Mededeling

Collapse
No announcement yet.

Chrome extentie blijft maar terugkomen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Chrome extentie blijft maar terugkomen

    Hoi allemaal,

    Ik had laatst last van een virus en die verwijderd (dacht ik), maar na een aantal weken kreeg ik in Chrome last van een extensie die de hele tijd terug komt en pop-ups/reclame pagina's opent (de plugin heet fastncheap als ik het goed herinner, heb hem net weer van chrome verwijderd).
    Ik kan de extensie verwijderen, maar na een paar dagen komt hij weer vrolijk terug.

    MBAM

    Scan Date: 21-11-2014
    Scan Time: 18:38:04
    Logfile: Scan 21-11.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.21.10
    Rootkit Database: v2014.11.21.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Jesse

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 321676
    Time Elapsed: 5 min, 6 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    ADWcleaner

    # AdwCleaner v4.101 - Rapport aangemaakt 21/11/2014 op 18:49:41
    # Laatste Update 09/11/2014 door Xplode
    # Database : 2014-11-16.1 [Live]
    # Besturingssysteem : Windows 8.1 Pro (64 bits)
    # Gebruikersnaam : Jesse - JESSEPC
    # Gestart vanuit : D:\Downloads\adwcleaner_4.101.exe
    # Optie : Scannen

    ***** [ Services ] *****


    ***** [ Bestanden / Mappen ] *****


    ***** [ Taken ] *****


    ***** [ Snelkoppelingen ] *****


    ***** [ Register ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Mozilla Firefox v26.0 (en-US)


    -\\ Google Chrome v38.0.2125.111


    *************************

    AdwCleaner[R0].txt - [3904 octets] - [21/11/2014 18:46:39]
    AdwCleaner[R1].txt - [703 octets] - [21/11/2014 18:49:41]
    AdwCleaner[S0].txt - [3802 octets] - [21/11/2014 18:47:41]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [822 octets] ##########

    E-Peek

    E-Peek v 1.0.5.6 © Emphyrio/Onsia Patrick 2013-2014
    Downloaded @ E Dev
    Run at vr 21 nov 2014 18:51
    .
    Windows 8.1 Professional (64 bits)
    C:\Windows [NTFS - Fixed]
    Default Browser: Google Chrome
    Boot mode: Normal boot
    User logged in: Jesse
    .
    Java x86: 1.7.0_71
    Java x64: n/a
    .
    AV : Avira Desktop [Updated - Running]
    AV : Windows Defender [Updated - Not Running]
    AS : Avira Desktop [Updated - Running]
    AS : Windows Defender [Updated - Not Running]
    FW : Windows firewall
    .
    ==================== Files and Folders history =================================

    Folders Created Last 7 days :

    21-11-2014 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
    21-11-2014 ##### r-h-s-d+a- C:\AdwCleaner

    Files Modified Last 7 days :

    21-11-2014 01826596 r-h-s-d-a+ C:\Windows\system32\PerfStringBackup.INI
    21-11-2014 00806500 r-h-s-d-a+ C:\Windows\system32\perfh013.dat
    21-11-2014 00723316 r-h-s-d-a+ C:\Windows\system32\perfh009.dat
    21-11-2014 00162500 r-h-s-d-a+ C:\Windows\system32\perfc013.dat
    21-11-2014 00135930 r-h-s-d-a+ C:\Windows\system32\perfc009.dat
    15-11-2014 103374192 r-h-s-d-a+ C:\Windows\system32\MRT.exe
    15-11-2014 00482520 r-h-s-d-a+ C:\Windows\system32\FNTCACHE.DAT

    Files Created Last 7 days :

    19-11-2014 00991232 r-h-s-d-a+ C:\Windows\system32\kerberos.dll
    19-11-2014 00806400 r-h-s-d-a+ C:\Windows\SysWOW64\kerberos.dll
    19-11-2014 00259584 r-h-s-d-a+ C:\Windows\system32\pku2u.dll
    19-11-2014 00208896 r-h-s-d-a+ C:\Windows\SysWOW64\pku2u.dll

    ==================== RUNNING PROCESSES =========================================

    [atieclxx] -SYSTEM- C:\Windows\system32\atieclxx.exe - (AMD)
    [avgnt] -Jesse- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe - (Avira Operations GmbH & Co. KG)
    [Avira.OE.ServiceHost] -SYSTEM- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe - (Avira Operations GmbH & Co. KG)
    [Avira.OE.Systray] -Jesse- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe - (Avira Operations GmbH & Co. KG)
    [avshadow] -SYSTEM- C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe - (Avira Operations GmbH & Co. KG)
    [CCC] -Jesse- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe - (ATI Technologies Inc.)
    [chrome] -Jesse- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
    [chrome] -Jesse- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
    [chrome] -Jesse- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
    [chrome] -Jesse- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
    [chrome] -Jesse- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
    [explorer] -Jesse- C:\Windows\Explorer.EXE - (Microsoft Corporation)
    [GoogleUpdate] -SYSTEM- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - (Google Inc.)
    [IAStorDataMgrSvc] -SYSTEM- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe - (Intel Corporation)
    [IAStorIcon] -Jesse- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe - (Intel Corporation)
    [jusched] -Jesse- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - (Oracle Corporation)
    [MOM] -Jesse- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe - (Advanced Micro Devices Inc.)
    [notepad] -Jesse- C:\Windows\system32\NOTEPAD.EXE - (Microsoft Corporation)
    [officeclicktorun] -SYSTEM- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe - (Microsoft Corporation)
    [raptr_ep64] -Jesse- C:\Program Files (x86)\Raptr\raptr_ep64.exe - (Raptr Inc.)
    [sched] -SYSTEM- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe - (Avira Operations GmbH & Co. KG)
    [SearchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe - (Microsoft Corporation)
    [taskeng] -SYSTEM- C:\Windows\system32\taskeng.exe - (Microsoft Corporation)
    [winlogon] -SYSTEM- C:\Windows\system32\winlogon.exe - (Microsoft Corporation)
    [WmiPrvSE] -NETWORK SERVICE- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation)

    ==================== IE PAGES ==================================================

    IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm
    IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    IE04 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE05 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\SysWOW64\ieframe.dll
    IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\SysWOW64\blank.htm
    IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    IE10 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE10 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm
    IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    IE04 x64 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE04 x64 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE05 x64 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\System32\ieframe.dll
    IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\System32\blank.htm
    IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    IE10 x64 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE10 x64 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    ==================== Auto Load =================================================

    AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = userinit.exe
    AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe
    AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = C:\Windows\System32\Userinit.exe,
    AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe

    ==================== Firefox ===================================================

    Please update your Firefox !

    ==================== Google Chrome =============================================

    GC - Prefpath: C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Preferences

    GC - Profile Name: Eerste gebruiker
    GC - Homepage:
    GC - Default Search Provider:

    = Known Disabled Extensions =



    ==================== Windows Host File =========================================


    ==================== BHO =======================================================

    BHO - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
    BHO - [Java(tm) Plug-In SSV Helper] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} @ Default = C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
    BHO - [Java(tm) Plug-In 2 SSV Helper] - {DBC80044-A445-435b-BC74-9C25C1C588A9} @ Default = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO x64 - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    BHO x64 - [fastncheap] - {81a8921a-b1f4-4cdc-9111-fed0ff5d2c63} @ Default = C:\ProgramData\fastncheap\cWMeLQtqopRurd.x64.dll
    BHO x64 - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL

    ==================== Auto Start Programs =======================================

    ASP01 - HKLM\..\Run @ avgnt = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    ASP01 - HKLM\..\Run @ Avira Systray = C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
    ASP01 - HKLM\..\Run @ Raptr = "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
    ASP01 - HKLM\..\Run @ StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    ASP01 - HKLM\..\Run @ SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    ASP04 - HKCU\..\Run @ DAEMON Tools Lite = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    ASP04 - HKCU\..\Run @ f.lux = "C:\Users\Jesse\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
    ASP04 - HKCU\..\Run @ LightShot = C:\Users\Jesse\AppData\Local\Skillbrains\lightshot\Lightshot.exe
    ASP04 - HKCU\..\Run @ Sony PC Companion = "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
    ASP04 - HKCU\..\Run @ Voobly = "C:\Program Files (x86)\Voobly\voobly.exe" --startup
    ASP01 x64 - HKLM\..\Run @ avgnt = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    ASP01 x64 - HKLM\..\Run @ Avira Systray = C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
    ASP01 x64 - HKLM\..\Run @ Raptr = "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
    ASP01 x64 - HKLM\..\Run @ StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    ASP01 x64 - HKLM\..\Run @ SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    ASP04 x64 - HKCU\..\Run @ DAEMON Tools Lite = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    ASP04 x64 - HKCU\..\Run @ f.lux = "C:\Users\Jesse\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
    ASP04 x64 - HKCU\..\Run @ LightShot = C:\Users\Jesse\AppData\Local\Skillbrains\lightshot\Lightshot.exe
    ASP04 x64 - HKCU\..\Run @ Sony PC Companion = "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
    ASP04 x64 - HKCU\..\Run @ Voobly = "C:\Program Files (x86)\Voobly\voobly.exe" --startup
    ASP - Startup - C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
    ASP - Startup - C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
    ASP - Startup - C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ASP - Startup - C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk
    ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini



    ==================== Extra Items IE ============================================

    EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
    EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
    EI03 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
    EI03 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
    EI03 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings
    EI03 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
    EI03 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
    EI04 - App Ext - HKCU\..\Approved Extensions @ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    EI04 - App Ext - HKCU\..\Approved Extensions @ {DBC80044-A445-435B-BC74-9C25C1C588A9} = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
    EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
    EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
    EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
    EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings
    EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
    EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
    EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} =
    EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {DBC80044-A445-435B-BC74-9C25C1C588A9} =

    ==================== Internet Default Prefix ===================================

    IDP00 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
    IDP01 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://
    IDP00 x64 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
    IDP01 x64 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://

    ==================== Default Settings IE - DSIE ================================

    DSIE - ieuinit.inf: START_PAGE= "http://go.microsoft.com/fwlink/p/?LinkId
    DSIE - ieuinit.inf: SEARCH_PAGE_URL= "http://go.microsoft.com/fwlink/?LinkId

    ==================== Protocol Hijackers - PH ===================================

    PH00 - Handlersf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} @ = Unknown # C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL # MD5 [405251ed82d69e5893f1e7e923b7f38b]
    PH00 x64 - Handlersf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} @ = Unknown # C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL # MD5 [59ac63d95071da4b8f1f5a9277b7f4fe]

    ==================== ShellServiceObjectDelayLoad - SSODL =======================

    SSODL - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =
    SSODL x64 - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =

    ==================== Extra items - EXT (Torpig/ConduitSearch) ==================

    EXT01 - HKCU\SOFTWARE\AppDataLow\Software\JavaSoft
    EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
    EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll
    EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook @ {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}= C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
    EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll
    EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\JavaSoft
    EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
    EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll
    EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook @ {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}= C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll

    ==================== DRIVERS and SERVICES ======================================

    *** Win32OwnProcess ***

    SERV - R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
    SERV - R2 - [AntiVirSchedulerService] - Avira Scheduler - c:\program files (x86)\avira\antivir desktop\sched.exe
    SERV - R2 - [AntiVirService] - Avira Real-Time Protection - c:\program files (x86)\avira\antivir desktop\avguard.exe
    SERV - R2 - [Avira.OE.ServiceHost] - Avira Service Host - c:\program files (x86)\avira\my avira\avira.oe.servicehost.exe
    SERV - R2 - [ClickToRunSvc] - Microsoft Office ClickToRun Service - c:\program files\microsoft office 15\clientx64\officeclicktorun.exe
    SERV - R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
    SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
    SERV - S2 - [fa6789c5] - VideoCnv - (x86)\videocnv\zet.dll [x]
    SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
    SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
    SERV - S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
    SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
    SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
    SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
    SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
    SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
    SERV - S3 - [IDriverT] - InstallDriver Table Manager - c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe
    SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
    SERV - S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
    SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
    SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
    SERV - S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
    SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
    SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
    SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
    SERV - S3 - [Sony PC Companion] - Sony PC Companion - c:\program files (x86)\sony\sony pc companion\pccservice.exe
    SERV - S3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe
    SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
    SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
    SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
    SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
    SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
    SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
    SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
    SERV - S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
    SERV - S4 - [AntiVirWebService] - Avira Web Protection - c:\program files (x86)\avira\antivir desktop\avwebg7.exe

    *** Win32ShareProcess ***

    SERV - R2 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
    SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
    SERV - S3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
    SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
    SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
    SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

    *** Others ***

    SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
    SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

    *** File System Driver ***

    DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
    DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
    DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
    DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\Windows\system32\Drivers\Wof.sys
    DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
    DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
    DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys

    *** Kernel Driver ***

    DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys
    DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\Windows\system32\Drivers\acpiex.sys
    DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys
    DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
    DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\disk.sys
    DRV - R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\Windows\system32\Drivers\EhStorClass.sys
    DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
    DRV - R0 - [iaStorA] - iaStorA - C:\Windows\system32\Drivers\iaStorA.sys
    DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\Windows\system32\Drivers\intelpep.sys
    DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
    DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
    DRV - R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
    DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
    DRV - R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
    DRV - R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
    DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys
    DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
    DRV - R0 - [pdc] - pdc - C:\Windows\system32\Drivers\pdc.sys
    DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
    DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\Windows\system32\Drivers\spaceport.sys
    DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys
    DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\Windows\system32\Drivers\vdrvroot.sys
    DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys
    DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
    DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys
    DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
    DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\Windows\system32\Drivers\WFPLWFS.sys
    DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
    DRV - R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
    DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys
    DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys
    DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
    DRV - S3 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys

    ==================== SvcHost - White Listed ====================================

    All Ok

    WOW - All Ok

    ==================== SigCheck x86 Fast =========================================

    Fast Scan All ok

    ==================== SigCheck x64 Fast =========================================

    Fast Scan All ok

    ==================== Job tasks =================================================

    There are no .job files found.

    ==================== End scanning at vr 21 nov 2014 18:51 (0 Min 4 Sec ) =======


    Wie kan mij helpen met het verwijderen van deze vervelende extensie?
    Last edited by jesse111; 21-11-14, 17:53.

  • #2
    Hoi jesse,

    Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
    Deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
    Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

    Download Zoek.exe naar het bureaublad.
    • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
    • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken" als je zip- of rar-download hebt gebruikt.
    • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Kopieer nu onderstaande code en plak die in het grote invulvenster:
    • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkwaardig probleem.
      Code:
      emptyclsid;
      emptyfolderscheck;
      firefoxlook; 
      Chromelook; 
      CHRdefaults;
      autoclean; 
      iedefaults; 
      filesrcm;  
      startupall;
    • Klik nu op de knop "Run script".
    • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
    • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
    • Post het geopende logje in het volgende bericht
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Alvast bedankt voor de hulp Emphyrio, bij deze het logje:


      Zoek.exe v5.0.0.0 Updated 21-11-2014
      Tool run by Jesse on za 22-11-2014 at 18:43:39,68.
      Microsoft Windows 8.1 Pro 6.3.9600 x64
      Running in: Normal Mode Internet Access Detected
      Launched: C:\Users\Jesse\Desktop\zoek.exe [Scan all users] [Script inserted]

      ==== System Restore Info ======================

      22-11-2014 18:44:10 Zoek.exe System Restore Point Created Succesfully.

      ==== Empty Folders Check ======================

      C:\PROGRA~2\AGEIA Technologies deleted successfully
      C:\PROGRA~2\GRETECH deleted successfully
      C:\PROGRA~2\GUM65E7.tmp deleted successfully
      C:\PROGRA~2\MSXML 4.0 deleted successfully
      C:\PROGRA~2\Origin Games deleted successfully
      C:\Program Files\ATI Technologies deleted successfully
      C:\Program Files\DAUM deleted successfully
      C:\PROGRA~3\Oracle deleted successfully
      C:\Users\Jesse\AppData\Roaming\COWON deleted successfully
      C:\Users\Jesse\AppData\Roaming\Curse Advertising deleted successfully

      ==== Deleting CLSID Registry Keys ======================


      ==== Deleting CLSID Registry Values ======================


      ==== Deleting Services ======================

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fa6789c5 deleted successfully

      ==== Deleting Files \ Folders ======================

      C:\PROGRA~2\Samsung SSD 840 EVO Performance Restoration deleted
      C:\PROGRA~3\DriverGenius deleted
      C:\PROGRA~3\Package Cache deleted
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius deleted
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
      C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot deleted
      C:\Windows\SysWow64\AI_RecycleBin deleted
      C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\cb9t8a2q.default\extensions\[email protected] nz.xpi deleted
      C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\cb9t8a2q.default\extensions\staged deleted

      ==== Files Recently Created / Modified ======================

      ====== C:\Windows ====
      ====== C:\Users\Jesse\AppData\Local\Temp ====
      2014-11-13 16:40:19 80B1F46704D6E08EE1E6ECC18AEDEC49 52528 ----a-w- C:\Users\Jesse\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
      ====== Java Cache =====
      ====== C:\Windows\SysWOW64 =====
      2014-11-19 22:28:30 66F97677CC13F7B9E2408CC75750A389 208896 ----a-w- C:\Windows\SysWOW64\pku2u.dll
      2014-11-19 22:28:30 4CD4C8D34213975444643A5F9594E363 806400 ----a-w- C:\Windows\SysWOW64\kerberos.dll
      2014-11-13 16:48:55 BC426A818B7F3DB5F509BC1B62FF1501 357376 ----a-w- C:\Windows\SysWOW64\schannel.dll
      2014-11-13 16:48:55 B2AC9E081A847ACBD5B62BE25AF39DA1 88800 ----a-w- C:\Windows\SysWOW64\ncryptsslp.dll
      2014-11-13 16:48:35 791BDC9FD3C95F92C7DB2162132C8645 324096 ----a-w- C:\Windows\SysWOW64\certcli.dll
      2014-11-13 16:48:34 DDAAC7C966436938526D4CF4C6042A5C 154112 ----a-w- C:\Windows\SysWOW64\msaudite.dll
      2014-11-13 16:48:34 A22688490DCC2DA19441CA09EF7299BF 736768 ----a-w- C:\Windows\SysWOW64\adtschema.dll
      2014-11-13 16:47:55 46FBD043A1688EFD6AC1395EE886AD33 3607040 ----a-w- C:\Windows\SysWOW64\msi.dll
      2014-11-13 16:47:54 B09332CC976AC43EFF595B6F01AA275C 2459136 ----a-w- C:\Windows\SysWOW64\authui.dll
      2014-11-13 16:47:54 48C20EB77757F22840FF4CED98D8DEB1 325120 ----a-w- C:\Windows\SysWOW64\msihnd.dll
      2014-11-13 16:47:51 F344D6066EA270AABABA83E2A6B6428F 723968 ----a-w- C:\Windows\SysWOW64\wuapi.dll
      2014-11-13 16:47:51 529122F3ADC548F0CCBB6164D86FA116 124928 ----a-w- C:\Windows\SysWOW64\wuwebv.dll
      2014-11-13 16:47:50 DC523277A7EC2336A654960E08EB5BDC 81920 ----a-w- C:\Windows\SysWOW64\wudriver.dll
      2014-11-13 16:47:50 C17F3F1EE09758CF9D234B22B80A1006 25600 ----a-w- C:\Windows\SysWOW64\wups.dll
      2014-11-13 16:47:50 514AEA6CF4B70FAA30A2BC4B4CC10A39 29696 ----a-w- C:\Windows\SysWOW64\wuapp.exe
      2014-11-13 16:47:15 5F333FDBF392850373C89BDA31EBEC1B 1346048 ----a-w- C:\Windows\SysWOW64\user32.dll
      2014-11-13 16:47:13 3B45EA6108E48406828D4E015FF41DD0 12800 ----a-w- C:\Windows\SysWOW64\winshfhc.dll
      2014-11-13 16:46:45 07330241FD9D9A03811DDBDC4F9FD18F 19781632 ----a-w- C:\Windows\SysWOW64\mshtml.dll
      2014-11-13 16:46:26 154532E0EC2317E6924A9D27F894FF2F 12819456 ----a-w- C:\Windows\SysWOW64\ieframe.dll
      2014-11-13 16:46:22 3CA90FDAB95FB2B0D91249BEDE3DE0D9 4298240 ----a-w- C:\Windows\SysWOW64\jscript9.dll
      2014-11-13 16:46:21 F169B03C4B9996708DB20FF0C875B4FF 880128 ----a-w- C:\Windows\SysWOW64\inetcomm.dll
      2014-11-13 16:46:21 98D83B6B4FBA32C39585D1E07121BEA0 2277376 ----a-w- C:\Windows\SysWOW64\iertutil.dll
      2014-11-13 16:46:21 03D7DF4711B851EF286562F97429211D 1892864 ----a-w- C:\Windows\SysWOW64\wininet.dll
      2014-11-13 16:46:21 027A2CF002AD94399B51C07E855E3B2B 1310208 ----a-w- C:\Windows\SysWOW64\urlmon.dll
      2014-11-13 16:46:20 EF7A48E5955736BEECF0B0ABB478E90E 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll
      2014-11-13 16:46:20 ED5A4451A1A2777C6C5DB4238FD09078 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
      2014-11-13 16:46:20 E855B15E1BE0B58F84843D31F4CC4795 501248 ----a-w- C:\Windows\SysWOW64\vbscript.dll
      2014-11-13 16:46:20 DCFF6E5356CFF5B50BBA0FAAE01A0412 90624 ----a-w- C:\Windows\SysWOW64\iesysprep.dll
      2014-11-13 16:46:20 BE5EDCACB9E83C3695F650094367740C 99328 ----a-w- C:\Windows\SysWOW64\hlink.dll
      2014-11-13 16:46:20 A6145F4F8C69C3B46653B1C5E75A7BD6 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
      2014-11-13 16:46:20 9F6204775EB03156B430FD095E3D0B5C 325632 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
      2014-11-13 16:46:20 8FC2FB51EB90E6AA582BDBA39C1935FD 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
      2014-11-13 16:46:20 8DFBD587DBEBBC8EB50AD169DE88C449 340992 ----a-w- C:\Windows\SysWOW64\html.iec
      2014-11-13 16:46:20 8A88AD059EDC1014D5D6A472A6D1D66C 661504 ----a-w- C:\Windows\SysWOW64\jscript.dll
      2014-11-13 16:46:20 8A109878FA68DD1A4C91D8D499797E22 128000 ----a-w- C:\Windows\SysWOW64\iepeers.dll
      2014-11-13 16:46:20 7BCC24D058205664BD700D272B169AEC 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
      2014-11-13 16:46:20 7B0D22C64F9B6A8CD79EFADD29700693 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
      2014-11-13 16:46:20 45CDC0E37774D30BEE8C5F62CE30D599 1042944 ----a-w- C:\Windows\SysWOW64\actxprxy.dll
      2014-11-13 16:46:20 236AD481F1632F4CE7E9835FFD4AF41D 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll
      2014-11-13 16:46:20 1D391C687102569FD1EA154F0C1A4CE8 91136 ----a-w- C:\Windows\SysWOW64\inseng.dll
      2014-11-13 16:46:20 1BE74145FDF58734CFE968063533FBEC 708096 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
      2014-11-13 16:46:20 151E64E5D34DFB95D57B5B97C50DE64D 230400 ----a-w- C:\Windows\SysWOW64\webcheck.dll
      2014-11-13 16:46:20 108D84EE2359C595CCEA32820A2D5405 2051072 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
      2014-11-13 16:46:19 FCAF49AE2E10EF3823262D10E7F2D0DE 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
      2014-11-13 16:46:19 FC51834D5057B9D7847666AE88BC981C 130048 ----a-w- C:\Windows\SysWOW64\occache.dll
      2014-11-13 16:46:19 F1313045CDCBBC4C90C34AEF67CEE088 112128 ----a-w- C:\Windows\SysWOW64\IEAdvpack.dll
      2014-11-13 16:46:19 EF7B7299A1D6604AD3CA2CE1BEF8C8F3 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll
      2014-11-13 16:46:19 A66A88FFE53BBB9DDAACE0110A8232EC 137728 ----a-w- C:\Windows\SysWOW64\wextract.exe
      2014-11-13 16:46:19 971D57DFB6F3FBC98EB74D1AF8E3C13B 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
      2014-11-13 16:46:19 8D1E12756ED6F1FDB026AD3CF264F90C 40448 ----a-w- C:\Windows\SysWOW64\imgutil.dll
      2014-11-13 16:46:19 75D0FAD0165770819770628239BF57DB 602768 ----a-w- C:\Windows\SysWOW64\oleaut32.dll
      2014-11-13 16:46:19 615D259116D1B331911CE28C8CD1CCF3 73216 ----a-w- C:\Windows\SysWOW64\tdc.ocx
      2014-11-13 16:46:19 59607FB7C6B84860CE2D1C5F7C57E052 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
      2014-11-13 16:46:19 53E15B8DBD615567CA8895D65746C8D3 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
      2014-11-13 16:46:19 3FA76B67F25D84B3C2A4E8A8C0919E6E 12800 ----a-w- C:\Windows\SysWOW64\mshta.exe
      2014-11-13 16:46:19 3C544C566EE7091AC52D4D9156C62687 235520 ----a-w- C:\Windows\SysWOW64\url.dll
      2014-11-13 16:46:19 316280CC22CBB15271A91D83CDFB73C3 27136 ----a-w- C:\Windows\SysWOW64\licmgr10.dll
      2014-11-13 16:46:19 26F4BDB6EA83011885E217A51A4A3E68 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll
      2014-11-13 16:46:19 1BD4CD20A25B4A3A5F7BAAC25E9D9202 11264 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe
      2014-11-13 16:46:19 159199095C9959BE75E61C0FF947708F 152064 ----a-w- C:\Windows\SysWOW64\iexpress.exe
      2014-11-13 16:46:19 0FEEFF4B96CA5972121F59525142A14E 52736 ----a-w- C:\Windows\SysWOW64\msfeedsbs.dll
      2014-11-13 16:46:19 0812A503FF349D1DCEEB820B2E4FEE15 57344 ----a-w- C:\Windows\SysWOW64\pngfilt.dll
      2014-11-13 16:46:19 02FF387F6228169EDDCB41F5E4B1A4E4 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
      2014-11-13 16:46:18 FACBA112943A89FBB8AC25085521924F 344536 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll
      2014-11-13 16:46:18 D1A07DE4DC408E5AA5CFBAE261919BDC 72192 ----a-w- C:\Windows\SysWOW64\packager.dll
      2014-11-13 16:46:18 3BF6BEBD0A5666BDB426A734A4578D9B 1346048 ----a-w- C:\Windows\SysWOW64\msxml3.dll
      2014-11-13 16:46:18 22B2920A0857BDD61B1331C30AD76F30 424544 ----a-w- C:\Windows\SysWOW64\AudioEng.dll
      2014-11-13 16:46:18 0CBA301F325F922FAFB3B83AD3337BB2 370424 ----a-w- C:\Windows\SysWOW64\AudioSes.dll
      2014-11-13 16:46:16 CA23E168518460519DC8D49EC6AD9550 18723112 ----a-w- C:\Windows\SysWOW64\shell32.dll
      2014-11-13 16:46:15 C1AD30D5E28B4291D4A16BC6944ABC0C 2030592 ----a-w- C:\Windows\SysWOW64\WsmSvc.dll
      2014-11-13 16:46:15 A208DEE0CD61E24817C26D5A05503DA7 334336 ----a-w- C:\Windows\SysWOW64\puiobj.dll
      2014-11-13 16:46:15 1FB4389CA807D59B105B0827FCC8F768 11820544 ----a-w- C:\Windows\SysWOW64\twinui.dll
      2014-11-13 16:46:15 17FC09725FEE2546B96A938288509719 485376 ----a-w- C:\Windows\SysWOW64\untfs.dll
      2014-11-13 16:46:15 1793FC07D568C930C04F9FF40FFF9A69 799744 ----a-w- C:\Windows\SysWOW64\MFMediaEngine.dll
      2014-11-13 16:46:15 0EEE3F2278E447498B2CDBDF34C63C91 670384 ----a-w- C:\Windows\SysWOW64\mfmp4srcsnk.dll
      2014-11-13 16:46:14 46C1902654FF54C835E4C4E8C14B7F2A 239104 ----a-w- C:\Windows\SysWOW64\FXSAPI.dll
      ====== C:\Windows\SysWOW64\drivers =====
      ====== C:\Windows\Sysnative =====
      2014-11-19 22:28:31 E87F8EC00FEEF700E61F6989D88A8BC2 991232 ----a-w- C:\Windows\Sysnative\kerberos.dll
      2014-11-19 22:28:30 788C7D910267DDCD675DF4AB01961265 259584 ----a-w- C:\Windows\Sysnative\pku2u.dll
      2014-11-13 16:48:55 F0CE4A653EEBA09509EAF93AE2226FA9 426496 ----a-w- C:\Windows\Sysnative\schannel.dll
      2014-11-13 16:48:55 6DE50D5592C6EE18C87B0C2EEEDC1621 185856 ----a-w- C:\Windows\Sysnative\dpapisrv.dll
      2014-11-13 16:48:55 622928F5A8045F8122F10561D6C35ED0 104336 ----a-w- C:\Windows\Sysnative\ncryptsslp.dll
      2014-11-13 16:48:35 949E590B76018E4523FC71CE510ED9ED 1441792 ----a-w- C:\Windows\Sysnative\lsasrv.dll
      2014-11-13 16:48:35 488CEA4F1B4D2446FFB7A94E3CB385FE 445440 ----a-w- C:\Windows\Sysnative\certcli.dll
      2014-11-13 16:48:35 1D25CC0A9C480C5D56A5A6CF2B5DEB99 3547648 ----a-w- C:\Windows\Sysnative\rdpcorets.dll
      2014-11-13 16:48:34 D7B23B3154508256C9F434EF9B65B91D 131584 ----a-w- C:\Windows\Sysnative\rdpudd.dll
      2014-11-13 16:48:34 A8484FB640E044858BA19FB4F13DD4CE 154112 ----a-w- C:\Windows\Sysnative\msaudite.dll
      2014-11-13 16:48:34 91E59FCB3B32DD84E5DCDA2EA1583807 736768 ----a-w- C:\Windows\Sysnative\adtschema.dll
      2014-11-13 16:48:34 3D2D2EA099D98FE6B94C7D8C7992C08C 40448 ----a-w- C:\Windows\Sysnative\rfxvmt.dll
      2014-11-13 16:47:55 EF745B98D81B8C462DB99FC8B5C4322A 3320320 ----a-w- C:\Windows\Sysnative\msi.dll
      2014-11-13 16:47:55 D5B41A0C38408814A3E9BAC8C82B2E5B 2773504 ----a-w- C:\Windows\Sysnative\authui.dll
      2014-11-13 16:47:54 D1A2E993DB1867C79177CCC9DB6337D0 116032 ----a-w- C:\Windows\Sysnative\consent.exe
      2014-11-13 16:47:54 D0C15BC83B3D0AF4F9B1D70216D91794 428032 ----a-w- C:\Windows\Sysnative\msihnd.dll
      2014-11-13 16:47:54 034ED41F13D9C1845C1E081F05B640DB 110080 ----a-w- C:\Windows\Sysnative\appinfo.dll
      2014-11-13 16:47:51 E67B019D23320AA0C5F1E6DE5D30546A 407552 ----a-w- C:\Windows\Sysnative\WUSettingsProvider.dll
      2014-11-13 16:47:51 DCD090318EC800CF6275C6835900B0C6 3557376 ----a-w- C:\Windows\Sysnative\wuaueng.dll
      2014-11-13 16:47:51 BCC10D47920E83EAC8F2E7E2D414692E 894976 ----a-w- C:\Windows\Sysnative\wuapi.dll
      2014-11-13 16:47:51 2585412FC573F298FCBFD6759F8C4C0F 1714176 ----a-w- C:\Windows\Sysnative\wucltux.dll
      2014-11-13 16:47:50 EA2DF5520D3623F353F43809A2F88086 55776 ----a-w- C:\Windows\Sysnative\wuauclt.exe
      2014-11-13 16:47:50 CCE7F88AD038494253B485EC1B144EB3 60416 ----a-w- C:\Windows\Sysnative\wups.dll
      2014-11-13 16:47:50 70AC0FA699C9420CB282CCF72993C2E1 51712 ----a-w- C:\Windows\Sysnative\wups2.dll
      2014-11-13 16:47:50 5D67074419BBFDCA587C2E2A93743E8A 140288 ----a-w- C:\Windows\Sysnative\wuwebv.dll
      2014-11-13 16:47:50 4D94560FD4982BB52C1FE64AE38E1A9F 35840 ----a-w- C:\Windows\Sysnative\wuapp.exe
      2014-11-13 16:47:50 4A112AD7D9C7289FE9945D05E97019D0 17408 ----a-w- C:\Windows\Sysnative\wuaext.dll
      2014-11-13 16:47:50 2E66E7D4F1E39F7048A231AA60FD2532 95744 ----a-w- C:\Windows\Sysnative\wudriver.dll
      2014-11-13 16:47:15 F0A117D19873FCDF801F082F33BFBB6C 1519488 ----a-w- C:\Windows\Sysnative\user32.dll
      2014-11-13 16:47:13 668417ED63F9FBE7DD8D7A54B04279DA 14336 ----a-w- C:\Windows\Sysnative\winshfhc.dll
      2014-11-13 16:46:46 6432F143CDC9D73BD2BF832CAB2EDC01 25110016 ----a-w- C:\Windows\Sysnative\mshtml.dll
      2014-11-13 16:46:29 BED4D30B7FF094E368333CE2D1CE3195 14390272 ----a-w- C:\Windows\Sysnative\ieframe.dll
      2014-11-13 16:46:23 079FEE6FC11A74E4309B6A10931C1CB2 6040064 ----a-w- C:\Windows\Sysnative\jscript9.dll
      2014-11-13 16:46:21 BF1FC65A307B31939ADF7F976FDE033C 2365440 ----a-w- C:\Windows\Sysnative\wininet.dll
      2014-11-13 16:46:21 62D54F4673A6208C8CC147758122B3C3 2865152 ----a-w- C:\Windows\Sysnative\actxprxy.dll
      2014-11-13 16:46:21 559E084EEBE44864493B2903433F19B3 1550336 ----a-w- C:\Windows\Sysnative\urlmon.dll
      2014-11-13 16:46:21 46B5DD7C4B1851F59E48302185E076DF 1032704 ----a-w- C:\Windows\Sysnative\inetcomm.dll
      2014-11-13 16:46:21 22CBDB8810CBED0B4F5E4BE69D7E2AE8 2884096 ----a-w- C:\Windows\Sysnative\iertutil.dll
      2014-11-13 16:46:20 FD7C8FAC461BED1FEEB808E477D884D4 716800 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
      2014-11-13 16:46:20 F7522B00C823794F86ABD5BE1F3D6B09 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll
      2014-11-13 16:46:20 F0A53129AE95A895EC8C4DC36E1797A2 108544 ----a-w- C:\Windows\Sysnative\hlink.dll
      2014-11-13 16:46:20 E40D3696BE4852956669C285038B37A6 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
      2014-11-13 16:46:20 DE58DE2C6C8439B7174D6D3568AA4A80 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
      2014-11-13 16:46:20 BC3B7CCE855F9A8E7BC96F7062229A02 799232 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
      2014-11-13 16:46:20 AF28C90094C4C50F083599C10D2DC072 145408 ----a-w- C:\Windows\Sysnative\iepeers.dll
      2014-11-13 16:46:20 A7F53772ECAE2F44B455D14F71179940 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
      2014-11-13 16:46:20 9CD8D475F462F82E6FD8BFCA7186ACD4 372736 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
      2014-11-13 16:46:20 8AE1AC97407CD82D8389390C21430579 111616 ----a-w- C:\Windows\Sysnative\iesysprep.dll
      2014-11-13 16:46:20 853BB696932E4C48EE7034BFF1209A5A 262144 ----a-w- C:\Windows\Sysnative\webcheck.dll
      2014-11-13 16:46:20 62E2FCF45F349DE6CAFB3AA7E1D81DA4 2124288 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
      2014-11-13 16:46:20 587DEBB59F5F14C9610966FB14A33607 633856 ----a-w- C:\Windows\Sysnative\ieui.dll
      2014-11-13 16:46:20 3721721151DB49457B0FD35E0C04594C 199680 ----a-w- C:\Windows\Sysnative\msrating.dll
      2014-11-13 16:46:20 258C3082AD82C1AAD335DA3FE2D3EB25 580096 ----a-w- C:\Windows\Sysnative\vbscript.dll
      2014-11-13 16:46:20 200CEA827BDC503F00C0AED0EA227D49 800768 ----a-w- C:\Windows\Sysnative\msfeeds.dll
      2014-11-13 16:46:20 1C3C54FA2D620DF3093F356A56EC5957 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
      2014-11-13 16:46:20 175C139D51F99099D1BDA17794B02191 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
      2014-11-13 16:46:20 0D03DAD6BB183156C70F863D0F2FA55A 812544 ----a-w- C:\Windows\Sysnative\jscript.dll
      2014-11-13 16:46:19 F79E5258AF040A8AD83C7C1273A071C3 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll
      2014-11-13 16:46:19 F54E1190251EB245183BF16D6C315613 237568 ----a-w- C:\Windows\Sysnative\url.dll
      2014-11-13 16:46:19 E99E2E88BFE584184AE92B1F8995CE93 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll
      2014-11-13 16:46:19 DD8FD33C108F14681A410067AB21DDF3 152064 ----a-w- C:\Windows\Sysnative\occache.dll
      2014-11-13 16:46:19 D66D11191B48007179B0A77DC0717267 33280 ----a-w- C:\Windows\Sysnative\licmgr10.dll
      2014-11-13 16:46:19 CDC8A85EB301A8CBE55A81A1D55AF5E5 132096 ----a-w- C:\Windows\Sysnative\IEAdvpack.dll
      2014-11-13 16:46:19 CA2F3153EF3BCB0BD3A8984C933DF604 167424 ----a-w- C:\Windows\Sysnative\iexpress.exe
      2014-11-13 16:46:19 C9AB2198141844D3DF96B4552CE9D5AB 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
      2014-11-13 16:46:19 A3871DED5ED88F59C0D1396761708F81 13824 ----a-w- C:\Windows\Sysnative\mshta.exe
      2014-11-13 16:46:19 A348DEFC16B6FBC88B7D61C3B861BCB1 107520 ----a-w- C:\Windows\Sysnative\inseng.dll
      2014-11-13 16:46:19 9A108C0A3092110F4651B3AFB9CC7B3D 789184 ----a-w- C:\Windows\Sysnative\oleaut32.dll
      2014-11-13 16:46:19 85E97591864F3125C5B08FB44E0E8078 60416 ----a-w- C:\Windows\Sysnative\msfeedsbs.dll
      2014-11-13 16:46:19 70576D76A11DD5AE54E719297A315F90 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
      2014-11-13 16:46:19 6A7F8D139610E5F3F158182778EF9275 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll
      2014-11-13 16:46:19 66585D645C4E23A0FD5124BD714AE020 12800 ----a-w- C:\Windows\Sysnative\msfeedssync.exe
      2014-11-13 16:46:19 6096209CB47D61499C3608B9C25B073C 64512 ----a-w- C:\Windows\Sysnative\pngfilt.dll
      2014-11-13 16:46:19 4B9C652BD0FD95A9E6123913C35519D6 143872 ----a-w- C:\Windows\Sysnative\wextract.exe
      2014-11-13 16:46:19 2E475D2FCE0125FA0C486DB9D59E739B 417280 ----a-w- C:\Windows\Sysnative\html.iec
      2014-11-13 16:46:19 2CEACC509889A095828F27115257408D 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll
      2014-11-13 16:46:19 161BC2E883A8D8759A4DCF2A85AF9128 51200 ----a-w- C:\Windows\Sysnative\imgutil.dll
      2014-11-13 16:46:19 00FB2FB8C27C834CF575BC415B80F995 87552 ----a-w- C:\Windows\Sysnative\tdc.ocx
      2014-11-13 16:46:18 DFDFDE2EA4B5CD0606BA6E56ECEE502D 272248 ----a-w- C:\Windows\Sysnative\audiodg.exe
      2014-11-13 16:46:18 C0484CA5C7F87E38909746B63C7FC868 911360 ----a-w- C:\Windows\Sysnative\audiosrv.dll
      2014-11-13 16:46:18 BB93DAAAE9006598935192B9CB65E475 108432 ----a-w- C:\Windows\Sysnative\EncDump.dll
      2014-11-13 16:46:18 B31C4917EC5EADE24A90DDAF37EA00E0 4182016 ----a-w- C:\Windows\Sysnative\win32k.sys
      2014-11-13 16:46:18 9F87516BF76C40B41D831F7D729A6044 482872 ----a-w- C:\Windows\Sysnative\AudioEng.dll
      2014-11-13 16:46:18 9C88C9397B44B76E5C9A44B8E2CE53A1 500016 ----a-w- C:\Windows\Sysnative\AudioSes.dll
      2014-11-13 16:46:18 93645AEBE163230A2ED5050C14AE6603 2149376 ----a-w- C:\Windows\Sysnative\msxml3.dll
      2014-11-13 16:46:18 84549E8C8BF76B293A7E625A98D4BCF9 81408 ----a-w- C:\Windows\Sysnative\packager.dll
      2014-11-13 16:46:18 8085F95BB18A171E7221D2831BC08BC2 394120 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll
      2014-11-13 16:46:18 7F70B1044272982AAEA7C16E83424770 226304 ----a-w- C:\Windows\Sysnative\AudioEndpointBuilder.dll
      2014-11-13 16:46:17 1D303CE5BCBD5B80BBA08321F28A3F86 21197152 ----a-w- C:\Windows\Sysnative\shell32.dll
      2014-11-13 16:46:16 C4306ADC38939CAC60EA38AAD9F170C0 13424128 ----a-w- C:\Windows\Sysnative\twinui.dll
      2014-11-13 16:46:16 BCE66E78D388875B87286CA091E7075F 7484224 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
      2014-11-13 16:46:16 1907823D5ACFD75D1D8C0D4318299726 2714112 ----a-w- C:\Windows\Sysnative\SettingsHandlers.dll
      2014-11-13 16:46:15 CA729FCE295895515A09BD6FF7903DC8 836176 ----a-w- C:\Windows\Sysnative\mfmp4srcsnk.dll
      2014-11-13 16:46:15 C88B63FE96DB4BCED65DD442BC8E77F5 1053184 ----a-w- C:\Windows\Sysnative\localspl.dll
      2014-11-13 16:46:15 A208498C5CD750A1743C1AC8162A810F 941568 ----a-w- C:\Windows\Sysnative\MFMediaEngine.dll
      2014-11-13 16:46:15 9CE162EB9057CF079736F4DD00FC0D6C 2480128 ----a-w- C:\Windows\Sysnative\WsmSvc.dll
      2014-11-13 16:46:15 8758F5DEBD2B950B2D56ED11F9E0B38F 545792 ----a-w- C:\Windows\Sysnative\untfs.dll
      2014-11-13 16:46:15 6C118AEDD15FDBEAECC0E85C64B5B86B 615424 ----a-w- C:\Windows\Sysnative\FXSCOMEX.dll
      2014-11-13 16:46:15 5416C603B6C85CF0698E8A2A1D28BAA2 448512 ----a-w- C:\Windows\Sysnative\puiobj.dll
      2014-11-13 16:46:15 50E96089F9BE352621997143A56C8E76 822272 ----a-w- C:\Windows\Sysnative\win32spl.dll
      2014-11-13 16:46:14 A92EF73B02686B7E6F070B486512DB88 389176 ----a-w- C:\Windows\Sysnative\ApnDatabase.xml
      2014-11-13 16:46:14 9C55CE9707B3CA29A6505BCDCC546390 275968 ----a-w- C:\Windows\Sysnative\FXSAPI.dll
      ====== C:\Windows\Sysnative\drivers =====
      2014-11-13 16:48:35 4E1207CE16E615B0B7A70DC889F4500E 563976 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
      2014-11-13 16:48:34 9F08A6608F98B5407E7DDBCF306573EF 27456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys
      2014-11-13 16:48:34 6D2EE96150E35B9EA49F2B481DE0369A 177472 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
      2014-11-13 16:47:14 DE8D12B4C3F55FA2C5E9774314F6C58A 258368 ----a-w- C:\Windows\Sysnative\drivers\WdFilter.sys
      2014-11-13 16:47:14 4AD874CDC812EC156265E451B6B09DAB 114496 ----a-w- C:\Windows\Sysnative\drivers\WdNisDrv.sys
      2014-11-13 16:47:14 0359607177E5E9F6041136CC0A5CB0B6 35320 ----a-w- C:\Windows\Sysnative\drivers\WdBoot.sys
      2014-11-13 16:46:15 E3FCE2A6B3533D99A3B498504DF9CC47 474432 ----a-w- C:\Windows\Sysnative\drivers\netio.sys
      2014-11-13 16:46:15 CCB3A2BB60FE5073F2DEA63FE83CF8FE 2497344 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys
      2014-11-13 16:46:15 7F23E38C5B6448F91439E4066645191E 428864 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS
      2014-11-13 16:46:15 66732C13628BDB1AB0D6FD46027327C2 148800 -c--a-w- C:\Windows\Sysnative\drivers\USBSTOR.SYS
      2014-11-05 23:07:01 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
      2014-11-05 23:06:00 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
      2014-11-05 23:06:00 D1F2D4DF0A5D3B700794E26356A55B44 64216 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
      2014-11-05 23:06:00 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
      ====== C:\Windows\Tasks ======
      ====== C:\Windows\Temp ======
      ======= C:\Program Files =====
      ======= C:\PROGRA~2 =====
      2014-11-21 17:50:35 -------- d-----w- C:\PROGRA~2\E Dev
      2014-11-02 20:19:37 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype
      2014-11-02 20:19:37 -------- d-----r- C:\PROGRA~2\Skype
      ======= C: =====
      ====== C:\Users\Jesse\AppData\Roaming ======
      2014-11-08 12:00:32 1036E3DDDC89A4E68D8A33F3823A180E 4 ----a-w- C:\Users\Jesse\AppData\Roaming\appdataFr2.bin
      2014-11-05 23:11:50 -------- d-----w- C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
      2014-11-05 23:11:35 -------- d-----w- C:\Users\Jesse\AppData\Local\Popcorn Time
      2014-11-05 22:41:33 -------- d-----w- C:\Users\Jesse\AppData\Local\PopcornTimeDesktop
      2014-10-31 16:49:43 -------- d-----w- C:\Users\Jesse\AppData\Locallow\Vogelsap
      ====== C:\Users\Jesse ======
      2014-11-21 17:51:24 1B4994A72B4C06A7FEF1D1BD61B9392F 109 ----a-w- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
      2014-11-21 17:50:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\E-Peek
      2014-11-18 17:04:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr
      2014-11-02 20:19:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

      ====== C: exe-files ==
      2014-11-21 23:06:28 04B527565BC4D0105D7B1BB4048332F4 49990816 ----a-w- C:\Users\Jesse\AppData\Roaming\Raptr\raptr-4.2.5-r90154-release.exe
      2014-11-21 17:50:37 A221333AC168B72F3284464809AD6F76 83787 ----a-w- C:\Program Files (x86)\E Dev\E-Peek\Uninstal.exe
      2014-11-21 17:32:48 C10E5EF1B85DE5B79AC2815C9A677D1F 1385808 ----a-w- C:\Users\Jesse\AppData\Roaming\uTorrent\updates\3.4.2_35702.exe
      2014-11-20 23:21:40 FF56E7E4C759079EF94655ED87FA8FFF 4214544 ----a-w- C:\Program Files (x86)\Raptr\vcredist_x86.exe
      2014-11-20 23:21:38 69C28E7BAB502935E7E96C9F53F4482F 45840 ----a-w- C:\Program Files (x86)\Raptr\raptr_im.exe
      2014-11-20 23:21:38 38429BDE3F544D3B38CF3DFE4691688B 55568 ----a-w- C:\Program Files (x86)\Raptr\raptrstub.exe
      2014-11-20 23:21:36 D252F67FFD162C1758F50063CFB2C1ED 706832 ----a-w- C:\Program Files (x86)\Raptr\raptr_encoder_server64-90151.exe
      2014-11-20 23:21:36 2678292B48B79DD14825C05273CD0A98 67344 ----a-w- C:\Program Files (x86)\Raptr\raptr.exe
      2014-11-20 23:21:36 0E2851E9EB7B7EA906C80FD62FAF9871 595216 ----a-w- C:\Program Files (x86)\Raptr\raptr_encoder_server-90151.exe
      2014-11-20 23:21:34 06F855202E2B5E2A379E35A461B68090 45328 ----a-w- C:\Program Files (x86)\Raptr\f2p_ping.exe
      2014-11-20 23:21:00 5E3DC7F5A98603744F4ACEB65F97FD83 148736 ----a-w- C:\Program Files (x86)\Raptr\raptr_ep64.exe
      2014-11-20 22:38:55 74322E943A7D28BC54123F76A592CC5B 2378664 ----a-w- C:\Users\Jesse\AppData\Local\Microsoft\Windows\INetCache\IE\EV63VZGK\setup-lightshot-5.1.4.34[1].exe
      2014-11-19 22:27:24 12D7BD58AD07FDA351394D5FDF8A7660 49997440 ----a-w- C:\Users\Jesse\AppData\Roaming\Raptr\raptr-4.2.4-r90040-release.exe
      2014-11-19 02:02:16 1F2D0CA0303BBDF294050508F3282BA7 706832 ----a-w- C:\Program Files (x86)\Raptr\raptr_encoder_server64-90037.exe
      2014-11-19 02:02:14 7A4668F35A0281FD4023688FF1E2766A 595216 ----a-w- C:\Program Files (x86)\Raptr\raptr_encoder_server-90037.exe
      2014-11-18 17:03:54 82F5DA41FA9ECDBB7D75955F09A38E8A 50032064 ----a-w- C:\Users\Jesse\AppData\Roaming\Raptr\raptr-4.2.2-r89964-release.exe
      2014-11-18 02:46:20 31FDE36900506F1D929DA6821836EB5F 706832 ----a-w- C:\Program Files (x86)\Raptr\raptr_encoder_server64-89886.exe
      2014-11-18 02:46:18 C4031457166452A3B6FA84EB09A94FE5 594704 ----a-w- C:\Program Files (x86)\Raptr\raptr_encoder_server-89886.exe
      === C: other files ==
      2014-11-21 23:06:19 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\Jesse\AppData\Roaming\Raptr\data\k4llahz\config\certificates\x509\tls_peers\xmpp-server8.raptr.com
      2014-11-21 17:32:43 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\Jesse\AppData\Roaming\Raptr\data\k4llahz\config\certificates\x509\tls_peers\xmpp-server4.raptr.com
      2014-11-21 17:32:43 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\Jesse\AppData\Roaming\Raptr\data\k4llahz\config\certificates\x509\tls_peers\xmpp-server3.raptr.com
      2014-11-20 23:21:26 2D572D06611D065E14EBAA6AB72A1157 9976173 ----a-w- C:\Program Files (x86)\Raptr\library.zip
      2014-11-20 20:33:59 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\Jesse\AppData\Roaming\Raptr\data\k4llahz\config\certificates\x509\tls_peers\xmpp-server2.raptr.com
      2014-11-18 17:04:22 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\Jesse\AppData\Roaming\Raptr\data\k4llahz\config\certificates\x509\tls_peers\xmpp-server5.raptr.com
      2014-11-15 21:50:51 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\Jesse\AppData\Roaming\Raptr\data\k4llahz\config\certificates\x509\tls_peers\xmpp-server6.raptr.com

      ==== Startup Registry Enabled ======================

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "AviraSpeedup"="C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe -autorun"

      [HKEY_USERS\S-1-5-21-2123730923-1139589465-46331695-1001\Software\Microsoft\Windows\CurrentVersion\Run]
      "f.lux"="C:\Users\Jesse\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
      "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
      "LightShot"="C:\Users\Jesse\AppData\Local\Skillbrains\lightshot\Lightshot.exe"
      "Voobly"="C:\Program Files (x86)\Voobly\voobly.exe --startup"
      "Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background"

      [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
      "AviraSpeedup"="C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe -autorun"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
      "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
      "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      "Avira Systray"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe"
      "Raptr"="C:\Program Files (x86)\Raptr\raptrstub.exe --startup"

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
      "f.lux"="C:\Users\Jesse\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
      "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
      "LightShot"="C:\Users\Jesse\AppData\Local\Skillbrains\lightshot\Lightshot.exe"
      "Voobly"="C:\Program Files (x86)\Voobly\voobly.exe --startup"
      "Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background"

      ==== Startup Registry Enabled x64 ======================

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60"

      ==== Startup Folders ======================

      2014-04-20 19:56:57 1054 ----a-w- C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
      2014-05-06 19:03:29 1061 ----a-w- C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
      2014-03-11 18:34:54 1282 ----a-w- C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk

      ==== Task Scheduler Jobs ======================

      C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12-11-2014 16:04]
      C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04-06-2014 20:46]
      C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04-06-2014 20:46]

      ==== Other Scheduled Tasks ======================

      "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
      "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
      "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
      "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

      ==== Firefox Extensions ======================

      AppDir: C:\Program Files (x86)\Mozilla Firefox
      - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

      ==== Firefox Plugins ======================

      Profilepath: C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\cb9t8a2q.default
      D6ED6EB98E759460AD8C66DE23070132 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
      18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL - Microsoft Office 2013


      ==== Chromium Look ======================

      Magic Actions for YouTube - Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif
      Google Docs - Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
      Google Drive - Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
      YouTube - Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
      Google Search - Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
      LoL Stream Browser - Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp
      Chromebleed - Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic
      HTTPS Everywhere - Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp
      AdBlock - Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
      TweetDeck by Twitter - Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl
      Reddit Enhancement Suite - Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb
      Ti\u00EBsto - Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh
      Google Wallet - Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
      Enhanced Steam - Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg
      Gmail - Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

      ==== Set IE to Default ======================

      Old Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

      New Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

      ==== All HKCU SearchScopes ======================

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
      "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
      {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
      {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

      ==== Reset Google Chrome ======================

      C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
      C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

      ==== Empty IE Cache ======================

      C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\Jesse\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\Jesse\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
      C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\Jesse\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Users\Jesse\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
      C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

      ==== Empty FireFox Cache ======================

      No FireFox Cache found

      ==== Empty Chrome Cache ======================

      C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

      ==== Empty All Flash Cache ======================

      Flash Cache Emptied Successfully

      ==== Empty All Java Cache ======================

      Java Cache cleared successfully

      ==== C:\zoek_backup content ======================

      C:\zoek_backup (files=129 folders=50 77639497 bytes)

      ==== Empty Temp Folders ======================

      C:\Users\Default\AppData\Local\Temp emptied successfully
      C:\Users\Default User\AppData\Local\Temp emptied successfully
      C:\Users\Jesse\AppData\Local\Temp will be emptied at reboot
      C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
      C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
      C:\Windows\Temp will be emptied at reboot

      ==== After Reboot ======================

      ==== Empty Temp Folders ======================

      C:\Windows\Temp successfully emptied
      C:\Users\Jesse\AppData\Local\Temp successfully emptied

      ==== Empty Recycle Bin ======================

      C:\$RECYCLE.BIN successfully emptied

      ==== EOF on za 22-11-2014 at 18:53:23,98 ======================

      Comment


      • #4
        Hoe is het nu?
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          Oorspronkelijk geplaatst door Emphyrio Bekijk Berichten
          Hoe is het nu?
          Geen idee, ik zal over een aantal dagen melden of het heeft geholpen (de extensie installeerde automatisch opnieuw na een aantal dagen)

          Comment


          • #6
            Ok, dan lees ik het wel
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment


            • #7
              1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

              2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

              Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

              3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

              4) Allerlei tips en hints kan je hier raadplegen.


              Ik zet het topic op opgelost.

              Indien er niet meer gereageerd wordt, zal binnen een 5-tal dagen deze thread automatisch verplaatst worden
              naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
              Dit is gedaan om het forum netjes en overzichtelijk te houden.

              Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.



              Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

              Emphyrio
              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

              Comment


              • #8
                Hoi Emphyrio,

                De extensie is weg Dank daarvoor. Helaas openen er nog wel veel pop-ups en soms linken linkjes door naar een advertentie...
                Enig idee wat het kan zijn? Ik heb in mijn hosts file gekeken, dacht dat het daar aan lag, maar daar staat niks vreemds in.
                Het enige dat raar is, is dat het bestandstype fastncheap is (de naam van de spyware die op mn pc stond..).
                Er zijn ook andere bestanden die die bestandextensies hebben, hierbij een paar plaatjes.

                Comment


                • #9
                  Sluit ALLE browser, dus ook deze.
                  Download HostsXpert.
                  Unzip het programma.
                  Start het en klik op "Restore Microsoft Host file".
                  Klik op "OK" en sluit het programma af.

                  Herstart je PC.
                  Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                  E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                  Comment


                  • #10
                    Het lijkt er op dat het gefixed is (de filetypes zijn echter nog steeds fastncheap en ik kan dit niet aanpassen), als ik over een paar dagen weer last heb, zal ik het melden.
                    In de hosts file stond trouwens maar 1 line extra, namelijk ::1 maar ik kan me niet meer herinneren of ik die zelf toegevoegd had ooit.

                    Comment


                    • #11
                      In de hosts file stond trouwens maar 1 line extra, namelijk ::1
                      Dat is juist en moet zo zijn

                      Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
                      Deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
                      Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

                      Download Zoek.exe naar het bureaublad.
                      • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
                      • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken" als je zip- of rar-download hebt gebruikt.
                      • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
                      • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
                      • Kopieer nu onderstaande code en plak die in het grote invulvenster:
                      • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkwaardig probleem.
                        Code:
                        emptyclsid;
                        emptyfolderscheck;
                        firefoxlook; 
                        Chromelook; 
                        CHRdefaults;
                        autoclean; 
                        iedefaults; 
                        filesrcm;  
                        startupall;
                      • Klik nu op de knop "Run script".
                      • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
                      • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
                      • Post het geopende logje in het volgende bericht
                      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                      Comment


                      • #12
                        Hoi Emphyrio,

                        Bij deze het logje: zoek-results.txt

                        Comment


                        • #13
                          Hoe is het nu?
                          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                          Comment


                          • #14
                            Helaas Net weer advertenties gekregen als ik op links klikte. Dit was gewoon op reddit, waar geen reclame op is
                            Zal ik een systeemherstel doen naar het punt voor ik het programma installeerde wat dit veroorzaakte? Zou dit het kunnen verhelpen?

                            Comment


                            • #15
                              Een systeemherstel lost het probleem niet op.

                              Doe eens deze stappen met RIES om je IE settings te herstellen.

                              Reset je Chrome volgens deze handleiding.
                              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X