topic in Archief Aan- en verkoopadvies

Hallo, Waarvoor heb ik een PC nodig ? Gamen Wat is mijn budget ? 1150 Een merkcomputer of een samenstelling? Samenstelling Ga ik overklokken ? Niet zolang ik garantie heb. Ga ik later upgraden ? Ja over een jaartje of 3-4 Heb ik al die nieuwe functies wel nodig? Ja, die heb ik nodig Ga ik zelf assembleren? Nee Heb ik een besturingssysteem nodig ? Ja Windows 7 Home Premium Ga ik zelf installeren ? Nee ga ik niet zelf doen Heb ik een voorkeur aan onderdelen ? Nee niet echt. Heb ik nog randapparatuur nodig ? Ja, Netwerk kaart, speakers, monitor, wireless toetsenbord en muis en een cardreader. Heb ik specifieke wensen ? Hij moet, WoW en andere zware spellen op max kunnen draaien, en als het binnen mijn budget kan ook een stille pc, maar hoeft niet. Woont u in Nederland of België, wil u bestellen bij een specifieke (web)winkel? Geen specifieke webwinkel, woon in Nederland.

Inloggen

Mango

Items

Registratiedatum

Laatst bezocht

Inhoudstype

Profielen

Forums

Store

Alles dat geplaatst werd door Mango

Harde schijf bijsteken

Harde schijf bijsteken

Harde schijf bijsteken

Harde schijf bijsteken

Harde schijf bijsteken

Politie virus

Politie virus

Politie virus

Politie virus

Politie virus

Laptop scherm aan pc scherm vast maken

Windows vraag

Windows vraag

Aankoop nieuwe Game PC

Aankoop nieuwe Game PC

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie