Mededeling

Collapse
No announcement yet.

Melding: De audioservice wordt niet uitgevoerd

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Melding: De audioservice wordt niet uitgevoerd

    Sinds de laatste update heb ik geen geluid meer op mijn laptop, Lenovo ideapad, met win 8.1.
    Ik kan helaas niet achterhalen wat mijn audiochipset is, want zodra ik het configuratiescherm open, blijft dit een leeg wit scherm tonen en kan ik het ook niet meer afsluiten. Ik heb het terugzetten naar een vorige stand geprobeerd, maar de laptop geeft aan dat dit mislukt is. Ook de probleemoplosser heeft er geen oplossing voor. Iemand hier misschien wel? Ik heb Malware antibyte laten draaien en 5 besmette bestanden in quarantaine laten plaatsen. Ook na de herstart geen geluid.

    Op verzoek van dorado de vraag hier gesteld (had hem eerst in het windowstopic geplaatst, omdat ik ervan uit ging, dat het gewoon et een instelling te maken had.

    Stap 1: uitgeschakeld

    Stap 2:
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 23-10-2014
    Scan Time: 13:32:37
    Logfile: mbamlog.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.10.23.03
    Rootkit Database: v2014.10.22.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Len

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 368863
    Time Elapsed: 22 min, 37 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.Softonic.A, HKU\S-1-5-21-1975527459-2885260828-1768679738-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [98872bed1864bb7b7256113409fa32ce],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 4
    PUP.Optional.Softonic.A, C:\$Recycle.Bin\S-1-5-21-1975527459-2885260828-1768679738-1002\$RAXK1QX.exe, Quarantined, [9a85898facd070c63c94a39209f8af51],
    PUP.Optional.Softonic.A, C:\Users\Len\Downloads\SoftonicDownloader_voor_avg-antivirus-free-2014.exe, Quarantined, [3de20b0dd3a90b2bc50bd65fda27bf41],
    PUP.Optional.Softonic.A, C:\Users\Len\Downloads\SoftonicDownloader_voor_music-editor-free.exe, Quarantined, [5ac5a771fa8233037d535adb778abf41],
    PUP.Optional.InstallCore.A, C:\Users\Len\Downloads\winzip18-dl.exe, Quarantined, [ae7119ff5b211521229daa57887d27d9],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Stap 3:
    # AdwCleaner v4.001 - Rapport aangemaakt 23/10/2014 op 20:05:24
    # DB v2014-10-21.1
    # Laatste Update 20/10/2014 door Xplode
    # Besturingssysteem : Windows 8.1 (64 bits)
    # Gebruikersnaam : Len - LEN-LAPTOP
    # Gestart vanuit : C:\Users\Len\Downloads\adwcleaner_4.001 (1).exe
    # Optie : Verwijderen

    ***** [ Services ] *****

    Service Verwijderd : vToolbarUpdater18.1.9

    ***** [ Bestanden / Mappen ] *****

    Map Verwijderd : C:\ProgramData\AVG SafeGuard toolbar
    Map Verwijderd : C:\Program Files (x86)\AVG SafeGuard toolbar
    Map Verwijderd : C:\Program Files\AVG SafeGuard toolbar
    Map Verwijderd : C:\Users\Len\AppData\Local\AVG SafeGuard toolbar
    Map Verwijderd : C:\Users\Len\AppData\LocalLow\AVG SafeGuard toolbar
    Map Verwijderd : C:\ProgramData\AVG Secure Search
    Map Verwijderd : C:\Program Files (x86)\Common Files\AVG Secure Search
    Map Verwijderd : C:\ProgramData\AVG Security Toolbar
    Map Verwijderd : C:\Program Files (x86)\AVG Security Toolbar
    Map Verwijderd : C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

    ***** [ Taken ] *****


    ***** [ Snelkoppelingen ] *****


    ***** [ Register ] *****

    Waarde Verwijderd : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\S
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Sleutel Verwijderd : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Waarde Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Sleutel Verwijderd : HKCU\Software\AVG SafeGuard toolbar
    Sleutel Verwijderd : HKCU\Software\AVG Security Toolbar
    Sleutel Verwijderd : HKCU\Software\Conduit
    Sleutel Verwijderd : HKCU\Software\Softonic
    Sleutel Verwijderd : HKLM\SOFTWARE\AVG SafeGuard toolbar
    Sleutel Verwijderd : HKLM\SOFTWARE\AVG Security Toolbar
    Sleutel Verwijderd : HKLM\SOFTWARE\Conduit
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\AVG Secure Search

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17344


    -\\ Google Chrome v38.0.2125.104


    *************************

    AdwCleaner[R0].txt - [8240 octets] - [23/10/2014 20:00:27]
    AdwCleaner[S0].txt - [7921 octets] - [23/10/2014 20:05:24]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7981 octets] ##########


    Stap 4:

    E-Peek v 1.0.5.4 © Emphyrio/Onsia Patrick 2013-2014
    Downloaded @ E Dev
    Run at do 23 okt 2014 20:33
    .
    Windows 8.1 (64 bits)
    C:\WINDOWS [NTFS - Fixed]
    Default Browser: Google Chrome
    Boot mode: Normal boot
    User logged in: Len
    .
    Java x86: n/a
    Java x64: n/a
    .
    AV : AVG AntiVirus Free Edition 2014 [Updated - Running]
    AV : Windows Defender [Updated - Not Running]
    AS : Windows Defender [Updated - Not Running]
    AS : AVG AntiVirus Free Edition 2014 [Updated - Running]
    FW : Windows firewall
    .
    ==================== Files and Folders history =================================

    Folders Created Last 7 days :

    23-10-2014 ##### r-h-s-d+a- C:\ProgramData\Malwarebytes
    23-10-2014 ##### r-h-s-d+a- C:\Program Files (x86)\Malwarebytes Anti-Malware
    23-10-2014 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
    23-10-2014 ##### r-h-s-d+a- C:\AdwCleaner
    21-10-2014 ##### r-h-s-d+a- C:\Users\Len\AppData\Local\ElevatedDiagnostics

    Files Modified Last 7 days :

    23-10-2014 01826596 r-h-s-d-a+ C:\WINDOWS\system32\PerfStringBackup.INI
    23-10-2014 00807742 r-h-s-d-a+ C:\WINDOWS\system32\perfh013.dat
    23-10-2014 00723514 r-h-s-d-a+ C:\WINDOWS\system32\perfh009.dat
    23-10-2014 00162706 r-h-s-d-a+ C:\WINDOWS\system32\perfc013.dat
    23-10-2014 00136128 r-h-s-d-a+ C:\WINDOWS\system32\perfc009.dat
    23-10-2014 00094656 r-h-s-d-a+ C:\WINDOWS\system32\WPRO_41_2001woem.tmp
    23-10-2014 00012800 r-h-s-d-a+ C:\WINDOWS\system32\VfService.trf
    21-10-2014 103265616 r-h-s-d-a+ C:\WINDOWS\system32\MRT.exe
    21-10-2014 00481736 r-h-s-d-a+ C:\WINDOWS\system32\FNTCACHE.DAT

    Files Created Last 7 days :

    23-10-2014 00000168 r-h-s-d-a+ C:\Users\Len\defogger_reenable
    21-10-2014 00094656 r-h-s-d-a+ C:\WINDOWS\system32\WPRO_41_2001woem.tmp
    17-10-2014 23631360 r-h-s-d-a+ C:\WINDOWS\system32\mshtml.dll
    17-10-2014 17484800 r-h-s-d-a+ C:\WINDOWS\SysWOW64\mshtml.dll
    17-10-2014 13619200 r-h-s-d-a+ C:\WINDOWS\system32\ieframe.dll
    17-10-2014 11807232 r-h-s-d-a+ C:\WINDOWS\SysWOW64\ieframe.dll
    17-10-2014 05829632 r-h-s-d-a+ C:\WINDOWS\system32\jscript9.dll
    17-10-2014 04201472 r-h-s-d-a+ C:\WINDOWS\SysWOW64\jscript9.dll
    17-10-2014 04183040 r-h-s-d-a+ C:\WINDOWS\system32\win32k.sys
    17-10-2014 03117568 r-h-s-d-a+ C:\WINDOWS\SysWOW64\msi.dll
    17-10-2014 02796032 r-h-s-d-a+ C:\WINDOWS\system32\iertutil.dll
    17-10-2014 02779648 r-h-s-d-a+ C:\WINDOWS\system32\msi.dll
    17-10-2014 02646016 r-h-s-d-a+ C:\WINDOWS\system32\authui.dll
    17-10-2014 02321920 r-h-s-d-a+ C:\WINDOWS\SysWOW64\authui.dll
    17-10-2014 02309632 r-h-s-d-a+ C:\WINDOWS\system32\wininet.dll
    17-10-2014 02187264 r-h-s-d-a+ C:\WINDOWS\SysWOW64\iertutil.dll
    17-10-2014 02108416 r-h-s-d-a+ C:\WINDOWS\system32\inetcpl.cpl
    17-10-2014 02017280 r-h-s-d-a+ C:\WINDOWS\SysWOW64\inetcpl.cpl
    17-10-2014 01810944 r-h-s-d-a+ C:\WINDOWS\SysWOW64\wininet.dll
    17-10-2014 01447936 r-h-s-d-a+ C:\WINDOWS\system32\urlmon.dll
    17-10-2014 01190400 r-h-s-d-a+ C:\WINDOWS\SysWOW64\urlmon.dll
    17-10-2014 00775168 r-h-s-d-a+ C:\WINDOWS\system32\ieapfltr.dll
    17-10-2014 00758272 r-h-s-d-a+ C:\WINDOWS\system32\jscript9diag.dll
    17-10-2014 00731136 r-h-s-d-a+ C:\WINDOWS\system32\msfeeds.dll
    17-10-2014 00710656 r-h-s-d-a+ C:\WINDOWS\system32\ie4uinit.exe
    17-10-2014 00678400 r-h-s-d-a+ C:\WINDOWS\SysWOW64\ieapfltr.dll
    17-10-2014 00607744 r-h-s-d-a+ C:\WINDOWS\SysWOW64\msfeeds.dll
    17-10-2014 00590336 r-h-s-d-a+ C:\WINDOWS\system32\rastls.dll
    17-10-2014 00547328 r-h-s-d-a+ C:\WINDOWS\system32\vbscript.dll
    17-10-2014 00514048 r-h-s-d-a+ C:\WINDOWS\SysWOW64\rastls.dll
    17-10-2014 00454656 r-h-s-d-a+ C:\WINDOWS\SysWOW64\vbscript.dll
    17-10-2014 00363008 r-h-s-d-a+ C:\WINDOWS\system32\iedkcs32.dll
    17-10-2014 00315904 r-h-s-d-a+ C:\WINDOWS\SysWOW64\iedkcs32.dll
    17-10-2014 00289280 r-h-s-d-a+ C:\WINDOWS\system32\dxtrans.dll
    17-10-2014 00243200 r-h-s-d-a+ C:\WINDOWS\SysWOW64\dxtrans.dll
    17-10-2014 00109568 r-h-s-d-a+ C:\WINDOWS\system32\appinfo.dll
    17-10-2014 00085504 r-h-s-d-a+ C:\WINDOWS\system32\mshtmled.dll
    17-10-2014 00083968 r-h-s-d-a+ C:\WINDOWS\system32\MshtmlDac.dll
    17-10-2014 00076288 r-h-s-d-a+ C:\WINDOWS\system32\packager.dll
    17-10-2014 00069632 r-h-s-d-a+ C:\WINDOWS\SysWOW64\mshtmled.dll
    17-10-2014 00068608 r-h-s-d-a+ C:\WINDOWS\SysWOW64\packager.dll
    17-10-2014 00061952 r-h-s-d-a+ C:\WINDOWS\SysWOW64\MshtmlDac.dll

    ==================== RUNNING PROCESSES =========================================

    [avgrsa] -SYSTEM- c:\PROGRA~2\AVG\AVG2014\avgrsa.exe - (AVG Technologies CZ, s.r.o.)
    [AVG-Secure-Search-Update_0414c] -SYSTEM- C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe - ()
    [BrcmSetSecurity] -SYSTEM- C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe - (Intel)
    [chrome] -Len- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
    [chrome] -Len- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
    [chrome] -Len- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
    [dasHost] -LOCAL SERVICE- C:\WINDOWS\system32\dashost.exe - (Microsoft Corporation)
    [devmonsrv] -SYSTEM- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe - (Motorola Solutions, Inc.)
    [explorer] -Len- C:\WINDOWS\Explorer.EXE - (Microsoft Corporation)
    [IAStorDataMgrSvc] -SYSTEM- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe - (Intel Corporation)
    [Jhi_service] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe - (Intel Corporation)
    [LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - (Intel Corporation)
    [nvtray] -Len- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe - (NVIDIA Corporation)
    [RuntimeBroker] -Len- C:\Windows\System32\RuntimeBroker.exe - (Microsoft Corporation)
    [SearchIndexer] -SYSTEM- C:\WINDOWS\system32\SearchIndexer.exe - (Microsoft Corporation)
    [spoolsv] -SYSTEM- C:\WINDOWS\System32\spoolsv.exe - (Microsoft Corporation)
    [SynTPHelper] -Len- C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE - (Synaptics Incorporated)
    [TabTip] -Len- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe - (Microsoft Corporation)
    [TabTip32] -Len- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe - (Microsoft Corporation)
    [TeamViewer_Service] -SYSTEM- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe - (TeamViewer GmbH)
    [winlogon] -SYSTEM- C:\WINDOWS\system32\winlogon.exe - (Microsoft Corporation)

    ==================== IE PAGES ==================================================

    IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.google.nl/
    IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\WINDOWS\system32\blank.htm
    IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://lenovo13.msn.com
    IE04 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE05 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\SysWOW64\ieframe.dll
    IE06 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings @ ProxyOverride = *.local
    IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\SysWOW64\blank.htm
    IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    IE10 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE10 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE10 - HKLM\..\SearchScopes {EA19CB3D-FBEC-4984-A9C8-BE3CCD9EF207} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
    IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.google.nl/
    IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\WINDOWS\system32\blank.htm
    IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://lenovo13.msn.com
    IE04 x64 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE05 x64 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\System32\ieframe.dll
    IE06 x64 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings @ ProxyOverride = *.local
    IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\System32\blank.htm
    IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    IE10 x64 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE10 x64 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE10 x64 - HKLM\..\SearchScopes {EA19CB3D-FBEC-4984-A9C8-BE3CCD9EF207} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

    ==================== Auto Load =================================================

    AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = userinit.exe,
    AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe
    AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = C:\Windows\system32\userinit.exe,
    AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe

    ==================== Google Chrome =============================================

    GC - Prefpath: C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Preferences

    GC - Profile Name: Eerste gebruiker
    GC - Homepage:
    GC - Default Search Provider: n/a

    = Known Disabled Extensions =



    ==================== Windows Host File =========================================


    ==================== BHO =======================================================

    BHO - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    BHO - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
    BHO x64 - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    BHO x64 - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL

    ==================== Auto Start Programs =======================================

    ASP01 - HKLM\..\Run @ AVG_UI = "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
    ASP01 - HKLM\..\Run @ ConnectionCenter = "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    ASP01 - HKLM\..\Run @ Intel AppUp(SM) center = "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
    ASP01 - HKLM\..\Run @ mcui_exe = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    ASP01 - HKLM\..\Run @ YouCam Tray = "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
    ASP04 - HKCU\..\Run @ AVG-Secure-Search-Update_0414c = "C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe" /PROMPT /CMPID=0414c
    ASP04 - HKCU\..\Run @ AVG-Secure-Search-Update_1213b = C:\Users\Len\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=af79a21272f847d3a1ebddc2bbd59917-9e3e43fa350c9a3facf10d790baaa3727fd68fec /CMPID=1213b
    ASP04 - HKCU\..\Run @ Facebook Update = "C:\Users\Len\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    ASP04 - HKCU\..\Run @ GoogleDriveSync = "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    ASP04 - HKCU\..\Run @ Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    ASP04 - HKCU\..\Run @ Spotify = "C:\Users\Len\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
    ASP04 - HKCU\..\Run @ Spotify Web Helper = "C:\Users\Len\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    ASP01 x64 - HKLM\..\Run @ AVG_UI = "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
    ASP01 x64 - HKLM\..\Run @ ConnectionCenter = "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    ASP01 x64 - HKLM\..\Run @ Intel AppUp(SM) center = "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
    ASP01 x64 - HKLM\..\Run @ mcui_exe = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    ASP01 x64 - HKLM\..\Run @ YouCam Tray = "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
    ASP04 x64 - HKCU\..\Run @ AVG-Secure-Search-Update_0414c = "C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe" /PROMPT /CMPID=0414c
    ASP04 x64 - HKCU\..\Run @ AVG-Secure-Search-Update_1213b = C:\Users\Len\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=af79a21272f847d3a1ebddc2bbd59917-9e3e43fa350c9a3facf10d790baaa3727fd68fec /CMPID=1213b
    ASP04 x64 - HKCU\..\Run @ Facebook Update = "C:\Users\Len\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    ASP04 x64 - HKCU\..\Run @ GoogleDriveSync = "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    ASP04 x64 - HKCU\..\Run @ Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    ASP04 x64 - HKCU\..\Run @ Spotify = "C:\Users\Len\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
    ASP04 x64 - HKCU\..\Run @ Spotify Web Helper = "C:\Users\Len\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    ASP - Startup - C:\Users\Len\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
    ASP - Startup - C:\Users\Len\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
    ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
    ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk



    ==================== Extra Items IE ============================================

    EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
    EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
    EI03 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
    EI03 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
    EI03 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings
    EI03 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
    EI03 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
    EI04 - App Ext - HKCU\..\Approved Extensions @ {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
    EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
    EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
    EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
    EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings
    EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
    EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
    EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} = C:\Program Files\Microsoft Office\Office15\OCHelper.dll

    ==================== Internet Default Prefix ===================================

    IDP00 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
    IDP01 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://
    IDP00 x64 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
    IDP01 x64 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://

    ==================== Default Settings IE - DSIE ================================

    DSIE - ieuinit.inf: START_PAGE= "http://go.microsoft.com/fwlink/p/?LinkId
    DSIE - ieuinit.inf: SEARCH_PAGE_URL= "http://go.microsoft.com/fwlink/?LinkId

    ==================== Protocol Hijackers - PH ===================================

    PH00 - Handlersf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} @ = Unknown # C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL # MD5 [cb7e6052455d585dead6f637d8d0a3c9]
    PH00 - Handler:wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} @ = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [41290ae21c588291f2fc9309ad38ead5]
    PH01 - Filter:text/xml - {807583E5-5146-11D5-A672-00B0D022E945} @ = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown
    PH00 x64 - Handlersf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} @ = Unknown # C:\Program Files\Microsoft Office\Office15\MSOSB.DLL # MD5 [59ac63d95071da4b8f1f5a9277b7f4fe]
    PH01 x64 - Filter:text/xml - {807583E5-5146-11D5-A672-00B0D022E945} @ = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown

    ==================== Automatic Started DLL's (AS) ==============================

    AS00 - @ AppInit_DLLs = C:\windows\system32\nvinitx.dll, C:\WINDOWS\system32\nvinitx.dll
    AS00 x64 - @ AppInit_DLLs = C:\windows\system32\nvinitx.dll, C:\WINDOWS\system32\nvinitx.dll

    ==================== ShellServiceObjectDelayLoad - SSODL =======================

    SSODL - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =
    SSODL x64 - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =

    ==================== Extra items - EXT (Torpig/ConduitSearch) ==================

    EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
    EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\WINDOWS\system32\shell32.dll
    EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\WINDOWS\system32\ntshrui.dll
    EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
    EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\WINDOWS\system32\shell32.dll
    EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\WINDOWS\system32\ntshrui.dll

    ==================== DRIVERS and SERVICES ======================================

    *** Win32OwnProcess ***

    SERV - R2 - [AMPPALR3] - Intel® Centrino® Wireless Bluetooth® + High Speed Service - c:\program files\intel\bluetoothhs\bthsamppalservice.exe
    SERV - R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
    SERV - R2 - [AVGIDSAgent] - AVGIDSAgent - c:\program files (x86)\avg\avg2014\avgidsagent.exe
    SERV - R2 - [avgwd] - AVG WatchDog - c:\program files (x86)\avg\avg2014\avgwdsvc.exe
    SERV - R2 - [Bluetooth Device Monitor] - Bluetooth Device Monitor - c:\program files (x86)\intel\bluetooth\devmonsrv.exe
    SERV - R2 - [Bluetooth OBEX Service] - Bluetooth OBEX Service - c:\program files (x86)\intel\bluetooth\obexsrv.exe
    SERV - R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
    SERV - R2 - [BrcmSetSecurity] - BrcmSetSecurity - c:\program files\intel corporation\intel widi\brcmsetsecurity.exe
    SERV - R2 - [BTHSSecurityMgr] - Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service - c:\program files\intel\bluetoothhs\bthssecuritymgr.exe
    SERV - R2 - [EvtEng] - Intel(R) PROSet/Wireless Event Log - c:\program files\intel\wifi\bin\evteng.exe
    SERV - R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
    SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
    SERV - R2 - [Intel(R) ME Service] - Intel(R) ME Service - c:\program files (x86)\intel\intel(r) management engine components\fwservice\intelmefwservice.exe
    SERV - R2 - [Intel(R) Wireless Bluetooth(R) 4.0 Radio Management] - Intel(R) Wireless Bluetooth(R) 4.0 Radio Management - c:\program files (x86)\intel\bluetooth\ibtrksrv.exe
    SERV - R2 - [ISCTAgent] - Intel(R) Smart Connect Technology Agent - c:\program files\intel\intel(r) smart connect technology agent\isctagent.exe
    SERV - R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
    SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
    SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
    SERV - R2 - [RegSrvc] - Intel(R) PROSet/Wireless Registry Service - c:\program files\common files\intel\wirelesscommon\regsrvc.exe
    SERV - R2 - [TeamViewer8] - TeamViewer 8 - c:\program files (x86)\teamviewer\version8\teamviewer_service.exe
    SERV - R2 - [Update service] - Update service - c:\program files (x86)\popcorn time\updater.exe
    SERV - R2 - [VeriFaceSrv] - VeriFaceSrv - c:\program files (x86)\lenovo\lenovo veriface\vfconnectorservice.exe
    SERV - R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
    SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
    SERV - R2 - [ZeroConfigService] - Intel(R) PROSet/Wireless Zero Configuration Service - c:\program files\intel\wifi\bin\zeroconfigservice.exe
    SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
    SERV - S2 - [nvUpdatusService] - NVIDIA Update Service Daemon - c:\program files (x86)\nvidia corporation\nvidia update core\daemonu.exe
    SERV - S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
    SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
    SERV - S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
    SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
    SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
    SERV - S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
    SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
    SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
    SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
    SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
    SERV - S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe
    SERV - S3 - [iumsvc] - Intel(R) Update Manager - c:\program files (x86)\intel\intel(r) update manager\bin\iumsvc.exe
    SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
    SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
    SERV - S3 - [MyWiFiDHCPDNS] - Wireless PAN DHCP Server - c:\program files\intel\wifi\bin\pandhcpdns.exe
    SERV - S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
    SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
    SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
    SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
    SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
    SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
    SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
    SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
    SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
    SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
    SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe

    *** Win32ShareProcess ***

    SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
    SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
    SERV - S3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
    SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
    SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
    SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

    *** Others ***

    SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
    SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

    *** File System Driver ***

    DRV - R0 - [AVGIDSHA] - AVGIDSHA - C:\WINDOWS\system32\Drivers\AVGIDSHA.sys
    DRV - R0 - [Avgloga] - AVG Logging Driver - C:\WINDOWS\system32\Drivers\Avgloga.sys
    DRV - R0 - [Avgmfx64] - AVG Mini-Filter Resident Anti-Virus Shield - C:\WINDOWS\system32\Drivers\Avgmfx64.sys
    DRV - R0 - [Avgrkx64] - AVG Anti-Rootkit Driver - C:\WINDOWS\system32\Drivers\Avgrkx64.sys
    DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys
    DRV - R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys
    DRV - R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys
    DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys
    DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys
    DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\WINDOWS\system32\Drivers\srv.sys
    DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\WINDOWS\system32\Drivers\srv2.sys

    *** Kernel Driver ***

    DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\WINDOWS\system32\Drivers\ACPI.sys
    DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys
    DRV - R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys
    DRV - R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys
    DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\WINDOWS\system32\Drivers\disk.sys
    DRV - R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys
    DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\WINDOWS\system32\Drivers\fvevol.sys
    DRV - R0 - [iaStorA] - iaStorA - C:\WINDOWS\system32\Drivers\iaStorA.sys
    DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\WINDOWS\system32\Drivers\intelpep.sys
    DRV - R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys
    DRV - R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys
    DRV - R0 - [LHDmgr] - LHDmgr - C:\WINDOWS\system32\Drivers\LHDmgr.sys [x]
    DRV - R0 - [mountmgr] - Mount Point Manager - C:\WINDOWS\system32\Drivers\mountmgr.sys
    DRV - R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys
    DRV - R0 - [NDIS] - NDIS System Driver - C:\WINDOWS\system32\Drivers\NDIS.sys
    DRV - R0 - [partmgr] - Partition Manager - C:\WINDOWS\system32\Drivers\partmgr.sys
    DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\WINDOWS\system32\Drivers\pci.sys
    DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys
    DRV - R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys
    DRV - R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys
    DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\WINDOWS\system32\Drivers\spaceport.sys
    DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\WINDOWS\system32\Drivers\Tcpip.sys
    DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\WINDOWS\system32\Drivers\vdrvroot.sys
    DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\WINDOWS\system32\Drivers\volmgr.sys
    DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\WINDOWS\system32\Drivers\volmgrx.sys
    DRV - R0 - [volsnap] - Opslagvolumes - C:\WINDOWS\system32\Drivers\volsnap.sys
    DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\WINDOWS\system32\Drivers\Wdf01000.sys
    DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\WINDOWS\system32\Drivers\WFPLWFS.sys
    DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys
    DRV - R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys
    DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\WINDOWS\system32\Drivers\tdx.sys
    DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys
    DRV - S0 - [Avgboota] - AVG Early Launch Anti-Malware Driver - C:\WINDOWS\system32\Drivers\Avgboota.sys
    DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys
    DRV - S3 - [atapi] - IDE-kanaal - C:\WINDOWS\system32\Drivers\atapi.sys

    ==================== SvcHost - White Listed ====================================

    All Ok

    WOW - All Ok

    ==================== SigCheck x86 Fast =========================================

    Fast Scan All ok

    ==================== SigCheck x64 Fast =========================================

    Fast Scan All ok

    ==================== Job tasks =================================================

    There are no .job files found.

    ==================== End scanning at do 23 okt 2014 20:34 (0 Min 25 Sec ) ======

    Stap 5: niet noodzakelijk ivm windows 8.1.

    Nog een opmerking: Vaker kreeg ik de melding dat smartscreen verhinderd dat dat een externe app uitgevoerd werd. Via meer informatie heb ik de programma's toch kunnen installeren. Ook zag ik de optie om het installatieprogramma op het bureaublad op te slaan vaker niet voorbij komen en heb ik het programma maar gewoon geïnstalleerd.
    Op de homepagina had ik eerst een "vervelende" AVG-search" als beginpagina, maar dat is nu weer gewoon Google geworden.

  • #2
    Hoi Backlee,

    Graag had ik een Volledige (Custom) scan van MBAM gezien, zoals gevraagd.
    Doe dit dus alsnog en post deze log.


    Geef je verborgen bestanden en mappen weer.

    Ga naar Virus Total en upload de volgende file:

    C:\WINDOWS\system32\WPRO_41_2001woem.tmp

    Druk op verzenden en wacht tot de resultaten verschijnen.
    Indien het bestand reeds gescant is, laat je deze heranalyseren.(Je klikt dan op Re Analyse)

    Uit het rapport, koppieer je het volgende:

    KLIK HIER voor een vergroting! 
    .
    Plaats ook even de link naar dat rapport.


    Verwijder de map C:\Program Files\McAfee.com van je pc.


    Open E-Peek en ga naar Options.
    Vink aan: Software Installed.
    Klik op Scan en post deze log.
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Morgen ga ik verder. Ik zal dan alles uitvoeren zoals gevraagd.

      Comment


      • #4
        Prima
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          Het komt in delen:
          Hier het tekstbestand van de complete scan die bijna 2 uur duurde.

          Malwarebytes Anti-Malware
          www.malwarebytes.org

          Scandatum: 24-10-2014
          Scantijd: 11:40:54
          Logbestand:
          Beheerder: Ja

          Versie: 2.00.3.1025
          Malwaredatabase: v2014.10.24.03
          Rootkitdatabase: v2014.10.22.01
          Licentie: Gratis
          Malwarebescherming: Uitgeschakeld
          Kwaadaardige Website Bescherming: Uitgeschakeld
          Zelfbescherming: Uitgeschakeld

          Besturingssysteem: Windows 8.1
          Processor: x64
          Bestandssysteem: NTFS
          Gebruiker: Len

          Scantype: Aangepaste Scan
          Resultaat: Voltooid
          Objecten Gescand: 597928
          Verstreken Tijd: 1 u, 54 m, 17 s

          Geheugen: Ingeschakeld
          Opstarten: Ingeschakeld
          Bestandssysteem: Ingeschakeld
          Archieven: Ingeschakeld
          Rootkits: Uitgeschakeld
          Heuristiek: Ingeschakeld
          POP: Ingeschakeld
          POA: Ingeschakeld

          Processen: 0
          (Geen kwaadaardige items gedetecteerd)

          Modules: 0
          (Geen kwaadaardige items gedetecteerd)

          Registersleutels: 0
          (Geen kwaadaardige items gedetecteerd)

          Registerwaardes: 0
          (Geen kwaadaardige items gedetecteerd)

          Registerdata: 0
          (Geen kwaadaardige items gedetecteerd)

          Mappen: 0
          (Geen kwaadaardige items gedetecteerd)

          Bestanden: 0
          (Geen kwaadaardige items gedetecteerd)

          Fysieke Sectoren: 0
          (Geen kwaadaardige items gedetecteerd)


          (end)

          Hier de afbeelding van virus total:

          Click image for larger version

Name:	Virusscan_WPRO_41.PNG
Views:	1
Size:	14,4 KB
ID:	1067960

          Ik hoop dat hier wat uit te lezen is. Zo niet, dan kopieer ik de tekst wel. De rest komt er zo aan.

          Comment


          • #6
            In C:\program files kom ik geen map McAfee.com tegen.

            Comment


            • #7
              En hier de log van E-peek:

              E-Peek v 1.0.5.4 © Emphyrio/Onsia Patrick 2013-2014
              Downloaded @ E Dev
              Run at vr 24 okt 2014 14:19
              .
              Windows 8.1 (64 bits)
              C:\WINDOWS [NTFS - Fixed]
              Default Browser: Google Chrome
              Boot mode: Normal boot
              User logged in: Len
              .
              Java x86: n/a
              Java x64: n/a
              .
              AV : AVG AntiVirus Free Edition 2014 [Updated - Running]
              AV : Windows Defender [Updated - Not Running]
              AS : Windows Defender [Updated - Not Running]
              AS : AVG AntiVirus Free Edition 2014 [Updated - Running]
              FW : Windows firewall
              .
              ==================== Files and Folders history =================================

              Folders Created Last 7 days :

              23-10-2014 ##### r-h-s-d+a- C:\ProgramData\Malwarebytes
              23-10-2014 ##### r-h-s-d+a- C:\Program Files (x86)\Malwarebytes Anti-Malware
              23-10-2014 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
              23-10-2014 ##### r-h-s-d+a- C:\AdwCleaner
              21-10-2014 ##### r-h-s-d+a- C:\Users\Len\AppData\Local\ElevatedDiagnostics

              Files Modified Last 7 days :

              24-10-2014 01826596 r-h-s-d-a+ C:\WINDOWS\system32\PerfStringBackup.INI
              24-10-2014 00807742 r-h-s-d-a+ C:\WINDOWS\system32\perfh013.dat
              24-10-2014 00723514 r-h-s-d-a+ C:\WINDOWS\system32\perfh009.dat
              24-10-2014 00162706 r-h-s-d-a+ C:\WINDOWS\system32\perfc013.dat
              24-10-2014 00136128 r-h-s-d-a+ C:\WINDOWS\system32\perfc009.dat
              24-10-2014 00094656 r-h-s-d-a+ C:\WINDOWS\system32\WPRO_41_2001woem.tmp
              23-10-2014 00012800 r-h-s-d-a+ C:\WINDOWS\system32\VfService.trf
              21-10-2014 103265616 r-h-s-d-a+ C:\WINDOWS\system32\MRT.exe
              21-10-2014 00481736 r-h-s-d-a+ C:\WINDOWS\system32\FNTCACHE.DAT

              Files Created Last 7 days :

              23-10-2014 00000168 r-h-s-d-a+ C:\Users\Len\defogger_reenable
              23-10-2014 00000109 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
              21-10-2014 00094656 r-h-s-d-a+ C:\WINDOWS\system32\WPRO_41_2001woem.tmp
              17-10-2014 23631360 r-h-s-d-a+ C:\WINDOWS\system32\mshtml.dll
              17-10-2014 17484800 r-h-s-d-a+ C:\WINDOWS\SysWOW64\mshtml.dll
              17-10-2014 13619200 r-h-s-d-a+ C:\WINDOWS\system32\ieframe.dll
              17-10-2014 11807232 r-h-s-d-a+ C:\WINDOWS\SysWOW64\ieframe.dll
              17-10-2014 05829632 r-h-s-d-a+ C:\WINDOWS\system32\jscript9.dll
              17-10-2014 04201472 r-h-s-d-a+ C:\WINDOWS\SysWOW64\jscript9.dll
              17-10-2014 04183040 r-h-s-d-a+ C:\WINDOWS\system32\win32k.sys
              17-10-2014 03117568 r-h-s-d-a+ C:\WINDOWS\SysWOW64\msi.dll
              17-10-2014 02796032 r-h-s-d-a+ C:\WINDOWS\system32\iertutil.dll
              17-10-2014 02779648 r-h-s-d-a+ C:\WINDOWS\system32\msi.dll
              17-10-2014 02646016 r-h-s-d-a+ C:\WINDOWS\system32\authui.dll
              17-10-2014 02321920 r-h-s-d-a+ C:\WINDOWS\SysWOW64\authui.dll
              17-10-2014 02309632 r-h-s-d-a+ C:\WINDOWS\system32\wininet.dll
              17-10-2014 02187264 r-h-s-d-a+ C:\WINDOWS\SysWOW64\iertutil.dll
              17-10-2014 02108416 r-h-s-d-a+ C:\WINDOWS\system32\inetcpl.cpl
              17-10-2014 02017280 r-h-s-d-a+ C:\WINDOWS\SysWOW64\inetcpl.cpl
              17-10-2014 01810944 r-h-s-d-a+ C:\WINDOWS\SysWOW64\wininet.dll
              17-10-2014 01447936 r-h-s-d-a+ C:\WINDOWS\system32\urlmon.dll
              17-10-2014 01190400 r-h-s-d-a+ C:\WINDOWS\SysWOW64\urlmon.dll
              17-10-2014 00775168 r-h-s-d-a+ C:\WINDOWS\system32\ieapfltr.dll
              17-10-2014 00758272 r-h-s-d-a+ C:\WINDOWS\system32\jscript9diag.dll
              17-10-2014 00731136 r-h-s-d-a+ C:\WINDOWS\system32\msfeeds.dll
              17-10-2014 00710656 r-h-s-d-a+ C:\WINDOWS\system32\ie4uinit.exe
              17-10-2014 00678400 r-h-s-d-a+ C:\WINDOWS\SysWOW64\ieapfltr.dll
              17-10-2014 00607744 r-h-s-d-a+ C:\WINDOWS\SysWOW64\msfeeds.dll
              17-10-2014 00590336 r-h-s-d-a+ C:\WINDOWS\system32\rastls.dll
              17-10-2014 00547328 r-h-s-d-a+ C:\WINDOWS\system32\vbscript.dll
              17-10-2014 00514048 r-h-s-d-a+ C:\WINDOWS\SysWOW64\rastls.dll
              17-10-2014 00454656 r-h-s-d-a+ C:\WINDOWS\SysWOW64\vbscript.dll
              17-10-2014 00363008 r-h-s-d-a+ C:\WINDOWS\system32\iedkcs32.dll
              17-10-2014 00315904 r-h-s-d-a+ C:\WINDOWS\SysWOW64\iedkcs32.dll
              17-10-2014 00289280 r-h-s-d-a+ C:\WINDOWS\system32\dxtrans.dll
              17-10-2014 00243200 r-h-s-d-a+ C:\WINDOWS\SysWOW64\dxtrans.dll
              17-10-2014 00109568 r-h-s-d-a+ C:\WINDOWS\system32\appinfo.dll
              17-10-2014 00085504 r-h-s-d-a+ C:\WINDOWS\system32\mshtmled.dll
              17-10-2014 00083968 r-h-s-d-a+ C:\WINDOWS\system32\MshtmlDac.dll
              17-10-2014 00076288 r-h-s-d-a+ C:\WINDOWS\system32\packager.dll
              17-10-2014 00069632 r-h-s-d-a+ C:\WINDOWS\SysWOW64\mshtmled.dll
              17-10-2014 00068608 r-h-s-d-a+ C:\WINDOWS\SysWOW64\packager.dll
              17-10-2014 00061952 r-h-s-d-a+ C:\WINDOWS\SysWOW64\MshtmlDac.dll

              ==================== RUNNING PROCESSES =========================================

              [AppleMobileDeviceService] -SYSTEM- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - (Apple Inc.)
              [avgidsagent] -SYSTEM- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe - (AVG Technologies CZ, s.r.o.)
              [BTHSAmpPalService] -SYSTEM- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe - (Intel Corporation)
              [chrome] -Len- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
              [chrome] -Len- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
              [chrome] -Len- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
              [dasHost] -LOCAL SERVICE- C:\WINDOWS\system32\dashost.exe - (Microsoft Corporation)
              [explorer] -Len- C:\WINDOWS\explorer.exe - (Microsoft Corporation)
              [googledrivesync] -Len- C:\Program Files (x86)\Google\Drive\googledrivesync.exe - (Google)
              [hkcmd] -Len- C:\Windows\System32\hkcmd.exe - (Intel Corporation)
              [IAStorDataMgrSvc] -SYSTEM- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe - (Intel Corporation)
              [iSCTAgent] -SYSTEM- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe - ()
              [LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - (Intel Corporation)
              [RTFTrack] -Len- C:\Windows\RTFTrack.exe - (Realtek semiconductor)
              [SettingSyncHost] -Len- C:\Windows\System32\SettingSyncHost.exe - (Microsoft Corporation)
              [spoolsv] -SYSTEM- C:\WINDOWS\System32\spoolsv.exe - (Microsoft Corporation)
              [SpotifyHelper] -Len- C:\Users\Len\AppData\Roaming\Spotify\Data\SpotifyHelper.exe - ()
              [SpotifyHelper] -Len- C:\Users\Len\AppData\Roaming\Spotify\Data\SpotifyHelper.exe - ()
              [taskeng] -SYSTEM- C:\WINDOWS\system32\taskeng.exe - (Microsoft Corporation)
              [taskhostex] -Len- C:\WINDOWS\system32\taskhostex.exe - (Microsoft Corporation)
              [WerFault] -Len- C:\WINDOWS\system32\werfault.exe - (Microsoft Corporation)
              [WerFault] -Len- C:\WINDOWS\system32\werfault.exe - (Microsoft Corporation)
              [winlogon] -SYSTEM- C:\WINDOWS\system32\winlogon.exe - (Microsoft Corporation)
              [wlanext] -SYSTEM- C:\WINDOWS\system32\WLANExt.exe - (Microsoft Corporation)

              ==================== IE PAGES ==================================================

              IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.google.nl/
              IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\WINDOWS\system32\blank.htm
              IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
              IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://lenovo13.msn.com
              IE04 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
              IE05 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\SysWOW64\ieframe.dll
              IE06 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings @ ProxyOverride = *.local
              IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
              IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\SysWOW64\blank.htm
              IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
              IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
              IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
              IE10 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
              IE10 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
              IE10 - HKLM\..\SearchScopes {EA19CB3D-FBEC-4984-A9C8-BE3CCD9EF207} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
              IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.google.nl/
              IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\WINDOWS\system32\blank.htm
              IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
              IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://lenovo13.msn.com
              IE04 x64 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
              IE05 x64 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\System32\ieframe.dll
              IE06 x64 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings @ ProxyOverride = *.local
              IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
              IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\System32\blank.htm
              IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
              IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
              IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
              IE10 x64 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
              IE10 x64 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
              IE10 x64 - HKLM\..\SearchScopes {EA19CB3D-FBEC-4984-A9C8-BE3CCD9EF207} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

              ==================== Auto Load =================================================

              AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = userinit.exe,
              AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe
              AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = C:\Windows\system32\userinit.exe,
              AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe

              ==================== Google Chrome =============================================

              GC - Prefpath: C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Preferences

              GC - Profile Name: Eerste gebruiker
              GC - Homepage:
              GC - Default Search Provider: n/a

              = Known Disabled Extensions =



              ==================== Windows Host File =========================================


              ==================== BHO =======================================================

              BHO - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
              BHO - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
              BHO x64 - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files\Microsoft Office\Office15\OCHelper.dll
              BHO x64 - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL

              ==================== Auto Start Programs =======================================

              ASP01 - HKLM\..\Run @ AVG_UI = "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
              ASP01 - HKLM\..\Run @ ConnectionCenter = "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
              ASP01 - HKLM\..\Run @ Intel AppUp(SM) center = "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
              ASP01 - HKLM\..\Run @ mcui_exe = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
              ASP01 - HKLM\..\Run @ YouCam Tray = "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
              ASP04 - HKCU\..\Run @ AVG-Secure-Search-Update_0414c = "C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe" /PROMPT /CMPID=0414c
              ASP04 - HKCU\..\Run @ AVG-Secure-Search-Update_1213b = C:\Users\Len\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=af79a21272f847d3a1ebddc2bbd59917-9e3e43fa350c9a3facf10d790baaa3727fd68fec /CMPID=1213b
              ASP04 - HKCU\..\Run @ Facebook Update = "C:\Users\Len\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
              ASP04 - HKCU\..\Run @ GoogleDriveSync = "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
              ASP04 - HKCU\..\Run @ Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
              ASP04 - HKCU\..\Run @ Spotify = "C:\Users\Len\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
              ASP04 - HKCU\..\Run @ Spotify Web Helper = "C:\Users\Len\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
              ASP01 x64 - HKLM\..\Run @ AVG_UI = "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
              ASP01 x64 - HKLM\..\Run @ ConnectionCenter = "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
              ASP01 x64 - HKLM\..\Run @ Intel AppUp(SM) center = "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
              ASP01 x64 - HKLM\..\Run @ mcui_exe = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
              ASP01 x64 - HKLM\..\Run @ YouCam Tray = "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
              ASP04 x64 - HKCU\..\Run @ AVG-Secure-Search-Update_0414c = "C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe" /PROMPT /CMPID=0414c
              ASP04 x64 - HKCU\..\Run @ AVG-Secure-Search-Update_1213b = C:\Users\Len\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=af79a21272f847d3a1ebddc2bbd59917-9e3e43fa350c9a3facf10d790baaa3727fd68fec /CMPID=1213b
              ASP04 x64 - HKCU\..\Run @ Facebook Update = "C:\Users\Len\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
              ASP04 x64 - HKCU\..\Run @ GoogleDriveSync = "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
              ASP04 x64 - HKCU\..\Run @ Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
              ASP04 x64 - HKCU\..\Run @ Spotify = "C:\Users\Len\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
              ASP04 x64 - HKCU\..\Run @ Spotify Web Helper = "C:\Users\Len\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
              ASP - Startup - C:\Users\Len\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
              ASP - Startup - C:\Users\Len\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
              ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
              ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
              ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk



              ==================== Extra Items IE ============================================

              EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
              EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
              EI03 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
              EI03 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
              EI03 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings
              EI03 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
              EI03 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
              EI04 - App Ext - HKCU\..\Approved Extensions @ {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
              EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
              EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
              EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
              EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
              EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings
              EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
              EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
              EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} = C:\Program Files\Microsoft Office\Office15\OCHelper.dll

              ==================== Internet Default Prefix ===================================

              IDP00 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
              IDP01 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://
              IDP00 x64 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
              IDP01 x64 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://

              ==================== Default Settings IE - DSIE ================================

              DSIE - ieuinit.inf: START_PAGE= "http://go.microsoft.com/fwlink/p/?LinkId
              DSIE - ieuinit.inf: SEARCH_PAGE_URL= "http://go.microsoft.com/fwlink/?LinkId

              ==================== Protocol Hijackers - PH ===================================

              PH00 - Handlersf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} @ = Unknown # C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL # MD5 [cb7e6052455d585dead6f637d8d0a3c9]
              PH00 - Handler:wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} @ = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [41290ae21c588291f2fc9309ad38ead5]
              PH01 - Filter:text/xml - {807583E5-5146-11D5-A672-00B0D022E945} @ = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown
              PH00 x64 - Handlersf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} @ = Unknown # C:\Program Files\Microsoft Office\Office15\MSOSB.DLL # MD5 [59ac63d95071da4b8f1f5a9277b7f4fe]
              PH01 x64 - Filter:text/xml - {807583E5-5146-11D5-A672-00B0D022E945} @ = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown

              ==================== Automatic Started DLL's (AS) ==============================

              AS00 - @ AppInit_DLLs = C:\windows\system32\nvinitx.dll, C:\WINDOWS\system32\nvinitx.dll
              AS00 x64 - @ AppInit_DLLs = C:\windows\system32\nvinitx.dll, C:\WINDOWS\system32\nvinitx.dll

              ==================== ShellServiceObjectDelayLoad - SSODL =======================

              SSODL - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =
              SSODL x64 - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =

              ==================== Extra items - EXT (Torpig/ConduitSearch) ==================

              EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
              EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\WINDOWS\system32\shell32.dll
              EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\WINDOWS\system32\ntshrui.dll
              EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
              EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\WINDOWS\system32\shell32.dll
              EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\WINDOWS\system32\ntshrui.dll

              ==================== DRIVERS and SERVICES ======================================

              *** Win32OwnProcess ***

              SERV - R2 - [AMPPALR3] - Intel® Centrino® Wireless Bluetooth® + High Speed Service - c:\program files\intel\bluetoothhs\bthsamppalservice.exe
              SERV - R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
              SERV - R2 - [AVGIDSAgent] - AVGIDSAgent - c:\program files (x86)\avg\avg2014\avgidsagent.exe
              SERV - R2 - [avgwd] - AVG WatchDog - c:\program files (x86)\avg\avg2014\avgwdsvc.exe
              SERV - R2 - [Bluetooth Device Monitor] - Bluetooth Device Monitor - c:\program files (x86)\intel\bluetooth\devmonsrv.exe
              SERV - R2 - [Bluetooth OBEX Service] - Bluetooth OBEX Service - c:\program files (x86)\intel\bluetooth\obexsrv.exe
              SERV - R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
              SERV - R2 - [BrcmSetSecurity] - BrcmSetSecurity - c:\program files\intel corporation\intel widi\brcmsetsecurity.exe
              SERV - R2 - [BTHSSecurityMgr] - Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service - c:\program files\intel\bluetoothhs\bthssecuritymgr.exe
              SERV - R2 - [EvtEng] - Intel(R) PROSet/Wireless Event Log - c:\program files\intel\wifi\bin\evteng.exe
              SERV - R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
              SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
              SERV - R2 - [Intel(R) ME Service] - Intel(R) ME Service - c:\program files (x86)\intel\intel(r) management engine components\fwservice\intelmefwservice.exe
              SERV - R2 - [Intel(R) Wireless Bluetooth(R) 4.0 Radio Management] - Intel(R) Wireless Bluetooth(R) 4.0 Radio Management - c:\program files (x86)\intel\bluetooth\ibtrksrv.exe
              SERV - R2 - [ISCTAgent] - Intel(R) Smart Connect Technology Agent - c:\program files\intel\intel(r) smart connect technology agent\isctagent.exe
              SERV - R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
              SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
              SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
              SERV - R2 - [RegSrvc] - Intel(R) PROSet/Wireless Registry Service - c:\program files\common files\intel\wirelesscommon\regsrvc.exe
              SERV - R2 - [TeamViewer8] - TeamViewer 8 - c:\program files (x86)\teamviewer\version8\teamviewer_service.exe
              SERV - R2 - [VeriFaceSrv] - VeriFaceSrv - c:\program files (x86)\lenovo\lenovo veriface\vfconnectorservice.exe
              SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
              SERV - R2 - [ZeroConfigService] - Intel(R) PROSet/Wireless Zero Configuration Service - c:\program files\intel\wifi\bin\zeroconfigservice.exe
              SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
              SERV - S2 - [nvUpdatusService] - NVIDIA Update Service Daemon - c:\program files (x86)\nvidia corporation\nvidia update core\daemonu.exe
              SERV - S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
              SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
              SERV - S2 - [Update service] - Update service - c:\program files (x86)\popcorn time\updater.exe
              SERV - S2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
              SERV - S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
              SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
              SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
              SERV - S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
              SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
              SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
              SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
              SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
              SERV - S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe
              SERV - S3 - [iumsvc] - Intel(R) Update Manager - c:\program files (x86)\intel\intel(r) update manager\bin\iumsvc.exe
              SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
              SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
              SERV - S3 - [MyWiFiDHCPDNS] - Wireless PAN DHCP Server - c:\program files\intel\wifi\bin\pandhcpdns.exe
              SERV - S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
              SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
              SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
              SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
              SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
              SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
              SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
              SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
              SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
              SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
              SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe

              *** Win32ShareProcess ***

              SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
              SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
              SERV - S3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
              SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
              SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
              SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

              *** Others ***

              SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
              SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

              *** File System Driver ***

              DRV - R0 - [AVGIDSHA] - AVGIDSHA - C:\WINDOWS\system32\Drivers\AVGIDSHA.sys
              DRV - R0 - [Avgloga] - AVG Logging Driver - C:\WINDOWS\system32\Drivers\Avgloga.sys
              DRV - R0 - [Avgmfx64] - AVG Mini-Filter Resident Anti-Virus Shield - C:\WINDOWS\system32\Drivers\Avgmfx64.sys
              DRV - R0 - [Avgrkx64] - AVG Anti-Rootkit Driver - C:\WINDOWS\system32\Drivers\Avgrkx64.sys
              DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys
              DRV - R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys
              DRV - R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys
              DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys
              DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys
              DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\WINDOWS\system32\Drivers\srv.sys
              DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\WINDOWS\system32\Drivers\srv2.sys

              *** Kernel Driver ***

              DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\WINDOWS\system32\Drivers\ACPI.sys
              DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys
              DRV - R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys
              DRV - R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys
              DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\WINDOWS\system32\Drivers\disk.sys
              DRV - R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys
              DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\WINDOWS\system32\Drivers\fvevol.sys
              DRV - R0 - [iaStorA] - iaStorA - C:\WINDOWS\system32\Drivers\iaStorA.sys
              DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\WINDOWS\system32\Drivers\intelpep.sys
              DRV - R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys
              DRV - R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys
              DRV - R0 - [LHDmgr] - LHDmgr - C:\WINDOWS\system32\Drivers\LHDmgr.sys [x]
              DRV - R0 - [mountmgr] - Mount Point Manager - C:\WINDOWS\system32\Drivers\mountmgr.sys
              DRV - R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys
              DRV - R0 - [NDIS] - NDIS System Driver - C:\WINDOWS\system32\Drivers\NDIS.sys
              DRV - R0 - [partmgr] - Partition Manager - C:\WINDOWS\system32\Drivers\partmgr.sys
              DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\WINDOWS\system32\Drivers\pci.sys
              DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys
              DRV - R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys
              DRV - R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys
              DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\WINDOWS\system32\Drivers\spaceport.sys
              DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\WINDOWS\system32\Drivers\Tcpip.sys
              DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\WINDOWS\system32\Drivers\vdrvroot.sys
              DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\WINDOWS\system32\Drivers\volmgr.sys
              DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\WINDOWS\system32\Drivers\volmgrx.sys
              DRV - R0 - [volsnap] - Opslagvolumes - C:\WINDOWS\system32\Drivers\volsnap.sys
              DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\WINDOWS\system32\Drivers\Wdf01000.sys
              DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\WINDOWS\system32\Drivers\WFPLWFS.sys
              DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys
              DRV - R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys
              DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\WINDOWS\system32\Drivers\tdx.sys
              DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys
              DRV - S0 - [Avgboota] - AVG Early Launch Anti-Malware Driver - C:\WINDOWS\system32\Drivers\Avgboota.sys
              DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys
              DRV - S3 - [atapi] - IDE-kanaal - C:\WINDOWS\system32\Drivers\atapi.sys

              ==================== SvcHost - White Listed ====================================

              All Ok

              WOW - All Ok

              ==================== SigCheck x86 Fast =========================================

              Fast Scan All ok

              ==================== SigCheck x64 Fast =========================================

              Fast Scan All ok

              ==================== Software Installed ========================================

              Absolute Reminder | Vers: 2.3.0.0 | Pub: Absolute Software
              Adobe Flash Player 15 Plugin | Vers: 15.0.0.152 | Pub: Adobe Systems Incorporated
              Apple Application Support | Vers: 3.0.6 | Pub: Apple Inc.
              Apple Software Update | Vers: 2.1.3.127 | Pub: Apple Inc.
              Citrix online plug-in - web | Vers: 11.2.0.31560 | Pub: Citrix Systems, Inc.
              Citrix online plug-in (DV) | Vers: 11.2.0.31560 | Pub: Citrix Systems, Inc.
              Citrix online plug-in (HDX) | Vers: 11.2.0.31560 | Pub: Citrix Systems, Inc.
              Citrix online plug-in (USB) | Vers: 11.2.0.31560 | Pub: Citrix Systems, Inc.
              Citrix online plug-in (Web) | Vers: 11.2.0.31560 | Pub: Citrix Systems, Inc.
              D3DX10 | Vers: 15.4.2368.0902 | Pub: Microsoft
              DAEMON Tools Lite | Vers: 4.47.1.0333 | Pub: Disc Soft Ltd
              Dolby Home Theater v4 | Vers: 7.2.8000.17 | Pub: Dolby Laboratories Inc
              Energy Manager | Vers: 1.0.0.24 | Pub: Lenovo
              E-Peek
              Facebook Video Calling 3.1.0.521 | Vers: 3.1.521 | Pub: Skype Limited
              Google Chrome | Vers: 38.0.2125.104 | Pub: Google Inc.
              Google Drive | Vers: 1.17.7290.4094 | Pub: Google, Inc.
              Google Update Helper | Vers: 1.3.25.5 | Pub: Google Inc.
              Intel Anti-Theft Discovery App | Vers: 1.1.0.7 | Pub: Intel Corporation
              Intel AppUp(SM) center | Vers: 3.6.1.33057.10 | Pub: Intel
              Intel Experience Center - Configuration | Vers: 1.5.0.0 | Pub: Intel
              Intel(R) Experience Center Desktop Software | Vers: 1.5.0.0 | Pub: Intel
              Intel(R) Experience Center Driver | Vers: 1.0.90.0 | Pub: Intel Corporation
              Intel(R) Management Engine Components | Vers: 9.5.3.1520 | Pub: Intel Corporation
              Intel(R) Processor Graphics | Vers: 10.18.10.3316 | Pub: Intel Corporation
              Intel(R) SDK for OpenCL - CPU Only Runtime Package | Vers: 3.0.0.63463 | Pub: Intel Corporation
              Intel(R) Update Manager | Vers: 2.3.1338 | Pub: Intel Corporation
              Intel® PROSet/Wireless Software | Vers: 16.0.4 | Pub: Intel Corporation
              K-Lite Codec Pack 10.6.5 Basic | Vers: 10.6.5
              League of Legends | Vers: 3.0.1 | Pub: Riot Games
              Lenovo EasyCamera | Vers: 6.2.9200.10233 | Pub: Realtek Semiconductor Corp.
              Lenovo OneKey Recovery | Vers: 8.0.0.1219 | Pub: CyberLink Corp.
              Lenovo YouCam | Vers: 4.1.3423 | Pub: CyberLink Corp.
              Malwarebytes Anti-Malware versie 2.0.3.1025 | Vers: 2.0.3.1025 | Pub: Malwarebytes Corporation
              Microsoft SQL Server 2005 Compact Edition [ENU] | Vers: 3.1.0000 | Pub: Microsoft
              Microsoft Visual C++ 2005 Redistributable | Vers: 8.0.59193 | Pub: Microsoft
              Microsoft Visual C++ 2005 Redistributable | Vers: 8.0.61001 | Pub: Microsoft
              Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 | Vers: 9.0.30729.6161 | Pub: Microsoft
              Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 | Vers: 10.0.40219 | Pub: Microsoft
              Movie Maker | Vers: 16.4.3508.0205 | Pub: Microsoft
              MSVCRT | Vers: 15.4.2862.0708 | Pub: Microsoft
              MSVCRT110 | Vers: 16.4.1108.0727 | Pub: Microsoft
              Music Editor Free | Pub: MEF GmbH.
              NVIDIA PhysX | Vers: 9.12.1031 | Pub: NVIDIA Corporation
              Photo Common | Vers: 16.4.3508.0205 | Pub: Microsoft
              Photo Gallery | Vers: 16.4.3508.0205 | Pub: Microsoft
              Popcorn Time | Vers: Beta 4.3 | Pub: Popcorn Time
              Realtek Card Reader | Vers: 6.2.9200.21229 | Pub: Realtek Semiconductor Corp.
              Realtek Ethernet Controller Driver | Vers: 8.15.410.2013 | Pub: Realtek
              Skype™ 6.21 | Vers: 6.21.104 | Pub: Skype Technologies S.A.
              SugarSync Manager | Vers: 1.9.61.90905 | Pub: SugarSync, Inc.
              TeamViewer 8 | Vers: 8.0.20935 | Pub: TeamViewer
              UserGuide | Vers: 1.0.0.9 | Pub: Lenovo
              Visual Studio 2012 x86 Redistributables | Vers: 14.0.0.1 | Pub: AVG Technologies CZ, s.r.o.
              VLC media player 2.1.3 | Vers: 2.1.3 | Pub: VideoLAN
              Windows Live Communications Platform | Vers: 16.4.3508.0205 | Pub: Microsoft
              Windows Live Essentials | Vers: 16.4.3508.0205 | Pub: Microsoft
              Windows Live Installer | Vers: 16.4.3508.0205 | Pub: Microsoft
              Windows Live Photo Common | Vers: 16.4.3508.0205 | Pub: Microsoft
              Windows Live PIMT Platform | Vers: 16.4.3508.0205 | Pub: Microsoft
              Windows Live SOXE | Vers: 16.4.3508.0205 | Pub: Microsoft
              Windows Live SOXE Definitions | Vers: 16.4.3508.0205 | Pub: Microsoft
              Windows Live UX Platform | Vers: 16.4.3508.0205 | Pub: Microsoft
              Windows Live UX Platform Language Pack | Vers: 16.4.3508.0205 | Pub: Microsoft

              ==================== Job tasks =================================================

              There are no .job files found.

              ==================== End scanning at vr 24 okt 2014 14:20 (0 Min 25 Sec ) ======
              Last edited by Emphyrio; 24-10-14, 13:53. Reden: Smileys uitgezet

              Comment


              • #8
                Open een kladblokbestand.
                Kopieer onderstaande in dit kladblokbestand.

                @ECHO OFF
                IF EXIST log.txt DEL log.txt
                ECHO Deleting folders>>log.txt
                FOR %%I in (
                "C:\Program Files\McAfee.com"
                ) DO (
                IF EXIST %%I (
                RD /S /Q %%I
                IF EXIST %%I (
                ECHO %%I not deleted>>log.txt
                ) ELSE (
                ECHO %%I deleted>>log.txt)
                ) ELSE (
                ECHO %%I not found>>log.txt))
                ECHO Deleting Registry Values>>log.txt
                REG.EXE DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "mcui_exe" /f>NUL
                IF NOT ERRORLEVEL 1 ECHO "registersleutel : waarde" deleted successfully>>log.txt
                IF ERRORLEVEL 1 ECHO "registersleutel : waarde" not deleted>>log.txt
                START NOTEPAD.EXE log.txt
                DEL %0
                Ga naar Bestand - Opslaan als.
                Bij "Opslaan in" kies je: Bureaublad
                Bij "Bestandsnaam" zet je: del.bat
                Bij "Opslaan als type" selecteer je: Alle bestanden .
                Klik op de knop Opslaan.
                Rechtsklikken op del.bat en Uitvoeren als Administrator.
                Post de inhoud van de logfile die opent.


                Download of Update Ccleaner

                Start CCleaner op.
                • Run Ccleaner en klik in de linkse kolom op Opties
                • Selecteer het tabblad Geavanceerd
                • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                • Selecteer het tabblad Instellingen
                • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                • Klik in de linkse kolom op Cleaner.
                • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                • Klik vervolgens in de linkse kolom op Register
                • Klik op Scan naar problemen.
                • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

                .


                Post een verse E-Peek log.
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  Deleting folders
                  "C:\Program Files\McAfee.com" not found
                  Deleting Registry Values
                  "registersleutel : waarde" not deleted

                  CCleaner krijg ik niet gedownload. Wanneer ik op de link klik, dan verschijnt een venster et de groene downloadknop, maar binnen een seconde springt het scherm op wit, zonder enige inhoud dus. Niet alleen vanaf deze laptop, maar ook vanaf een (hopelijk) niet besmette gewone pc.

                  Moet ik nu toch een nieuwe log plaatsen van E-Peek?

                  PS: We zijn nu naar een Halloweenfeest in de dierentuin en pas na tienen terug. Het heeft dus geen haast.

                  Comment


                  • #10
                    De Slim-versie van Ccleaner is op het moment niet ebschikbaar, dat is dus de reden (slim-verise = zonder pup"s)

                    Een nieuwe log hoeft nu niet, we kijken wel naar 22:00 u
                    Veel plezier !
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      We zijn al terug!

                      Comment


                      • #12
                        Emphyrio edit:
                        Kan je aub de Smileys uitzetten?


                        Ik heb de "gewone" versie van CCleaner geïnstalleerd en alles laten uitvoeren. Hieronder de nieuwe log van E-Peek:

                        E-Peek v 1.0.5.4 © Emphyrio/Onsia Patrick 2013-2014
                        Downloaded @ E Dev
                        Run at vr 24 okt 2014 20:15
                        .
                        Windows 8.1 (64 bits)
                        C:\WINDOWS [NTFS - Fixed]
                        Default Browser: Google Chrome
                        Boot mode: Normal boot
                        User logged in: Len
                        .
                        Java x86: n/a
                        Java x64: n/a
                        .
                        AV : AVG AntiVirus Free Edition 2014 [Updated - Running]
                        AV : Windows Defender [Updated - Not Running]
                        AS : Windows Defender [Updated - Not Running]
                        AS : AVG AntiVirus Free Edition 2014 [Updated - Running]
                        FW : Windows firewall
                        .
                        ==================== Files and Folders history =================================

                        Folders Created Last 7 days :

                        24-10-2014 ##### r-h-s-d+a- C:\Program Files\CCleaner
                        23-10-2014 ##### r-h-s-d+a- C:\ProgramData\Malwarebytes
                        23-10-2014 ##### r-h-s-d+a- C:\Program Files (x86)\Malwarebytes Anti-Malware
                        23-10-2014 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
                        23-10-2014 ##### r-h-s-d+a- C:\AdwCleaner
                        21-10-2014 ##### r-h-s-d+a- C:\Users\Len\AppData\Local\ElevatedDiagnostics

                        Files Modified Last 7 days :

                        24-10-2014 01826596 r-h-s-d-a+ C:\WINDOWS\system32\PerfStringBackup.INI
                        24-10-2014 00807742 r-h-s-d-a+ C:\WINDOWS\system32\perfh013.dat
                        24-10-2014 00723514 r-h-s-d-a+ C:\WINDOWS\system32\perfh009.dat
                        24-10-2014 00162706 r-h-s-d-a+ C:\WINDOWS\system32\perfc013.dat
                        24-10-2014 00136128 r-h-s-d-a+ C:\WINDOWS\system32\perfc009.dat
                        24-10-2014 00094656 r-h-s-d-a+ C:\WINDOWS\system32\WPRO_41_2001woem.tmp
                        24-10-2014 00000125 r-h-s-d-a+ C:\WINDOWS\system32\log.txt
                        23-10-2014 00012800 r-h-s-d-a+ C:\WINDOWS\system32\VfService.trf
                        21-10-2014 103265616 r-h-s-d-a+ C:\WINDOWS\system32\MRT.exe
                        21-10-2014 00481736 r-h-s-d-a+ C:\WINDOWS\system32\FNTCACHE.DAT

                        Files Created Last 7 days :

                        24-10-2014 00000125 r-h-s-d-a+ C:\WINDOWS\system32\log.txt
                        23-10-2014 00000168 r-h-s-d-a+ C:\Users\Len\defogger_reenable
                        23-10-2014 00000109 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
                        21-10-2014 00094656 r-h-s-d-a+ C:\WINDOWS\system32\WPRO_41_2001woem.tmp

                        ==================== RUNNING PROCESSES =========================================

                        [AppleMobileDeviceService] -SYSTEM- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - (Apple Inc.)
                        [avgidsagent] -SYSTEM- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe - (AVG Technologies CZ, s.r.o.)
                        [BTHSAmpPalService] -SYSTEM- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe - (Intel Corporation)
                        [CCleaner64] -Len- C:\Program Files\CCleaner\CCleaner64.exe - (Piriform Ltd)
                        [chrome] -Len- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
                        [dasHost] -LOCAL SERVICE- C:\WINDOWS\system32\dashost.exe - (Microsoft Corporation)
                        [E-Peek 1.0.5] -Len- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.0.5.exe - (E Dev)
                        [explorer] -Len- C:\WINDOWS\explorer.exe - (Microsoft Corporation)
                        [googledrivesync] -Len- C:\Program Files (x86)\Google\Drive\googledrivesync.exe - (Google)
                        [hkcmd] -Len- C:\Windows\System32\hkcmd.exe - (Intel Corporation)
                        [IAStorDataMgrSvc] -SYSTEM- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe - (Intel Corporation)
                        [iSCTAgent] -SYSTEM- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe - ()
                        [livecomm] -Len- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.ex e - (Microsoft Corporation)
                        [LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - (Intel Corporation)
                        [RTFTrack] -Len- C:\Windows\RTFTrack.exe - (Realtek semiconductor)
                        [RuntimeBroker] -Len- C:\Windows\System32\RuntimeBroker.exe - (Microsoft Corporation)
                        [SearchFilterHost] -SYSTEM- C:\WINDOWS\system32\SearchFilterHost.exe - (Microsoft Corporation)
                        [SettingSyncHost] -Len- C:\Windows\System32\SettingSyncHost.exe - (Microsoft Corporation)
                        [spoolsv] -SYSTEM- C:\WINDOWS\System32\spoolsv.exe - (Microsoft Corporation)
                        [SpotifyHelper] -Len- C:\Users\Len\AppData\Roaming\Spotify\Data\SpotifyHelper.exe - ()
                        [SpotifyHelper] -Len- C:\Users\Len\AppData\Roaming\Spotify\Data\SpotifyHelper.exe - ()
                        [taskeng] -SYSTEM- C:\WINDOWS\system32\taskeng.exe - (Microsoft Corporation)
                        [taskhostex] -Len- C:\WINDOWS\system32\taskhostex.exe - (Microsoft Corporation)
                        [unsecapp] -Len- C:\WINDOWS\system32\wbem\unsecapp.exe - (Microsoft Corporation)
                        [wermgr] -Len- C:\WINDOWS\system32\wermgr.exe - (Microsoft Corporation)
                        [wermgr] -Len- C:\WINDOWS\system32\wermgr.exe - (Microsoft Corporation)
                        [winlogon] -SYSTEM- C:\WINDOWS\system32\winlogon.exe - (Microsoft Corporation)
                        [wlanext] -SYSTEM- C:\WINDOWS\system32\WLANExt.exe - (Microsoft Corporation)

                        ==================== IE PAGES ==================================================

                        IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.google.nl/
                        IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\WINDOWS\system32\blank.htm
                        IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
                        IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://lenovo13.msn.com
                        IE04 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
                        IE05 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\SysWOW64\ieframe.dll
                        IE06 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings @ ProxyOverride = *.local
                        IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
                        IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\SysWOW64\blank.htm
                        IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
                        IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
                        IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
                        IE10 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                        IE10 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
                        IE10 - HKLM\..\SearchScopes {EA19CB3D-FBEC-4984-A9C8-BE3CCD9EF207} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
                        IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.google.nl/
                        IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\WINDOWS\system32\blank.htm
                        IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
                        IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://lenovo13.msn.com
                        IE04 x64 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
                        IE05 x64 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\System32\ieframe.dll
                        IE06 x64 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings @ ProxyOverride = *.local
                        IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
                        IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\System32\blank.htm
                        IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
                        IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
                        IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
                        IE10 x64 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                        IE10 x64 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
                        IE10 x64 - HKLM\..\SearchScopes {EA19CB3D-FBEC-4984-A9C8-BE3CCD9EF207} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

                        ==================== Auto Load =================================================

                        AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = userinit.exe,
                        AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe
                        AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = C:\Windows\system32\userinit.exe,
                        AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe

                        ==================== Google Chrome =============================================

                        GC - Prefpath: C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        GC - Profile Name: Eerste gebruiker
                        GC - Homepage:
                        GC - Default Search Provider: n/a

                        = Known Disabled Extensions =



                        ==================== Windows Host File =========================================


                        ==================== BHO =======================================================

                        BHO - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
                        BHO - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
                        BHO x64 - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files\Microsoft Office\Office15\OCHelper.dll
                        BHO x64 - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL

                        ==================== Auto Start Programs =======================================

                        ASP01 - HKLM\..\Run @ AVG_UI = "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
                        ASP01 - HKLM\..\Run @ ConnectionCenter = "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
                        ASP01 - HKLM\..\Run @ Intel AppUp(SM) center = "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
                        ASP01 - HKLM\..\Run @ YouCam Tray = "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
                        ASP04 - HKCU\..\Run @ AVG-Secure-Search-Update_0414c = "C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe" /PROMPT /CMPID=0414c
                        ASP04 - HKCU\..\Run @ CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
                        ASP04 - HKCU\..\Run @ Facebook Update = "C:\Users\Len\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
                        ASP04 - HKCU\..\Run @ GoogleDriveSync = "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
                        ASP04 - HKCU\..\Run @ Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
                        ASP04 - HKCU\..\Run @ Spotify = "C:\Users\Len\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
                        ASP04 - HKCU\..\Run @ Spotify Web Helper = "C:\Users\Len\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
                        ASP01 x64 - HKLM\..\Run @ AVG_UI = "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
                        ASP01 x64 - HKLM\..\Run @ ConnectionCenter = "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
                        ASP01 x64 - HKLM\..\Run @ Intel AppUp(SM) center = "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
                        ASP01 x64 - HKLM\..\Run @ YouCam Tray = "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
                        ASP04 x64 - HKCU\..\Run @ AVG-Secure-Search-Update_0414c = "C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe" /PROMPT /CMPID=0414c
                        ASP04 x64 - HKCU\..\Run @ CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
                        ASP04 x64 - HKCU\..\Run @ Facebook Update = "C:\Users\Len\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
                        ASP04 x64 - HKCU\..\Run @ GoogleDriveSync = "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
                        ASP04 x64 - HKCU\..\Run @ Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
                        ASP04 x64 - HKCU\..\Run @ Spotify = "C:\Users\Len\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
                        ASP04 x64 - HKCU\..\Run @ Spotify Web Helper = "C:\Users\Len\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
                        ASP - Startup - C:\Users\Len\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
                        ASP - Startup - C:\Users\Len\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
                        ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
                        ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
                        ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk



                        ==================== Extra Items IE ============================================

                        EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
                        EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
                        EI03 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
                        EI03 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
                        EI03 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings
                        EI03 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
                        EI03 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
                        EI04 - App Ext - HKCU\..\Approved Extensions @ {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
                        EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
                        EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
                        EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
                        EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
                        EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings
                        EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
                        EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
                        EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} = C:\Program Files\Microsoft Office\Office15\OCHelper.dll

                        ==================== Internet Default Prefix ===================================

                        IDP00 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
                        IDP01 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://
                        IDP00 x64 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
                        IDP01 x64 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://

                        ==================== Default Settings IE - DSIE ================================

                        DSIE - ieuinit.inf: START_PAGE= "http://go.microsoft.com/fwlink/p/?LinkId
                        DSIE - ieuinit.inf: SEARCH_PAGE_URL= "http://go.microsoft.com/fwlink/?LinkId

                        ==================== Protocol Hijackers - PH ===================================

                        PH00 - Handlersf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} @ = Unknown # C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL # MD5 [cb7e6052455d585dead6f637d8d0a3c9]
                        PH00 - Handler:wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} @ = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [41290ae21c588291f2fc9309ad38ead5]
                        PH01 - Filter:text/xml - {807583E5-5146-11D5-A672-00B0D022E945} @ = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown
                        PH00 x64 - Handlersf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} @ = Unknown # C:\Program Files\Microsoft Office\Office15\MSOSB.DLL # MD5 [59ac63d95071da4b8f1f5a9277b7f4fe]
                        PH01 x64 - Filter:text/xml - {807583E5-5146-11D5-A672-00B0D022E945} @ = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown

                        ==================== Automatic Started DLL's (AS) ==============================

                        AS00 - @ AppInit_DLLs = C:\windows\system32\nvinitx.dll, C:\WINDOWS\system32\nvinitx.dll
                        AS00 x64 - @ AppInit_DLLs = C:\windows\system32\nvinitx.dll, C:\WINDOWS\system32\nvinitx.dll

                        ==================== ShellServiceObjectDelayLoad - SSODL =======================

                        SSODL - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =
                        SSODL x64 - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =

                        ==================== Extra items - EXT (Torpig/ConduitSearch) ==================

                        EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
                        EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\WINDOWS\system32\shell32.dll
                        EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\WINDOWS\system32\ntshrui.dll
                        EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
                        EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\WINDOWS\system32\shell32.dll
                        EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\WINDOWS\system32\ntshrui.dll

                        ==================== DRIVERS and SERVICES ======================================

                        *** Win32OwnProcess ***

                        SERV - R2 - [AMPPALR3] - Intel® Centrino® Wireless Bluetooth® + High Speed Service - c:\program files\intel\bluetoothhs\bthsamppalservice.exe
                        SERV - R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
                        SERV - R2 - [AVGIDSAgent] - AVGIDSAgent - c:\program files (x86)\avg\avg2014\avgidsagent.exe
                        SERV - R2 - [avgwd] - AVG WatchDog - c:\program files (x86)\avg\avg2014\avgwdsvc.exe
                        SERV - R2 - [Bluetooth Device Monitor] - Bluetooth Device Monitor - c:\program files (x86)\intel\bluetooth\devmonsrv.exe
                        SERV - R2 - [Bluetooth OBEX Service] - Bluetooth OBEX Service - c:\program files (x86)\intel\bluetooth\obexsrv.exe
                        SERV - R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
                        SERV - R2 - [BrcmSetSecurity] - BrcmSetSecurity - c:\program files\intel corporation\intel widi\brcmsetsecurity.exe
                        SERV - R2 - [BTHSSecurityMgr] - Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service - c:\program files\intel\bluetoothhs\bthssecuritymgr.exe
                        SERV - R2 - [EvtEng] - Intel(R) PROSet/Wireless Event Log - c:\program files\intel\wifi\bin\evteng.exe
                        SERV - R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
                        SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
                        SERV - R2 - [Intel(R) ME Service] - Intel(R) ME Service - c:\program files (x86)\intel\intel(r) management engine components\fwservice\intelmefwservice.exe
                        SERV - R2 - [Intel(R) Wireless Bluetooth(R) 4.0 Radio Management] - Intel(R) Wireless Bluetooth(R) 4.0 Radio Management - c:\program files (x86)\intel\bluetooth\ibtrksrv.exe
                        SERV - R2 - [ISCTAgent] - Intel(R) Smart Connect Technology Agent - c:\program files\intel\intel(r) smart connect technology agent\isctagent.exe
                        SERV - R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
                        SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
                        SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
                        SERV - R2 - [RegSrvc] - Intel(R) PROSet/Wireless Registry Service - c:\program files\common files\intel\wirelesscommon\regsrvc.exe
                        SERV - R2 - [TeamViewer8] - TeamViewer 8 - c:\program files (x86)\teamviewer\version8\teamviewer_service.exe
                        SERV - R2 - [VeriFaceSrv] - VeriFaceSrv - c:\program files (x86)\lenovo\lenovo veriface\vfconnectorservice.exe
                        SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
                        SERV - R2 - [ZeroConfigService] - Intel(R) PROSet/Wireless Zero Configuration Service - c:\program files\intel\wifi\bin\zeroconfigservice.exe
                        SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
                        SERV - S2 - [nvUpdatusService] - NVIDIA Update Service Daemon - c:\program files (x86)\nvidia corporation\nvidia update core\daemonu.exe
                        SERV - S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
                        SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
                        SERV - S2 - [Update service] - Update service - c:\program files (x86)\popcorn time\updater.exe
                        SERV - S2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
                        SERV - S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
                        SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
                        SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
                        SERV - S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
                        SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
                        SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
                        SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
                        SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
                        SERV - S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe
                        SERV - S3 - [iumsvc] - Intel(R) Update Manager - c:\program files (x86)\intel\intel(r) update manager\bin\iumsvc.exe
                        SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
                        SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
                        SERV - S3 - [MyWiFiDHCPDNS] - Wireless PAN DHCP Server - c:\program files\intel\wifi\bin\pandhcpdns.exe
                        SERV - S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
                        SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
                        SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
                        SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
                        SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
                        SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
                        SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
                        SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
                        SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
                        SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
                        SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe

                        *** Win32ShareProcess ***

                        SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
                        SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
                        SERV - S3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
                        SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
                        SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
                        SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

                        *** Others ***

                        SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
                        SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

                        *** File System Driver ***

                        DRV - R0 - [AVGIDSHA] - AVGIDSHA - C:\WINDOWS\system32\Drivers\AVGIDSHA.sys
                        DRV - R0 - [Avgloga] - AVG Logging Driver - C:\WINDOWS\system32\Drivers\Avgloga.sys
                        DRV - R0 - [Avgmfx64] - AVG Mini-Filter Resident Anti-Virus Shield - C:\WINDOWS\system32\Drivers\Avgmfx64.sys
                        DRV - R0 - [Avgrkx64] - AVG Anti-Rootkit Driver - C:\WINDOWS\system32\Drivers\Avgrkx64.sys
                        DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys
                        DRV - R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys
                        DRV - R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys
                        DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys
                        DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys
                        DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\WINDOWS\system32\Drivers\srv.sys
                        DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\WINDOWS\system32\Drivers\srv2.sys

                        *** Kernel Driver ***

                        DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\WINDOWS\system32\Drivers\ACPI.sys
                        DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys
                        DRV - R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys
                        DRV - R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys
                        DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\WINDOWS\system32\Drivers\disk.sys
                        DRV - R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys
                        DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\WINDOWS\system32\Drivers\fvevol.sys
                        DRV - R0 - [iaStorA] - iaStorA - C:\WINDOWS\system32\Drivers\iaStorA.sys
                        DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\WINDOWS\system32\Drivers\intelpep.sys
                        DRV - R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys
                        DRV - R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys
                        DRV - R0 - [LHDmgr] - LHDmgr - C:\WINDOWS\system32\Drivers\LHDmgr.sys [x]
                        DRV - R0 - [mountmgr] - Mount Point Manager - C:\WINDOWS\system32\Drivers\mountmgr.sys
                        DRV - R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys
                        DRV - R0 - [NDIS] - NDIS System Driver - C:\WINDOWS\system32\Drivers\NDIS.sys
                        DRV - R0 - [partmgr] - Partition Manager - C:\WINDOWS\system32\Drivers\partmgr.sys
                        DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\WINDOWS\system32\Drivers\pci.sys
                        DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys
                        DRV - R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys
                        DRV - R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys
                        DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\WINDOWS\system32\Drivers\spaceport.sys
                        DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\WINDOWS\system32\Drivers\Tcpip.sys
                        DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\WINDOWS\system32\Drivers\vdrvroot.sys
                        DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\WINDOWS\system32\Drivers\volmgr.sys
                        DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\WINDOWS\system32\Drivers\volmgrx.sys
                        DRV - R0 - [volsnap] - Opslagvolumes - C:\WINDOWS\system32\Drivers\volsnap.sys
                        DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\WINDOWS\system32\Drivers\Wdf01000.sys
                        DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\WINDOWS\system32\Drivers\WFPLWFS.sys
                        DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys
                        DRV - R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys
                        DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\WINDOWS\system32\Drivers\tdx.sys
                        DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys
                        DRV - S0 - [Avgboota] - AVG Early Launch Anti-Malware Driver - C:\WINDOWS\system32\Drivers\Avgboota.sys
                        DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys
                        DRV - S3 - [atapi] - IDE-kanaal - C:\WINDOWS\system32\Drivers\atapi.sys

                        ==================== SvcHost - White Listed ====================================

                        All Ok

                        WOW - All Ok

                        ==================== SigCheck x86 Fast =========================================

                        Fast Scan All ok

                        ==================== SigCheck x64 Fast =========================================

                        Fast Scan All ok

                        ==================== Software Installed ========================================

                        Absolute Reminder | Vers: 2.3.0.0 | Pub: Absolute Software
                        Adobe Flash Player 15 Plugin | Vers: 15.0.0.152 | Pub: Adobe Systems Incorporated
                        Apple Application Support | Vers: 3.0.6 | Pub: Apple Inc.
                        Apple Software Update | Vers: 2.1.3.127 | Pub: Apple Inc.
                        Citrix online plug-in - web | Vers: 11.2.0.31560 | Pub: Citrix Systems, Inc.
                        Citrix online plug-in (DV) | Vers: 11.2.0.31560 | Pub: Citrix Systems, Inc.
                        Citrix online plug-in (HDX) | Vers: 11.2.0.31560 | Pub: Citrix Systems, Inc.
                        Citrix online plug-in (USB) | Vers: 11.2.0.31560 | Pub: Citrix Systems, Inc.
                        Citrix online plug-in (Web) | Vers: 11.2.0.31560 | Pub: Citrix Systems, Inc.
                        D3DX10 | Vers: 15.4.2368.0902 | Pub: Microsoft
                        DAEMON Tools Lite | Vers: 4.47.1.0333 | Pub: Disc Soft Ltd
                        Dolby Home Theater v4 | Vers: 7.2.8000.17 | Pub: Dolby Laboratories Inc
                        Energy Manager | Vers: 1.0.0.24 | Pub: Lenovo
                        E-Peek
                        Facebook Video Calling 3.1.0.521 | Vers: 3.1.521 | Pub: Skype Limited
                        Google Chrome | Vers: 38.0.2125.104 | Pub: Google Inc.
                        Google Drive | Vers: 1.17.7290.4094 | Pub: Google, Inc.
                        Google Update Helper | Vers: 1.3.25.5 | Pub: Google Inc.
                        Intel Anti-Theft Discovery App | Vers: 1.1.0.7 | Pub: Intel Corporation
                        Intel AppUp(SM) center | Vers: 3.6.1.33057.10 | Pub: Intel
                        Intel Experience Center - Configuration | Vers: 1.5.0.0 | Pub: Intel
                        Intel(R) Experience Center Desktop Software | Vers: 1.5.0.0 | Pub: Intel
                        Intel(R) Experience Center Driver | Vers: 1.0.90.0 | Pub: Intel Corporation
                        Intel(R) Management Engine Components | Vers: 9.5.3.1520 | Pub: Intel Corporation
                        Intel(R) Processor Graphics | Vers: 10.18.10.3316 | Pub: Intel Corporation
                        Intel(R) SDK for OpenCL - CPU Only Runtime Package | Vers: 3.0.0.63463 | Pub: Intel Corporation
                        Intel(R) Update Manager | Vers: 2.3.1338 | Pub: Intel Corporation
                        Intel® PROSet/Wireless Software | Vers: 16.0.4 | Pub: Intel Corporation
                        K-Lite Codec Pack 10.6.5 Basic | Vers: 10.6.5
                        League of Legends | Vers: 3.0.1 | Pub: Riot Games
                        Lenovo EasyCamera | Vers: 6.2.9200.10233 | Pub: Realtek Semiconductor Corp.
                        Lenovo OneKey Recovery | Vers: 8.0.0.1219 | Pub: CyberLink Corp.
                        Lenovo YouCam | Vers: 4.1.3423 | Pub: CyberLink Corp.
                        Malwarebytes Anti-Malware versie 2.0.3.1025 | Vers: 2.0.3.1025 | Pub: Malwarebytes Corporation
                        Microsoft SQL Server 2005 Compact Edition [ENU] | Vers: 3.1.0000 | Pub: Microsoft
                        Microsoft Visual C++ 2005 Redistributable | Vers: 8.0.59193 | Pub: Microsoft
                        Microsoft Visual C++ 2005 Redistributable | Vers: 8.0.61001 | Pub: Microsoft
                        Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 | Vers: 9.0.30729.6161 | Pub: Microsoft
                        Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 | Vers: 10.0.40219 | Pub: Microsoft
                        Movie Maker | Vers: 16.4.3508.0205 | Pub: Microsoft
                        MSVCRT | Vers: 15.4.2862.0708 | Pub: Microsoft
                        MSVCRT110 | Vers: 16.4.1108.0727 | Pub: Microsoft
                        Music Editor Free | Pub: MEF GmbH.
                        NVIDIA PhysX | Vers: 9.12.1031 | Pub: NVIDIA Corporation
                        Photo Common | Vers: 16.4.3508.0205 | Pub: Microsoft
                        Photo Gallery | Vers: 16.4.3508.0205 | Pub: Microsoft
                        Popcorn Time | Vers: Beta 4.3 | Pub: Popcorn Time
                        Realtek Card Reader | Vers: 6.2.9200.21229 | Pub: Realtek Semiconductor Corp.
                        Realtek Ethernet Controller Driver | Vers: 8.15.410.2013 | Pub: Realtek
                        Skype™ 6.21 | Vers: 6.21.104 | Pub: Skype Technologies S.A.
                        SugarSync Manager | Vers: 1.9.61.90905 | Pub: SugarSync, Inc.
                        TeamViewer 8 | Vers: 8.0.20935 | Pub: TeamViewer
                        UserGuide | Vers: 1.0.0.9 | Pub: Lenovo
                        Visual Studio 2012 x86 Redistributables | Vers: 14.0.0.1 | Pub: AVG Technologies CZ, s.r.o.
                        VLC media player 2.1.3 | Vers: 2.1.3 | Pub: VideoLAN
                        Windows Live Communications Platform | Vers: 16.4.3508.0205 | Pub: Microsoft
                        Windows Live Essentials | Vers: 16.4.3508.0205 | Pub: Microsoft
                        Windows Live Installer | Vers: 16.4.3508.0205 | Pub: Microsoft
                        Windows Live Photo Common | Vers: 16.4.3508.0205 | Pub: Microsoft
                        Windows Live PIMT Platform | Vers: 16.4.3508.0205 | Pub: Microsoft
                        Windows Live SOXE | Vers: 16.4.3508.0205 | Pub: Microsoft
                        Windows Live SOXE Definitions | Vers: 16.4.3508.0205 | Pub: Microsoft
                        Windows Live UX Platform | Vers: 16.4.3508.0205 | Pub: Microsoft
                        Windows Live UX Platform Language Pack | Vers: 16.4.3508.0205 | Pub: Microsoft

                        ==================== Job tasks =================================================

                        There are no .job files found.

                        ==================== End scanning at vr 24 okt 2014 20:15 (0 Min 16 Sec ) ======
                        Last edited by Emphyrio; 24-10-14, 22:10. Reden: Smileys uitgezet

                        Comment


                        • #13
                          Log ziet er goed uit.
                          Zijn er nog problemen?
                          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                          Comment


                          • #14
                            Ja, in die zin dat ik nog steeds geen geluid op de laptop heb.

                            Comment


                            • #15
                              Oorspronkelijk geplaatst door backlee Bekijk Berichten
                              Ja, in die zin dat ik nog steeds geen geluid op de laptop heb.
                              Je pc is in ieder geval malwarevrij.
                              Best even verder gaan in de Windows sectie.

                              1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

                              2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

                              Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

                              3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

                              4) Allerlei tips en hints kan je hier raadplegen.


                              Ik zet het topic op opgelost.

                              Indien er niet meer gereageerd wordt, zal binnen een 5-tal dagen deze thread automatisch verplaatst worden
                              naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
                              Dit is gedaan om het forum netjes en overzichtelijk te houden.

                              Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.



                              Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

                              Emphyrio
                              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X