Mededeling

Collapse
No announcement yet.

virus uc browser

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • virus uc browser

    hallo ik heb met een bestand een virus genaamt uc browser binnengehaald

    google chrome werkt niet meer.( geen verbinding)

    veel popups en rare schermen in microsoft edge,

    hierbij mijn logje




    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 15:50:45, on 13-1-2017
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.10586.0713)
    CHROME: 46.0.2490.71

    Boot mode: Normal

    Running processes:
    C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    C:\Users\stan_\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...C-4C51BAAA2C2E
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 34.195.153.94 www.google-analytics.com
    O1 - Hosts: 34.195.153.94 google-analytics.com
    O1 - Hosts: 34.195.153.94 mc.yandex.ru
    O1 - Hosts: 34.195.153.94 top-fwz1.mail.ru
    O1 - Hosts: 34.195.153.94 site.yandex.net
    O1 - Hosts: 34.195.153.94 pagead2.googlesyndication.com
    O1 - Hosts: 34.195.153.94 ad.mail.ru
    O1 - Hosts: 34.195.153.94 ads.adfox.ru
    O1 - Hosts: 34.195.153.94 ads.pubmatic.com
    O1 - Hosts: 34.195.153.94 apis.google.com
    O1 - Hosts: 34.195.153.94 autocontext.begun.ru
    O1 - Hosts: 34.195.153.94 b.scorecardresearch.com
    O1 - Hosts: 34.195.153.94 c.amazon-adsystem.com
    O1 - Hosts: 34.195.153.94 cdn.admixer.net
    O1 - Hosts: 34.195.153.94 cdn.cxense.com
    O1 - Hosts: 34.195.153.94 cdn.livefyre.com
    O1 - Hosts: 34.195.153.94 cdn.onthe.io
    O1 - Hosts: 34.195.153.94 cdn.optimizely.com
    O1 - Hosts: 34.195.153.94 cdn.prom.st
    O1 - Hosts: 34.195.153.94 cdn.pushwoosh.com
    O1 - Hosts: 34.195.153.94 cdn.tt.omtrdc.net
    O1 - Hosts: 34.195.153.94 cdn1.graphiq.com
    O1 - Hosts: 34.195.153.94 content.adriver.ru
    O1 - Hosts: 34.195.153.94 d134l0cdryxgwa.cloudfront.net
    O1 - Hosts: 34.195.153.94 gaua.hit.gemius.pl
    O1 - Hosts: 34.195.153.94 gde-default.hit.gemius.pl
    O1 - Hosts: 34.195.153.94 img.imgsmail.ru
    O1 - Hosts: 34.195.153.94 img7.auto.ria.com
    O1 - Hosts: 34.195.153.94 js-agent.newrelic.com
    O1 - Hosts: 34.195.153.94 js.revsci.net
    O1 - Hosts: 34.195.153.94 kamradamnaradost.ru
    O1 - Hosts: 34.195.153.94 kpmediagaua.hit.gemius.pl
    O1 - Hosts: 34.195.153.94 level1cdn.com
    O1 - Hosts: 34.195.153.94 mc.yandex.ru
    O1 - Hosts: 34.195.153.94 mtrx.go.sonobi.com
    O1 - Hosts: 34.195.153.94 ninja.onap.io
    O1 - Hosts: 34.195.153.94 odb.outbrain.com
    O1 - Hosts: 34.195.153.94 optimize-stats.voxmedia.com
    O1 - Hosts: 34.195.153.94 p.d.0fmm.com
    O1 - Hosts: 34.195.153.94 pagead2.googlesyndication.com
    O1 - Hosts: 34.195.153.94 pixel.vihub.ru
    O1 - Hosts: 34.195.153.94 psma02.com
    O1 - Hosts: 34.195.153.94 px.adhigh.net
    O1 - Hosts: 34.195.153.94 rtax.criteo.com
    O1 - Hosts: 34.195.153.94 rum-static.pingdom.net
    O1 - Hosts: 34.195.153.94 s.ytimg.com
    O1 - Hosts: 34.195.153.94 s1.olx.ua
    O1 - Hosts: 34.195.153.94 sb.scorecardresearch.com
    O1 - Hosts: 34.195.153.94 secure.whisla.com
    O1 - Hosts: 34.195.153.94 securepubads.g.doubleclick.net
    O1 - Hosts: 34.195.153.94 source.mmi.bemobile.ua
    O1 - Hosts: 34.195.153.94 ssl.luxup.ru
    O1 - Hosts: 34.195.153.94 ssp.rambler.ru
    O1 - Hosts: 34.195.153.94 st.top100.ru
    O1 - Hosts: 34.195.153.94 stat.media
    O1 - Hosts: 34.195.153.94 static.censor.net.ua
    O1 - Hosts: 34.195.153.94 static.criteo.net
    O1 - Hosts: 34.195.153.94 static.dynamicyield.com
    O1 - Hosts: 34.195.153.94 static.gazeta.ru
    O1 - Hosts: 34.195.153.94 stats.g.doubleclick.net
    O1 - Hosts: 34.195.153.94 stats.tmtm.ru
    O1 - Hosts: 34.195.153.94 t2.korrespondent.net
    O1 - Hosts: 34.195.153.94 tag.digitaltarget.ru
    O1 - Hosts: 34.195.153.94 tag.marinsm.com
    O1 - Hosts: 34.195.153.94 target.smi2.net
    O1 - Hosts: 34.195.153.94 top-fwz1.mail.ru
    O1 - Hosts: 34.195.153.94 tracker.bigl.ua
    O1 - Hosts: 34.195.153.94 ua.hit.gemius.pl
    O1 - Hosts: 34.195.153.94 www.google.com
    O1 - Hosts: 34.195.153.94 www.googleadservices.com
    O1 - Hosts: 34.195.153.94 www.googletagmanager.com
    O1 - Hosts: 34.195.153.94 www.googletagservices.com
    O1 - Hosts: 34.195.153.94 www.gstatic.com
    O1 - Hosts: 34.195.153.94 www.tns-counter.ru
    O1 - Hosts: 34.195.153.94 yastatic.net
    O1 - Hosts: 34.195.153.94 z.moatads.com
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
    O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
    O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Protocol: WSISVCUchrome - (no CLSID) - (no file)
    O23 - Service: AnviStartupTime - Unknown owner - B:\downloads\Anvisoft\StartupBooster\StartupTimeSrv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
    O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\WINDOWS\system32\EasyAntiCheat.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
    O23 - Service: InteloreDaossoftRARPasswordRescuer - Unknown owner - rundll32.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
    O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
    O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
    O23 - Service: RARPasswordCrackerMSXML - Unknown owner - rundll32.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

    --
    End of file - 12517 bytes

  • #2
    hierbij ook mijn adw cleaner logje




    # AdwCleaner v6.042 - Logbestand aangemaakt 12/01/2017 op 21:49:33
    # Bijgewerkt op 06/01/2017 door Malwarebytes
    # Database : 2017-01-11.1 [Lokaal]
    # Besturingssysteem : Windows 10 Pro (X64)
    # Gebruikersnaam : stan_ - DESKTOP-F93TE9E
    # Gestart vanuit : C:\Users\stan_\Downloads\adwcleaner_6.042 (1).exe
    # Mode: Verwijderen
    # Ondersteuning : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    [-] Service verwijderd: esgiguard
    [-] Service verwijderd: EsgScanner
    [-] Service verwijderd: ucdrv


    ***** [ Mappen ] *****

    [-] Map verwijderd: C:\Users\stan_\AppData\Roaming\Softlink
    [-] Map verwijderd: C:\Users\stan_\AppData\Roaming\Enigma Software Group
    [#] Map verwijderd tijdens herstart: C:\Program Files\Enigma Software Group
    [-] Map verwijderd: C:\sh4ldr
    [-] Map verwijderd: C:\Users\stan_\AppData\Local\app


    ***** [ Bestanden ] *****



    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Snelkoppelingen ] *****



    ***** [ Geplande Taken ] *****

    [-] Taak verwijderd: UCBrowserUpdaterCore


    ***** [ Register ] *****

    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\UCHTML
    [-] Sleutel verwijderd: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
    [#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
    [-] Sleutel verwijderd: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
    [#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{D42C3A49-ABAF-464B-BBCE-991C3DD395E8}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Interface\{BF8946CD-EEBE-436B-8282-B19A021C9EFE}
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\TypeLib\{38DD0B4A-E4E0-4A57-99EE-DCCB185B4728}
    [-] Sleutel verwijderd: HKU\.DEFAULT\Software\UCBrowser
    [-] Sleutel verwijderd: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\UCBrowser
    [-] Sleutel verwijderd: HKU\S-1-5-19\Software\UCBrowser
    [-] Sleutel verwijderd: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\UCBrowser
    [-] Sleutel verwijderd: HKU\S-1-5-21-2268164027-2930260065-3218737440-1001\Software\Conduit
    [-] Sleutel verwijderd: HKU\S-1-5-21-2268164027-2930260065-3218737440-1001\Software\Installer
    [-] Sleutel verwijderd: HKU\S-1-5-21-2268164027-2930260065-3218737440-1001\Software\MICROSOFT\OTUT
    [-] Sleutel verwijderd: HKU\S-1-5-21-2268164027-2930260065-3218737440-1001\Software\UCBrowser
    [-] Sleutel verwijderd: HKU\S-1-5-21-2268164027-2930260065-3218737440-1001\Software\UCBrowserPID
    [-] Sleutel verwijderd: HKU\S-1-5-21-2268164027-2930260065-3218737440-1001\Software\AutoTime
    [-] Sleutel verwijderd: HKU\S-1-5-21-2268164027-2930260065-3218737440-1001\Software\SNDA
    [-] Sleutel verwijderd: HKU\S-1-5-21-2268164027-2930260065-3218737440-1001\Software\SaFiPlayer
    [-] Sleutel verwijderd: HKU\S-1-5-21-2268164027-2930260065-3218737440-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Conduit
    [-] Sleutel verwijderd: HKU\S-1-5-21-2268164027-2930260065-3218737440-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Installer
    [-] Sleutel verwijderd: HKU\S-1-5-21-2268164027-2930260065-3218737440-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\MICROSOFT\OTUT
    [-] Sleutel verwijderd: HKU\S-1-5-21-2268164027-2930260065-3218737440-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\UCBrowser
    [-] Sleutel verwijderd: HKU\S-1-5-21-2268164027-2930260065-3218737440-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\UCBrowserPID
    [-] Sleutel verwijderd: HKU\S-1-5-21-2268164027-2930260065-3218737440-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AutoTime
    [-] Sleutel verwijderd: HKU\S-1-5-21-2268164027-2930260065-3218737440-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\SNDA
    [-] Sleutel verwijderd: HKU\S-1-5-21-2268164027-2930260065-3218737440-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\SaFiPlayer
    [#] Sleutel verwijderd tijdens herstart: HKU\S-1-5-18\Software\UCBrowser
    [#] Sleutel verwijderd tijdens herstart: HKCU\Software\Conduit
    [#] Sleutel verwijderd tijdens herstart: HKCU\Software\Installer
    [#] Sleutel verwijderd tijdens herstart: HKCU\Software\MICROSOFT\OTUT
    [#] Sleutel verwijderd tijdens herstart: HKCU\Software\UCBrowser
    [#] Sleutel verwijderd tijdens herstart: HKCU\Software\UCBrowserPID
    [#] Sleutel verwijderd tijdens herstart: HKCU\Software\AutoTime
    [#] Sleutel verwijderd tijdens herstart: HKCU\Software\SNDA
    [#] Sleutel verwijderd tijdens herstart: HKCU\Software\SaFiPlayer
    [-] Sleutel verwijderd: HKLM\SOFTWARE\UCBrowser
    [-] Sleutel verwijderd: HKLM\SOFTWARE\UCBrowserPID
    [-] Sleutel verwijderd: HKLM\SOFTWARE\OtherSearch
    [-] Sleutel verwijderd: HKLM\SOFTWARE\SaFiPlayer
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
    [#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\Conduit
    [#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\Installer
    [#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\MICROSOFT\OTUT
    [#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\UCBrowser
    [#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\UCBrowserPID
    [#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\AutoTime
    [#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\SNDA
    [#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\SaFiPlayer
    [-] Sleutel verwijderd: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser
    [-] Waarde verwijderd: HKLM\SOFTWARE\RegisteredApplications [UCBrowser]
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe
    [-] Waarde verwijderd: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [kuaizipupdatesvc]
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt
    [-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL
    [-] Sleutel verwijderd: HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\KuaiZipShlExt


    ***** [ Browsers ] *****



    *************************

    :: "Tracing" sleutels verwijderd
    :: Winsock instellingen gereset

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [6594 bytes] - [12/01/2017 21:49:33]
    C:\AdwCleaner\AdwCleaner[S0].txt - [25986 bytes] - [12/01/2017 20:22:05]
    C:\AdwCleaner\AdwCleaner[S1].txt - [6365 bytes] - [12/01/2017 21:48:53]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6814 bytes] ##########

    Comment


    • #3
      en hier een logje van farbar





      Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie: 12-01-2017
      Gestart door stan_ (13-01-2017 16:00:56)
      Gestart vanaf C:\Users\stan_\Downloads
      Windows 10 Pro Versie 1511 (X64) (2016-03-12 19:11:43)
      Boot Modus: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrator (S-1-5-21-2268164027-2930260065-3218737440-500 - Administrator - Disabled)
      DefaultAccount (S-1-5-21-2268164027-2930260065-3218737440-503 - Limited - Disabled)
      defaultuser0 (S-1-5-21-2268164027-2930260065-3218737440-1000 - Administrator - Disabled)
      Gast (S-1-5-21-2268164027-2930260065-3218737440-501 - Limited - Disabled)
      stan_ (S-1-5-21-2268164027-2930260065-3218737440-1001 - Administrator - Enabled) => C:\Users\stan_

      ==================== Security Center ========================

      (Als een item is opgenomen in de fixlist, zal het worden verwijderd.)

      AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

      ==================== Geïnstalleerde programma's ======================

      (Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)

      µTorrent (HKU\S-1-5-21-2268164027-2930260065-3218737440-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
      CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
      Daossoft RAR Password Rescuer (HKLM-x32\...\Daossoft RAR Password Rescuer) (Version: 7.0.0.1 - Daossoft)
      FIFA 17 (HKLM-x32\...\{8C0DD062-B659-409C-9AB7-8EBD1D64D2EB}) (Version: 1.0.45.33307 - Electronic Arts)
      Glary Utilities PRO 5.64 (HKLM-x32\...\Glary Utilities 5) (Version: 5.64.0.85 - Glarysoft Ltd)
      Google Chrome (HKU\S-1-5-21-2268164027-2930260065-3218737440-1001\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
      Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm)
      Hitman Absolution (HKLM-x32\...\{95030349-3623-4920-89BF-8BEC5EF311C5}_is1) (Version: 1.0433.1 - Square Enix)
      Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
      Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
      Malwarebytes Anti-Malware versie 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
      Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
      Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
      Microsoft Office Professional 2016 - nl-nl (HKLM\...\ProfessionalRetail - nl-nl) (Version: 16.0.7571.2109 - Microsoft Corporation)
      Microsoft Office Professional Plus 2016 - nl-nl (HKLM\...\ProPlusRetail - nl-nl) (Version: 16.0.7571.2109 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
      Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
      MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
      MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
      NVIDIA 3D Vision controllerstuurprogramma 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
      NVIDIA 3D Vision stuurprogramma 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.51 - NVIDIA Corporation)
      NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
      NVIDIA Grafisch stuurprogramma 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.51 - NVIDIA Corporation)
      NVIDIA PhysX Systeem Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
      Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
      Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
      Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
      Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
      Origin (HKLM-x32\...\Origin) (Version: 10.3.5.6379 - Electronic Arts, Inc.)
      PES 2017 SMoKE_INS. 9.1.1 (HKLM-x32\...\PES 2017 SMoKE_INS. 9.1.1) (Version: - )
      PrivaZer (HKLM-x32\...\PrivaZer) (Version: 3.0.14.0 - Goversoft LLC)
      Pro Evolution Soccer 2017 (HKLM-x32\...\{A3C10274-808C-4ADC-A13D-D94911180B58}_is1) (Version: - KONAMI)
      RAR Password Unlocker 4.2.0.0 (HKLM-x32\...\{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1) (Version: - Password Unlocker Studio)
      Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
      SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
      SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
      Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)

      ==================== Aangepaste CLSID (gefilterd): ==========================

      (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

      CustomCLSID: HKU\S-1-5-21-2268164027-2930260065-3218737440-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\stan_\AppData\Local\Google\Chrome\Application\46.0.2490.71\delegate_execute.exe (Google Inc.)

      ==================== Geplande Taken (gefilterd) =============

      (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

      Task: {29510721-85E0-45DD-90B7-C1DCFDD46818} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
      Task: {3E6C2F75-80DF-422A-87CE-9322150BF9A5} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== AANDACHT
      Task: {491672B7-84CC-4654-A171-3C532C18C755} - System32\Tasks\PrivaZer_SkipUAC => D:\downloads\PrivaZer\PrivaZer.exe [2016-12-31] (Goversoft LLC)
      Task: {51CDD4D2-FEDE-4D83-A178-46A5D0AB1E91} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher-x64.exe <==== AANDACHT
      Task: {5243CA9B-C021-48AA-9581-54DDEF6CF6C6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
      Task: {6F485312-7B85-4F1C-8A6D-3787CBF670A9} - System32\Tasks\java_update.exe => C:\Users\stan_\AppData\Local\Temp\Nashy.exe <==== AANDACHT
      Task: {7BED1A3F-7F0E-4622-9F50-A4659B62DDDD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-29] (Microsoft Corporation)
      Task: {8EE94EEB-B980-47CA-9981-78830AAC8198} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-29] (Microsoft Corporation)
      Task: {905B5FB9-0CD0-4373-8EF6-A135CEE91425} - System32\Tasks\GlaryInitialize 5 => D:\downloads\Glary Utilities 5\Initialize.exe [2016-11-21] (Glarysoft Ltd)
      Task: {94DCDD76-61DB-4C08-AFC1-28CECBBB6928} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
      Task: {9D0FD7F9-E26B-48A5-8517-F690AF9BB6F5} - System32\Tasks\Cherboing Center => C:\Program Files (x86)\Anumergecicient\zeqoch.exe

      (Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)

      Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

      ==================== Snelkoppelingen =============================

      (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.)

      ==================== Geladen Modules (gefilterd) ==============

      2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
      2016-11-09 11:06 - 2016-10-25 10:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
      2016-11-09 11:06 - 2016-10-25 10:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
      2016-04-22 17:50 - 2016-04-22 17:50 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
      2016-02-22 20:29 - 2016-02-22 20:29 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
      2016-07-13 18:11 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
      2016-03-13 16:08 - 2016-03-13 16:08 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
      2016-02-12 22:13 - 2016-02-12 22:13 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1043.dll
      2016-11-09 11:06 - 2016-10-25 05:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
      2016-11-09 11:06 - 2016-10-25 05:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
      2016-11-09 11:06 - 2016-10-25 05:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
      2016-11-09 11:06 - 2016-10-25 05:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
      2017-01-12 18:33 - 2017-01-12 18:33 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
      2016-04-22 17:50 - 2016-04-22 17:50 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
      2016-04-22 17:50 - 2016-04-22 17:50 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
      2017-01-12 20:10 - 2017-01-12 20:10 - 00224768 ____H () C:\Program Files (x86)\Daossoft RAR Password Rescuer\InteloreDaossoftRARPasswordRescuer.dll
      2017-01-12 19:05 - 2017-01-12 19:05 - 00224768 ____H () C:\Program Files (x86)\RAR Password Cracker\RARPasswordCrackerMSXML.dll

      ==================== Alternate Data Streams (gefilterd) =========

      (Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)

      AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1479458]
      AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1205026]
      AlternateDataStreams: C:\WINDOWS\system32\Drivers\yryqtexd.sys:changelist [826]

      ==================== Veilige Modus (gefilterd) ===================

      (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)


      ==================== Bestandskoppeling (gefilterd) ===============

      (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)


      ==================== Internet Explorer vertrouwde/beperkte toegang ===============

      (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)


      ==================== Hosts inhoud: ==========================

      (Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)

      2016-03-12 19:35 - 2017-01-12 20:10 - 00003722 ____N C:\WINDOWS\system32\Drivers\etc\hosts

      127.0.0.1 down.baidu2016.com
      127.0.0.1 123.sogou.com
      127.0.0.1 www.czzsyzgm.com
      127.0.0.1 www.czzsyzxl.com
      127.0.0.1 union.baidu2019.com
      127.0.0.1 down.baidu2016.com
      127.0.0.1 123.sogou.com
      127.0.0.1 www.czzsyzgm.com
      127.0.0.1 www.czzsyzxl.com
      127.0.0.1 union.baidu2019.com
      34.195.153.94 www.google-analytics.com
      34.195.153.94 google-analytics.com
      34.195.153.94 mc.yandex.ru
      34.195.153.94 top-fwz1.mail.ru
      34.195.153.94 site.yandex.net
      34.195.153.94 pagead2.googlesyndication.com
      34.195.153.94 ad.mail.ru
      34.195.153.94 ads.adfox.ru
      34.195.153.94 ads.pubmatic.com
      34.195.153.94 apis.google.com
      34.195.153.94 autocontext.begun.ru
      34.195.153.94 b.scorecardresearch.com
      34.195.153.94 c.amazon-adsystem.com
      34.195.153.94 cdn.admixer.net
      34.195.153.94 cdn.cxense.com
      34.195.153.94 cdn.livefyre.com
      34.195.153.94 cdn.onthe.io
      34.195.153.94 cdn.optimizely.com
      34.195.153.94 cdn.prom.st
      34.195.153.94 cdn.pushwoosh.com

      Er zijn 55 meer regels.


      ==================== Andere gebieden ============================

      (Momenteel is er geen automatische fix voor dit onderdeel.)

      HKU\S-1-5-21-2268164027-2930260065-3218737440-1001\Control Panel\Desktop\\Wallpaper -> c:\users\stan_\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbac kground\{645f198c-503f-4312-ba2a-47af9e48ea52}.jpg
      DNS Servers: 192.168.0.1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is ingeschakeld.

      ==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==

      HKLM\...\StartupApproved\Run: => "HotKeysCmds"
      HKLM\...\StartupApproved\Run: => "IgfxTray"
      HKLM\...\StartupApproved\Run: => "NvBackend"
      HKLM\...\StartupApproved\Run: => "Persistence"
      HKU\S-1-5-21-2268164027-2930260065-3218737440-1001\...\StartupApproved\Run: => "OneDrive"
      HKU\S-1-5-21-2268164027-2930260065-3218737440-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
      HKU\S-1-5-21-2268164027-2930260065-3218737440-1001\...\StartupApproved\Run: => "360wp-srv"

      ==================== Firewall regels (gefilterd) ===============

      (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

      FirewallRules: [vm-monitoring-nb-session] => LPort=139
      FirewallRules: [TCP Query User{9E04AFC5-21D3-43FD-9B51-5C8B80B6F0EB}B:\downloads\teamviewer\teamviewer.exe] => B:\downloads\teamviewer\teamviewer.exe
      FirewallRules: [UDP Query User{111F37F5-48E6-49D6-A7CB-6B17B6F479D4}B:\downloads\teamviewer\teamviewer.exe] => B:\downloads\teamviewer\teamviewer.exe
      FirewallRules: [TCP Query User{DA8959B6-8165-48A1-BCE1-4278E6A9A05E}C:\games\grand theft auto v\gta5.exe] => C:\games\grand theft auto v\gta5.exe
      FirewallRules: [UDP Query User{A1F683A7-4A0A-4E02-902B-0930BE820499}C:\games\grand theft auto v\gta5.exe] => C:\games\grand theft auto v\gta5.exe
      FirewallRules: [{C8E9BBBB-C66F-4DBE-A7BB-BF9CB23D746B}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
      FirewallRules: [{45FB26C4-284F-4841-8ECA-4C58DF0D4E89}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
      FirewallRules: [{93DFCAA0-5C10-4C77-87A5-562188B74F4F}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
      FirewallRules: [{5DCB7098-4E41-4C0E-B135-C5BC40F1DA75}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
      FirewallRules: [{BF4C0F11-C36C-4742-A792-C062F332B06C}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
      FirewallRules: [{A35E6AD8-D059-4F3B-80A4-307F89AC71B3}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
      FirewallRules: [{7AC044B5-FBE0-4B2F-A052-6B4ED58F4D98}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
      FirewallRules: [{0C0527EB-E5C1-4A9F-817D-9BB7A5A38EC1}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
      FirewallRules: [{0A922F8A-F11D-44CE-A492-A7A3D6136E25}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
      FirewallRules: [TCP Query User{2F8AB293-D021-4BCE-A6FD-C353136DE607}D:\downloads\popcorn time\chromecast\node.exe] => D:\downloads\popcorn time\chromecast\node.exe
      FirewallRules: [UDP Query User{B40FB64C-1A6D-4F05-A3E7-FD8F01FEA2F8}D:\downloads\popcorn time\chromecast\node.exe] => D:\downloads\popcorn time\chromecast\node.exe
      FirewallRules: [TCP Query User{9986F48C-941D-4161-9A69-2B960FEF63C0}D:\downloads\popcorn time\popcorntimedesktop.exe] => D:\downloads\popcorn time\popcorntimedesktop.exe
      FirewallRules: [UDP Query User{76ECBC6F-3F28-4EA6-8BDD-0CB21EBF883B}D:\downloads\popcorn time\popcorntimedesktop.exe] => D:\downloads\popcorn time\popcorntimedesktop.exe
      FirewallRules: [{791A6897-107B-47A8-9AAE-95A49D3BFAEC}] => C:\Users\stan_\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{3E54952D-AA72-4645-8AF8-5E1110228727}] => C:\Users\stan_\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{F86C39E7-A421-45AD-AED9-5323E82195BD}] => C:\Users\stan_\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{EDE15510-FAB2-4DA9-BFD5-CEB56CCC39AD}] => C:\Users\stan_\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{F32090AD-E7AC-4D44-811D-5ECBC83EE8EC}] => C:\Users\stan_\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{3964288A-26D2-4066-95E5-76A85EDBE684}] => C:\Users\stan_\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{249BC741-10E4-49E6-ADCF-8E06349A23CA}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
      FirewallRules: [TCP Query User{CD4587DF-A739-43AE-859A-6D1289AD0360}C:\games\grand theft auto v\gta5.exe] => C:\games\grand theft auto v\gta5.exe
      FirewallRules: [UDP Query User{2D42427C-2E25-4659-9A7B-00C51CCF5BE4}C:\games\grand theft auto v\gta5.exe] => C:\games\grand theft auto v\gta5.exe
      FirewallRules: [{E139661B-ABEB-4A2B-83EC-CC738F85E606}] => D:\games\FIFA 17 Super Deluxe Edition-FULL UNLOCKED\FIFA.17.Multi.18.Super.Deluxe.Edition-FULL.UNLOCKED\FIFA 17\FIFASetup\fifaconfig.exe
      FirewallRules: [{B8EEFED3-8047-4BF4-96BB-8D2AAD8D15F0}] => D:\games\FIFA 17 Super Deluxe Edition-FULL UNLOCKED\FIFA.17.Multi.18.Super.Deluxe.Edition-FULL.UNLOCKED\FIFA 17\FIFASetup\fifaconfig.exe

      ==================== Herstelpunten =========================

      AANDACHT: Systeemherstel is uitgeschakeld

      ==================== Defecte Apparaatbeheer Apparaten =============

      Name: Multimediacontroller
      Description: Multimediacontroller
      Class Guid:
      Manufacturer:
      Service:
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


      ==================== Eventlog fouten: =========================

      Applicatiefouten:
      ==================

      Systeemfouten:
      =============
      Error: (01/13/2017 03:58:34 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-F93TE9E)
      Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
      {9E175B6D-F52A-11D8-B9A5-505054503030}
      en APPID
      {9E175B9C-F52A-11D8-B9A5-505054503030}
      aan de gebruiker DESKTOP-F93TE9E\stan_ SID (S-1-5-21-2268164027-2930260065-3218737440-1001) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

      Error: (01/13/2017 03:58:25 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-F93TE9E)
      Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
      {9E175B6D-F52A-11D8-B9A5-505054503030}
      en APPID
      {9E175B9C-F52A-11D8-B9A5-505054503030}
      aan de gebruiker DESKTOP-F93TE9E\stan_ SID (S-1-5-21-2268164027-2930260065-3218737440-1001) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.

      Error: (01/13/2017 03:58:25 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-F93TE9E)
      Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID
      {9E175B6D-F52A-11D8-B9A5-505054503030}
      en APPID
      {9E175B9C-F52A-11D8-B9A5-505054503030}
      aan de gebruiker DESKTOP-F93TE9E\stan_ SID (S-1-5-21-2268164027-2930260065-3218737440-1001) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194-4256926629-1688279915-2739229046-3928706915). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.


      CodeIntegrity:
      ===================================
      Date: 2017-01-12 20:37:42.400
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-01-12 20:37:42.390
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-01-12 18:26:05.344
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-01-07 13:27:54.269
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

      Date: 2016-12-30 16:44:45.123
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

      Date: 2016-12-27 16:00:31.977
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

      Date: 2016-12-26 18:12:33.739
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

      Date: 2016-12-26 15:57:49.687
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

      Date: 2016-12-22 21:04:26.526
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

      Date: 2016-12-21 20:16:48.633
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


      ==================== Geheugen info ===========================

      Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
      Percentage geheugen in gebruik: 23%
      Totaal fysiek RAM-geheugen: 8109.11 MB
      Beschikbaar fysiek RAM-geheugen: 6183.22 MB
      Totaal Virtueel geheugen: 8509.11 MB
      Beschikbaar Virtual geheugen: 6683.59 MB

      ==================== Schijven ================================

      Drive c: (windows 10) (Fixed) (Total:111.25 GB) (Free:29.91 GB) NTFS
      Drive d: () (Fixed) (Total:465.76 GB) (Free:296.05 GB) NTFS ==>[systeem met boot componenten (verkregen van schijf)]
      Drive g: (Data) (Fixed) (Total:931.51 GB) (Free:497.91 GB) NTFS
      Drive h: (ESD-USB) (Removable) (Total:14.92 GB) (Free:14.77 GB) FAT32

      ==================== MBR & Partitietabel ==================

      ========================================================
      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E10C20AE)
      Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
      Partition 2: (Active) - (Size=465.8 GB) - (Type=42)
      Partition 3: (Not Active) - (Size=1048 KB) - (Type=42)

      ========================================================
      Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 70164F08)
      Partition 1: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

      ========================================================
      Disk: 2 (Size: 931.5 GB) (Disk ID: E8900690)
      Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

      ========================================================
      Disk: 3 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 00000000)

      Partition: GPT.

      ==================== Eind van Addition.txt ============================

      Comment


      • #4
        Kan iemand me hiermee helpen aub.?

        Comment


        • #5
          ja dan kan ik.

          Download de Farbar Recovery Scan Tool 32 of 64 bit van één van de onderstaande links
          Hier staat een beschrijving hoe u kunt kijken of u een 32 of 64 bit versie van Windows heeft.

          Farbar Recovery Scan Tool uitvoeren
          • Dubbelklik op FRST.exe om de tool te starten.
          • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
          • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
          • Druk vervolgens op de Scan knop, er zal nu eerst een back-up van het register worden gemaakt.
          • Wanneer de scan gereed is worden er twee logbestanden aangemaakt met de naam (FRST.txt) & (Addition.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
          • Voeg beide logbestanden als bijlage toe aan het volgende bericht.

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            dank voor je reactie hier in de bijlage vind u

            de log bestandjes
            Bijgevoegde Bestanden

            Comment


            • #7
              Start de Farbar Recovery Scan Tool nogmaals.
              • Download fixlist.txt uit de bijlage naar het bureaublad, waar ook FRST.exe aanwezig is.
              • Dubbelklik op FRST.exe om de tool te starten.
              • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
              • Druk op de Fix knop
              • Er zal u een logbestand aangemaakt worden (fixlog.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
              • Voeg dit logbestand als bijlage toe aan het volgende bericht..


              Fixlist.txt

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                hieronder mijn fixlog
                Bijgevoegde Bestanden

                Comment


                • #9
                  Ok, vertel even hoe het gaat en plaats een nieuw FRST logje aub

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    gaat goed nu!

                    chrome werkt weer, en ook alle rare beelden en reclame uit edge zijn verdwenen.
                    veel dank hiervoor!


                    hieronder mijn logjes


                    is alles schoon nu?
                    Bijgevoegde Bestanden
                    Last edited by stanniejj16; 15-01-17, 11:00.

                    Comment


                    • #11
                      Lijkt wel zo, kijk het even aan.

                      Windows 10 opstarten in Veilige Modus

                      Comment

                      Sorry, you are not authorized to view this page
                      Working...
                      X