Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - sabeleon

Pages: [1]
1
RogueKiller / Re: Please help with report, what not to delete?
« on: August 15, 2017, 12:16:01 PM »
Hi Curson,

Thank you for your reply including the advice!
No problem, you moved my thread, I will take this in account for a next post.

Regards,



2
RogueKiller / Please help with report, what not to delete?
« on: August 13, 2017, 02:41:03 PM »
Hello,

Could you please help me with the report from RogueKiller scan of my PC. I'm really not sure what NOT to remove.
I'll give you my report.
Thank you very much.

** Report found threats by RogueKiller: **

RogueKiller V12.11.9.0 (x64) [Aug  3 2017] (Free) door Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Besturingssysteem : Windows 8.1 (6.3.9600) 64 bits version
Gestart in : Normale mode
Gebruiker : sandra [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Datum : 08/13/2017 12:47:53 (Duration : 00:12:58)

¤¤¤ Processen : 0 ¤¤¤

¤¤¤ Register : 14 ¤¤¤
[PUP.DriverPack] (X64) HKEY_USERS\RK_Sandra_ON_F_4EC1\Software\drpsu -> Gevonden
[PUP.Gen1] (X64) HKEY_USERS\RK_Sandra_ON_F_4EC1\Software\Softonic -> Gevonden
[PUP.DriverPack] (X86) HKEY_USERS\RK_Sandra_ON_F_4EC1\Software\drpsu -> Gevonden
[PUP.Gen1] (X86) HKEY_USERS\RK_Sandra_ON_F_4EC1\Software\Softonic -> Gevonden
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_9039\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5EC3041D-F02A-46A7-8F6E-A54CED2ACBBE} :

v2.0|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Sandra\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe|Name=Microsoft OneDrive|Edge=FALSE|
  • -> Gevonden
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {77EBCB6B-C7B6-4E50-AD7D-A59E47B440BE} : v2.22|Action=Allow|

Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\KMSpico\KMSELDI.exe|Name=KMS Emulator: KMSELDI.exe|
  • -> Gevonden
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EE0619FD-81BF-4E56-B549-13F7B990886F} : v2.22|Action=Allow|

Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\KMSpico\KMSELDI.exe|Name=KMS Emulator: KMSELDI.exe|
  • -> Gevonden
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {25F4FE16-969E-456E-9BE4-9D20812B8E34} : v2.22|Action=Allow|

Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\KMSpico\KMSServer.exe|Name=KMS Emulator: KMSServer.exe|
  • -> Gevonden
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F034E27F-8376-49F7-B8B5-6EE9D5C78CE3} : v2.22|Action=Allow|

Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\KMSpico\KMSServer.exe|Name=KMS Emulator: KMSServer.exe|
  • -> Gevonden
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D688CDCB-F6BB-4346-938D-D08EAF6C8D2F} : v2.22|Action=Allow|

Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\KMSpico\Service_KMS.exe|Name=KMS Emulator: Service_KMS.exe|
  • -> Gevonden
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F0BE443C-B41E-4919-B41D-616ECD0A33F2} : v2.22|Action=Allow|

Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\KMSpico\Service_KMS.exe|Name=KMS Emulator: Service_KMS.exe|
  • -> Gevonden
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {ADF785FE-A606-46AA-B3D9-4AC8B11E11E9} : v2.22|Action=Allow|

Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\KMSpico\AutoPico.exe|Name=KMS Emulator: AutoPico.exe|
  • -> Gevonden
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {99F2A4DB-028D-4DDE-BA60-A21056A4BD2B} : v2.22|Action=Allow|

Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\KMSpico\AutoPico.exe|Name=KMS Emulator: AutoPico.exe|
  • -> Gevonden
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_9039\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5EC3041D-F02A-46A7-8F6E-A54CED2ACBBE} :

v2.0|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Sandra\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe|Name=Microsoft OneDrive|Edge=FALSE|
  • -> Gevonden


¤¤¤ Taken : 0 ¤¤¤

¤¤¤ Bestanden : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Host-bestand : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Geladen) ¤¤¤

¤¤¤ Web Browsers : 2 ¤¤¤
[PUM.HomePage][Firefox:Config] nunl31rw.default : user_pref("browser.startup.homepage", "http://www.adhdcafe-breda.nl|http://www.adhd-nederland.nl/opleiding-training-

workshops/opleiding-training-workshops/|https://www.zwartekat.nl/speellijsten/|http://mattkersley.com/responsive/|https://www.sitepoint.com/understanding-css-grid-systems/|

https://www.coursera.org/learn/website-coding?recoOrder=5&utm_medium=email&utm_source=recommendations&utm_campaign=recommendationsEmail%7Erecs_email_2016_06_12_17%3A57|

http://1stwebdesigner.com/fluid-grid-layout/| http://www.webwijzer.nl/leren-online/spaans-leren.html| http://www.dailymotion.com/video/x26ofhs_south-park-season-18-episode-1-go-fund-

yourself_shortfilms|http://www.uvh.nl/hoorcolleges/hoe-kan-ik-omgaan-met-kwetsbaarheid|http://www.techtimes.com/articles/187509/20161202/spiritual-religious-experiences-activate-same-

reward-circuits-in-the-brain-as-love-drugs-and-music.htm|https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&service=mail&sacu=1&rip=1#identifier|

http://www.allradio.nl|http://radioplayer.npo.nl/radio2/|http://blog.teamtreehouse.com/css-positioning|file:///G:/@Actief%202015-2016/2015%20Studie%20-%20Uitvoering/AT%20Studie_zf%20-

%20Web%20development/Aantekeningen/Cheatsheets/css-selectors-overview.html|https://cloudfour.com/thinks/responsive-images-101-part-9-image-breakpoints/|https://www.google.nl/search?

q=hyperfocus+coaching&ie=utf-8&oe=utf-8&client=firefox-b-ab&gfe_rd=cr&ei=UW1SWISfD9LG8AfR9qL4Aw|https://www.google.nl/search?q=southpark+butters+fired+as+friend&ie=utf-8&oe=utf-

8&client=firefox-b-ab&gfe_rd=cr&ei=INCyWMLiJqPc8AeN54uADg#q=south+park+episode+6+butters+fired&tbm=vid&start=40&*|http://www.ikleerinbeelden.nl/beelddenken/gedrag-

beelddenken/hyperfocu/"); -> Gevonden
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.nporadio2.nl/live|https://web.whatsapp.com/|chrome://bookmarks/|

http://localhost/sa_wordpress/pcrestarttest/wp-admin/|http://localhost/sa_wordpress/pcrestarttest/] -> Gevonden

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 850 EVO M.2 250GB +++++
--- User ---
[MBR] f33236c0dc6a869a11a57cbdfc566395
[BSP] d458816dd0bfae263e728e0c4e880094 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 238123 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST2000DM001-1ER164 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 2000 MB
2 - Basic data partition | Offset (sectors): 4360192 | Size: 1905599 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Samsung SSD 850 EVO 250GB +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: TOSHIBA MK2546GSX USB Device +++++
--- User ---
[MBR] 3211b6b6ffcc0acd2ef3cd3a39f3d612
[BSP] 11841e2f73041bd2ba3bb4e28d28256f : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 120360 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 249571328 | Size: 116614 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] De aanvraag wordt niet ondersteund. )

Pages: [1]