Mededeling

Collapse
No announcement yet.

Zeer trage pc! trojan *32 - Vele duizenden processen te zien in taakbeheer!!

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Zeer trage pc! trojan *32 - Vele duizenden processen te zien in taakbeheer!!

    Beste,

    Ik heb sinds gisteren een zeer ambetante probleem op mijn computer. Er waren in totaal 7000 processen actief waardoor dus veel geheugen in gebruik werd genomen. Ik had een update gedaan van java. het betreft dus processen javaws java opstart schedule ofzoiets. Heb gescand met malewarebytes en maar het probleem is niet helemaal opgelost.

    Overal zijn mijn processen genaamd met *32.

    Wat kan ik best doen aub?

    Onderaan heb ik ook nog wat screenshot van sommige scans dat ik heb uitgevoerd.


    Taakbeheer:

    Click image for larger version

Name:	pc.jpg
Views:	1
Size:	331,8 KB
ID:	1074128

    Prestaties computer:

    Click image for larger version

Name:	prestatie.jpg
Views:	1
Size:	386,3 KB
ID:	1074129

    Spybotsearch

    Click image for larger version

Name:	spybot search.jpg
Views:	1
Size:	258,5 KB
ID:	1074130

    Ccleaner
    Click image for larger version

Name:	ccleaner.jpg
Views:	1
Size:	370,8 KB
ID:	1074131


    Zoals je kan merken zijn het allemal abnormale zaken aan het weergeven. Het is heel vreemd alleszins. Ik heb nooit zoiets gezien tijdens de scans.

    Wie kan er mij graag helpen aub?


    Mvg

  • #2
    Gisteren nacht had ik 7000 keren java opstart schedule proces te zien. na het scan met maleware, is het zo te zien nu wat anders. spyhunter moet je registreren dus heb ik daar niets kunnen weghalen.

    Comment


    • #3
      hijack file


      Logfile of Trend Micro HijackThis v2.0.5
      Scan saved at 16:30:33, on 24/10/2015
      Platform: Windows 7 SP1 (WinNT 6.00.3505)
      MSIE: Internet Explorer v11.0 (11.00.9600.18057)

      FIREFOX: 41.0.2 (x86 nl)
      Boot mode: Normal

      Running processes:
      C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
      C:\Program Files (x86)\AVG\AVG2015\avgui.exe
      C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
      C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
      C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
      C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
      C:\Users\Ilyas\Downloads\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={5CBBEC10-A80E-46F4-9124-E8134291F77D}&mid=25f00a53d83047d095d5395874fc3639-6c17a574261514753da19de39df22563844ca3bb&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915wt&pr=fr&d=2015-09-18 18:03:50&v=4.1.6.294&pid=wtu&sg=&sap=hp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      F2 - REG:system.ini: UserInit=userinit.exe,
      O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
      O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: AVG Web TuneUp - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.1.8.599\AVG Web TuneUp.dll
      O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
      O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
      O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
      O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
      O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
      O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
      O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
      O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
      O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
      O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
      O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
      O17 - HKLM\System\CS2\Services\Tcpip\..\{47451F4A-22ED-4D72-8D3B-3F0D2007E2CA}: NameServer = 8.8.8.8,8.8.4.4
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
      O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
      O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
      O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
      O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
      O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
      O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
      O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
      O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
      O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: vToolbarUpdater40.1.8 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe
      O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
      O23 - Service: WtuSystemSupport - Unknown owner - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

      --
      End of file - 10744 bytes

      Comment


      • #4
        Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
        Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
        (hier en hier) kan je lezen hoe je dat doet.

        Download Zoek.exe naar het bureaublad (klik hier voor meer informatie over hoe zoek.exe te gebruiken)
        • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
        • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
        • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
        • Kopieer nu onderstaande code en plak die in het grote invulvenster:
        • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
          Code:
          emptyfolderscheck;delete
          firefoxlook; 
          Chromelook; 
          CHRdefaults;
          autoclean; 
          iedefaults;
        • Klik nu op de knop "Run script".
        • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
        • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
        • Post het geopende logje in het volgende bericht als bijlage.

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          Via taakbeheer probeer ik de avg antivirus processor te beeindigen maar ik krijg een venster, met 'kan de bewerking niet voltooien. toegang geweigerd' hij doet het dus niets. nl. avggui.exe*32

          Onderaan rechts is hij actief en daar kan ik hem niet afsluiten ook.

          Comment


          • #6
            Download de 32 of 64 bit versie van HitmanPro naar het bureaublad.
            Klik hier voor een uitgebreide handleiding van HitmanPro.
            • Dubbelklik op "HitmanPro.exe" en klik op "volgende"
            • Vink de optie "Ik accepteer de voorwaarden van de gebruikersovereenkomst aan" en klik op "Volgende"
            • Klik in het setup scherm nu nogmaals op "Volgende", nu zal automatisch de scan starten, doe verder niets op de computer totdat de scan gereed is.
            • Als de scan klaar is klik je op "volgende"
            • Activeer nu de gratis licentie, hiermee kunt u 30 dagen gratis HitmanPro gebruiken en de gevonden infecties verwijderen.
            • Note: indien u reeds eerder gebruik hebt gemaakt van de 30 dagen trial-versie van HitmanPro is het niet meer mogelijk om gratis de gevonden infecties te verwijderen.
            • Als het verwijderen gereed is klik je onderin het scherm op "Save log" of "Logbestand opslaan" en sla deze op bijvoorbeeld het bureaublad op.
              Post dit logje in het volgende bericht.
            • Klik nu op de knop "Herstarten".

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              Zoek.exe v5.0.0.1 Updated 23-October-2015
              Tool run by Ilyas on za 24/10/2015 at 19:54:12,47.
              Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
              Running in: Normal Mode Internet Access Detected
              Launched: C:\Users\Ilyas\Downloads\zoek.exe [Scan all users] [Script inserted]

              ==== System Restore Info ======================

              24/10/2015 19:55:39 Zoek.exe System Restore Point Created Successfully.

              ==== Empty Folders Check ======================

              C:\PROGRA~2\AGEIA Technologies deleted successfully
              C:\PROGRA~2\Camfrog deleted successfully
              C:\PROGRA~2\GoforFiles deleted successfully
              C:\PROGRA~2\MSXML 4.0 deleted successfully
              C:\PROGRA~2\Nokia deleted successfully
              C:\Program Files\log deleted successfully
              C:\PROGRA~3\Camfrog Update deleted successfully
              C:\PROGRA~3\Nokia deleted successfully
              C:\PROGRA~3\Tarma Installer deleted successfully
              C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully
              C:\Users\Ilyas\AppData\Roaming\BitTorrent deleted successfully
              C:\Users\Ilyas\AppData\Roaming\Nico Mak Computing deleted successfully
              C:\Users\Ilyas\AppData\Roaming\ntsvc deleted successfully
              C:\Users\Ilyas\AppData\Local\EmieBrowserModeList deleted successfully
              C:\Users\Ilyas\AppData\Local\EmieSiteList deleted successfully
              C:\Users\Ilyas\AppData\Local\EmieUserList deleted successfully
              C:\Users\Seyma\AppData\Local\VirtualStore deleted successfully

              ==== Deleting CLSID Registry Keys ======================

              HKEY_USERS\S-1-5-21-3503465373-57857859-2028083680-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
              HKEY_USERS\S-1-5-21-3503465373-57857859-2028083680-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} deleted successfully
              HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
              HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

              ==== Deleting CLSID Registry Values ======================


              ==== Deleting Services ======================

              HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport deleted successfully
              HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WtuSystemSupport deleted successfully
              HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater40.1.8 deleted successfully
              HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater40.1.8 deleted successfully

              ==== Batch Command(s) Run By Tool======================

              C:\Windows\system32\appdata deleted

              ==== Deleting Files \ Folders ======================

              C:\PROGRA~2\AGEIA Technologies not found
              C:\PROGRA~2\Camfrog not found
              C:\PROGRA~2\GoforFiles not found
              C:\PROGRA~2\Nokia not found
              C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found
              "C:\Windows\Installer\8f5cbd.msi" not found
              "C:\Windows\Installer\8f5cc3.msi" not found
              "C:\Windows\Installer\8f5cb7.msi" not found
              C:\Users\Ilyas\AppData\Roaming\.ACEStream deleted
              C:\Windows\syswow64\appdata deleted
              C:\Users\Ilyas\AppData\Local\AVG Web TuneUp deleted
              C:\Users\Ilyas\.android deleted
              C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted
              C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml deleted
              C:\PROGRA~2\SopCast deleted
              C:\PROGRA~2\AVG Security Toolbar deleted
              C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
              C:\PROGRA~2\Wondershare deleted
              C:\PROGRA~2\COMMON~1\Wondershare deleted
              C:\Users\Ilyas\AppData\Roaming\RHEng deleted
              C:\Users\Ilyas\AppData\Roaming\GoforFiles deleted
              C:\Users\Ilyas\AppData\Roaming\DVDVideoSoftIEHelpers deleted
              C:\PROGRA~3\AVG Web TuneUp deleted
              C:\PROGRA~3\Avg_Update_0814tb deleted
              C:\PROGRA~3\AVG Secure Search deleted
              C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted
              C:\Users\Ilyas\AppData\Local\Wondershare deleted
              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
              C:\Windows\SysNative\roboot64.exe deleted
              C:\Users\Ilyas\AppData\LocalLow\AVG Secure Search deleted
              C:\Users\Seyma\AppData\LocalLow\AVG Secure Search deleted
              C:\Windows\wininit.ini deleted
              "C:\Users\Ilyas\AppData\Roaming\date" deleted
              "C:\Users\Ilyas\AppData\Roaming\evf9" deleted
              "C:\ProgramData\slzsktwzuveqovq" deleted
              "C:\PROGRA~2\AVG Web TuneUp\icudt.dll" deleted
              "C:\PROGRA~2\AVG Web TuneUp\libcef.dll" deleted
              "C:\PROGRA~2\AVG Web TuneUp\vprot.exe" deleted
              "C:\PROGRA~2\AVG Web TuneUp\locales\en-US.pak" deleted
              "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\40.1.8\avgdttbx.dll" deleted
              "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\40.1.8\log4cplusU.dll" deleted
              "C:\PROGRA~2\AVG Web TuneUp" deleted
              "C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted
              "C:\PROGRA~2\AVG Web TuneUp\locales" deleted
              "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" deleted
              "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted
              "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\40.1.8" deleted
              "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\40.1.8" deleted

              ==== Firefox Start and Search pages ======================

              ProfilePath: C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743
              user_pref("browser.startup.homepage", "https://www.google.be/");

              ==== Firefox Extensions Registry ======================

              [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
              "{ACAA314B-EEBA-48e4-AD47-84E31C44796C}"="C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff"
              [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
              "{B64D9B05-48E1-4CEB-BF58-E0643994E900}"="C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff"

              ==== Firefox Extensions ======================

              ProfilePath: C:\Users\Ilyas\AppData\Roaming\Thunderbird\Profiles\6lqd68sw.default
              - Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}

              AppDir: C:\Program Files (x86)\Mozilla Firefox
              - Belgium eID - %AppDir%\extensions\[email protected]
              - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

              ==== Firefox Plugins ======================

              Profilepath: C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743
              863AF0003392FEBC2667A8A790DED955 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll - Shockwave Flash
              9297A960E3DA318A1D0832375EC37953 - C:\Users\Ilyas\AppData\Roaming\ACEStream\player\npace_plugin.dll - Ace Stream P2P Multimedia Plug-in


              ==== Chromium Look ======================

              Google Chrome Version: 46.0.2490.80

              HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
              ochbjojkpcmlfeagbaahkofepalngihg - No path found

              Google Docs - Ilyas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
              Google Drive - Ilyas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
              YouTube - Ilyas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
              Google Search - Ilyas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
              Google Docs Offline - Ilyas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
              Chrome Web Store Payments - Ilyas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
              Gmail - Ilyas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
              Docs - Seyma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
              Google Drive - Seyma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
              YouTube - Seyma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
              Google Search - Seyma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
              Google Wallet - Seyma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
              Gmail - Seyma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

              ==== Set IE to Default ======================

              Old Values:
              [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
              "Start Page"="https://mysearch.avg.com/?cid={5CBBEC10-A80E-46F4-9124-E8134291F77D}&mid=25f00a53d83047d095d5395874fc3639-6c17a574261514753da19de39df22563844ca3bb&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915wt&pr=fr&d=2015-09-18 18:03:50&v=4.1.6.294&pid=wtu&sg=&sap=hp"

              New Values:
              [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
              "Start Page"="http://www.google.com"

              ==== All HKCU SearchScopes ======================

              HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
              "DefaultScope"="{0BD6E5B3-ACAA-4440-9C48-9154F7B380BE}"
              {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
              {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
              {0BD6E5B3-ACAA-4440-9C48-9154F7B380BE} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

              ==== Reset Google Chrome ======================

              C:\Users\Ilyas\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
              C:\Users\Ilyas\AppData\Local\Google\Chrome\User Data\Default\Preferences.bak was reset successfully
              C:\Users\Ilyas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
              C:\Users\Ilyas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bak was reset successfully
              C:\Users\Seyma\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
              C:\Users\Ilyas\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
              C:\Users\Seyma\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

              ==== Deleting CLSID Registry Keys ======================

              HKEY_USERS\S-1-5-21-3503465373-57857859-2028083680-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
              HKEY_USERS\S-1-5-21-3503465373-57857859-2028083680-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
              HKEY_USERS\S-1-5-21-3503465373-57857859-2028083680-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
              HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
              HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
              HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
              HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

              ==== Deleting CLSID Registry Values ======================

              HKEY_USERS\S-1-5-21-3503465373-57857859-2028083680-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
              HKEY_USERS\S-1-5-21-3503465373-57857859-2028083680-1000\Software\Mozilla\Firefox\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} deleted successfully
              HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} deleted successfully

              ==== Deleting Registry Keys ======================

              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\394E2E69484C3E34B9596DE27E4DD0A3 deleted successfully
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B deleted successfully
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B deleted successfully
              HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp deleted successfully
              HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{96E2E493-C484-43E3-9B95-D62EE7D40D3A} deleted successfully
              HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\394E2E69484C3E34B9596DE27E4DD0A3 deleted successfully
              HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B deleted successfully
              HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid deleted successfully
              HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe deleted successfully

              ==== Empty IE Cache ======================

              C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
              C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
              C:\Users\Ilyas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
              C:\Users\Seyma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
              C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
              C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
              C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
              C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
              C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
              C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
              C:\Users\Ilyas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ZNQPV0Y will be deleted at reboot
              C:\Users\Ilyas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H0YHF20X will be deleted at reboot
              C:\Users\Ilyas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNIIURAE will be deleted at reboot

              ==== Empty FireFox Cache ======================

              C:\Users\Ilyas\AppData\Local\Mozilla\Firefox\Profiles\gwoswr54.default\Cache emptied successfully
              C:\Users\Ilyas\AppData\Local\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cache2 emptied successfully

              ==== Empty Chrome Cache ======================

              C:\Users\Ilyas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
              C:\Users\Seyma\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

              ==== Empty All Flash Cache ======================

              Flash Cache Emptied Successfully

              ==== Empty All Java Cache ======================

              Java Cache cleared successfully

              ==== C:\zoek_backup content ======================

              C:\zoek_backup (files=912 folders=251 358762159 bytes)

              ==== Empty Temp Folders ======================

              C:\Users\Default\AppData\Local\Temp emptied successfully
              C:\Users\Default User\AppData\Local\Temp emptied successfully
              C:\Users\Ilyas\AppData\Local\Temp will be emptied at reboot
              C:\Users\Seyma\AppData\Local\Temp emptied successfully
              C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
              C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
              C:\Windows\Temp will be emptied at reboot

              ==== After Reboot ======================

              ==== Empty Temp Folders ======================

              C:\Windows\Temp successfully emptied
              C:\Users\Ilyas\AppData\Local\Temp successfully emptied

              ==== Empty Recycle Bin ======================

              C:\$RECYCLE.BIN successfully emptied

              ==== Deleting Files / Folders ======================

              "C:\Users\Ilyas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ZNQPV0Y" not found
              "C:\Users\Ilyas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H0YHF20X" not found
              "C:\Users\Ilyas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNIIURAE" not found

              ==== EOF on za 24/10/2015 at 20:28:59,02 ======================

              Comment


              • #8
                Logfile Hitmanpro na scan en verwijdering.

                Code:
                HitmanPro 3.7.10.250
                www.hitmanpro.com
                
                   Computer name . . . . : ILYAS-PC
                   Windows . . . . . . . : 6.1.1.7601.X64/2
                   User name . . . . . . : Ilyas-PC\Ilyas
                   UAC . . . . . . . . . : Enabled
                   License . . . . . . . : Trial (30 days left)
                
                   Scan date . . . . . . : 2015-10-24 20:33:23
                   Scan mode . . . . . . : Normal
                   Scan duration . . . . : 16m 40s
                   Disk access mode  . . : Direct disk access (SRB)
                   Cloud . . . . . . . . : Internet
                   Reboot  . . . . . . . : Yes
                
                   Threats . . . . . . . : 8
                   Traces  . . . . . . . : 135
                
                   Objects scanned . . . : 2.240.547
                   Files scanned . . . . : 34.793
                   Remnants scanned  . . : 295.143 files / 1.910.611 keys
                
                Malware _____________________________________________________________________
                
                   C:\Users\Ilyas\AppData\Roaming\ACEStream\engine\ace_console.exe -> Quarantined
                      Size . . . . . . . : 27.392 bytes
                      Age  . . . . . . . : 391.2 days (2014-09-28 15:26:59)
                      Entropy  . . . . . : 6.5
                      SHA-256  . . . . . : F797D0EC894C980567354421314E42F14909BB3C3B5731DCAAB2F149CB1AADBA
                      RSA Key Size . . . : 2048
                      Authenticode . . . : Valid
                    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Agent.fqfi
                      Fuzzy  . . . . . . : 99.0
                
                   C:\Users\Ilyas\AppData\Roaming\ACEStream\engine\ace_engine.exe -> Quarantined
                      Size . . . . . . . : 27.904 bytes
                      Age  . . . . . . . : 391.2 days (2014-09-28 15:26:59)
                      Entropy  . . . . . : 6.5
                      SHA-256  . . . . . : 83A7A849C9ACC0EB3536096C903F21CDA77FD9253A6FDE084C03023FE38FEEEF
                      RSA Key Size . . . : 2048
                      Authenticode . . . : Valid
                    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Agent.fqfi
                      Fuzzy  . . . . . . : 99.0
                
                   C:\Users\Ilyas\AppData\Roaming\ACEStream\engine\ace_stream.exe -> Quarantined
                      Size . . . . . . . : 27.904 bytes
                      Age  . . . . . . . : 391.2 days (2014-09-28 15:26:59)
                      Entropy  . . . . . : 6.5
                      SHA-256  . . . . . : 60FE12B34C15A6A1D622E771F30AB572316AD0122B5041554CEBA7549F207461
                      RSA Key Size . . . : 2048
                      Authenticode . . . : Valid
                    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Agent.fqfi
                      Fuzzy  . . . . . . : 99.0
                
                   C:\Users\Ilyas\AppData\Roaming\ACEStream\engine\lib\ctools.dll -> Quarantined
                      Size . . . . . . . : 642.680 bytes
                      Age  . . . . . . . : 391.2 days (2014-09-28 15:26:59)
                      Entropy  . . . . . : 7.0
                      SHA-256  . . . . . : BBC2FC1A1606BD47EFE7B479BE39BFC0616943FBA44BA06C8326FDA7F7CA465E
                      RSA Key Size . . . : 2048
                      Authenticode . . . : Valid
                    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Agent.fqfi
                      Fuzzy  . . . . . . : 99.0
                
                   C:\Users\Ilyas\AppData\Roaming\ACEStream\player\libtsplayer.dll -> Quarantined
                      Size . . . . . . . : 153.208 bytes
                      Age  . . . . . . . : 398.9 days (2014-09-20 23:07:15)
                      Entropy  . . . . . : 6.5
                      SHA-256  . . . . . : 11A1F5F18CFDA07565CC2E34E5C4154723A0899C863563E41ED3BD9438A4EFEA
                      RSA Key Size . . . : 2048
                      Authenticode . . . : Valid
                    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Agent.fqfi
                      Fuzzy  . . . . . . : 99.0
                
                   C:\Users\Ilyas\AppData\Roaming\ACEStream\player\libtsplayercore.dll -> Quarantined
                      Size . . . . . . . : 1.977.976 bytes
                      Age  . . . . . . . : 398.9 days (2014-09-20 23:07:15)
                      Entropy  . . . . . : 7.1
                      SHA-256  . . . . . : 362DAB19838D7C02A4D9B952A3959DAEDB692A6803247FE10B3D2D9571F8A23E
                      RSA Key Size . . . : 2048
                      Authenticode . . . : Valid
                    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Agent.fqfi
                      Fuzzy  . . . . . . : 103.0
                
                   C:\Users\Ilyas\AppData\Roaming\ACEStream\player\plugins\libp2p_access_plugin.dll -> Quarantined
                      Size . . . . . . . : 1.481.336 bytes
                      Age  . . . . . . . : 398.9 days (2014-09-20 23:07:22)
                      Entropy  . . . . . : 6.4
                      SHA-256  . . . . . : 3585BC9E9C3E229436B132902E1535B547CF9C75BE41843B1E4F39C98F8E0F2B
                      RSA Key Size . . . : 2048
                      Authenticode . . . : Valid
                    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Agent.fqfi
                      Fuzzy  . . . . . . : 99.0
                
                   C:\Users\Ilyas\AppData\Roaming\ACEStream\player\plugins\libqt4_plugin.dll -> Quarantined
                      Size . . . . . . . : 30.868.088 bytes
                      Age  . . . . . . . : 398.9 days (2014-09-20 23:07:23)
                      Entropy  . . . . . : 6.6
                      SHA-256  . . . . . : FCB0F6D476D51B795242F40CD4642E51C98DED2E2687158C67967A1A8AF8A83C
                      RSA Key Size . . . : 2048
                      Authenticode . . . : Valid
                    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Agent.fqfi
                      Fuzzy  . . . . . . : 99.0
                
                
                Potential Unwanted Programs _________________________________________________
                
                   HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0\ (Sweetpacks) -> Deleted
                   HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}\ (Delta Search) -> Deleted
                   HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}\ (Delta Search) -> Deleted
                   HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}\ (Delta Search) -> Deleted
                   HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}\ (Delta Search) -> Deleted
                   HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}\ (Delta Search) -> Deleted
                   HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}\ (Delta Search) -> Deleted
                   HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}\ (Delta Search) -> Deleted
                   HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}\ (Delta Search) -> Deleted
                   HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}\ (Delta Search) -> Deleted
                   HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}\ (Delta Search) -> Deleted
                   HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}\ (Delta Search) -> Deleted
                   HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}\ (Delta Search) -> Deleted
                   HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}\ (Delta Search) -> Deleted
                   HKLM\SOFTWARE\Classes\Prod.cap\ (Claro) -> Deleted
                   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar) -> Deleted
                   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0\ (Sweetpacks) -> Deleted
                   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} (Sweetpacks) -> Deleted
                   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} (Sweetpacks) -> Deleted
                   HKLM\SOFTWARE\Tarma Installer\Components\{4889CB45-FFEB-486E-8785-D034DAC2ACE6}\ (Yontoo) -> Deleted
                   HKLM\SOFTWARE\Tarma Installer\Products\{361E80BE-388B-4270-BF54-A10C2B756504}\ (Yontoo) -> Deleted
                   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar) -> Deleted
                   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}\ (Sweetpacks) -> Deleted
                   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32\ (AskBar) -> Deleted
                   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS\ (AskBar) -> Deleted
                   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32\ (Babylon) -> Deleted
                   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS\ (Babylon) -> Deleted
                   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\offer0_RASAPI32\ (BrowserSecurity) -> Deleted
                   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\offer0_RASMANCS\ (BrowserSecurity) -> Deleted
                   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\rkinstaller_RASAPI32\ (RelevantKnowledge) -> Deleted
                   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\rkinstaller_RASMANCS\ (RelevantKnowledge) -> Deleted
                   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\rlvknlg_RASAPI32\ (RelevantKnowledge) -> Deleted
                   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\rlvknlg_RASMANCS\ (RelevantKnowledge) -> Deleted
                   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASAPI32\ (Yontoo) -> Deleted
                   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASMANCS\ (Yontoo) -> Deleted
                   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} (Sweetpacks) -> PendingDelete
                   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} (Sweetpacks) -> PendingDelete
                   HKU\S-1-5-21-3503465373-57857859-2028083680-1000\Software\Conduit\ (Conduit) -> Deleted
                   HKU\S-1-5-21-3503465373-57857859-2028083680-1000\Software\Softonic\ (Softonic) -> Deleted
                
                Cookies _____________________________________________________________________
                
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:abmr.net
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:acuityplatform.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:ad.360yield.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:adform.net
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:adformdsp.net
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:adgrx.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:adingo.jp
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:adnxs.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:ads.p161.net
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:ads.stickyadstv.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:adscale.de
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:adserving.unibet.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:adsrvr.org
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:adsymptotic.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:adtechus.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:advertising.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:agkn.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:angsrvr.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:atdmt.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:atemda.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:audienceiq.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:bidr.io
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:bidswitch.net
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:bluekai.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:bs.serving-sys.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:c1.adform.net
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:casalemedia.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:cdn.turn.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:chango.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:contextweb.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:ctnsnet.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:delivery.swid.switchads.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:demdex.net
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:dotomi.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:doubleclick.net
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:dpm.demdex.net
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:erne.co
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:everesttech.net
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:eyereturn.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:eyeviewads.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:flashtalking.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:genieessp.jp
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:genieesspv.jp
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:go.flx1.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:go.sonobi.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:gssprt.jp
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:gwallet.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:href.asia
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:imrworldwide.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:krxd.net
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:liverail.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:m6r.eu
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:match.rundsp.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:mathtag.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:ml314.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:nexac.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:openx.net
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:pixel.rubiconproject.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:pixel.sitescout.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:pubmatic.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:revsci.net
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:rfihub.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:rs.gwallet.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:rtbidder.net
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:rubiconproject.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:scorecardresearch.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:server.adformdsp.net
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:servesharp.net
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:serving-sys.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:simpli.fi
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:sitescout.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:skimresources.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:smartadserver.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:stat.komoona.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:stats.adotube.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:taboola.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:tap-t.rubiconproject.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:tap2-cdn.rubiconproject.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:tidaltv.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:track.adform.net
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:trc.taboola.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:tribalfusion.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:tubemogul.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:turn.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:w55c.net
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:wtp101.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:www.wtp101.com
                   C:\Users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\cookies.sqlite:yieldlab.net

                Comment


                • #9
                  Screenhot taakbeheer na deze 2 scans met zoek.exe en hitman pro.

                  Click image for larger version

Name:	Screenshot taakbeheer.jpg
Views:	1
Size:	280,6 KB
ID:	1068509



                  De *32 zijn nog aanwezig?? het aantal open processen weergegeven beneden en het aantal dat we effectief zien op de lijst klopt toch ook nog niet?...

                  Comment


                  • #10
                    ???? waarom krijg ik geen verdere hulp meer?

                    Comment


                    • #11
                      Oorspronkelijk geplaatst door Calimero30 Bekijk Berichten
                      ???? waarom krijg ik geen verdere hulp meer?
                      Excuses dat het wat langer duurt, maar de behandelaren hebben ook een leven buiten internet en doen dit vrijwillig.
                      Zodra een van onze behandelaren tijd heeft krijg je nog steeds hulp.
                      Liefs Typetje

                      Als ik er nog niet ben, dan ben ik in ieder geval onderweg.



                      read my blog

                      Comment


                      • #12
                        Sorry voor het wat late antwoord maar het is zoals typetje zegt.

                        Download ComboFix van één van de onderstaande locaties naar het bureaublad.
                        Bleeping Computer
                        Info Spyware

                        Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met ComboFix.exe
                        (hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.
                        • Dubbelklik op "ComboFix" om de tool te starten, Windows Vista, 7 & 8 gebruikers zullen een melding krijgen van UAC (Gebruikersaccountbeheer), klik hier op Ja / yes.
                        • Op een Windows XP computer zal ComboFix de "Recovery Console" installeren als deze nog niet aanwezig is. (Een actieve internet verbinding is dan een vereiste).
                        • Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok".
                        • Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
                        • Klik in het scherm van de disclaimer op "I Agree", de benodigde onderdelen worden nu uitgepakt en middels ERUNT wordt er een register back-up gemaakt.
                        • Wanneer dit gereed is zal ComboFix vanzelf starten, in het blauwe scherm ziet u de voortgang van de systeemscan die wordt uitgevoerd.
                        • Belangrijk! gebruik de computer tijdens de scan niet voor andere zaken.
                        • Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bijvoorbeeld bij de aanwezigheid van een rootkit, dit is normaal.


                        Logbestand plaatsen
                        • Voeg het logbestand met de naam ComboFix.txt als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden in de map "C:\ComboFix.txt")



                        * Noot !!! Indien u één van de onderstaande meldingen krijgt na het gebruik van ComboFix herstart dan de computer.
                        • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
                        • Illegal operation attempted on a registry key that has been marked for deletion.

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          ComboFix 15-10-26.01 - Ilyas 26/10/2015 18:44:41.1.2 - x64
                          Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3957.1859 [GMT 1:00]
                          Gestart vanuit: c:\users\Ilyas\Downloads\ComboFix.exe
                          AV: AVG AntiVirus Free Edition *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
                          SP: AVG AntiVirus Free Edition *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
                          SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                          .
                          .
                          (((((((((((((((((((( Bestanden Gemaakt van 2015-09-26 to 2015-10-26 ))))))))))))))))))))))))))))))
                          .
                          .
                          2015-10-26 17:56 . 2015-10-26 17:56 -------- d-----w- c:\users\Seyma\AppData\Local\temp
                          2015-10-26 17:56 . 2015-10-26 17:56 -------- d-----w- c:\users\Default\AppData\Local\temp
                          2015-10-24 18:33 . 2015-10-24 18:33 -------- d-----w- c:\program files\HitmanPro
                          2015-10-24 18:32 . 2015-10-24 18:53 -------- d-----w- c:\programdata\HitmanPro
                          2015-10-24 18:24 . 2015-10-24 17:54 24064 ----a-w- c:\windows\zoek-delete.exe
                          2015-10-24 18:24 . 2015-10-26 17:56 -------- d-----w- c:\users\Ilyas\AppData\Local\Temp
                          2015-10-24 17:54 . 2015-10-24 18:16 -------- d-----w- C:\zoek_backup
                          2015-10-24 15:46 . 2015-10-24 16:05 -------- d-----w- c:\users\Ilyas\AppData\Local\AvgSetupLog
                          2015-10-23 21:31 . 2015-10-23 21:31 -------- d-----w- c:\users\Ilyas\AppData\Roaming\Enigma Software Group
                          2015-10-23 21:30 . 2015-10-23 21:30 -------- d-----w- C:\sh4ldr
                          2015-10-23 21:30 . 2015-10-23 21:30 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
                          2015-10-23 21:30 . 2015-10-23 21:30 -------- d-----w- c:\program files\Enigma Software Group
                          2015-10-23 20:29 . 2015-10-24 18:57 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
                          2015-10-23 20:28 . 2015-10-05 07:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
                          2015-10-23 20:28 . 2015-10-05 07:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
                          2015-10-23 20:28 . 2015-10-05 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
                          2015-10-23 20:27 . 2015-10-23 20:31 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
                          2015-10-23 19:38 . 2015-10-23 21:26 -------- d-----w- c:\programdata\F-Secure
                          2015-10-23 19:38 . 2015-10-23 19:38 -------- d-----w- c:\users\Ilyas\AppData\Local\F-Secure
                          2015-10-21 15:24 . 2015-10-21 15:24 -------- d-----w- c:\users\Ilyas\.oracle_jre_usage
                          2015-10-14 17:36 . 2015-08-06 18:06 14182912 ----a-w- c:\windows\system32\shell32.dll
                          2015-10-14 17:35 . 2015-09-18 19:19 700416 ----a-w- c:\windows\system32\invagent.dll
                          2015-10-14 17:35 . 2015-09-18 19:19 766464 ----a-w- c:\windows\system32\generaltel.dll
                          2015-10-14 17:35 . 2015-09-18 19:19 503808 ----a-w- c:\windows\system32\devinv.dll
                          2015-10-14 17:35 . 2015-09-18 19:19 1291264 ----a-w- c:\windows\system32\appraiser.dll
                          2015-10-14 17:35 . 2015-09-18 19:22 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe
                          2015-10-14 17:35 . 2015-09-18 19:19 73216 ----a-w- c:\windows\system32\acmigration.dll
                          2015-10-14 17:35 . 2015-09-18 19:09 1163776 ----a-w- c:\windows\system32\aeinv.dll
                          2015-10-14 17:33 . 2015-07-18 13:08 984448 ----a-w- c:\windows\system32\ucrtbase.dll
                          2015-10-13 18:15 . 2015-10-26 17:31 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
                          2015-10-08 19:52 . 2015-10-08 19:53 -------- d-----w- c:\programdata\KashExpert
                          2015-10-02 14:40 . 2015-10-02 14:40 17314496 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
                          2015-09-26 23:19 . 2015-09-26 23:19 252648 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
                          .
                          .
                          .
                          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          2015-10-18 05:57 . 2012-08-14 13:54 143481208 ----a-w- c:\windows\system32\MRT.exe
                          2015-10-17 17:05 . 2012-08-14 16:54 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
                          2015-10-17 17:05 . 2012-08-14 16:54 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                          2015-09-28 20:17 . 2015-10-14 17:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
                          2015-09-11 13:59 . 2015-09-11 13:59 312752 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
                          2015-09-02 03:10 . 2015-09-18 15:39 41984 ----a-w- c:\windows\system32\lpk.dll
                          2015-09-02 03:10 . 2015-09-18 15:39 100864 ----a-w- c:\windows\system32\fontsub.dll
                          2015-09-02 03:10 . 2015-09-18 15:39 14336 ----a-w- c:\windows\system32\dciman32.dll
                          2015-09-02 03:10 . 2015-09-18 15:39 46080 ----a-w- c:\windows\system32\atmlib.dll
                          2015-09-02 02:37 . 2015-09-18 15:39 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
                          2015-09-02 02:37 . 2015-09-18 15:39 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
                          2015-09-02 02:37 . 2015-09-18 15:39 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
                          2015-09-02 02:36 . 2015-09-18 15:39 25600 ----a-w- c:\windows\SysWow64\lpk.dll
                          2015-09-02 01:52 . 2015-09-18 15:39 372736 ----a-w- c:\windows\system32\atmfd.dll
                          2015-09-02 01:51 . 2015-09-18 15:39 3209216 ----a-w- c:\windows\system32\win32k.sys
                          2015-09-02 01:32 . 2015-09-18 15:39 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
                          2015-08-28 10:45 . 2015-08-28 10:45 301488 ----a-w- c:\windows\system32\drivers\avgtdia.sys
                          2015-08-27 18:18 . 2015-09-18 15:40 1885696 ----a-w- c:\windows\system32\msxml3.dll
                          2015-08-27 18:18 . 2015-09-18 15:40 2004480 ----a-w- c:\windows\system32\msxml6.dll
                          2015-08-27 18:13 . 2015-09-18 15:40 2048 ----a-w- c:\windows\system32\msxml3r.dll
                          2015-08-27 18:13 . 2015-09-18 15:40 2048 ----a-w- c:\windows\system32\msxml6r.dll
                          2015-08-27 17:58 . 2015-09-18 15:40 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll
                          2015-08-27 17:51 . 2015-09-18 15:40 1240576 ----a-w- c:\windows\SysWow64\msxml3.dll
                          2015-08-27 17:51 . 2015-09-18 15:40 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
                          2015-08-27 17:46 . 2015-09-18 15:40 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
                          2015-08-20 11:58 . 2015-08-20 11:58 298416 ----a-w- c:\windows\system32\drivers\avgidsha.sys
                          2015-08-14 12:24 . 2015-08-14 12:24 398256 ----a-w- c:\windows\system32\drivers\avgloga.sys
                          2015-08-13 07:25 . 2015-08-13 07:25 12089360 ----a-w- c:\users\Ilyas\AppData\Roaming\Microsoft\Windows\Templates\iTunes12x64Patch.exe
                          2015-08-10 13:32 . 2015-08-10 13:32 293296 ----a-w- c:\windows\system32\drivers\avgldx64.sys
                          2015-08-10 13:32 . 2015-08-10 13:32 197040 ----a-w- c:\windows\system32\drivers\avgdiska.sys
                          2015-08-10 13:31 . 2015-08-10 13:31 251312 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
                          2015-08-10 13:25 . 2015-08-10 13:25 42416 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
                          2015-08-05 17:56 . 2015-09-18 15:43 1110016 ----a-w- c:\windows\system32\schedsvc.dll
                          2015-08-05 17:56 . 2015-09-18 15:43 24576 ----a-w- c:\windows\system32\jnwmon.dll
                          2015-08-05 17:56 . 2015-09-18 15:43 275456 ----a-w- c:\windows\system32\InkEd.dll
                          2015-08-05 17:40 . 2015-09-18 15:43 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
                          2015-07-30 18:06 . 2015-08-12 23:21 1648128 ----a-w- c:\windows\system32\DWrite.dll
                          2015-07-30 18:06 . 2015-08-12 23:21 1180160 ----a-w- c:\windows\system32\FntCache.dll
                          2015-07-30 18:06 . 2015-08-12 23:21 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
                          2015-07-30 17:57 . 2015-08-12 23:21 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
                          2015-07-30 17:57 . 2015-08-12 23:21 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
                          2015-07-30 13:13 . 2015-08-15 14:47 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
                          2015-07-30 13:13 . 2015-08-15 14:47 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
                          .
                          .
                          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          .
                          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                          REGEDIT4
                          .
                          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-05-08 8322328]
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                          "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-03-20 60712]
                          "AVG_UI"="c:\program files (x86)\AVG\Av\avgui.exe" [2015-10-12 3812264]
                          "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
                          "AvgUi"="c:\program files (x86)\AVG\Framework\Common\avguix.exe" [2015-10-16 1130408]
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                          "ConsentPromptBehaviorAdmin"= 5 (0x5)
                          "ConsentPromptBehaviorUser"= 3 (0x3)
                          "EnableUIADesktopToggle"= 0 (0x0)
                          .
                          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
                          "LoadAppInit_DLLs"=1 (0x1)
                          .
                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
                          @=""
                          .
                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
                          @=""
                          .
                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
                          @=""
                          .
                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
                          @=""
                          .
                          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
                          "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                          "HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
                          "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
                          "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
                          "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
                          .
                          R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\Av\avgidsagent.exe;c:\program files (x86)\AVG\Av\avgidsagent.exe [x]
                          R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                          R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
                          R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
                          R3 AvgAMPS;AvgAMPS;c:\program files (x86)\AVG\Av\avgamps.exe;c:\program files (x86)\AVG\Av\avgamps.exe [x]
                          R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgSca nner.sys [x]
                          R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
                          R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.s ys [x]
                          R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\ drivers\mwac.sys [x]
                          R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
                          R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                          R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
                          R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
                          R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                          S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
                          S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
                          S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
                          S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
                          S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
                          S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS \avgidsdrivera.sys [x]
                          S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
                          S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
                          S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
                          S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
                          S2 avgsvc;AVG Service;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe [x]
                          S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\Av\avgwdsvcx.exe;c:\program files (x86)\AVG\Av\avgwdsvcx.exe [x]
                          S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
                          S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
                          S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
                          S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
                          S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
                          S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe [x]
                          S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
                          S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
                          S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
                          S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
                          .
                          .
                          --- Andere Services/Drivers In Geheugen ---
                          .
                          *Deregistered* - hitmanpro37
                          .
                          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
                          hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
                          .
                          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
                          2015-10-23 19:16 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
                          .
                          Inhoud van de 'Gedeelde Taken' map
                          .
                          2015-10-26 c:\windows\Tasks\Adobe Flash Player Updater.job
                          - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 17:05]
                          .
                          2015-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                          - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-24 14:06]
                          .
                          2015-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                          - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-24 14:06]
                          .
                          .
                          --------- X64 Entries -----------
                          .
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
                          "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
                          .
                          ------- Bijkomende Scan -------
                          .
                          uLocal Page = c:\windows\system32\blank.htm
                          uStart Page = hxxp://www.google.com
                          mLocal Page = c:\windows\SysWOW64\blank.htm
                          uInternet Settings,ProxyOverride = *.local
                          IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
                          IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
                          IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
                          TCP: DhcpNameServer = 195.130.130.130 195.130.131.130
                          FF - ProfilePath - c:\users\Ilyas\AppData\Roaming\Mozilla\Firefox\Profiles\wgiid8lk.default-1445622648743\
                          FF - prefs.js: browser.startup.homepage - hxxps://www.google.be/
                          .
                          - - - - ORPHANS VERWIJDERD - - - -
                          .
                          Wow6432Node-HKLM-Run-<NO NAME> - (no file)
                          Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Web TuneUp\vprot.exe
                          HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
                          AddRemove-SopCast - c:\program files (x86)\SopCast\uninst.exe
                          AddRemove-{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1 - c:\program files (x86)\Wondershare\Dr.Fone for iOS\unins000.exe
                          .
                          .
                          .
                          --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
                          @Denied: (A 2) (Everyone)
                          @="FlashBroker"
                          "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe,-101"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
                          "Enabled"=dword:00000001
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
                          @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
                          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
                          @Denied: (A 2) (Everyone)
                          @="IFlashBroker6"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
                          @="{00020424-0000-0000-C000-000000000046}"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
                          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                          "Version"="1.0"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
                          @Denied: (A 2) (Everyone)
                          @="FlashBroker"
                          "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
                          "Enabled"=dword:00000001
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
                          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
                          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                          @Denied: (A 2) (Everyone)
                          @="Shockwave Flash Object"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
                          "ThreadingModel"="Apartment"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                          @="0"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                          @="ShockwaveFlash.ShockwaveFlash.19"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                          @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                          @="1.0"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                          @="ShockwaveFlash.ShockwaveFlash"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                          @Denied: (A 2) (Everyone)
                          @="Macromedia Flash Factory Object"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
                          "ThreadingModel"="Apartment"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                          @="FlashFactory.FlashFactory.1"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                          @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                          @="1.0"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                          @="FlashFactory.FlashFactory"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
                          @Denied: (A 2) (Everyone)
                          @="IFlashBroker6"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
                          @="{00020424-0000-0000-C000-000000000046}"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
                          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                          "Version"="1.0"
                          .
                          [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
                          @Denied: (Full) (Everyone)
                          .
                          Voltooingstijd: 2015-10-26 19:04:25
                          ComboFix-quarantined-files.txt 2015-10-26 18:04
                          .
                          Pre-Run: 295.333.892.096 bytes beschikbaar
                          Post-Run: 294.526.455.808 bytes beschikbaar
                          .
                          - - End Of File - - EFC4BA8F45531920A33886E76E995F38
                          A36C5E4F47E84449FF07ED3517B43A31

                          Comment


                          • #14
                            PC blijft nu ineens haperen, ik kan geen ctrl alt del uitvoeren. ik zie engima update van spyhunter die geblokkeerd is denk ik. En ik kan het niet afsluiten ook. grrrrrrrrrrr

                            Comment


                            • #15
                              Verwijder de spyhunter want die voegt niks toe en zit alleen maar in de weg.
                              Afsluiten kan altijd, startknop vasthouden, stroom eraf halen.

                              Start opnieuw op.

                              Windows 10 opstarten in Veilige Modus

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X