Mededeling

**Emphyrio** · 14-10-14, 21:05

Hoi

De eerste stap is het uitvoeren van deze richtlijn: !!! BELANGRIJK !!!: Lees dit eerst voor je een bericht plaatst!

Emphyrio

**pablorindt** · 15-10-14, 12:59

Hoi Emphyrio,

Ik heb alle scans uitgevoerd, helaas mislukt de laatste rootkit scanner, het programma loopt vast en windows geeft de melding ***.exe has stopped working. Bij deze de rest van de log files:

Alvast bedankt!

MBAM log:

Malwarebytes Anti-Malware

Cyber Security Software & Anti-Malware | Malwarebytes

https://www.malwarebytes.org

Protect your home and business PCs, Macs, iOS and Android devices from the latest cyber threats and malware, including ransomware.

Scan Date: 15-10-2014
Scan Time: 11:11:27
Logfile: mbamlog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.15.02
Rootkit Database: v2014.10.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Pablo

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 570993
Time Elapsed: 38 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.Somoto, C:\Users\Pablo\AppData\Local\Microsoft\Windows\INetCache\IE\6RXFZLS7\BiTool[1].dll, Quarantined, [86798f8591eb46f062a4a9c3be44b24e],
PUP.Optional.Somoto, C:\Users\Pablo\AppData\Local\Microsoft\Windows\INetCache\IE\SQEHYBEN\setup[1].exe, Quarantined, [887769ab067657df04bdedc142bfe61a],

Physical Sectors: 0
(No malicious items detected)

(end)

AdwCleaner
# AdwCleaner v4.000 - Report created 15/10/2014 at 11:58:08
# DB v2014-10-15.7
# Updated 12/10/2014 by Xplode
# Operating System : Windows 8.1 Pro (64 bits)
# Username : Pablo - PABLOSSD
# Running from : E:\Downloads\Chrome\adwcleaner_4.000.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17278

-\\ Mozilla Firefox v

-\\ Google Chrome v38.0.2125.77

Deleted [Search Provider] : hxxp://search.aol.com/aol/tracking?d_ch=en_US_engadget&q={searchTerms}&s_it=search_addon

*************************

AdwCleaner[R0].txt - [1997 octets] - [06/10/2014 10:06:33]
AdwCleaner[R1].txt - [924 octets] - [09/10/2014 18:50:07]
AdwCleaner[R2].txt - [984 octets] - [15/10/2014 11:12:02]
AdwCleaner[R3].txt - [1043 octets] - [15/10/2014 11:57:12]
AdwCleaner[S0].txt - [2013 octets] - [06/10/2014 10:08:27]
AdwCleaner[S1].txt - [984 octets] - [09/10/2014 18:50:57]
AdwCleaner[S2].txt - [1077 octets] - [15/10/2014 11:58:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1137 octets] ##########

EPeek

E-Peek v 1.0.5.4 © Emphyrio/Onsia Patrick 2013-2014
E Dev
Run at wo 15 okt 2014 13:56
.
Windows 8.1 Professional (64 bits)
C:\Windows [NTFS - Fixed]
Default Browser: Google Chrome
Boot mode: Normal boot
User logged in: Pablo
.
Java x86: 1.7.0_67
Java x64: n/a
.
AV : Windows Defender [Updated - Running]
AS : Windows Defender [Updated - Running]
FW : Windows firewall
.
==================== Files and Folders history =================================

Folders Created Last 7 days :

15-10-2014 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
14-10-2014 ##### r-h-s-d+a- C:\Users\Pablo\AppData\Roaming\Celemony Software GmbH
14-10-2014 ##### r-h-s-d+a- C:\ProgramData\Celemony Software GmbH
14-10-2014 ##### r-h-s-d+a- C:\Program Files\Celemony
14-10-2014 ##### r-h-s-d+a- C:\Program Files (x86)\Celemony
09-10-2014 ##### r-h-s-d+a- C:\Users\Pablo\AppData\Roaming\Mozilla

Files Modified Last 7 days :

15-10-2014 103265616 r-h-s-d-a+ C:\Windows\system32\MRT.exe
15-10-2014 00863592 r-h-s-d-a+ C:\Windows\system32\PerfStringBackup.INI
15-10-2014 00722278 r-h-s-d-a+ C:\Windows\system32\perfh009.dat
15-10-2014 00135394 r-h-s-d-a+ C:\Windows\system32\perfc009.dat
10-10-2014 00678400 r-h-s-d-a+ C:\Windows\system32\aepdu.dll
09-10-2014 00275968 r-h-s-d-a+ C:\Windows\system32\generaltel.dll

Files Created Last 7 days :

15-10-2014 00678400 r-h-s-d-a+ C:\Windows\system32\aepdu.dll
15-10-2014 00590336 r-h-s-d-a+ C:\Windows\system32\rastls.dll
15-10-2014 00527360 r-h-s-d-a+ C:\Windows\system32\aeinv.dll
15-10-2014 00514048 r-h-s-d-a+ C:\Windows\SysWOW64\rastls.dll
15-10-2014 00275968 r-h-s-d-a+ C:\Windows\system32\generaltel.dll
15-10-2014 00076288 r-h-s-d-a+ C:\Windows\system32\packager.dll
15-10-2014 00068608 r-h-s-d-a+ C:\Windows\SysWOW64\packager.dll
15-10-2014 00000168 r-h-s-d-a+ C:\Users\Pablo\defogger_reenable
15-10-2014 00000109 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
14-10-2014 00001456 r-h-s-d-a+ C:\Users\Pablo\AppData\Local\Adobe Save for Web 13.0 Prefs

==================== RUNNING PROCESSES =========================================

[chrome] -Pablo- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
[chrome] -Pablo- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
[chrome] -Pablo- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
[explorer] -Pablo- C:\Windows\Explorer.EXE - (Microsoft Corporation)
[RadeonProSupport] -SYSTEM- C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe - (Mr. John aka japamd)
[Splice.WinClient] -Pablo- C:\Users\Pablo\AppData\Local\Splice\Splice.WinClient\Splice.WinClient.exe - (Splice)
[WUDFHost] -LOCAL SERVICE- C:\Windows\System32\WUDFHost.exe - (Microsoft Corporation)

==================== IE PAGES ==================================================

IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm
IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE04 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE05 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\SysWOW64\ieframe.dll
IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\SysWOW64\blank.htm
IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE10 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE10 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm
IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE04 x64 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE05 x64 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\System32\ieframe.dll
IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\System32\blank.htm
IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE10 x64 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE10 x64 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

==================== Auto Load =================================================

AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = userinit.exe,
AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe
AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = C:\Windows\system32\userinit.exe,
AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe

==================== Google Chrome =============================================

GC - Prefpath: C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Preferences

GC - Profile Name: Eerste gebruiker
GC - Homepage:
GC - Default Search Provider:

= Known Disabled Extensions =

==================== Windows Host File =========================================

==================== BHO =======================================================

BHO - [Java(tm) Plug-In SSV Helper] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} @ Default = C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO - [Java(tm) Plug-In 2 SSV Helper] - {DBC80044-A445-435b-BC74-9C25C1C588A9} @ Default = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

==================== Auto Start Programs =======================================

ASP01 - HKLM\..\Run @ APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
ASP01 - HKLM\..\Run @ QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
ASP01 - HKLM\..\Run @ StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
ASP01 - HKLM\..\Run @ SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
ASP01 - HKLM\..\Run @ VirtualCloneDrive = "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
ASP04 - HKCU\..\Run @ BitTorrent Sync = "C:\Program Files (x86)\BitTorrent Sync\BTSync.exe" /MINIMIZED
ASP04 - HKCU\..\Run @ f.lux = "C:\Users\Pablo\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
ASP04 - HKCU\..\Run @ GoogleChromeAutoLaunch_C8090D9DE424D1CE60E2C318BA32D442 = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
ASP04 - HKCU\..\Run @ Mailbird = "C:\Program Files (x86)\Mailbird\Mailbird.exe"
ASP04 - HKCU\..\Run @ Spotify Web Helper = "C:\Users\Pablo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
ASP01 x64 - HKLM\..\Run @ APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
ASP01 x64 - HKLM\..\Run @ QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
ASP01 x64 - HKLM\..\Run @ StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
ASP01 x64 - HKLM\..\Run @ SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
ASP01 x64 - HKLM\..\Run @ VirtualCloneDrive = "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
ASP04 x64 - HKCU\..\Run @ BitTorrent Sync = "C:\Program Files (x86)\BitTorrent Sync\BTSync.exe" /MINIMIZED
ASP04 x64 - HKCU\..\Run @ f.lux = "C:\Users\Pablo\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
ASP04 x64 - HKCU\..\Run @ GoogleChromeAutoLaunch_C8090D9DE424D1CE60E2C318BA32D442 = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
ASP04 x64 - HKCU\..\Run @ Mailbird = "C:\Program Files (x86)\Mailbird\Mailbird.exe"
ASP04 x64 - HKCU\..\Run @ Spotify Web Helper = "C:\Users\Pablo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
ASP - Startup - C:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
ASP - Startup - C:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ASP - Startup - C:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk
ASP - Startup - C:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Splice for Windows.lnk
ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

==================== Extra Items IE ============================================

EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
EI03 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
EI03 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
EI03 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings
EI03 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
EI03 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

==================== Internet Default Prefix ===================================

IDP00 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
IDP01 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://
IDP00 x64 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
IDP01 x64 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://

==================== Default Settings IE - DSIE ================================

DSIE - ieuinit.inf: START_PAGE= "http://go.microsoft.com/fwlink/p/?LinkId
DSIE - ieuinit.inf: SEARCH_PAGE_URL= "http://go.microsoft.com/fwlink/?LinkId

==================== ShellServiceObjectDelayLoad - SSODL =======================

SSODL - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =
SSODL x64 - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =

==================== Extra items - EXT (Torpig/ConduitSearch) ==================

EXT01 - HKCU\SOFTWARE\AppDataLow\Software\JavaSoft
EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll
EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook @ {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}= C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll
EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\JavaSoft
EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll
EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook @ {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}= C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll

==================== DRIVERS and SERVICES ======================================

*** Win32OwnProcess ***

SERV - R2 - [!SASCORE] - SAS Core Service - c:\program files\superantispyware\sascore64.exe
SERV - R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
SERV - R2 - [RadeonPro Support Service] - RadeonPro Support Service - c:\program files (x86)\radeonpro\radeonprosupport.exe
SERV - R2 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
SERV - R3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
SERV - S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
SERV - S2 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
SERV - S3 - [MailbirdUpdater.exe] - Mailbird Updater - c:\program files (x86)\mailbird\mailbirdupdater.exe
SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
SERV - S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe

*** Win32ShareProcess ***

SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
SERV - S3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

*** Others ***

SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

*** File System Driver ***

DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
DRV - R0 - [WdFilter] - Windows Defender Mini-Filter Driver - C:\Windows\system32\Drivers\WdFilter.sys
DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\Windows\system32\Drivers\Wof.sys
DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys

*** Kernel Driver ***

DRV - R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\Windows\system32\Drivers\acpiex.sys
DRV - R0 - [atapi] - IDE Channel - C:\Windows\system32\Drivers\atapi.sys
DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys
DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
DRV - R0 - [disk] - Disk Driver - C:\Windows\system32\Drivers\disk.sys
DRV - R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\Windows\system32\Drivers\EhStorClass.sys
DRV - R0 - [EhStorTcgDrv] - Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols - C:\Windows\system32\Drivers\EhStorTcgDrv.sys
DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
DRV - R0 - [intelpep] - Intel(R) Power Engine Plug-in Driver - C:\Windows\system32\Drivers\intelpep.sys
DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
DRV - R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
DRV - R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
DRV - R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
DRV - R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
DRV - R0 - [pciide] - pciide - C:\Windows\system32\Drivers\pciide.sys
DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
DRV - R0 - [pdc] - pdc - C:\Windows\system32\Drivers\pdc.sys
DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
DRV - R0 - [spaceport] - Storage Spaces Driver - C:\Windows\system32\Drivers\spaceport.sys
DRV - R0 - [Tcpip] - TCP/IP Protocol Driver - C:\Windows\system32\Drivers\Tcpip.sys
DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\Windows\system32\Drivers\vdrvroot.sys
DRV - R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
DRV - R0 - [volsnap] - Storage volumes - C:\Windows\system32\Drivers\volsnap.sys
DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\Windows\system32\Drivers\WFPLWFS.sys
DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
DRV - R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
DRV - R1 - [tdx] - NetIO Legacy TDI Support Driver - C:\Windows\system32\Drivers\tdx.sys
DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys
DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
DRV - S0 - [WdBoot] - Windows Defender Boot Driver - C:\Windows\system32\Drivers\WdBoot.sys

==================== SvcHost - White Listed ====================================

All Ok

WOW - All Ok

==================== SigCheck x86 Fast =========================================

Fast Scan All ok

==================== SigCheck x64 Fast =========================================

Fast Scan All ok

==================== Job tasks =================================================

There are no .job files found.

==================== End scanning at wo 15 okt 2014 13:56 (0 Min 4 Sec ) =======

**Emphyrio** · 15-10-14, 13:08

Download of Update Ccleaner

Start CCleaner op.

Run Ccleaner en klik in de linkse kolom op Opties
Selecteer het tabblad Geavanceerd
Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
Selecteer het tabblad Instellingen
Haal het vinkje weg bij "Computer automatisch schoonmaken...."
Klik in de linkse kolom op Cleaner.
Klik dan achtereenvolgens op Analyseer en Schoonmaken.
Klik vervolgens in de linkse kolom op Register
Klik op Scan naar problemen.
Op de vraag of je een backup wil maken van het register, klik je "Ja".
Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

.
ZIjn er nog problemen?

**Emphyrio** · 16-10-14, 00:54

Wil het lukken ?

**pablorindt** · 16-10-14, 13:56

Hoi Emphyrio,

Het is gelukt! Was even van huis weg dus kon het niet direct doen. Ik laat het weten of de advertenties helemaal weg zijn nu. Het kwam ongeveer eens per dag dus even afwachten

**pablorindt** · 16-10-14, 15:27

Helaas heeft het niet geholpen, zojuist weer een popup in beeld. Deze verwees me door naar een soort 'dating' site. Hopelijk zijn er nog andere manieren om dit op te lossen!

**Emphyrio** · 16-10-14, 15:44

Doe eens deze stappen met RIES om je IE settings te herstellen.

Reset je Chrome volgens deze handleiding.

**pablorindt** · 16-10-14, 16:13

Beiden uitgevoerd, hopelijk werkt dit. Nog even een voorbeeld melding die ik net kreeg ter informatie:

**Emphyrio** · 16-10-14, 16:35

Ik hoop dat je die melding gewoon gesloten hebt (x) en niet op "Ok" geklikt

**pablorindt** · 16-10-14, 19:06

Maar natuurlijk

Helaas wordt er dan nog steeds een pagina met advertenties geladen... Hopelijk is het nu voorbij!

**Emphyrio** · 17-10-14, 21:26

1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

4) Allerlei tips en hints kan je hier raadplegen.

Ik zet het topic op opgelost.

Indien er niet meer gereageerd wordt, zal binnen een 5-tal dagen deze thread automatisch verplaatst worden
naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
Dit is gedaan om het forum netjes en overzichtelijk te houden.

Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

Emphyrio

Mededeling

Browser advertentie problemen die niet te verwijderen zijn

Browser advertentie problemen die niet te verwijderen zijn

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment