Ga naar inhoud

Politie virus

Mango
 Delen

Aanbevolen berichten

Mango Bijdrager

Mango

Geplaatst:
Geplaatst:

Hallo,

Ik heb weer eens het politie virus. Ik heb mijn pc geprobeerd op te starten in veilige modus met netwerkmogelijkheden maar dan sluit de pc zichzelf automatisch af, wat moet ik doen??

Alvast heel erg bedankt

Marco

Link naar reactie
Delen op andere sites
Mako Grootmeester

Mako

Geplaatst:
Geplaatst:

Hallo Marco,

Download "HitmanPro" via de onderstaande link bijvoorbeeld naar het bureaublad op een niet geïnfecteerde computer

Klik hier om de uitgebreide handleiding te raadplegen

Klik hier om de handleiding voor het uitvoeren van HitmanPro.Kickstart via een Boot-CD


  • HitmanPro downloaden.(Kies hier de 32 of 64 bit versie).
  • HitmanPro (32bit)
  • HitmanPro (64bit)
  • Dubbelklik op HitmanPro36.exe of HitmanPro36_64.exe om het programma op te starten.
  • Klik in het beginscherm op de "Kickstartknop" zoals u kunt zien in het onderstaande rode kader.
    hmpks-a.jpg
  • Indien er reeds een USB-stick is aangesloten zal HitmanPro Kickstart deze automatisch herkennen en weergeven.
  • Klik deze USB-stick éénmaal aan waarna u de keuze krijgt om Kickstart te installeren op de USB-stick.
  • Voordat HitmanPro.Kickstart wordt geïnstalleerd wordt de USB-stick opnieuw geformatteerd.
  • Waarschuwing! Bij het opnieuw formatteren gaan alle gegevens verloren die op de USB-stick zijn opgeslagen.
  • Nadat de HitmanPro Kickstart USB-stick is aangemaakt zal deze automatisch “veilig verwijderd” worden van het betreffende systeem waarop deze is aangemaakt.
  • Start de geïnfecteerde computer op van de HitmanPro.Kickstart USB-stick. (Hoe u de computer van een USB-stick kunt opstarten lees u hier)
  • Vink de optie "Ik accepteer de voorwaarden van de gebruikersovereenkomst aan" en klik op "Volgende"
  • Klik in het setup scherm nu nogmaals op "Volgende", nu zal automatisch de scan starten, doe verder niets op de computer totdat de scan gereed is.
  • Als de scan klaar is klik je op "volgende"
  • Activeer nu de gratis licentie, hiermee kunt u 30 dagen gratis HitmanPro gebruiken en de gevonden infecties verwijderen.
  • Note: indien u reeds eerder gebruik hebt gemaakt van de 30 dagen trial-versie van HitmanPro is het niet meer mogelijk om gratis de gevonden infecties te verwijderen.
  • Als het verwijderen gereed is klik je onderin het scherm op "Save log" of "Logbestand opslaan" en sla deze op bijvoorbeeld het bureaublad op.
    Post dit logje.
  • Klik nu op de knop "Herstarten".

Groet,

Mako

Link naar reactie
Delen op andere sites
Mango Bijdrager

Mango

Geplaatst:
  • Auteur
Geplaatst:

Heel erg bedankt voor de snelle reactie hier het logje:

HitmanPro 3.7.3.194
www.hitmanpro.com

  Computer name . . . . : MARCOS-PC
  Windows . . . . . . . : 6.1.1.7601.X64/4
  User name . . . . . . : NT AUTHORITY\SYSTEM
  UAC . . . . . . . . . : Disabled
  License . . . . . . . : Trial (30 days left)

  Scan date . . . . . . : 2013-05-12 11:43:31
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 42s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : Yes

  Threats . . . . . . . : 28
  Traces  . . . . . . . : 39

  Objects scanned . . . : 1.286.512
  Files scanned . . . . : 18.950
  Remnants scanned  . . : 275.975 files / 991.587 keys

Malware _____________________________________________________________________

  C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\n -> Quarantined
     Size . . . . . . . : 42.496 bytes
     Age  . . . . . . . : 0.0 days (2013-05-12 10:55:50)
     Entropy  . . . . . : 5.3
     SHA-256  . . . . . : 8244DDFCBA327A3F67A5582642C53241EE5E58D75808547CD74808BCDED272D0
   > G Data . . . . . . : Trojan.Sirefef.KH
   > Ikarus . . . . . . : Trojan.Win64!IK
     Fuzzy  . . . . . . : 138.0
        One or more antivirus vendors have indicated that the file is malicious.
        This file was most recently added as automatic startup.
        The file name extension of this program is not common.
        The hidden file attribute bit is set. This is not common to most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program starts automatically without user intervention.
        Time indicates that the file appeared recently on this computer.
     Startup
        HKLM\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\
     Forensic Cluster
        -9.8s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\
        -9.8s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe
        -7.8s C:\Users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt
        -7.1s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\6829803844.exe
        -7.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$R28AFB608
        -6.5s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\2\05\05E1Ed01
        -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\
        -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\
        -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\
        -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\@
        -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\n
        -5.7s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\InstallFlashPlayer.exe
        -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$RA49A1934
        -4.2s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$I28AFB608
        -4.2s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\15FF.tmp
        -0.0s C:\$Recycle.Bin\S-1-5-18\
        -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\
        -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\
        -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\@
        -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\
         0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\n
         0.0s C:\Windows\assembly\gac_64\Desktop.ini
         0.0s C:\Windows\assembly\gac_32\Desktop.ini
         0.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$IA49A1934
        15.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@
        15.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@
        15.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@
        15.9s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@
        18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@
        18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@
        18.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@
        23.1s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\1\41\A2A35d01
        36.8s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\incalladwidget[2].htm
        37.1s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\index-b7304d2291ffbd00555d74590ccfa04a.min[1].js
        39.9s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\thumbnails\7b596b88b849c5a64a66ff6fd4fc1633.png
        40.2s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\ads-in-client[2].js
        45.7s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\startupCache\startupCache.4.little
        49.2s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\
        49.2s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\7D487d01

  C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@ -> Quarantined
     Size . . . . . . . : 15.360 bytes
     Age  . . . . . . . : 0.0 days (2013-05-12 10:56:06)
     Entropy  . . . . . : 5.4
     SHA-256  . . . . . : E483D414588EA9E002CFADD9786088D90557AEB473C0C5C62C8E4B34C58DBDB9
   > G Data . . . . . . : Trojan.Generic.8044919
   > Ikarus . . . . . . : Trojan.Win64!IK
     Fuzzy  . . . . . . : 112.0
     Forensic Cluster
        -25.7s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\
        -25.7s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe
        -23.7s C:\Users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt
        -22.9s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\6829803844.exe
        -22.9s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$R28AFB608
        -22.4s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\2\05\05E1Ed01
        -21.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\
        -21.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\
        -21.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\
        -21.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\@
        -21.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\n
        -21.6s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\InstallFlashPlayer.exe
        -21.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$RA49A1934
        -20.1s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$I28AFB608
        -20.0s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\15FF.tmp
        -15.9s C:\$Recycle.Bin\S-1-5-18\
        -15.9s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\
        -15.9s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\
        -15.9s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\@
        -15.9s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\
        -15.9s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\n
        -15.9s C:\Windows\assembly\gac_64\Desktop.ini
        -15.9s C:\Windows\assembly\gac_32\Desktop.ini
        -15.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$IA49A1934
        -0.3s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@
        -0.3s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@
        -0.3s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@
         0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@
         2.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@
         2.8s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@
         2.8s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@
         7.2s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\1\41\A2A35d01
        21.0s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\incalladwidget[2].htm
        21.2s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\index-b7304d2291ffbd00555d74590ccfa04a.min[1].js
        24.1s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\thumbnails\7b596b88b849c5a64a66ff6fd4fc1633.png
        24.3s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\ads-in-client[2].js
        29.8s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\startupCache\startupCache.4.little
        33.3s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\
        33.3s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\7D487d01

  C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@ -> Quarantined
     Size . . . . . . . : 90.624 bytes
     Age  . . . . . . . : 0.0 days (2013-05-12 10:56:09)
     Entropy  . . . . . : 6.6
     SHA-256  . . . . . : EF8766EFC0DDC7A56A71DBCC65200537988163512C70F9CE8CD44398943DE5AD
   > Ikarus . . . . . . : Trojan.Win32.Alureon!IK
     Fuzzy  . . . . . . : 112.0
     Forensic Cluster
        -28.4s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\
        -28.4s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe
        -26.4s C:\Users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt
        -25.7s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\6829803844.exe
        -25.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$R28AFB608
        -25.1s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\2\05\05E1Ed01
        -24.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\
        -24.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\
        -24.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\
        -24.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\@
        -24.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\n
        -24.3s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\InstallFlashPlayer.exe
        -24.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$RA49A1934
        -22.8s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$I28AFB608
        -22.8s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\15FF.tmp
        -18.6s C:\$Recycle.Bin\S-1-5-18\
        -18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\
        -18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\
        -18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\@
        -18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\
        -18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\n
        -18.6s C:\Windows\assembly\gac_64\Desktop.ini
        -18.6s C:\Windows\assembly\gac_32\Desktop.ini
        -18.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$IA49A1934
        -3.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@
        -3.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@
        -3.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@
        -2.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@
         0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@
         0.1s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@
         0.1s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@
         4.5s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\1\41\A2A35d01
        18.2s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\incalladwidget[2].htm
        18.5s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\index-b7304d2291ffbd00555d74590ccfa04a.min[1].js
        21.3s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\thumbnails\7b596b88b849c5a64a66ff6fd4fc1633.png
        21.6s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\ads-in-client[2].js
        27.1s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\startupCache\startupCache.4.little
        30.6s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\
        30.6s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\7D487d01

  C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@ -> Quarantined
     Size . . . . . . . : 77.312 bytes
     Age  . . . . . . . : 0.0 days (2013-05-12 10:56:09)
     Entropy  . . . . . : 6.1
     SHA-256  . . . . . : DBDAEA813662144D3D37323DDAB9C9DC63501FB09E9DA3C70325BE5CA816C92B
   > Ikarus . . . . . . : Trojan.Win64!IK
     Fuzzy  . . . . . . : 112.0
     Forensic Cluster
        -28.5s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\
        -28.5s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe
        -26.4s C:\Users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt
        -25.7s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\6829803844.exe
        -25.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$R28AFB608
        -25.2s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\2\05\05E1Ed01
        -24.4s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\
        -24.4s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\
        -24.4s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\
        -24.4s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\@
        -24.4s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\n
        -24.4s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\InstallFlashPlayer.exe
        -24.4s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$RA49A1934
        -22.8s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$I28AFB608
        -22.8s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\15FF.tmp
        -18.6s C:\$Recycle.Bin\S-1-5-18\
        -18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\
        -18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\
        -18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\@
        -18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\
        -18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\n
        -18.6s C:\Windows\assembly\gac_64\Desktop.ini
        -18.6s C:\Windows\assembly\gac_32\Desktop.ini
        -18.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$IA49A1934
        -3.1s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@
        -3.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@
        -3.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@
        -2.8s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@
        -0.1s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@
         0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@
         0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@
         4.4s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\1\41\A2A35d01
        18.2s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\incalladwidget[2].htm
        18.4s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\index-b7304d2291ffbd00555d74590ccfa04a.min[1].js
        21.3s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\thumbnails\7b596b88b849c5a64a66ff6fd4fc1633.png
        21.5s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\ads-in-client[2].js
        27.0s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\startupCache\startupCache.4.little
        30.5s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\
        30.5s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\7D487d01

  C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\n -> Quarantined
     Size . . . . . . . : 42.496 bytes
     Age  . . . . . . . : 0.0 days (2013-05-12 10:55:45)
     Entropy  . . . . . : 5.3
     SHA-256  . . . . . : 8244DDFCBA327A3F67A5582642C53241EE5E58D75808547CD74808BCDED272D0
   > G Data . . . . . . : Trojan.Sirefef.KH
   > Ikarus . . . . . . : Trojan.Win64!IK
     Fuzzy  . . . . . . : 117.0
     Forensic Cluster
        -4.1s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\
        -4.1s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe
        -2.1s C:\Users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt
        -1.3s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\6829803844.exe
        -1.2s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$R28AFB608
        -0.8s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\2\05\05E1Ed01
        -0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\
        -0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\
        -0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\
        -0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\@
         0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\n
         0.0s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\InstallFlashPlayer.exe
         0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$RA49A1934
         1.5s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$I28AFB608
         1.6s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\15FF.tmp
         5.7s C:\$Recycle.Bin\S-1-5-18\
         5.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\
         5.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\
         5.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\@
         5.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\
         5.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\n
         5.7s C:\Windows\assembly\gac_64\Desktop.ini
         5.7s C:\Windows\assembly\gac_32\Desktop.ini
         6.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$IA49A1934
        21.3s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@
        21.3s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@
        21.3s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@
        21.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@
        24.3s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@
        24.4s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@
        24.4s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@
        28.8s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\1\41\A2A35d01
        42.6s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\incalladwidget[2].htm
        42.8s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\index-b7304d2291ffbd00555d74590ccfa04a.min[1].js
        45.7s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\thumbnails\7b596b88b849c5a64a66ff6fd4fc1633.png
        45.9s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\ads-in-client[2].js
        51.4s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\startupCache\startupCache.4.little
        54.9s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\
        54.9s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\7D487d01

  C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@ -> Quarantined
     Size . . . . . . . : 15.360 bytes
     Age  . . . . . . . : 0.0 days (2013-05-12 11:20:39)
     Entropy  . . . . . : 5.4
     SHA-256  . . . . . : E483D414588EA9E002CFADD9786088D90557AEB473C0C5C62C8E4B34C58DBDB9
   > G Data . . . . . . : Trojan.Generic.8044919
   > Ikarus . . . . . . : Trojan.Win64!IK
     Fuzzy  . . . . . . : 112.0
     Forensic Cluster
        -0.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@
        -0.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@
        -0.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@
         0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@
         0.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@
         0.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@
         0.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@

  C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@ -> Quarantined
     Size . . . . . . . : 90.624 bytes
     Age  . . . . . . . : 0.0 days (2013-05-12 11:20:40)
     Entropy  . . . . . : 6.6
     SHA-256  . . . . . : EF8766EFC0DDC7A56A71DBCC65200537988163512C70F9CE8CD44398943DE5AD
   > Ikarus . . . . . . : Trojan.Win32.Alureon!IK
     Fuzzy  . . . . . . : 112.0
     Forensic Cluster
        -0.9s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@
        -0.9s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@
        -0.9s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@
        -0.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@
         0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@
         0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@
         0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@

  C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@ -> Quarantined
     Size . . . . . . . : 77.312 bytes
     Age  . . . . . . . : 0.0 days (2013-05-12 11:20:40)
     Entropy  . . . . . : 6.1
     SHA-256  . . . . . : DBDAEA813662144D3D37323DDAB9C9DC63501FB09E9DA3C70325BE5CA816C92B
   > Ikarus . . . . . . : Trojan.Win64!IK
     Fuzzy  . . . . . . : 112.0
     Forensic Cluster
        -0.9s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@
        -0.9s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@
        -0.9s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@
        -0.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@
        -0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@
         0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@
         0.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@

  C:\Users\Marco.Marcos-PC\AppData\Local\Temp\1761647130.exe -> Quarantined
     Size . . . . . . . : 107.520 bytes
     Age  . . . . . . . : 0.0 days (2013-05-12 11:06:58)
     Entropy  . . . . . : 5.4
     SHA-256  . . . . . : 45588A043504B8047C2FED0CD8B54CA931B6EADEC3749B2C0B494B8A649DA755
   > Emsisoft . . . . . : Trojan.Ransom.Win32.Foreign.cjgu.AMN!A2
     Fuzzy  . . . . . . : 108.0
     Forensic Cluster
        -3.0s C:\Users\Marco.Marcos-PC\AppData\Roaming\Apple Computer\Logs\asl.110655_12May13.log
         0.0s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\1761647130.exe
         3.3s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\60577[1]

  C:\Users\Marco.Marcos-PC\AppData\Local\Temp\3645093495.exe -> Quarantined
     Size . . . . . . . : 107.520 bytes
     Age  . . . . . . . : 0.0 days (2013-05-12 11:19:20)
     Entropy  . . . . . : 5.4
     SHA-256  . . . . . : 45588A043504B8047C2FED0CD8B54CA931B6EADEC3749B2C0B494B8A649DA755
   > Emsisoft . . . . . : Trojan.Ransom.Win32.Foreign.cjgu.AMN!A2
     Fuzzy  . . . . . . : 108.0
     Forensic Cluster
        -2.8s C:\Users\Marco.Marcos-PC\AppData\Roaming\Apple Computer\Logs\asl.111917_12May13.log
         0.0s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\3645093495.exe
         2.4s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\WPDNSE\
         3.3s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3P7OJCUM\
         3.3s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3P7OJCUM\desktop.ini
         3.3s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPC30HLA\
         3.3s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPC30HLA\desktop.ini
         3.3s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0EXLVJ6\
         3.3s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT75R2DP\
         3.3s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT75R2DP\desktop.ini
         3.3s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0EXLVJ6\desktop.ini
         4.6s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3P7OJCUM\17214[1]

  C:\Users\Marco.Marcos-PC\AppData\Local\Temp\6829803844.exe -> Quarantined
     Size . . . . . . . : 107.520 bytes
     Age  . . . . . . . : 0.0 days (2013-05-12 10:55:43)
     Entropy  . . . . . : 5.4
     SHA-256  . . . . . : 45588A043504B8047C2FED0CD8B54CA931B6EADEC3749B2C0B494B8A649DA755
   > Emsisoft . . . . . : Trojan.Ransom.Win32.Foreign.cjgu.AMN!A2
     Fuzzy  . . . . . . : 108.0
     Forensic Cluster
        -2.7s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\
        -2.7s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe
        -0.7s C:\Users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt
         0.0s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\6829803844.exe
         0.1s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$R28AFB608
         0.6s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\2\05\05E1Ed01
         1.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\
         1.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\
         1.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\
         1.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\@
         1.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\n
         1.3s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\InstallFlashPlayer.exe
         1.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$RA49A1934
         2.9s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$I28AFB608
         2.9s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\15FF.tmp
         7.1s C:\$Recycle.Bin\S-1-5-18\
         7.1s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\
         7.1s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\
         7.1s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\@
         7.1s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\
         7.1s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\n
         7.1s C:\Windows\assembly\gac_64\Desktop.ini
         7.1s C:\Windows\assembly\gac_32\Desktop.ini
         7.4s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$IA49A1934
        22.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@
        22.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@
        22.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@
        22.9s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@
        25.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@
        25.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@
        25.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@
        30.1s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\1\41\A2A35d01
        43.9s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\incalladwidget[2].htm
        44.1s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\index-b7304d2291ffbd00555d74590ccfa04a.min[1].js
        47.0s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\thumbnails\7b596b88b849c5a64a66ff6fd4fc1633.png
        47.2s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\ads-in-client[2].js
        52.7s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\startupCache\startupCache.4.little
        56.3s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\
        56.3s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\7D487d01

  C:\Users\Marco.Marcos-PC\AppData\Roaming\skype.dat -> Quarantined
     Size . . . . . . . : 107.520 bytes
     Age  . . . . . . . : 183.1 days (2012-11-10 08:58:41)
     Entropy  . . . . . : 5.4
     SHA-256  . . . . . : 45588A043504B8047C2FED0CD8B54CA931B6EADEC3749B2C0B494B8A649DA755
   > Emsisoft . . . . . : Trojan.Ransom.Win32.Foreign.cjgu.AMN!A2
     Fuzzy  . . . . . . : 138.0
     Startup
        HKU\S-1-5-21-1855381489-1449304910-2271455802-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

  C:\Windows\assembly\gac_32\Desktop.ini -> Quarantined
     Size . . . . . . . : 5.120 bytes
     Age  . . . . . . . : 0.0 days (2013-05-12 10:55:51)
     Entropy  . . . . . : 3.8
     SHA-256  . . . . . : EDC48416BF17933E73F73C82B2E31F27C9A937389BFB18FC56871C29730D2B04
   > G Data . . . . . . : Trojan.Generic.7743326
   > Ikarus . . . . . . : Backdoor.Win32.ZAccess!IK
     Fuzzy  . . . . . . : 117.0
     Forensic Cluster
        -9.8s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\
        -9.8s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe
        -7.8s C:\Users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt
        -7.1s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\6829803844.exe
        -7.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$R28AFB608
        -6.5s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\2\05\05E1Ed01
        -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\
        -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\
        -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\
        -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\@
        -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\n
        -5.7s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\InstallFlashPlayer.exe
        -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$RA49A1934
        -4.2s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$I28AFB608
        -4.2s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\15FF.tmp
        -0.0s C:\$Recycle.Bin\S-1-5-18\
        -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\
        -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\
        -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\@
        -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\
        -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\n
        -0.0s C:\Windows\assembly\gac_64\Desktop.ini
         0.0s C:\Windows\assembly\gac_32\Desktop.ini
         0.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$IA49A1934
        15.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@
        15.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@
        15.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@
        15.9s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@
        18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@
        18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@
        18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@
        23.1s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\1\41\A2A35d01
        36.8s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\incalladwidget[2].htm
        37.1s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\index-b7304d2291ffbd00555d74590ccfa04a.min[1].js
        39.9s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\thumbnails\7b596b88b849c5a64a66ff6fd4fc1633.png
        40.2s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\ads-in-client[2].js
        45.7s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\startupCache\startupCache.4.little
        49.2s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\
        49.2s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\7D487d01

  C:\Windows\assembly\gac_64\Desktop.ini -> Quarantined
     Size . . . . . . . : 6.144 bytes
     Age  . . . . . . . : 0.0 days (2013-05-12 10:55:51)
     Entropy  . . . . . : 3.6
     SHA-256  . . . . . : 2D5832D2CE829B0C4B2BB45CAC4F691423AC8E685F3ADE7BC8941AB1CCA538B5
   > G Data . . . . . . : Trojan.Generic.7700709
   > Ikarus . . . . . . : Trojan.Win64!IK
     Fuzzy  . . . . . . : 117.0
     Forensic Cluster
        -9.8s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\
        -9.8s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe
        -7.8s C:\Users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt
        -7.1s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\6829803844.exe
        -7.0s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$R28AFB608
        -6.5s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\2\05\05E1Ed01
        -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\
        -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\
        -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\
        -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\@
        -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\n
        -5.7s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\InstallFlashPlayer.exe
        -5.7s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$RA49A1934
        -4.2s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$I28AFB608
        -4.2s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\15FF.tmp
        -0.0s C:\$Recycle.Bin\S-1-5-18\
        -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\
        -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\
        -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\@
        -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\
        -0.0s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\n
         0.0s C:\Windows\assembly\gac_64\Desktop.ini
         0.0s C:\Windows\assembly\gac_32\Desktop.ini
         0.3s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$IA49A1934
        15.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@
        15.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@
        15.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@
        15.9s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@
        18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@
        18.6s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@
        18.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@
        23.1s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\1\41\A2A35d01
        36.8s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\incalladwidget[2].htm
        37.1s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\index-b7304d2291ffbd00555d74590ccfa04a.min[1].js
        39.9s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\thumbnails\7b596b88b849c5a64a66ff6fd4fc1633.png
        40.2s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\ads-in-client[2].js
        45.7s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\startupCache\startupCache.4.little
        49.2s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\
        49.2s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\7D487d01


Suspicious files ____________________________________________________________

  C:\Users\Marco.Marcos-PC\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll
     Size . . . . . . . : 949.613 bytes
     Age  . . . . . . . : 182.8 days (2012-11-10 17:24:40)
     Entropy  . . . . . : 7.6
     SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
     Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Marco.Marcos-PC\AppData\Local\PunkBuster\BF3\pb\dll\wc002325.dll
     Size . . . . . . . : 959.376 bytes
     Age  . . . . . . . : 74.8 days (2013-02-26 15:59:48)
     Entropy  . . . . . : 7.6
     SHA-256  . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5
     RSA Key Size . . . : 2048
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : 22.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.
        Program is code signed with a valid Authenticode certificate.

  C:\Users\Marco.Marcos-PC\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
     Size . . . . . . . : 959.376 bytes
     Age  . . . . . . . : 17.6 days (2013-04-24 21:45:37)
     Entropy  . . . . . : 7.6
     SHA-256  . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5
     RSA Key Size . . . : 2048
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : 23.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
        Program contains PE structure anomalies. This is not typical for most programs.
        Program is code signed with a valid Authenticode certificate.

  C:\Users\Marco.Marcos-PC\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
     Size . . . . . . . : 959.376 bytes
     Age  . . . . . . . : 183.6 days (2012-11-09 21:08:00)
     Entropy  . . . . . : 7.6
     SHA-256  . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5
     RSA Key Size . . . : 2048
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : 22.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.
        Program is code signed with a valid Authenticode certificate.

  C:\Users\Marco.Marcos-PC\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
     Size . . . . . . . : 137.992 bytes
     Age  . . . . . . . : 183.6 days (2012-11-09 21:08:22)
     Entropy  . . . . . : 7.8
     SHA-256  . . . . . : 21A3D2E3A063EA2F986EF1BAFD1A71F7FC9EDB3F69E0265E51A18DBC111084F1
     RSA Key Size . . . : 2048
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : 22.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.
        Program is code signed with a valid Authenticode certificate.

  C:\Users\Marco.Marcos-PC\AppData\Local\PunkBuster\BLR\pb\pbcl.dll
     Size . . . . . . . : 949.190 bytes
     Age  . . . . . . . : 112.6 days (2013-01-19 21:04:15)
     Entropy  . . . . . : 7.6
     SHA-256  . . . . . : DAF43E93528BEEECC015FA98D6EE6D6FD6D19A049321E47A65665144E4511F41
     Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Marco.Marcos-PC\AppData\Local\PunkBuster\BLR\pb\PnkBstrK.sys
     Size . . . . . . . : 140.360 bytes
     Age  . . . . . . . : 112.6 days (2013-01-19 21:04:26)
     Entropy  . . . . . : 7.8
     SHA-256  . . . . . : 0F41B3843E2D2D1BB1ACF8B7CAA293309CC1CF8CF478B1AC86DD6BB214928DC4
     RSA Key Size . . . : 2048
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : 22.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.
        Program is code signed with a valid Authenticode certificate.

  C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe
     Size . . . . . . . : 62.976 bytes
     Age  . . . . . . . : 0.0 days (2013-05-12 10:55:41)
     Entropy  . . . . . : 7.1
     SHA-256  . . . . . : 66C1E15DEAD761C9790A083B027DD134BBD2515DBEE54FE173FD9819272D951C
     Fuzzy  . . . . . . : 23.0
        The hidden file attribute bit is set. This is not common to most programs.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Uses the Windows Registry to run each time the user logs on.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program starts automatically without user intervention.
        Time indicates that the file appeared recently on this computer.
        Program contains PE structure anomalies. This is not typical for most programs.
     Startup
        HKU\S-1-5-21-1855381489-1449304910-2271455802-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Manager
     Forensic Cluster
        -0.0s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\
         0.0s C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe
         2.0s C:\Users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt
         2.7s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\6829803844.exe
         2.8s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$R28AFB608
         3.3s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\2\05\05E1Ed01
         4.1s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\
         4.1s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\
         4.1s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\
         4.1s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\@
         4.1s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\n
         4.1s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\InstallFlashPlayer.exe
         4.1s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$RA49A1934
         5.6s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$I28AFB608
         5.6s C:\Users\Marco.Marcos-PC\AppData\Local\Temp\15FF.tmp
         9.8s C:\$Recycle.Bin\S-1-5-18\
         9.8s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\
         9.8s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\
         9.8s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\@
         9.8s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\
         9.8s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\n
         9.8s C:\Windows\assembly\gac_64\Desktop.ini
         9.8s C:\Windows\assembly\gac_32\Desktop.ini
        10.1s C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$IA49A1934
        25.4s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@
        25.4s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@
        25.4s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@
        25.7s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000000.@
        28.4s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000032.@
        28.5s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\80000064.@
        28.5s C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@
        32.9s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\1\41\A2A35d01
        46.6s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\incalladwidget[2].htm
        46.9s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\index-b7304d2291ffbd00555d74590ccfa04a.min[1].js
        49.7s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\thumbnails\7b596b88b849c5a64a66ff6fd4fc1633.png
        50.0s C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J13OBCF\ads-in-client[2].js
        55.5s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\startupCache\startupCache.4.little
        59.0s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\
        59.0s C:\Users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache\0\E2\7D487d01


Malware remnants ____________________________________________________________

  C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\@ (ZeroAccess) -> Deleted
  C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\ (ZeroAccess) -> Deleted
  C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@ (ZeroAccess) -> Deleted
  C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\ (ZeroAccess) -> Deleted
  C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@ (ZeroAccess) -> Deleted
  C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@ (ZeroAccess) -> Deleted
  C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@ (ZeroAccess) -> Deleted
  C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\@ (ZeroAccess) -> Deleted
  C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\ (ZeroAccess) -> Deleted
  C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\L\00000004.@ (ZeroAccess) -> Deleted
  C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\ (ZeroAccess) -> Deleted
  C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\00000004.@ (ZeroAccess) -> Deleted
  C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\00000008.@ (ZeroAccess) -> Deleted
  C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f\U\000000cb.@ (ZeroAccess) -> Deleted

Link naar reactie
Delen op andere sites
Mako Grootmeester

Mako

Geplaatst:
Geplaatst:

Hoi,

  1. Download MBAM (Malwarebytes Anti-Malware)
    Dubbelklik op mbam-setup.exe om het programma te installeren.
    Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
    Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
    Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
    Het scannen kan een tijdje duren, dus wees geduldig.
    Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
    Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).
    Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.
    MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.
    Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.
    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.
    Plak de inhoud van het logje in je volgende bericht.
  2. Download zoek.exe naar het bureaublad.

    • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
      (hier of hier) kan je lezen hoe je dat doet.
    • Dubbelklik op Zoek.exe om de tool te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Kopieer nu onderstaande code en plak die in het grote invulvenster:
    • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem. 

 
process;
startupall; 
filesrcm; 
autoclean;


  • Klik daarna op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites
Mango Bijdrager

Mango

Geplaatst:
  • Auteur
Geplaatst:

Hier het mbam logje:

Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300

Malwarebytes : Free anti-malware download

Databaseversie: v2013.05.12.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Marco :: MARCOS-PC [administrator]

Bescherming: Ingeschakeld

12-5-2013 13:54:09

mbam-log-2013-05-12 (13-54-09).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 268857

Verstreken tijd: 1 minuut/minuten, 19 seconde(n)

Geheugenprocessen gedetecteerd: 1

C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe (Trojan.MWF.Gen) -> 468 -> Zal worden verwijderd tijdens het herstarten.

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Windows Manager (Trojan.MWF.Gen) -> Data: C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe -> Succesvol in quarantaine geplaatst en verwijderd.

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 1

C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948\winmgr.exe (Trojan.MWF.Gen) -> Zal worden verwijderd tijdens het herstarten.

(einde)

En hier het zoek.exe logje:

Zoek.exe Version 4.0.0.2 Updated 12-May-2013

Tool run by Marco on zo 12-05-2013 at 13:58:49,89.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1855381489-1449304910-2271455802-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

E:\Malwarebytes' Anti-Malware\mbamscheduler.exe

E:\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

E:\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Origin\Origin.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Users\Marco.Marcos-PC\AppData\Local\Akamai\netsession_win.exe

C:\Users\Marco.Marcos-PC\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

E:\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

E:\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Marco.Marcos-PC\Downloads\zoek.exe

C:\Windows\SysWOW64\cmd.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe

C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe

C:\Windows\SysWOW64\cmd.exe

==== FireFox Fix ======================

ProfilePath: C:\Users\Marco.Marcos-PC\AppData\Roaming\Mozilla\Firefox\Profiles\c7isuqlk.default

user.js not found

---- Lines snap.do removed from prefs.js ----

user_pref("keyword.URL", "http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=NL&userid=fd92bbb4-eefa-4137-b1d5-55519a993edd&searchtype=ds&q=");

---- Lines snap.do modified from prefs.js ----

---- Lines helperbar removed from prefs.js ----

user_pref("extensions.helperbar.DockingPositionDown", false);

user_pref("extensions.helperbar.LastHiddenTime", 22567335);

user_pref("extensions.helperbar.SmartbarDisabled", false);

user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

---- Lines helperbar modified from prefs.js ----

---- Lines smartbar removed from prefs.js ----

---- Lines smartbar modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

prefs_12-05-2013_1402_.backup

==== Deleting Files \ Folders ======================

"C:\$Recycle.Bin\S-1-5-18\$a3a5dff2beec6f70883664bf297a197f" not found

"C:\ProgramData\9593d.pad" not found

"C:\Users\Marco.Marcos-PC\AppData\Roaming\skype.ini" deleted

"C:\Users\Marco.Marcos-PC\AppData\Roaming\Mozilla\Firefox\Profiles\c7isuqlk.default\searchplugins\Web Search.xml" deleted

"C:\$Recycle.Bin\S-1-5-21-1855381489-1449304910-2271455802-1000\$a3a5dff2beec6f70883664bf297a197f" deleted

"C:\Windows\syswow64\appdata" deleted

"C:\Program Files (x86)\Common Files\DVDVideoSoft\TB" deleted

"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted

"C:\Program Files (x86)\Common Files\Wondershare" deleted

"C:\Users\Marco.Marcos-PC\AppData\Roaming\OpenCandy" deleted

"C:\Users\Marco.Marcos-PC\AppData\Local\Wondershare" deleted

"C:\Windows\SysWow64\AI_RecycleBin" deleted

==== Registry Search Results for "$a3a5dff2beec6f70883664bf297a197f" ======================

No instances of string "$a3a5dff2beec6f70883664bf297a197f" found.

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\MARCO~1.MAR\AppData\Local\Temp ====

2013-05-12 09:47:49 CFB6778EEA0AE50BDF4124F9BFA49D27 287 ----a-w- C:\Users\MARCO~1.MAR\AppData\Local\Temp\0727114825.exe

2013-05-12 08:55:45 2FF9B590342C62748885D459D082295F 89248 --sha-w- C:\Users\MARCO~1.MAR\AppData\Local\Temp\InstallFlashPlayer.exe

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2013-05-12 09:45:10 D527F4855DBB46CDD7E9BD8492B95B5B 6736 ----a-w- C:\Windows\Sysnative\.crusader

====== C:\Windows\Sysnative\drivers =====

2013-04-24 06:04:01 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-05-12 09:43:30 -------- d-----w- C:\Program Files\HitmanPro

======= C:\Program Files (x86) =====

======= C: =====

====== C:\Users\Marco.Marcos-PC\AppData\Roaming ======

2013-05-12 08:55:43 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt

====== C:\Users\Marco.Marcos-PC ======

2013-05-12 09:43:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

2013-05-12 09:42:47 -------- d-----w- C:\ProgramData\HitmanPro

2013-05-12 08:55:41 -------- d-sh--r- C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948

====== C: exe-files ==

2013-05-12 11:28:59 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Marco.Marcos-PC\Downloads\mbam-setup-1.75.0.1300.exe

2013-05-12 09:47:49 CFB6778EEA0AE50BDF4124F9BFA49D27 287 ----a-w- C:\Users\Marco.Marcos-PC\AppData\Local\Temp\0727114825.exe

2013-05-12 09:43:31 BE3B1DD6B8F89BD38B5C9ADF9C937B75 109352 ----a-w- C:\Program Files\HitmanPro\hmpsched.exe

2013-05-12 09:43:30 509401F6EC88BAB5463C996197E5EA08 9741664 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe

2013-05-12 08:55:45 2FF9B590342C62748885D459D082295F 89248 --sha-w- C:\Users\Marco.Marcos-PC\AppData\Local\Temp\InstallFlashPlayer.exe

=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1855381489-1449304910-2271455802-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"EADM"="C:\Origin\Origin.exe -AutoStart"

"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"

"Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"

"Akamai NetSession Interface"="C:\Users\Marco.Marcos-PC\AppData\Local\Akamai\netsession_win.exe"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe /TRAYONLY"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"Wondershare Helper Compact.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"

"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

"iTunesHelper"="E:\iTunesHelper.exe"

"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"

"AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"EADM"="C:\Origin\Origin.exe -AutoStart"

"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"

"Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"

"Akamai NetSession Interface"="C:\Users\Marco.Marcos-PC\AppData\Local\Akamai\netsession_win.exe"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10-04-2013 15:43]

C:\Windows\tasks\ROC_REG_JAN_DELETE.job --a------ [undertermined Task]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Marco.Marcos-PC\AppData\Roaming\Mozilla\Firefox\Profiles\c7isuqlk.default

- DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Marco.Marcos-PC\AppData\Roaming\Mozilla\Firefox\Profiles\c7isuqlk.default

F7E72D3A281F922BACEC1A71A826D4C2 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll - Shockwave Flash

F00A0EF5835E1B96F783D617F1948704 - E:\Mozilla Plugins\npitunes.dll - iTunes Application Detector

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

"Use Search Asst"="yes"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=NL&userid=fd92bbb4-eefa-4137-b1d5-55519a993edd&searchtype=ds&q={searchTerms}"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=NL&userid=fd92bbb4-eefa-4137-b1d5-55519a993edd&searchtype=ds&q={searchTerms}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=NL&userid=fd92bbb4-eefa-4137-b1d5-55519a993edd&searchtype=ds&q={searchTerms}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

"Use Search Asst"="no"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully

HKEY_USERS\S-1-5-21-1855381489-1449304910-2271455802-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully

HKEY_USERS\S-1-5-21-1855381489-1449304910-2271455802-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully

HKEY_USERS\S-1-5-21-1855381489-1449304910-2271455802-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_USERS\S-1-5-21-1855381489-1449304910-2271455802-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Marco.Marcos-PC\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Marco.Marcos-PC\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Marco.Marcos-PC\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\Marco.Marcos-PC\AppData\Local\Mozilla\Firefox\Profiles\c7isuqlk.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\Marco.Marcos-PC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\MARCO~1.MAR\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Marco.Marcos-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

Link naar reactie
Delen op andere sites
Mako Grootmeester

Mako

Geplaatst:
Geplaatst:

Hallo,


    • Dubbelklik op Zoek.exe om de tool te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Kopieer nu onderstaande code en plak die in het grote invulvenster:
    • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem. 

 
C:\users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt;f
C:\Windows\tasks\ROC_REG_JAN_DELETE.job;f
C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948;fs


  • Klik op de knop "Options" en vink nu de onderstaande opties aan.

    • System Restore Info

    [*] Klik daarna op de knop "Run script".

    [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    [*] Post nu de inhoud van het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites
Mango Bijdrager

Mango

Geplaatst:
  • Auteur
Geplaatst:

Hallo,

Zoek.exe Version 4.0.0.2 Updated 12-May-2013

Tool run by Marco on di 14-05-2013 at 15:48:34,12.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results12-05-2013-1404.log 17043 bytes

==== Deleting Files \ Folders ======================

"C:\users\Marco.Marcos-PC\AppData\Roaming\winsvcna.txt" deleted

"C:\Windows\tasks\ROC_REG_JAN_DELETE.job" deleted

"C:\Users\Marco.Marcos-PC\M-3950-5949-8593-3948" deleted

======== System Restore Points ========

RP101: 12-5-2013 19:00:12 - Windows Back-up

RP102: 12-5-2013 19:01:00 - Windows Back-up

Link naar reactie
Delen op andere sites
Mako Grootmeester

Mako

Geplaatst:
Geplaatst:

Hallo,

Fijn te horen dat de problemen van de baan zijn. Ik zie zonet dat er mogelijk nog 2 bestanden zijn blijven staan die eveneens verwijderd mogen worden.


  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem. 

 
C:\Windows\assembly\gac_64\Desktop.ini;f
C:\Windows\assembly\gac_32\Desktop.ini;f


  • Klik daarna op de knop "Run script".

Achteraf mag je Zoek.exe opnieuw van je computer verwijderen, dit kan gewoon door het bestand te verwijderen.

MBAM kan je op je computer houden als aanvullende anti-malware scanner. Doe hier dan regelmatig een scan mee.

Groet,

Mako

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.