anke marquetecken

Lid

Bekijk profiel Bekijk hun activiteit

Items
67
Registratiedatum
27 augustus 2013
Laatst bezocht
26 november 2017

Inhoudstype

Alle activiteit

Profielen

Forums

Store

Product Reviews

Alles dat geplaatst werd door anke marquetecken

malware

anke marquetecken reageerde op anke marquetecken's topic in Archief Hardware algemeen

AdwCleaner[S0].txtAdwCleaner[R0].txt
- 30 augustus 2013
- 41 antwoorden
malware

anke marquetecken reageerde op anke marquetecken's topic in Archief Hardware algemeen

Zoek.exe Version 4.0.0.4 Updated 30-08-2013 Tool run by Anke on vr 30/08/2013 at 22:09:05,80. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Safe Mode NETWORK Internet Access Detected Launched: C:\Users\Anke\Desktop\zoek.scr [script inserted] ==== Deleting Files \ Folders ====================== "C:\Windows\Installer\3be7ac.msi" deleted ==== Chrome Look ====================== Google Docs - Anke - Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Anke - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Anke - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Anke - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Profile Visitors for Facebook - Anke - Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk Web Video Solution - Anke - Default\Extensions\lehjhdjciofcglicaidnlfleggadgfpk Helper extension - Anke - Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla Secure Downloader - Anke - Default\Extensions\njbcfghpoodhahbegndmbojmgkibhiol Card number - Anke - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Anke - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\Anke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D24574357365A600677A7A857BC03000 deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5347542D-5637-006A-76A7-A758B70C0300} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetIM Bundle by SweetPacks deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WNLT deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\UtilityChest_49bar Uninstall deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D24574357365A600677A7A857BC03000 deleted successfully ==== EOF on vr 30/08/2013 at 22:10:02,02 ====================== - - - Updated - - - HitmanPro_20130830_2214.log
- 30 augustus 2013
- 41 antwoorden
malware

anke marquetecken reageerde op anke marquetecken's topic in Archief Hardware algemeen

Zoek.exe Version 4.0.0.4 Updated 26-08-2013 Tool run by Anke on do 29/08/2013 at 19:29:51,04. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Anke\Desktop\zoek.scr [Checkboxes used] ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe C:\Program Files\F-Secure\fshoster32.exe C:\Program Files\F-Secure\apps\CCF_Reputation\fsorsp.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Fighters\FighterSuiteService.exe C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE C:\Windows\system32\sppsvc.exe C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\F-Secure\fshoster32.exe C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE C:\Program Files\Fighters\Tray\FightersTray.exe C:\Program Files\Fighters\SPYWAREfighter\swproTray.exe C:\Program Files\BearShare Applications\BearShare\BearShare.exe C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Users\Anke\Desktop\zoek.scr C:\Windows\system32\conhost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe ==== System Restore Info ====================== 29/08/2013 19:34:42 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== 7-Zip 9.20 Adobe Flash Player 11 ActiveX Adobe Reader XI (11.0.03) - Nederlands Ask Toolbar BearShare Computer Security 12.83.104.0 (release) Debut Video Capture Software DownLite F-Secure F-Secure CCF Reputation F-Secure CCF Scanning 1.23.124.8831 (release) F-Secure Network CCF 1.02.128 Fighters FromDocToPDF Toolbar Google Chrome Google Toolbar for Internet Explorer Google Update Helper HiJackThis iLivid Java 7 Update 25 Java Auto Updater Malwarebytes Anti-Malware versie 1.75.0.1300 McAfee Security Scan Plus Microsoft .NET Framework 4 Client Profile Microsoft Silverlight Mozilla Firefox 19.0.2 (x86 nl) Mozilla Maintenance Service Online Safety 2.83.1329.952 Panda Cloud Cleaner Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) SPYWAREfighter SweetIM Bundle by SweetPacks SweetPacks Updater Service TornTV Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Utility Chest Toolbar VideoDownloadConverter Toolbar VideoPad Video Editor Windows Movie Maker 2.6 WinRAR 4.20 (32-bit) WinZip 17.5 YTD Video Downloader 4.4 ==== Deleting Services ====================== ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-08-11 11:45:34 05D59FA456E407BBEB59C8590E6B27B0 19822 ----a-w- C:\Windows\prodsett_copy.ini ====== C:\Users\Anke\AppData\Local\Temp ==== ====== C:\Windows\system32 ===== 2013-08-28 05:14:59 6C59BBD6B87C73DDEDA11486BE4A1C65 424 ----a-w- C:\Windows\System32\BroomData.bit ====== C:\Windows\system32\drivers ===== 2013-08-26 19:26:38 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-08-14 06:19:20 4E8B9BE71B807B3BAEDB7F4243F85E3C 1293760 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-08-14 06:18:16 B37B08F2E5EEB1A37E448E09BACE1101 31232 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2013-08-11 11:46:42 18DA737DD5122A475DA4948ED4643675 44240 ----a-w- C:\Windows\System32\drivers\fsbts.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-08-28 19:01:52 -------- d-----w- C:\Program Files\WinRAR 2013-08-27 14:05:05 -------- d-----w- C:\Program Files\7-Zip 2013-08-27 12:05:08 -------- d-----w- C:\Program Files\Trend Micro 2013-08-26 15:46:31 -------- d-----w- C:\Program Files\Common Files\Common Toolkit Suite 2013-08-26 15:46:30 -------- d-----w- C:\Program Files\Fighters 2013-08-11 11:40:58 -------- d-----w- C:\Program Files\F-Secure 2013-08-02 10:43:16 -------- d-----w- C:\Program Files\WinZip 2013-08-02 10:42:14 -------- d-----w- C:\Program Files\GreenTree Applications ======= C: ===== ====== C:\Users\Anke\AppData\Roaming ====== 2013-08-29 16:10:12 -------- d-----w- C:\users\Anke\AppData\Local\Temp 2013-08-28 19:01:56 -------- d-----w- C:\users\Anke\AppData\Roaming\WinRAR 2013-08-28 19:01:56 -------- d-----w- C:\users\Anke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2013-08-28 16:35:00 -------- d-----w- C:\users\Anke\AppData\Local\ElevatedDiagnostics 2013-08-26 15:46:50 -------- d-----w- C:\users\Anke\AppData\Roaming\Fighters 2013-08-13 05:12:17 -------- d-----w- C:\users\Anke\AppData\Local\F-Secure 2013-08-05 10:59:10 -------- d-----w- C:\users\Anke\AppData\Roaming\Google 2013-08-02 10:43:35 -------- d-----w- C:\users\Anke\AppData\Local\WinZip 2013-08-01 15:51:06 -------- d-----w- C:\users\Anke\AppData\Local\Programs ====== C:\Users\Anke ====== 2013-08-29 17:25:04 -------- d-----w- C:\ProgramData\41FD 2013-08-29 07:03:11 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Anke\Downloads\7z920 (1).exe 2013-08-28 19:01:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2013-08-28 19:01:47 7784ACAC132C27E20B7A59688D6114FA 1886165 ----a-w- C:\Users\Anke\Downloads\wrar420nl.exe 2013-08-28 19:01:34 8B265CCA436DF81B113B9A43A215E4D9 2023116 ----a-w- C:\Users\Anke\Downloads\winrar-x64-420nl.exe 2013-08-27 20:31:29 B7199AB894D1EBD78FAEFC7AD405C15F 30566792 ----a-w- C:\Users\Anke\Downloads\PandaCloudCleaner (1).exe 2013-08-27 20:30:44 B7199AB894D1EBD78FAEFC7AD405C15F 30566792 ----a-w- C:\Users\Anke\Downloads\PandaCloudCleaner.exe 2013-08-27 14:05:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2013-08-27 14:03:27 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Anke\Downloads\7z920.exe 2013-08-26 19:25:43 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Anke\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-26 15:47:11 -------- d-----w- C:\ProgramData\clp 2013-08-26 15:46:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters 2013-08-26 15:46:29 -------- d-----w- C:\ProgramData\Common Toolkit Suite 2013-08-26 15:45:25 -------- d-----w- C:\ProgramData\Fighters 2013-08-26 15:44:34 AD77AF3522CFC969801A0D59C0223CDE 2356112 ----a-w- C:\Users\Anke\Downloads\spywarefighter (1).exe 2013-08-26 15:44:29 AD77AF3522CFC969801A0D59C0223CDE 2356112 ----a-w- C:\Users\Anke\Downloads\spywarefighter.exe 2013-08-11 11:41:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure 2013-08-11 11:39:19 -------- d-----w- C:\ProgramData\F-Secure 2013-08-02 10:43:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2013-08-02 10:43:17 -------- d-----w- C:\ProgramData\WinZip ====== C: exe-files == 2013-08-28 19:01:52 9A31F7D5248712D6725234C6B16CEC18 270336 ----a-w- C:\Program Files\WinRAR\UnRAR.exe 2013-08-28 19:01:52 8BABC98395F0D8FC0968982237B1BC8F 404992 ----a-w- C:\Program Files\WinRAR\Rar.exe 2013-08-28 19:01:52 4C2298BF181AE43A2864AC8B53A119E3 123904 ----a-w- C:\Program Files\WinRAR\Uninstall.exe 2013-08-28 19:01:52 31EF2CA5D8E806F3B03450DD18FBBB3F 1159168 ----a-w- C:\Program Files\WinRAR\WinRAR.exe 2013-08-27 19:16:10 A58B53D5CD6EEC9A7C3A9DFB37D65563 273344 ----a-w- C:\ProgramData\F-Secure\FSAUA\guts.sp.f-secure.com\content\CS_12_83_104_WIN32\4\upgrade\setup\setup.exe 2013-08-27 14:05:12 78E662D435A8E1F5B9CED236FD331856 58641 ----a-w- C:\Program Files\7-Zip\Uninstall.exe === C: other files == 2013-08-29 16:06:39 546546C035EE6F240F10F87BBAC219E1 955 ----a-w- C:\Users\Public\Desktop\sample_20132908_1806.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-766547166-3330058944-3535508039-1000\Software\Microsoft\Windows\CurrentVersion\Run] "BearShare"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe --lightmode" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "F-Secure Hoster (666)"="C:\Program Files\F-Secure\fshoster32.exe -app -hosterid:1" "F-Secure Manager"="C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE /splash" "CommonToolkitTray"="C:\Program Files\Fighters\Tray\FightersTray.exe" "SWPROguard"="C:\Program Files\Fighters\SPYWAREfighter\swprotray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BearShare"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe --lightmode" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==== Startup Folders ====================== 2013-04-02 17:44:49 2004 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [16/07/2013 14:06] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28/03/2013 22:31] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28/03/2013 22:31] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chrome Look ====================== Google Docs - Anke - Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Anke - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Anke - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Anke - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Profile Visitors for Facebook - Anke - Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk Web Video Solution - Anke - Default\Extensions\lehjhdjciofcglicaidnlfleggadgfpk Helper extension - Anke - Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla Secure Downloader - Anke - Default\Extensions\njbcfghpoodhahbegndmbojmgkibhiol Card number - Anke - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Anke - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== shortcuts on Users Desktops ====================== C:\Users\Anke\Desktop\7-Zip File Manager.lnk - C:\Program Files\7-Zip\7zFM.exe C:\Users\Anke\Desktop\BearShare.lnk - C:\Program Files\BearShare Applications\BearShare\BearShare.exe C:\Users\Anke\Desktop\Doorgaan Revo Uninstaller Installatie.lnk - C:\Users\Anke\AppData\Local\Temp\ICReinstall_revo-uninstaller.exe /RR C:\Users\Anke\Desktop\HiJackThis.lnk - C:\Users\Anke\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Browser Choice.lnk - C:\Windows\System32\browserchoice.exe /launch C:\Users\Public\Desktop\Debut Video Capture Software.lnk - C:\Program Files\NCH Software\Debut\debut.exe C:\Users\Public\Desktop\F-Secure.lnk - C:\Program Files\F-Secure\trigger.exe --open-launchpad --operator-id 666 C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.318\mcuicnt.exe SecurityScanner.dll C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk - C:\Program Files\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exe C:\Users\Public\Desktop\SPYWAREfighter.lnk - C:\Program Files\Fighters\FighterLauncher.exe SWPRO C:\Users\Public\Desktop\VideoPad Video Editor.lnk - C:\Program Files\NCH Software\VideoPad\videopad.exe C:\Users\Public\Desktop\WinZip.lnk - C:\Program Files\WinZip\WINZIP32.EXE ==== shortcuts in Users Start Menu ====================== C:\Users\Anke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BearShare.lnk - C:\Program Files\BearShare Applications\BearShare\BearShare.exe C:\Users\Anke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Anke\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe C:\Users\Anke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR-handleiding.lnk - C:\Program Files\WinRAR\Rar.txt C:\Users\Anke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files\WinRAR\WinRAR.chm C:\Users\Anke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk - C:\Program Files\WinZip\WINZIP32.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk - C:\Program Files\7-Zip\7zFM.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk - C:\Program Files\7-Zip\7-zip.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure\F-Secure.lnk - C:\Program Files\F-Secure\trigger.exe --open-launchpad --operator-id 666 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure\Support Tool.lnk - C:\Program Files\F-Secure\diagnostics\fsdiag.exe /OPERATORID:666 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPYWAREfighter\Deïnstalleren.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPYWAREfighter\Repareren.lnk - C:\Program Files\Fighters\SPYWAREfighter\Uninstall.exe Reinstall C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPYWAREfighter\SPYWAREfighter.lnk - C:\Program Files\Fighters\FighterLauncher.exe SWPRO C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPYWAREfighter\Tools voor Ondersteuning\Logbestanden.lnk - C:\ProgramData\Common Toolkit Suite\AVEngine\Logs C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPYWAREfighter\Tools voor Ondersteuning\Verzamel logbestanden.lnk - C:\Program Files\Fighters\LogFilesCollector.exe /product:SWPRO C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPYWAREfighter\Tools voor Ondersteuning\Vraag Ondersteuning aan.lnk - C:\Program Files\Fighters\ShortcutLauncher.exe "C:\Program Files\Fighters\FighterLauncher.exe" "/goto=Support /pcode=SWPRO" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPYWAREfighter\Veelgestelde vragen en Licentieovereenkomst\Licentieovereenkomst.lnk - C:\Program Files\Fighters\SPYWAREfighter\Documents\EULA.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPYWAREfighter\Veelgestelde vragen en Licentieovereenkomst\Privacy.lnk - C:\Program Files\Fighters\ShortcutLauncher.exe "C:\Program Files\Fighters\FighterLauncher.exe" "/goto=Privacy /pcode=SWPRO" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters\SPYWAREfighter\Veelgestelde vragen en Licentieovereenkomst\Veelgestelde Vragen.lnk - C:\Program Files\Fighters\ShortcutLauncher.exe "C:\Program Files\Fighters\FighterLauncher.exe" "/goto=Help /pcode=SWPRO" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security\Panda Cloud Cleaner\Panda Cloud Cleaner.lnk - C:\Program Files\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security\Panda Cloud Cleaner\Uninstall Panda Cloud Cleaner.lnk - C:\Program Files\Panda Security\Panda Cloud Cleaner\unins001.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR-handleiding.lnk - C:\Program Files\WinRAR\Rar.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files\WinRAR\WinRAR.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip 17.5.lnk - C:\Program Files\WinZip\WINZIP32.EXE ==== shortcuts in Quick Launch ====================== C:\Users\Anke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk - C:\Program Files\BearShare Applications\BearShare\BearShare.exe C:\Users\Anke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Anke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Anke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Anke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Anke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BearShare.lnk - C:\Program Files\BearShare Applications\BearShare\BearShare.exe C:\Users\Anke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Anke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Anke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Anke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, Silent Runners - Adware? Disinfect, don't reformat! Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} BearShare = "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" --lightmode [MusicLab, LLC] swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [Google Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated] SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation] F-Secure Hoster (666) = "C:\Program Files\F-Secure\fshoster32.exe" -app -hosterid:1 [F-Secure Corporation] F-Secure Manager = "C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" /splash [F-Secure Corporation] CommonToolkitTray = C:\Program Files\Fighters\Tray\FightersTray.exe [sPAMfighter ApS] SWPROguard = C:\Program Files\Fighters\SPYWAREfighter\swprotray.exe [sPAMfighter] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\(Default) = MSS+ Identifier -> {HKLM...CLSID} = MSS+ Identifier \InProcServer32\(Default) = C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [McAfee, Inc.] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = Java Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = Java Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {E0D79304-84BE-11CE-9641-444553540000} = WinZip -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] {E0D79305-84BE-11CE-9641-444553540000} = WinZip -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] {E0D79307-84BE-11CE-9641-444553540000} = WinZip -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] {E0D79306-84BE-11CE-9641-444553540000} = WinZip -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] {23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension -> {HKLM...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov] {B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <<!>> BootExecute = autocheck autochk *|PCloudBroom.exe \systemroot\system32\BroomData.bit [file not found] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000} -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] {23814B80-52A2-11d0-BC1A-004095606CB9}\(Default) = F-Secure -> {HKLM...CLSID} = FSAV Shell Extension \InProcServer32\(Default) = C:\Program Files\F-Secure\apps\ComputerSecurity\Common\fpshx.dll [F-Secure Corporation] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov] WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000} -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov] WinZip\(Default) = {E0D79305-84BE-11CE-9641-444553540000} -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000} -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] {23814B80-52A2-11d0-BC1A-004095606CB9}\(Default) = F-Secure -> {HKLM...CLSID} = FSAV Shell Extension \InProcServer32\(Default) = C:\Program Files\F-Secure\apps\ComputerSecurity\Common\fpshx.dll [F-Secure Corporation] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinZip\(Default) = {E0D79305-84BE-11CE-9641-444553540000} -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\Users\Anke\Desktop\zoek.scr [smeenk] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ BSMediaPlayerOnArrival\ Provider = BearShare ProgID = BearShare.LauncherEventHandler HKLM\SOFTWARE\Classes\BearShare.LauncherEventHandler\CLSID\(Default) = {A7A4A19A-00AC-473c-8225-1B97D1FDD43E} -> {HKLM...CLSID} = CLauncherEventHandler Object \LocalServer32\(Default) = "C:\Program Files\BearShare Applications\BearShare\Launcher.exe" [MusicLab, LLC] BSShowCDAudioOnArrival\ Provider = BearShare InvokeProgID = BearShare.Device InvokeVerb = show HKLM\SOFTWARE\Classes\BearShare.Device\shell\show\Command\(Default) = C:\Program Files\BearShare Applications\BearShare\BearShare.exe --showportable = 1 %L [MusicLab, LLC] BSShowVolumeOnArrival\ Provider = BearShare InvokeProgID = BearShare.Device InvokeVerb = show HKLM\SOFTWARE\Classes\BearShare.Device\shell\show\Command\(Default) = C:\Program Files\BearShare Applications\BearShare\BearShare.exe --showportable = 1 %L [MusicLab, LLC] WIA_{A9881427-0855-447F-8526-CA8CEF5AFFFB}\ Provider = WinZip CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\WinZip\WINZIP32.EXE /wia; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] Startup items in "Anke" & "All Users" startup folders: ------------------------------------------------------ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++} McAfee Security Scan Plus -> shortcut to: C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe [McAfee, Inc.] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Flash Player Updater -> launches: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS] GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] {DC59F82F-B959-4CFC-9375-92CEC31EF5BF} -> launches: C:\Windows\system32\pcalua.exe -a D:\DirectX\DIRECTX.EXE -d D:\DirectX [MS] {DFE546B5-1E08-4982-A05A-36BD0E91BE3F} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Anke\Documents\gezinsbond\gezinsbond\Gezinsbond.exe -d C:\Users\Anke\Documents\gezinsbond\gezinsbond [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\NCH Software DebutReminder -> launches: C:\Program Files\NCH Software\Debut\Debut.exe -shakeicon [NCH Software] VideoPadDowngrade -> launches: C:\Program Files\NCH Software\VideoPad\videopad.exe -downgrade [NCH Software] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-766547166-3330058944-3535508039-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 20 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ {2318C2B1-4965-11D4-9B18-009027A5CD4F} -> {HKLM...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided) -> {HKLM...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] AV Engine Scanning Service, AV Engine Scanning Service, C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe [Preventon Technologies Limited] AV Watch Service, AV Watch Service, C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe [Preventon Technologies Limited] F-Secure Dll Hoster, fshoster, "C:\Program Files\F-Secure\fshoster32.exe" -hosterid:0 [F-Secure Corporation] F-Secure ORSP Client, FSORSPClient, "C:\Program Files\F-Secure\apps\CCF_Reputation\fsorsp.exe" [F-Secure Corporation] FSMA, FSMA, "C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE" [F-Secure Corporation] MBAMScheduler, MBAMScheduler, "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation] MBAMService, MBAMService, "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [Malwarebytes Corporation] Suite Service, Suite Service, C:\Program Files\Fighters\FighterSuiteService.exe [sPAMfighter ApS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <<!>> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <<!>> PEVSystemStart, Service ==== Empty IE Cache ====================== C:\Users\Anke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\users\Anke\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Anke\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 29/08/2013 at 20:04:19,29 ====================== - - - Updated - - - http://www.mijnbestand.nl/Bestand-RZA4OMLYDWAE.zip
- 29 augustus 2013
- 41 antwoorden
malware

anke marquetecken reageerde op anke marquetecken's topic in Archief Hardware algemeen

ik ben net op gewone modus geraakt, heel traag. ga zo logje sturen
- 29 augustus 2013
- 41 antwoorden
malware

anke marquetecken reageerde op anke marquetecken's topic in Archief Hardware algemeen

nee, ik sta nog op veilige modus, als ik opstart, blijf ik op zwart scherm staan. ik kan wel een pijltje bewegen:dong:
- 29 augustus 2013
- 41 antwoorden
malware

anke marquetecken reageerde op anke marquetecken's topic in Archief Hardware algemeen

Zoek.exe Version 4.0.0.4 Updated 26-08-2013 Tool run by Anke on do 29/08/2013 at 18:04:04,80. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Safe Mode NETWORK Internet Access Detected Launched: C:\Users\Anke\Desktop\zoek.scr [script inserted] ==== Creating Sample_20132908_1806.zip ====================== Copied file C:\Windows\System32\BroomData.bit to sample\BroomData.bit sample\BroomData.bit renamed to 6C59BBD6B87C73DDEDA11486BE4A1C65 C:\Users\Public\Desktop\sample_20132908_1806.zip created successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Utility Chest Search Scope Monitor"=- "UtilityChest_49 Browser Plugin Loader"=- "FromDocToPDF Search Scope Monitor"=- "FromDocToPDF_65 Browser Plugin Loader"=- "VideoDownloadConverter Search Scope Monitor"=- "VideoDownloadConverter_4z Browser Plugin Loader"=- "ApnTBMon"=- ==== Deleting Files \ Folders ====================== "C:\PROGRA~1\UTILIT~2" not found "C:\PROGRA~1\FROMDO~2" not found "C:\PROGRA~1\VIDEOD~2" not found "C:\Program Files\AskPartnerNetwork" not found "C:\users\Anke\AppData\Local\UtilityChest_49" deleted "C:\ProgramData\1E3BC" deleted "C:\ProgramData\25192" deleted "C:\ProgramData\332E5" deleted "C:\ProgramData\YTD Video Downloader" deleted "C:\ProgramData\TEMP" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-08-11 11:45:34 05D59FA456E407BBEB59C8590E6B27B0 19822 ----a-w- C:\Windows\prodsett_copy.ini ====== C:\Users\Anke\AppData\Local\Temp ==== ====== C:\Windows\system32 ===== 2013-08-28 05:14:59 6C59BBD6B87C73DDEDA11486BE4A1C65 424 ----a-w- C:\Windows\System32\BroomData.bit ====== C:\Windows\system32\drivers ===== 2013-08-26 19:26:38 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-08-14 06:19:20 4E8B9BE71B807B3BAEDB7F4243F85E3C 1293760 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-08-14 06:18:16 B37B08F2E5EEB1A37E448E09BACE1101 31232 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2013-08-11 11:46:42 18DA737DD5122A475DA4948ED4643675 44240 ----a-w- C:\Windows\System32\drivers\fsbts.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-08-28 19:01:52 -------- d-----w- C:\Program Files\WinRAR 2013-08-27 14:05:05 -------- d-----w- C:\Program Files\7-Zip 2013-08-27 12:05:08 -------- d-----w- C:\Program Files\Trend Micro 2013-08-26 15:46:31 -------- d-----w- C:\Program Files\Common Files\Common Toolkit Suite 2013-08-26 15:46:30 -------- d-----w- C:\Program Files\Fighters 2013-08-11 11:40:58 -------- d-----w- C:\Program Files\F-Secure 2013-08-02 10:43:16 -------- d-----w- C:\Program Files\WinZip 2013-08-02 10:42:14 -------- d-----w- C:\Program Files\GreenTree Applications ======= C: ===== ====== C:\Users\Anke\AppData\Roaming ====== 2013-08-29 10:54:25 -------- d-----w- C:\users\Anke\AppData\Local\Temp 2013-08-28 19:01:56 -------- d-----w- C:\users\Anke\AppData\Roaming\WinRAR 2013-08-28 19:01:56 -------- d-----w- C:\users\Anke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2013-08-28 16:35:00 -------- d-----w- C:\users\Anke\AppData\Local\ElevatedDiagnostics 2013-08-26 15:46:50 -------- d-----w- C:\users\Anke\AppData\Roaming\Fighters 2013-08-13 05:12:17 -------- d-----w- C:\users\Anke\AppData\Local\F-Secure 2013-08-05 10:59:10 -------- d-----w- C:\users\Anke\AppData\Roaming\Google 2013-08-02 10:43:35 -------- d-----w- C:\users\Anke\AppData\Local\WinZip 2013-08-01 15:51:06 -------- d-----w- C:\users\Anke\AppData\Local\Programs ====== C:\Users\Anke ====== 2013-08-29 07:03:11 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Anke\Downloads\7z920 (1).exe 2013-08-28 19:01:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2013-08-28 19:01:47 7784ACAC132C27E20B7A59688D6114FA 1886165 ----a-w- C:\Users\Anke\Downloads\wrar420nl.exe 2013-08-28 19:01:34 8B265CCA436DF81B113B9A43A215E4D9 2023116 ----a-w- C:\Users\Anke\Downloads\winrar-x64-420nl.exe 2013-08-27 20:31:29 B7199AB894D1EBD78FAEFC7AD405C15F 30566792 ----a-w- C:\Users\Anke\Downloads\PandaCloudCleaner (1).exe 2013-08-27 20:30:44 B7199AB894D1EBD78FAEFC7AD405C15F 30566792 ----a-w- C:\Users\Anke\Downloads\PandaCloudCleaner.exe 2013-08-27 14:05:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2013-08-27 14:03:27 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Anke\Downloads\7z920.exe 2013-08-26 19:25:43 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Anke\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-26 15:47:11 -------- d-----w- C:\ProgramData\clp 2013-08-26 15:46:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters 2013-08-26 15:46:29 -------- d-----w- C:\ProgramData\Common Toolkit Suite 2013-08-26 15:45:25 -------- d-----w- C:\ProgramData\Fighters 2013-08-26 15:44:34 AD77AF3522CFC969801A0D59C0223CDE 2356112 ----a-w- C:\Users\Anke\Downloads\spywarefighter (1).exe 2013-08-26 15:44:29 AD77AF3522CFC969801A0D59C0223CDE 2356112 ----a-w- C:\Users\Anke\Downloads\spywarefighter.exe 2013-08-11 11:41:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure 2013-08-11 11:39:19 -------- d-----w- C:\ProgramData\F-Secure 2013-08-02 10:43:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2013-08-02 10:43:17 -------- d-----w- C:\ProgramData\WinZip ====== C: exe-files == 2013-08-29 07:03:11 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Anke\Downloads\7z920 (1).exe 2013-08-28 19:01:52 9A31F7D5248712D6725234C6B16CEC18 270336 ----a-w- C:\Program Files\WinRAR\UnRAR.exe 2013-08-28 19:01:52 8BABC98395F0D8FC0968982237B1BC8F 404992 ----a-w- C:\Program Files\WinRAR\Rar.exe 2013-08-28 19:01:52 4C2298BF181AE43A2864AC8B53A119E3 123904 ----a-w- C:\Program Files\WinRAR\Uninstall.exe 2013-08-28 19:01:52 31EF2CA5D8E806F3B03450DD18FBBB3F 1159168 ----a-w- C:\Program Files\WinRAR\WinRAR.exe 2013-08-28 19:01:47 7784ACAC132C27E20B7A59688D6114FA 1886165 ----a-w- C:\Users\Anke\Downloads\wrar420nl.exe 2013-08-28 19:01:34 8B265CCA436DF81B113B9A43A215E4D9 2023116 ----a-w- C:\Users\Anke\Downloads\winrar-x64-420nl.exe 2013-08-27 20:31:29 B7199AB894D1EBD78FAEFC7AD405C15F 30566792 ----a-w- C:\Users\Anke\Downloads\PandaCloudCleaner (1).exe 2013-08-27 20:30:44 B7199AB894D1EBD78FAEFC7AD405C15F 30566792 ----a-w- C:\Users\Anke\Downloads\PandaCloudCleaner.exe 2013-08-27 19:16:10 A58B53D5CD6EEC9A7C3A9DFB37D65563 273344 ----a-w- C:\ProgramData\F-Secure\FSAUA\guts.sp.f-secure.com\content\CS_12_83_104_WIN32\4\upgrade\setup\setup.exe 2013-08-27 14:05:12 78E662D435A8E1F5B9CED236FD331856 58641 ----a-w- C:\Program Files\7-Zip\Uninstall.exe 2013-08-27 14:03:27 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Anke\Downloads\7z920.exe 2013-08-26 19:25:43 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Anke\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-26 15:44:34 AD77AF3522CFC969801A0D59C0223CDE 2356112 ----a-w- C:\Users\Anke\Downloads\spywarefighter (1).exe 2013-08-26 15:44:29 AD77AF3522CFC969801A0D59C0223CDE 2356112 ----a-w- C:\Users\Anke\Downloads\spywarefighter.exe === C: other files == 2013-08-29 16:06:39 546546C035EE6F240F10F87BBAC219E1 955 ----a-w- C:\Users\Public\Desktop\sample_20132908_1806.zip 2013-08-26 19:26:38 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-08-26 15:47:15 D797DEDB640403160DAA5AAF5A28AF7E 18789 ----a-w- C:\ProgramData\Common Toolkit Suite\AVEngine\Defs\ide\index.zip 2013-08-26 15:47:15 0883F8A64966204667BE74FC0A75908B 3790 ----a-w- C:\ProgramData\Common Toolkit Suite\AVEngine\Defs\vdb\index.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-766547166-3330058944-3535508039-1000\Software\Microsoft\Windows\CurrentVersion\Run] "BearShare"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe --lightmode" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "F-Secure Hoster (666)"="C:\Program Files\F-Secure\fshoster32.exe -app -hosterid:1" "F-Secure Manager"="C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE /splash" "CommonToolkitTray"="C:\Program Files\Fighters\Tray\FightersTray.exe" "SWPROguard"="C:\Program Files\Fighters\SPYWAREfighter\swprotray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BearShare"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe --lightmode" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==== Startup Folders ====================== 2013-04-02 17:44:49 2004 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [16/07/2013 14:06] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28/03/2013 22:31] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28/03/2013 22:31] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Anke\AppData\Roaming\Mozilla\Firefox\Profiles\ad6ajl7f.default - FromDocToPDF - %ProfilePath%\extensions\65ffxtbr@FromDocToPDF_65.com AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Deleting Files \ Folders ====================== "C:\Users\Anke\AppData\Roaming\Mozilla\Firefox\Profiles\ad6ajl7f.default\extensions\65ffxtbr@FromDocToPDF_65.com" deleted ==== Chrome Look ====================== Google Docs - Anke - Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Anke - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Anke - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Anke - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Profile Visitors for Facebook - Anke - Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk Web Video Solution - Anke - Default\Extensions\lehjhdjciofcglicaidnlfleggadgfpk Helper extension - Anke - Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla Secure Downloader - Anke - Default\Extensions\njbcfghpoodhahbegndmbojmgkibhiol Card number - Anke - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Anke - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Empty IE Cache ====================== C:\Users\Anke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\users\Anke\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Anke\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 29/08/2013 at 18:13:04,06 ======================
- 29 augustus 2013
- 41 antwoorden
malware

anke marquetecken reageerde op anke marquetecken's topic in Archief Hardware algemeen

Zoek.exe Version 4.0.0.4 Updated 26-08-2013 Tool run by Anke on do 29/08/2013 at 18:04:04,80. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Safe Mode NETWORK Internet Access Detected Launched: C:\Users\Anke\Desktop\zoek.scr [script inserted] ==== Creating Sample_20132908_1806.zip ====================== Copied file C:\Windows\System32\BroomData.bit to sample\BroomData.bit sample\BroomData.bit renamed to 6C59BBD6B87C73DDEDA11486BE4A1C65 C:\Users\Public\Desktop\sample_20132908_1806.zip created successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Utility Chest Search Scope Monitor"=- "UtilityChest_49 Browser Plugin Loader"=- "FromDocToPDF Search Scope Monitor"=- "FromDocToPDF_65 Browser Plugin Loader"=- "VideoDownloadConverter Search Scope Monitor"=- "VideoDownloadConverter_4z Browser Plugin Loader"=- "ApnTBMon"=- ==== Deleting Files \ Folders ====================== "C:\PROGRA~1\UTILIT~2" not found "C:\PROGRA~1\FROMDO~2" not found "C:\PROGRA~1\VIDEOD~2" not found "C:\Program Files\AskPartnerNetwork" not found "C:\users\Anke\AppData\Local\UtilityChest_49" deleted "C:\ProgramData\1E3BC" deleted "C:\ProgramData\25192" deleted "C:\ProgramData\332E5" deleted "C:\ProgramData\YTD Video Downloader" deleted "C:\ProgramData\TEMP" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-08-11 11:45:34 05D59FA456E407BBEB59C8590E6B27B0 19822 ----a-w- C:\Windows\prodsett_copy.ini ====== C:\Users\Anke\AppData\Local\Temp ==== ====== C:\Windows\system32 ===== 2013-08-28 05:14:59 6C59BBD6B87C73DDEDA11486BE4A1C65 424 ----a-w- C:\Windows\System32\BroomData.bit ====== C:\Windows\system32\drivers ===== 2013-08-26 19:26:38 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-08-14 06:19:20 4E8B9BE71B807B3BAEDB7F4243F85E3C 1293760 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-08-14 06:18:16 B37B08F2E5EEB1A37E448E09BACE1101 31232 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2013-08-11 11:46:42 18DA737DD5122A475DA4948ED4643675 44240 ----a-w- C:\Windows\System32\drivers\fsbts.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-08-28 19:01:52 -------- d-----w- C:\Program Files\WinRAR 2013-08-27 14:05:05 -------- d-----w- C:\Program Files\7-Zip 2013-08-27 12:05:08 -------- d-----w- C:\Program Files\Trend Micro 2013-08-26 15:46:31 -------- d-----w- C:\Program Files\Common Files\Common Toolkit Suite 2013-08-26 15:46:30 -------- d-----w- C:\Program Files\Fighters 2013-08-11 11:40:58 -------- d-----w- C:\Program Files\F-Secure 2013-08-02 10:43:16 -------- d-----w- C:\Program Files\WinZip 2013-08-02 10:42:14 -------- d-----w- C:\Program Files\GreenTree Applications ======= C: ===== ====== C:\Users\Anke\AppData\Roaming ====== 2013-08-29 10:54:25 -------- d-----w- C:\users\Anke\AppData\Local\Temp 2013-08-28 19:01:56 -------- d-----w- C:\users\Anke\AppData\Roaming\WinRAR 2013-08-28 19:01:56 -------- d-----w- C:\users\Anke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2013-08-28 16:35:00 -------- d-----w- C:\users\Anke\AppData\Local\ElevatedDiagnostics 2013-08-26 15:46:50 -------- d-----w- C:\users\Anke\AppData\Roaming\Fighters 2013-08-13 05:12:17 -------- d-----w- C:\users\Anke\AppData\Local\F-Secure 2013-08-05 10:59:10 -------- d-----w- C:\users\Anke\AppData\Roaming\Google 2013-08-02 10:43:35 -------- d-----w- C:\users\Anke\AppData\Local\WinZip 2013-08-01 15:51:06 -------- d-----w- C:\users\Anke\AppData\Local\Programs ====== C:\Users\Anke ====== 2013-08-29 07:03:11 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Anke\Downloads\7z920 (1).exe 2013-08-28 19:01:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2013-08-28 19:01:47 7784ACAC132C27E20B7A59688D6114FA 1886165 ----a-w- C:\Users\Anke\Downloads\wrar420nl.exe 2013-08-28 19:01:34 8B265CCA436DF81B113B9A43A215E4D9 2023116 ----a-w- C:\Users\Anke\Downloads\winrar-x64-420nl.exe 2013-08-27 20:31:29 B7199AB894D1EBD78FAEFC7AD405C15F 30566792 ----a-w- C:\Users\Anke\Downloads\PandaCloudCleaner (1).exe 2013-08-27 20:30:44 B7199AB894D1EBD78FAEFC7AD405C15F 30566792 ----a-w- C:\Users\Anke\Downloads\PandaCloudCleaner.exe 2013-08-27 14:05:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2013-08-27 14:03:27 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Anke\Downloads\7z920.exe 2013-08-26 19:25:43 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Anke\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-26 15:47:11 -------- d-----w- C:\ProgramData\clp 2013-08-26 15:46:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters 2013-08-26 15:46:29 -------- d-----w- C:\ProgramData\Common Toolkit Suite 2013-08-26 15:45:25 -------- d-----w- C:\ProgramData\Fighters 2013-08-26 15:44:34 AD77AF3522CFC969801A0D59C0223CDE 2356112 ----a-w- C:\Users\Anke\Downloads\spywarefighter (1).exe 2013-08-26 15:44:29 AD77AF3522CFC969801A0D59C0223CDE 2356112 ----a-w- C:\Users\Anke\Downloads\spywarefighter.exe 2013-08-11 11:41:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure 2013-08-11 11:39:19 -------- d-----w- C:\ProgramData\F-Secure 2013-08-02 10:43:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2013-08-02 10:43:17 -------- d-----w- C:\ProgramData\WinZip ====== C: exe-files == 2013-08-29 07:03:11 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Anke\Downloads\7z920 (1).exe 2013-08-28 19:01:52 9A31F7D5248712D6725234C6B16CEC18 270336 ----a-w- C:\Program Files\WinRAR\UnRAR.exe 2013-08-28 19:01:52 8BABC98395F0D8FC0968982237B1BC8F 404992 ----a-w- C:\Program Files\WinRAR\Rar.exe 2013-08-28 19:01:52 4C2298BF181AE43A2864AC8B53A119E3 123904 ----a-w- C:\Program Files\WinRAR\Uninstall.exe 2013-08-28 19:01:52 31EF2CA5D8E806F3B03450DD18FBBB3F 1159168 ----a-w- C:\Program Files\WinRAR\WinRAR.exe 2013-08-28 19:01:47 7784ACAC132C27E20B7A59688D6114FA 1886165 ----a-w- C:\Users\Anke\Downloads\wrar420nl.exe 2013-08-28 19:01:34 8B265CCA436DF81B113B9A43A215E4D9 2023116 ----a-w- C:\Users\Anke\Downloads\winrar-x64-420nl.exe 2013-08-27 20:31:29 B7199AB894D1EBD78FAEFC7AD405C15F 30566792 ----a-w- C:\Users\Anke\Downloads\PandaCloudCleaner (1).exe 2013-08-27 20:30:44 B7199AB894D1EBD78FAEFC7AD405C15F 30566792 ----a-w- C:\Users\Anke\Downloads\PandaCloudCleaner.exe 2013-08-27 19:16:10 A58B53D5CD6EEC9A7C3A9DFB37D65563 273344 ----a-w- C:\ProgramData\F-Secure\FSAUA\guts.sp.f-secure.com\content\CS_12_83_104_WIN32\4\upgrade\setup\setup.exe 2013-08-27 14:05:12 78E662D435A8E1F5B9CED236FD331856 58641 ----a-w- C:\Program Files\7-Zip\Uninstall.exe 2013-08-27 14:03:27 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Anke\Downloads\7z920.exe 2013-08-26 19:25:43 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Anke\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-26 15:44:34 AD77AF3522CFC969801A0D59C0223CDE 2356112 ----a-w- C:\Users\Anke\Downloads\spywarefighter (1).exe 2013-08-26 15:44:29 AD77AF3522CFC969801A0D59C0223CDE 2356112 ----a-w- C:\Users\Anke\Downloads\spywarefighter.exe === C: other files == 2013-08-29 16:06:39 546546C035EE6F240F10F87BBAC219E1 955 ----a-w- C:\Users\Public\Desktop\sample_20132908_1806.zip 2013-08-26 19:26:38 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-08-26 15:47:15 D797DEDB640403160DAA5AAF5A28AF7E 18789 ----a-w- C:\ProgramData\Common Toolkit Suite\AVEngine\Defs\ide\index.zip 2013-08-26 15:47:15 0883F8A64966204667BE74FC0A75908B 3790 ----a-w- C:\ProgramData\Common Toolkit Suite\AVEngine\Defs\vdb\index.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-766547166-3330058944-3535508039-1000\Software\Microsoft\Windows\CurrentVersion\Run] "BearShare"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe --lightmode" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "F-Secure Hoster (666)"="C:\Program Files\F-Secure\fshoster32.exe -app -hosterid:1" "F-Secure Manager"="C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE /splash" "CommonToolkitTray"="C:\Program Files\Fighters\Tray\FightersTray.exe" "SWPROguard"="C:\Program Files\Fighters\SPYWAREfighter\swprotray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BearShare"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe --lightmode" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==== Startup Folders ====================== 2013-04-02 17:44:49 2004 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [16/07/2013 14:06] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28/03/2013 22:31] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28/03/2013 22:31] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Anke\AppData\Roaming\Mozilla\Firefox\Profiles\ad6ajl7f.default - FromDocToPDF - %ProfilePath%\extensions\65ffxtbr@FromDocToPDF_65.com AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Deleting Files \ Folders ====================== "C:\Users\Anke\AppData\Roaming\Mozilla\Firefox\Profiles\ad6ajl7f.default\extensions\65ffxtbr@FromDocToPDF_65.com" deleted ==== Chrome Look ====================== Google Docs - Anke - Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Anke - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Anke - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Anke - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Profile Visitors for Facebook - Anke - Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk Web Video Solution - Anke - Default\Extensions\lehjhdjciofcglicaidnlfleggadgfpk Helper extension - Anke - Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla Secure Downloader - Anke - Default\Extensions\njbcfghpoodhahbegndmbojmgkibhiol Card number - Anke - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Anke - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Empty IE Cache ====================== C:\Users\Anke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\users\Anke\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Anke\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 29/08/2013 at 18:13:04,06 ======================
- 29 augustus 2013
- 41 antwoorden
malware

anke marquetecken reageerde op anke marquetecken's topic in Archief Hardware algemeen

en het word erger met de computer. ik moet hem 6 keer herstarten tegen ik die beveiligde modus krijg...
- 29 augustus 2013
- 41 antwoorden
malware

anke marquetecken reageerde op anke marquetecken's topic in Archief Hardware algemeen

ben ik nu juist? Zoek.exe Version 4.0.0.4 Updated 26-08-2013 Tool run by Anke on do 29/08/2013 at 12:47:54,43. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Safe Mode NETWORK Internet Access Detected Launched: C:\Users\Anke\Desktop\zoek.scr [script inserted] ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== "C:\Program Files\UtilityChest_49" not found "C:\Program Files\FromDocToPDF_65" not found "C:\Program Files\VideoDownloadConverter_4z" not found "C:\Program Files\AskPartnerNetwork" not found ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-08-11 11:45:34 05D59FA456E407BBEB59C8590E6B27B0 19822 ----a-w- C:\Windows\prodsett_copy.ini ====== C:\Users\Anke\AppData\Local\Temp ==== ====== C:\Windows\system32 ===== 2013-08-28 05:14:59 6C59BBD6B87C73DDEDA11486BE4A1C65 424 ----a-w- C:\Windows\System32\BroomData.bit ====== C:\Windows\system32\drivers ===== 2013-08-26 19:26:38 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-08-14 06:19:20 4E8B9BE71B807B3BAEDB7F4243F85E3C 1293760 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-08-14 06:18:16 B37B08F2E5EEB1A37E448E09BACE1101 31232 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2013-08-11 11:46:42 18DA737DD5122A475DA4948ED4643675 44240 ----a-w- C:\Windows\System32\drivers\fsbts.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-08-28 19:01:52 -------- d-----w- C:\Program Files\WinRAR 2013-08-27 14:05:05 -------- d-----w- C:\Program Files\7-Zip 2013-08-27 12:05:08 -------- d-----w- C:\Program Files\Trend Micro 2013-08-26 15:46:31 -------- d-----w- C:\Program Files\Common Files\Common Toolkit Suite 2013-08-26 15:46:30 -------- d-----w- C:\Program Files\Fighters 2013-08-11 11:40:58 -------- d-----w- C:\Program Files\F-Secure 2013-08-02 10:43:16 -------- d-----w- C:\Program Files\WinZip 2013-08-02 10:42:14 -------- d-----w- C:\Program Files\GreenTree Applications ======= C: ===== ====== C:\Users\Anke\AppData\Roaming ====== 2013-08-28 19:01:56 -------- d-----w- C:\users\Anke\AppData\Roaming\WinRAR 2013-08-28 19:01:56 -------- d-----w- C:\users\Anke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2013-08-28 16:35:00 -------- d-----w- C:\users\Anke\AppData\Local\ElevatedDiagnostics 2013-08-28 10:10:01 -------- d-----w- C:\users\Anke\AppData\Local\Temp 2013-08-26 15:46:50 -------- d-----w- C:\users\Anke\AppData\Roaming\Fighters 2013-08-13 05:12:17 -------- d-----w- C:\users\Anke\AppData\Local\F-Secure 2013-08-05 10:59:37 -------- d-----w- C:\users\Anke\AppData\Local\UtilityChest_49 2013-08-05 10:59:10 -------- d-----w- C:\users\Anke\AppData\Roaming\Google 2013-08-02 10:43:35 -------- d-----w- C:\users\Anke\AppData\Local\WinZip 2013-08-01 15:51:06 -------- d-----w- C:\users\Anke\AppData\Local\Programs ====== C:\Users\Anke ====== 2013-08-29 07:03:11 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Anke\Downloads\7z920 (1).exe 2013-08-28 19:01:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2013-08-28 19:01:47 7784ACAC132C27E20B7A59688D6114FA 1886165 ----a-w- C:\Users\Anke\Downloads\wrar420nl.exe 2013-08-28 19:01:34 8B265CCA436DF81B113B9A43A215E4D9 2023116 ----a-w- C:\Users\Anke\Downloads\winrar-x64-420nl.exe 2013-08-28 10:50:30 -------- d-----w- C:\ProgramData\1E3BC 2013-08-27 20:31:29 B7199AB894D1EBD78FAEFC7AD405C15F 30566792 ----a-w- C:\Users\Anke\Downloads\PandaCloudCleaner (1).exe 2013-08-27 20:30:44 B7199AB894D1EBD78FAEFC7AD405C15F 30566792 ----a-w- C:\Users\Anke\Downloads\PandaCloudCleaner.exe 2013-08-27 20:17:37 -------- d-----w- C:\ProgramData\25192 2013-08-27 14:05:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2013-08-27 14:03:27 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Anke\Downloads\7z920.exe 2013-08-26 19:25:43 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Anke\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-26 15:47:11 -------- d-----w- C:\ProgramData\clp 2013-08-26 15:46:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters 2013-08-26 15:46:29 -------- d-----w- C:\ProgramData\Common Toolkit Suite 2013-08-26 15:45:25 -------- d-----w- C:\ProgramData\Fighters 2013-08-26 15:44:34 AD77AF3522CFC969801A0D59C0223CDE 2356112 ----a-w- C:\Users\Anke\Downloads\spywarefighter (1).exe 2013-08-26 15:44:29 AD77AF3522CFC969801A0D59C0223CDE 2356112 ----a-w- C:\Users\Anke\Downloads\spywarefighter.exe 2013-08-25 08:20:51 -------- d-----w- C:\ProgramData\332E5 2013-08-11 11:41:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure 2013-08-11 11:39:19 -------- d-----w- C:\ProgramData\F-Secure 2013-08-02 10:43:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2013-08-02 10:43:17 -------- d-----w- C:\ProgramData\WinZip 2013-08-02 10:42:20 -------- d-----w- C:\ProgramData\YTD Video Downloader 2013-08-01 15:56:15 -------- d-----w- C:\ProgramData\TEMP ====== C: exe-files == 2013-08-29 07:03:11 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Anke\Downloads\7z920 (1).exe 2013-08-28 19:01:52 9A31F7D5248712D6725234C6B16CEC18 270336 ----a-w- C:\Program Files\WinRAR\UnRAR.exe 2013-08-28 19:01:52 8BABC98395F0D8FC0968982237B1BC8F 404992 ----a-w- C:\Program Files\WinRAR\Rar.exe 2013-08-28 19:01:52 4C2298BF181AE43A2864AC8B53A119E3 123904 ----a-w- C:\Program Files\WinRAR\Uninstall.exe 2013-08-28 19:01:52 31EF2CA5D8E806F3B03450DD18FBBB3F 1159168 ----a-w- C:\Program Files\WinRAR\WinRAR.exe 2013-08-28 19:01:47 7784ACAC132C27E20B7A59688D6114FA 1886165 ----a-w- C:\Users\Anke\Downloads\wrar420nl.exe 2013-08-28 19:01:34 8B265CCA436DF81B113B9A43A215E4D9 2023116 ----a-w- C:\Users\Anke\Downloads\winrar-x64-420nl.exe 2013-08-27 20:31:29 B7199AB894D1EBD78FAEFC7AD405C15F 30566792 ----a-w- C:\Users\Anke\Downloads\PandaCloudCleaner (1).exe 2013-08-27 20:30:44 B7199AB894D1EBD78FAEFC7AD405C15F 30566792 ----a-w- C:\Users\Anke\Downloads\PandaCloudCleaner.exe 2013-08-27 19:16:10 A58B53D5CD6EEC9A7C3A9DFB37D65563 273344 ----a-w- C:\ProgramData\F-Secure\FSAUA\guts.sp.f-secure.com\content\CS_12_83_104_WIN32\4\upgrade\setup\setup.exe 2013-08-27 14:05:12 78E662D435A8E1F5B9CED236FD331856 58641 ----a-w- C:\Program Files\7-Zip\Uninstall.exe 2013-08-27 14:03:27 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Users\Anke\Downloads\7z920.exe 2013-08-26 19:25:43 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Anke\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-26 15:44:34 AD77AF3522CFC969801A0D59C0223CDE 2356112 ----a-w- C:\Users\Anke\Downloads\spywarefighter (1).exe 2013-08-26 15:44:29 AD77AF3522CFC969801A0D59C0223CDE 2356112 ----a-w- C:\Users\Anke\Downloads\spywarefighter.exe === C: other files == 2013-08-26 19:26:38 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-08-26 15:47:15 D797DEDB640403160DAA5AAF5A28AF7E 18789 ----a-w- C:\ProgramData\Common Toolkit Suite\AVEngine\Defs\ide\index.zip 2013-08-26 15:47:15 0883F8A64966204667BE74FC0A75908B 3790 ----a-w- C:\ProgramData\Common Toolkit Suite\AVEngine\Defs\vdb\index.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-766547166-3330058944-3535508039-1000\Software\Microsoft\Windows\CurrentVersion\Run] "BearShare"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe --lightmode" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Utility Chest Search Scope Monitor"="C:\PROGRA~1\UTILIT~2\bar\1.bin\49srchmn.exe /m=2 /w /h" "UtilityChest_49 Browser Plugin Loader"="C:\PROGRA~1\UTILIT~2\bar\1.bin\49brmon.exe" "FromDocToPDF Search Scope Monitor"="C:\PROGRA~1\FROMDO~2\bar\1.bin\65srchmn.exe /m=2 /w /h" "FromDocToPDF_65 Browser Plugin Loader"="C:\PROGRA~1\FROMDO~2\bar\1.bin\65brmon.exe" "VideoDownloadConverter Search Scope Monitor"="C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe /m=2 /w /h" "VideoDownloadConverter_4z Browser Plugin Loader"="C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbrmon.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "ApnTBMon"="C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" "F-Secure Hoster (666)"="C:\Program Files\F-Secure\fshoster32.exe -app -hosterid:1" "F-Secure Manager"="C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE /splash" "CommonToolkitTray"="C:\Program Files\Fighters\Tray\FightersTray.exe" "SWPROguard"="C:\Program Files\Fighters\SPYWAREfighter\swprotray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BearShare"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe --lightmode" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==== Startup Folders ====================== 2013-04-02 17:44:49 2004 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [16/07/2013 14:06] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28/03/2013 22:31] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28/03/2013 22:31] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Anke\AppData\Roaming\Mozilla\Firefox\Profiles\ad6ajl7f.default - FromDocToPDF - %ProfilePath%\extensions\65ffxtbr@FromDocToPDF_65.com AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chrome Look ====================== Google Docs - Anke - Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Anke - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Anke - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Anke - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Profile Visitors for Facebook - Anke - Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk Web Video Solution - Anke - Default\Extensions\lehjhdjciofcglicaidnlfleggadgfpk Helper extension - Anke - Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla Secure Downloader - Anke - Default\Extensions\njbcfghpoodhahbegndmbojmgkibhiol Card number - Anke - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Anke - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Empty IE Cache ====================== C:\Users\Anke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\users\Anke\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Anke\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 29/08/2013 at 12:57:15,39 ======================
- 29 augustus 2013
- 41 antwoorden
malware

anke marquetecken reageerde op anke marquetecken's topic in Archief Hardware algemeen

dus, k kijk het filmpje, ma die klikt op een programma, en zet op 7zip, extract here, maar da programma heb ik er niet op staan. zit ondertussen op veilige modus. ben rechts op 7zip icoon gaan staan(int nederlands). op welk moet ik nu juist drukken?
- 28 augustus 2013
- 41 antwoorden
malware

anke marquetecken reageerde op anke marquetecken's topic in Archief Hardware algemeen

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:12:05, on 28/08/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16660) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\F-Secure\fshoster32.exe C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE C:\Program Files\Fighters\Tray\FightersTray.exe C:\Program Files\Fighters\SPYWAREfighter\swproTray.exe C:\Program Files\BearShare Applications\BearShare\BearShare.exe C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [utility Chest Search Scope Monitor] "C:\PROGRA~1\UTILIT~2\bar\1.bin\49srchmn.exe" /m=2 /w /h O4 - HKLM\..\Run: [utilityChest_49 Browser Plugin Loader] C:\PROGRA~1\UTILIT~2\bar\1.bin\49brmon.exe O4 - HKLM\..\Run: [FromDocToPDF Search Scope Monitor] "C:\PROGRA~1\FROMDO~2\bar\1.bin\65srchmn.exe" /m=2 /w /h O4 - HKLM\..\Run: [FromDocToPDF_65 Browser Plugin Loader] C:\PROGRA~1\FROMDO~2\bar\1.bin\65brmon.exe O4 - HKLM\..\Run: [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h O4 - HKLM\..\Run: [VideoDownloadConverter_4z Browser Plugin Loader] C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbrmon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" O4 - HKLM\..\Run: [F-Secure Hoster (666)] "C:\Program Files\F-Secure\fshoster32.exe" -app -hosterid:1 O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe O4 - HKLM\..\Run: [sWPROguard] C:\Program Files\Fighters\SPYWAREfighter\swprotray.exe O4 - HKCU\..\Run: [bearShare] "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" --lightmode O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AV Engine Scanning Service - Preventon Technologies Limited - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe O23 - Service: AV Watch Service - Preventon Technologies Limited - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe O23 - Service: FromDocToPDFService (FromDocToPDF_65Service) - Unknown owner - C:\PROGRA~1\FROMDO~2\bar\1.bin\65barsvc.exe (file missing) O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files\F-Secure\fshoster32.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\apps\CCF_Reputation\fsorsp.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe -- End of file - 6632 bytes
- 28 augustus 2013
- 41 antwoorden
malware

anke marquetecken reageerde op anke marquetecken's topic in Archief Hardware algemeen

ik krijg steeds de melding; u moet 1 of meerdere selecteren. maar ik selecteer wel dergelijk. apart lukt het ook niet...
- 28 augustus 2013
- 41 antwoorden
malware

anke marquetecken reageerde op anke marquetecken's topic in Archief Hardware algemeen

ik begin me zo stilletjes dom te voelen met al die programma's...
- 27 augustus 2013
- 41 antwoorden
malware

anke marquetecken reageerde op anke marquetecken's topic in Archief Hardware algemeen

ik heb net 7zip geïnstalleerd, hoe werk ik verder met dit programma?
- 27 augustus 2013
- 41 antwoorden
malware

anke marquetecken reageerde op anke marquetecken's topic in Archief Hardware algemeen

ik kan blijkbaar geen winzip meer krijgen. is er iets anders?
- 27 augustus 2013
- 41 antwoorden
malware

anke marquetecken reageerde op anke marquetecken's topic in Archief Hardware algemeen

dus, systemscan + save gedaan, mr krijg melding: cannot open hijack in notepad... - - - Updated - - - Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:11:27, on 27/08/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16660) Boot mode: Normal Running processes: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\UtilityChest_49\bar\1.bin\49SrchMn.exe C:\Program Files\UtilityChest_49\bar\1.bin\49brmon.exe C:\Program Files\FromDocToPDF_65\bar\1.bin\65brmon.exe C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe C:\Program Files\F-Secure\fshoster32.exe C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE C:\Program Files\Fighters\Tray\FightersTray.exe C:\Program Files\Fighters\SPYWAREfighter\swproTray.exe C:\Program Files\BearShare Applications\BearShare\BearShare.exe C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZO^xdm043^YY^be&ptb=32D08DCD-61E4-4DC6-A206-83028C18736F&si=EL_UTFIG_11 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll R3 - URLSearchHook: (no name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll R3 - URLSearchHook: (no name) - {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - C:\Program Files\UtilityChest_49\bar\1.bin\49SrcAs.dll O2 - BHO: Search Assistant BHO - {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - C:\Program Files\UtilityChest_49\bar\1.bin\49SrcAs.dll O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll O2 - BHO: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbar.dll O2 - BHO: Toolbar BHO - {58f7b5ca-1162-42e8-8bbc-d543b4edd780} - C:\PROGRA~1\UTILIT~2\bar\1.bin\49bar.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\PROGRA~1\FROMDO~2\bar\1.bin\65bar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll O3 - Toolbar: Utility Chest - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files\UtilityChest_49\bar\1.bin\49bar.dll O3 - Toolbar: FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65bar.dll O3 - Toolbar: VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [utility Chest Search Scope Monitor] "C:\PROGRA~1\UTILIT~2\bar\1.bin\49srchmn.exe" /m=2 /w /h O4 - HKLM\..\Run: [utilityChest_49 Browser Plugin Loader] C:\PROGRA~1\UTILIT~2\bar\1.bin\49brmon.exe O4 - HKLM\..\Run: [FromDocToPDF Search Scope Monitor] "C:\PROGRA~1\FROMDO~2\bar\1.bin\65srchmn.exe" /m=2 /w /h O4 - HKLM\..\Run: [FromDocToPDF_65 Browser Plugin Loader] C:\PROGRA~1\FROMDO~2\bar\1.bin\65brmon.exe O4 - HKLM\..\Run: [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h O4 - HKLM\..\Run: [VideoDownloadConverter_4z Browser Plugin Loader] C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbrmon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" O4 - HKLM\..\Run: [F-Secure Hoster (666)] "C:\Program Files\F-Secure\fshoster32.exe" -app -hosterid:1 O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe O4 - HKLM\..\Run: [sWPROguard] C:\Program Files\Fighters\SPYWAREfighter\swprotray.exe O4 - HKCU\..\Run: [bearShare] "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" --lightmode O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe O23 - Service: AV Engine Scanning Service - Preventon Technologies Limited - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe O23 - Service: AV Watch Service - Preventon Technologies Limited - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe O23 - Service: FromDocToPDFService (FromDocToPDF_65Service) - COMPANYVERS_NAME - C:\PROGRA~1\FROMDO~2\bar\1.bin\65barsvc.exe O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files\F-Secure\fshoster32.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\apps\CCF_Reputation\fsorsp.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe O23 - Service: Utility ChestService (UtilityChest_49Service) - COMPANYVERS_NAME - C:\PROGRA~1\UTILIT~2\bar\1.bin\49barsvc.exe O23 - Service: VideoDownloadConverterService (VideoDownloadConverter_4zService) - COMPANYVERS_NAME - C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe -- End of file - 9808 bytes
- 27 augustus 2013
- 41 antwoorden
malware

anke marquetecken plaatste een topic in Archief Hardware algemeen

gisteren werd ik op mijn fb getagt in een video. natuurlijk klikte ik deze open, maar niets gebeurde, dacht ik... nu werkt mijn computer traag en kan ik ook niet meer inloggen op mijn fb acount wegens; malware. virusscan gedaan met : f-secure: niks snelle scan gedaan met malwarebytes anti-malware:192 infecties: verwijderd. nog steeds geen toegang en blijvende melding van malware en computer blijft raar doen. volledige scan van C en D: 2 infecties: verwijderd. resultaat; geen fluit! ai, wat nu? heb computer nodig voor werk!!!
- 27 augustus 2013
- 41 antwoorden

Inloggen

anke marquetecken

Items

Registratiedatum

Laatst bezocht

Inhoudstype

Profielen

Forums

Store

Alles dat geplaatst werd door anke marquetecken

malware

malware

malware

malware

malware

malware

malware

malware

malware

malware

malware

malware

malware

malware

malware

malware

malware

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie