Mededeling

Collapse
No announcement yet.

Laptop leid eigen leven (schokkend beeld) en lap top gaat zijn eigen gang ??

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Laptop leid eigen leven (schokkend beeld) en lap top gaat zijn eigen gang ??

    Hallo mensen van dit fantastische forum

    De laptop van mijn dochter leid sinds een maand een eigen leven. Als ze bezig wordt hij soms overgenomen lijkt het wel. schokkende beelden en het lijkt als of iemand anders er mee bezig is

    Als ze niks doet zie het beeld bewegen

    Misschien besmet met een virus ??

    Ik heb cc cleaner Malware bytes en de TDS killer al gebruikt en mijn virisscanner is eset nod 32

    Als je hem weer opnieuw opstart is soms het probleem weer verholpen

    Wat kan ik hier aan doen om het probleem op te lossen en alvast prettige paas dagen

    Gr Richard

  • #2
    http://www.nucia.eu/forum/threads/70...086#post683086

    Ik ga alvast beginnen met het schoonmaken van de laptop

    Comment


    • #3
      # AdwCleaner v4.200 - Logbestand aangemaakt 05/04/2015 op 11:58:28
      # Laatste update 29/03/2015 door Xplode
      # Database : 2015-03-29.1 [Server]
      # Besturingssysteem : Windows 8.1 (x64)
      # Gebruikersnaam : daphn_000 - DAPHNE
      # Gestart vanuit : C:\Users\daphn_000\Desktop\adwcleaner_4.200.exe
      # Optie : Scannen

      ***** [ Services ] *****


      ***** [ Bestanden / Mappen ] *****

      Map Gevonden : C:\Program Files (x86)\LimewirePlus

      ***** [ Geplande taken ] *****


      ***** [ Snelkoppelingen ] *****


      ***** [ Register ] *****

      Gegevens Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
      Sleutel Gevonden : HKCU\Software\AppDataLow\Software\LimewirePlus
      Sleutel Gevonden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
      Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
      Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
      Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
      Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
      Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
      Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
      Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
      Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
      Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
      Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
      Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
      Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
      Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
      Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
      Sleutel Gevonden : HKLM\SOFTWARE\Classes\AppID\
      Sleutel Gevonden : HKLM\SOFTWARE\Classes\AppID\
      Sleutel Gevonden : HKLM\SOFTWARE\Classes\AppID\
      Sleutel Gevonden : HKLM\SOFTWARE\Classes\AppID\
      Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\
      Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\
      Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\
      Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\
      Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\
      Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\
      Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\
      Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\
      Sleutel Gevonden : HKLM\SOFTWARE\Classes\TypeLib\
      Sleutel Gevonden : HKLM\SOFTWARE\Classes\TypeLib\
      Sleutel Gevonden : HKLM\SOFTWARE\Classes\TypeLib\
      Sleutel Gevonden : HKLM\SOFTWARE\Classes\TypeLib\
      Sleutel Gevonden : HKLM\SOFTWARE\Conduit
      Sleutel Gevonden : HKLM\SOFTWARE\LimewirePlus
      Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
      Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
      Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
      Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
      Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
      Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
      Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
      Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
      Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
      Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
      Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
      Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
      Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
      Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}
      Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
      Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
      Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
      Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
      Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LimewirePlus Toolbar
      Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\CLSID\
      Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\CLSID\
      Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\CLSID\
      Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\CLSID\
      Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\
      Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\
      Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\
      Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\
      Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
      Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
      Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
      Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
      Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
      Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
      Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
      Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
      Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
      Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
      Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
      Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
      Waarde Gevonden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}]
      Waarde Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}]
      Waarde Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}]

      ***** [ Webbrowsers ] *****

      -\\ Internet Explorer v11.0.9600.17416


      -\\ Google Chrome v41.0.2272.101

      [C:\Users\daphn_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gevonden [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
      [C:\Users\daphn_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gevonden [Extension] : flpcjncodpafbgdpnkljologafpionhb

      *************************

      AdwCleaner[R0].txt - [6987 bytes] - [05/04/2015 11:58:29]

      ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7046 bytes] ##########

      Comment


      • #4
        Stap 3:

        Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:
        DDS.com.
        DDS.scr.
        DDS.pif.


        Post de inhoud van DDS.txt.

        doet hij niet, windows 8 heb ik op de laptop

        Comment


        • #5
          Download Security Check op je bureaublad via hier of hier

          Start Security Check
          Volg de Instructies in het scherm
          Aan het eind verschijnt een log ( checkup.txt )



          Results of screen317's Security Check version 0.99.99
          x64 (UAC is enabled)
          Internet Explorer 11
          ``````````````Antivirus/Firewall Check:``````````````
          Windows Firewall Enabled!
          ESET NOD32 Antivirus 7.0
          Windows Defender
          Antivirus up to date!
          `````````Anti-malware/Other Utilities Check:`````````
          Google Chrome (41.0.2272.101)
          Google Chrome (41.0.2272.89)
          ````````Process Check: objlist.exe by Laurent````````
          ESET NOD32 Antivirus egui.exe
          ESET NOD32 Antivirus ekrn.exe
          `````````````````System Health check`````````````````
          Total Fragmentation on Drive C: %
          ````````````````````End of Log``````````````````````

          Comment


          • #6
            Combofix doet het niet op winndows 8,1


            Download Combofix en plaats het op je bureaublad.

            Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
            Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

            Comment


            • #7
              Zo,..... tot zo ver ben ik gekomen..

              Hebben jullie nog meer tips om het probleem op te lossen ???

              Comment


              • #8
                Installeer MBAM 2.0 (info & download link)

                Start MBAM.
                Klik bovenin het scherm van Malwarebytes Anti-Malware op Scan.
                Kies in het scherm voor de Aangepaste scan en vink de partities aan die van toepassing zijn (c:\ d\ enz..)
                Klik vervolgens op de knop Scan nu.

                Voor het scannen wordt er altijd eerst automatisch gecontroleerd of er updates van de virusdefinities beschikbaar zijn, indien er een update beschikbaar is, moet je deze eerst laten installeren.

                Wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijg je hier een overzicht van.
                Selecteer om allen in quarantaine te plaatsen.
                Bij de melding dat uw computer opnieuw opgestart moet worden klik je op Ja.

                Na herstart van de PC, indien Malwarebytes heeft gevraagd om de PC opnieuw op te starten, open Malwarebytes opnieuw.
                Klik de Historie knop bovenaan in het menu.
                Klik vervolgens op de optie programmalogboeken en selecteer het Scanlogboek wat u wilt exporteren. Dit is de laatste scan die je hebt gedaan (kan je zien aan de datum en tijd).
                Selecteer deze om te bekijken.
                In een nieuw venster dat zal openen zal je de resultaten van je scan zien.

                Onderaan, selecteer ofwel om te exporteren als tekstbestand en geef het tekstbestand een naam, bijvoorbeeld mbamlog.
                Ofwel kan je selecteren om te kopieren naar het klembord, zodat de inhoud van de log naar je klembord wordt gekopieerd en je die zo in je volgende post kan plakken.



                Extra nota... Zorg ervoor dat je Security software uitgeschakeld is tijdens het installeren en gebruik van E-Peek.

                Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

                Download setupE-Peek.exe naar je bureaublad.
                Dubbelklik erop en volg de instructies.
                Op het einde van de installatie, zal E-Peek opstarten.
                Klik op "Scan".
                Post de log.
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  Het is zelfs nu zo erg geworden dat ik bij het opstarten al problemen krijg. Ik kan ook niet meer op internet. Het beeld blijft bewegen en gaat zijn eigen gang. Net of iemand anders de laptop bestuurt.
                  Internet chroome loopt vervolgens helemaal vast en ik kan niks meer

                  Wat moet ik doen ??

                  Comment


                  • #10
                    E-Peek v 1.9.9.0 © Emphyrio/Onsia Patrick 2013-2015
                    E Dev
                    Run at di 7 apr 2015 16:46
                    .
                    Windows 8.1 (64 bits)
                    C:\Windows [NTFS - Fixed]
                    Default Browser: Google Chrome
                    Boot mode: Normal boot
                    User logged in: daphn_000
                    .
                    Java x86: n/a
                    Java x64: n/a
                    .
                    AV : ESET NOD32 Antivirus 7.0 [Updated - Not Running]
                    AV : Windows Defender [Updated - Not Running]
                    AS : Windows Defender [Updated - Not Running]
                    AS : ESET NOD32 Antivirus 7.0 [Updated - Not Running]
                    FW : Windows firewall
                    .
                    ==================== Files and Folders history =================================

                    Folders Created Last 7 days :

                    07-04-2015 ##### r-h-s-d+a- C:\Users\daphn_000\AppData\Roaming\E Dev
                    07-04-2015 ##### r-h-s-d+a- C:\Program Files (x86)\Microsoft Synchronization Services
                    07-04-2015 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
                    05-04-2015 ##### r-h-s-d+a- C:\Users\daphn_000\AppData\Local\ElevatedDiagnostics

                    Files Modified Last 7 days :

                    07-04-2015 01432116 r-h-s-d-a+ C:\Windows\system32\perfh013.dat
                    07-04-2015 00978368 r-h-s-d-a+ C:\Windows\system32\perfh009.dat
                    07-04-2015 00368740 r-h-s-d-a+ C:\Windows\system32\perfc013.dat
                    07-04-2015 00344372 r-h-s-d-a+ C:\Windows\system32\perfc009.dat
                    07-04-2015 00065536 r-h-s-d-a+ C:\Windows\system32\spu_storage.bin
                    07-04-2015 00006470 r-h-s-d-a+ C:\Windows\system32\PerfStringBackup.INI

                    Files Created Last 7 days :

                    07-04-2015 00014134 r-h+s-d-a+ C:\Users\daphn_000\AppData\Local\IconCache.db
                    05-04-2015 01385256 r-h-s-d-a+ C:\Windows\system32\msctf.dll
                    05-04-2015 01124352 r-h-s-d-a+ C:\Windows\SysWOW64\msctf.dll

                    ==================== RUNNING PROCESSES =========================================

                    [atieclxx] -SYSTEM- C:\Windows\system32\atieclxx.exe - (AMD)
                    [atiesrxx] -SYSTEM- C:\Windows\system32\atiesrxx.exe - (AMD)
                    [audiodg] -LOCAL SERVICE- C:\Windows\System32\audiodg.exe - (audiodg.exe)
                    [CCC] -daphn_000- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe - (ATI Technologies Inc.)
                    [chrome] -daphn_000- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
                    [dllhost] -SYSTEM- C:\Windows\system32\DllHost.exe - (Microsoft Corporation)
                    [dsAccessService] -SYSTEM- C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe - (Juniper Networks, Inc.)
                    [dwm] -DWM-1- C:\Windows\system32\dwm.exe - (Microsoft Corporation)
                    [hpqwmiex] -SYSTEM- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe - (Hewlett-Packard Company)
                    [HPSF] -daphn_000- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe - (Hewlett-Packard Company)
                    [mDNSResponder] -SYSTEM- C:\Program Files\Bonjour\mDNSResponder.exe - (Apple Inc.)
                    [OPBHOBrokerDsktop] -daphn_000- C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe - (Hewlett-Packard)
                    [opvapp] -SYSTEM- C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe - ()
                    [RAVBg64] -daphn_000- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe - (Realtek Semiconductor)
                    [RAVBg64] -SYSTEM- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe - (Realtek Semiconductor)
                    [SearchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe - (Microsoft Corporation)
                    [SearchProtocolHost] -SYSTEM- C:\Windows\system32\SearchProtocolHost.exe - (Microsoft Corporation)
                    [services] -SYSTEM- C:\Windows\System32\services.exe - (services.exe)
                    [SkyDrive] -daphn_000- C:\Windows\System32\skydrive.exe - (Microsoft Corporation)
                    [sw2_service] -SYSTEM- C:\Program Files (x86)\SecureW2\sw2_service.exe - (SecureW2 B.V.)
                    [TabTip32] -daphn_000- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe - (Microsoft Corporation)
                    [taskhostex] -daphn_000- C:\Windows\system32\taskhostex.exe - (Microsoft Corporation)
                    [VSSVC] -SYSTEM- C:\Windows\system32\vssvc.exe - (Microsoft Corporation)
                    [wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation)
                    [WmiPrvSE] -NETWORK SERVICE- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
                    [wmpnetwk] -NETWORK SERVICE- C:\Program Files\Windows Media Player\wmpnetwk.exe - (Microsoft Corporation)

                    ==================== IE PAGES ==================================================

                    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main
                    Start Page = hxxp://g.uk.msn.com/HPCON14/8
                    Local Page = C:\Windows\SysWOW64\blank.htm
                    Default_Page_URL = hxxp://g.uk.msn.com/HPCON14/8
                    Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
                    Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

                    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes
                    DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

                    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                    DisplayName = Bing
                    URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

                    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7F1FB3C9-B2F1-409F-A0E9-ED22B9E43DD4}
                    DisplayName = Amazon (UK) Search Suggestions
                    URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

                    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
                    DisplayName = LimewirePlus Customized Web Search
                    URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1339052

                    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}
                    DisplayName = eBay
                    URL = hxxp://rover.ebay.com/rover/1/1346-154357-12126-2/4?mpre=hxxp%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

                    ==================== IE PAGES x64 ==============================================

                    HKLM\Software\Microsoft\Internet Explorer\Main
                    Start Page = hxxp://g.uk.msn.com/HPCON14/8
                    Local Page = C:\Windows\System32\blank.htm
                    Default_Page_URL = hxxp://g.uk.msn.com/HPCON14/8
                    Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
                    Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

                    HKLM\Software\Microsoft\Internet Explorer\SearchScopes
                    DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

                    HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                    DisplayName = Bing
                    URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

                    HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{7F1FB3C9-B2F1-409F-A0E9-ED22B9E43DD4}
                    DisplayName = Amazon (UK) Search Suggestions
                    URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

                    HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}
                    DisplayName = eBay
                    URL = hxxp://rover.ebay.com/rover/1/1346-154357-12126-2/4?mpre=hxxp%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

                    ==================== Auto Load =================================================

                    HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
                    Userinit = userinit.exe,
                    Shell = explorer.exe

                    ==================== Auto Load x64 =============================================

                    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
                    Userinit = C:\Windows\system32\userinit.exe,
                    Shell = explorer.exe

                    ==================== Google Chrome =============================================

                    GC - Prefpath: C:\Users\daphn_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                    GC - Homepage: ["hxxp://avhera.nl/"]

                    GC - Ext: [ Google Presentaties ] version: 0.9
                    Description: Presentaties maken en bewerken
                    Path: aapocclcgogkmnckokdopfmhonfmgoek\0.9_0

                    GC - Ext: [ Winkel ] version: 0.2
                    Description: Chrome Web Store
                    Path: C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\resources\web_store

                    GC - Ext: [ Google Documenten ] version: 0.9
                    Description: Documenten maken en bewerken
                    Path: aohghmighlieiainnegkcijnfilokake\0.9_0

                    GC - Ext: [ Google Drive ] version: 6.4
                    Description: Google Drive: alles op één plek maken, delen en bewaren.
                    Path: apdfllckaahabafndbhieahigkjlhalf\6.4_0


                    GC - Ext: [ YouTube ] version: 4.2.7
                    Description: 's Werelds populairste online video community.
                    Path: blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0

                    GC - Ext: [ Extutil ] version: 0.1
                    Description: Extutil
                    Path: C:\Users\DAPHN_~1\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B

                    GC - Ext: [ Google Search ] version: 0.0.0.30
                    Description: The fastest way to search the web.
                    Path: coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0

                    GC - Ext: [ Bookmark Manager ] version: 0.1
                    Description: Bookmark Manager
                    Path: C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\resources\bookmark_manager

                    GC - Ext: [ Settings ] version: 0.2
                    Description: Settings
                    Path: C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\resources\settings_app

                    GC - Ext: [ Google Spreadsheets ] version: 1.1
                    Description: Spreadsheets maken en bewerken
                    Path: felcaaldnbdncclmgdcncolpebgiejap\1.1_0

                    GC - Ext: [ Managera ] version: 0.1
                    Description: Managera
                    Path: C:\Users\DAPHN_~1\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42

                    GC - Ext: [ Feedback ] version: 1.0
                    Description: User feedback extension
                    Path: C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\resources\feedback

                    GC - Ext: [ CryptoTokenExtension ] version: 0.9.10
                    Description: CryptoToken Component Extension
                    Path: C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\resources\cryptotoken

                    GC - Ext: [ Cloud Print ] version: 0.1
                    Description: Cloud Print
                    Path: C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\resources\cloud_print

                    GC - Ext: [ Chrome ] version: 0.1
                    Description: Chrome as an app
                    Path: C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\resources\chrome_app

                    GC - Ext: [ Google Network Speech ] version: 1.0
                    Description: Component extension providing speech via the Google network text-to-speech service.
                    Path: C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\resources\network_speech_synthesis

                    GC - Ext: [ Hangout Services ] version: 1.0
                    Description:
                    Path: C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\resources\hangout_services

                    GC - Ext: [ Google Wallet ] version: 0.1.0.0
                    Description: Google Wallet voor digitale producten
                    Path: nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0

                    GC - Ext: [ Google Now ] version: 1.2.0.1
                    Description: Integrates Google Now into Chrome.
                    Path: C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\resources\google_now

                    GC - Ext: [ Gmail ] version: 8.1
                    Description: Een snelle, doorzoekbare e-mailfunctie met minder spam.
                    Path: pjkljhegncpnkpknbcohdijeoejaedia\8.1_0


                    ==================== Windows Host File =========================================


                    ==================== BHO =======================================================

                    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
                    {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}
                    HKCR\CLSID\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} Default = [No Name]
                    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
                    HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} Default = Groove GFS Browser Helper
                    => HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\InProcServer32 Default = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

                    {E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
                    HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Default = HP Network Check Helper
                    => HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\InProcServer32 Default = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

                    ==================== BHO x64 ===================================================

                    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
                    {E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
                    HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Default = HP Network Check Helper
                    => HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\InProcServer32 Default = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll

                    ==================== Auto Start Programs =======================================

                    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
                    AccelerometerSysTrayApplet = C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
                    APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                    GrooveMonitor = "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
                    HPMessageService = C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
                    iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                    JunosPulse = C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe -tray
                    SecureW2 Tray = C:\Program Files (x86)\SecureW2\sw2_tray.exe
                    StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

                    HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
                    CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

                    ==================== Auto Start Programs x64 ===================================

                    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
                    egui = "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
                    OPBHOBroker = C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
                    OPBHOBrokerDesktop = C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
                    RtHDVBg = "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /ANDREA_BF_BYPASS
                    RTHDVCPL = "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
                    SimplePass = C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe /hideui
                    SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

                    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
                    NCPluginUpdater = "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update

                    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved [2 = enabled 3= disabled]
                    !DiskInfo = 4
                    DisableStartScreen = 4
                    egui = 2
                    OPBHOBroker = 6
                    OPBHOBrokerDesktop = 6
                    RTHDVCPL = 3
                    RUNFBI = 4
                    SimplePass = 6
                    SynTPEnh = 7
                    AccelerometerSysTrayApplet = 7
                    APSDaemon = 3
                    AVG_UI = 2
                    GrooveMonitor = 3
                    HPMessageService = 7
                    iTunesHelper = 3
                    JunosPulse = 3
                    mcpltui_exe = 4
                    QuickTime Task = 3
                    SecureW2 Tray = 3
                    StartCCC = 6
                    YouCam Service = 4

                    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
                    CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

                    ==================== Extra Items IE ============================================

                    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
                    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
                    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
                    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
                    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
                    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
                    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

                    HKCU\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\InProcServer32
                    => HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\InProcServer32 {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
                    ==================== Extra Items IE x64 ========================================

                    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
                    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
                    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
                    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
                    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
                    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
                    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

                    ==================== Internet Default Prefix ===================================

                    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
                    Default = http://

                    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes
                    WWW = http://

                    ==================== Internet Default Prefix x64 ===============================

                    HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
                    Default = http://

                    HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes
                    WWW = http://

                    ==================== Protocol Hijackers ========================================

                    HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\grooveLocalGWS
                    CLSID = {88FED34C-F0CA-4636-A375-3CB6248B04CD}
                    => SOFTWARE\Classes\\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll # MD5 [d8c2b95bc2353e1f18850d6b8f5dba13]

                    HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\wlpg
                    CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}
                    => SOFTWARE\Classes\\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [41290ae21c588291f2fc9309ad38ead5]



                    ==================== Automatic Started DLL's ===================================

                    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
                    AppInit_DLLs = C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

                    HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows
                    AppInit_DLLs = C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

                    ==================== Automatic Started DLL's x64 ===============================

                    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
                    AppInit_DLLs = C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

                    ==================== ShellServiceObjectDelayLoad ===============================

                    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
                    WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
                    => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


                    ==================== ShellServiceObjectDelayLoad x64 =========================

                    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
                    WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
                    => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


                    ==================== Extra (Torpig/ConduitSearch) ==============================

                    HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
                    => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\Windows\system32\shell32.dll

                    HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
                    => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\Windows\system32\ntshrui.dll


                    ==================== DRIVERS and SERVICES ======================================

                    *** Win32OwnProcess ***

                    SERV - R2 - [AERTFilters] - Andrea RT Filters Service - c:\program files\realtek\audio\hda\aertsr64.exe
                    SERV - R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
                    SERV - R2 - [AMD FUEL Service] - AMD FUEL Service - c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe
                    SERV - R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
                    SERV - R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
                    SERV - R2 - [hpsrv] - HP Service - c:\windows\system32\hpservice.exe
                    SERV - R2 - [JuniperAccessService] - Juniper Unified Network Service - c:\program files (x86)\common files\juniper networks\juns\dsaccessservice.exe
                    SERV - R2 - [RtkAudioService] - Realtek Audio Service - c:\program files\realtek\audio\hda\rtkaudioservice64.exe
                    SERV - R2 - [SW2SVC] - SecureW2 Service - c:\program files (x86)\securew2\sw2_service.exe
                    SERV - R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
                    SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
                    SERV - R3 - [hpqwmiex] - HP Software Framework Service - c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
                    SERV - R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
                    SERV - R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
                    SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
                    SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
                    SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
                    SERV - S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
                    SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
                    SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
                    SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
                    SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
                    SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
                    SERV - S3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe
                    SERV - S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - c:\program files (x86)\microsoft office\office12\grooveauditservice.exe
                    SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
                    SERV - S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files (x86)\common files\microsoft shared\office12\odserv.exe
                    SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
                    SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
                    SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
                    SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
                    SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
                    SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
                    SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
                    SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
                    SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
                    SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe

                    *** Win32ShareProcess ***

                    SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
                    SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
                    SERV - R3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
                    SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
                    SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
                    SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

                    *** Others ***

                    SERV - R2 - [ekrn] - ESET Service - c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe
                    SERV - R2 - [HPWMISVC] - HPWMISVC - c:\program files (x86)\hewlett-packard\hp system event\hpwmisvc.exe
                    SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
                    SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

                    *** File System Driver ***

                    DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
                    DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
                    DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
                    DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\Windows\system32\Drivers\Wof.sys
                    DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
                    DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
                    DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys

                    *** Kernel Driver ***

                    DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys
                    DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\Windows\system32\Drivers\acpiex.sys
                    DRV - R0 - [amdsata] - amdsata - C:\Windows\system32\Drivers\amdsata.sys
                    DRV - R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
                    DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys
                    DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
                    DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\disk.sys
                    DRV - R0 - [edevmon] - edevmon - C:\Windows\system32\Drivers\edevmon.sys
                    DRV - R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\Windows\system32\Drivers\EhStorClass.sys
                    DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
                    DRV - R0 - [hpdskflt] - HP Filter - C:\Windows\system32\Drivers\hpdskflt.sys
                    DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\Windows\system32\Drivers\intelpep.sys
                    DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
                    DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
                    DRV - R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
                    DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
                    DRV - R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
                    DRV - R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
                    DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys
                    DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
                    DRV - R0 - [pdc] - pdc - C:\Windows\system32\Drivers\pdc.sys
                    DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
                    DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\Windows\system32\Drivers\spaceport.sys
                    DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys
                    DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\Windows\system32\Drivers\vdrvroot.sys
                    DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys
                    DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
                    DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys
                    DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
                    DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\Windows\system32\Drivers\WFPLWFS.sys
                    DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
                    DRV - R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
                    DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys
                    DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys
                    DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
                    DRV - S3 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys

                    ==================== SvcHost - White Listed ====================================

                    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\[email protected]
                    apphostsvc = ServiceDll = C:\Windows\system32\inetsrv\apphostsvc.dll [9dcb42905f1ebf9cec57ee5df0bda965]

                    w3logsvc = ServiceDll = C:\Windows\system32\inetsrv\w3logsvc.dll [a22546b0093ebbde03c52e56c3391373]

                    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\[email protected]
                    w3svc = [a22546b0093ebbde03c52e56c3391373]

                    was = ServiceDll = C:\Windows\system32\inetsrv\iisw3adm.dll [9bae40bd31e3ee0b0c70bef167e0a2bc]



                    ==================== SvcHost x64 - White Listed ================================

                    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
                    apphostsvc = ServiceDll = C:\Windows\system32\inetsrv\apphostsvc.dll [9dcb42905f1ebf9cec57ee5df0bda965]

                    w3logsvc = ServiceDll = C:\Windows\system32\inetsrv\w3logsvc.dll [a22546b0093ebbde03c52e56c3391373]

                    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
                    BthHFSrv = ServiceDll = C:\Windows\System32\BthHFSrv.dll [9307a4b743d277c499cda8e19e5687ac]

                    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
                    w3svc = [9307a4b743d277c499cda8e19e5687ac]

                    was = ServiceDll = C:\Windows\system32\inetsrv\iisw3adm.dll [9bae40bd31e3ee0b0c70bef167e0a2bc]



                    ==================== SigCheck x86 Fast =========================================

                    Fast Scan All ok

                    ==================== SigCheck x64 Fast =========================================

                    Fast Scan All ok

                    ==================== Job tasks at C:\Windows\Tasks =============================

                    C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 1074 bytes [ 10-1-2014 18:10:43 ]

                    C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0439ec76b78a.job 1074 bytes [ 8-2-2015 13:52:08 ]

                    C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 1078 bytes [ 10-1-2014 18:10:45 ]

                    C:\Windows\Tasks\HPCeeScheduleFordaphn_000.job 362 bytes [ 25-8-2014 22:16:09 ]

                    C:\Windows\Tasks\SA.DAT 6 bytes [ 22-8-2013 16:45:54 ]


                    ==================== Job tasks at C:\Windows\system32\Tasks ====================

                    C:\Windows\system32\Tasks\CCleanerSkipUAC 2780 bytes [ 26-11-2014 20:13:20 ]
                    => "C:\Program Files\CCleaner\CCleaner.exe"

                    C:\Windows\system32\Tasks\CreateChoiceProcessTask 3554 bytes [ 11-1-2014 12:53:40 ]
                    => C:\Windows\BrowserChoice\browserchoice.exe

                    C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 3814 bytes [ 10-1-2014 18:10:44 ]
                    => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

                    C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore1d0439ec76b78a 3814 bytes [ 8-2-2015 13:52:08 ]
                    => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

                    C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 4050 bytes [ 10-1-2014 18:10:45 ]
                    => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

                    C:\Windows\system32\Tasks\HPCeeScheduleFordaphn_000 3184 bytes [ 25-8-2014 22:16:09 ]
                    => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

                    C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1314184813-1300351738-2939004454-500 3596 bytes [ 1-9-2013 17:13:06 ]

                    C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2323992412-533519598-971084482-500 3592 bytes [ 26-8-2013 08:11:30 ]

                    C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3900212922-1254537326-960218257-500 3594 bytes [ 19-12-2013 16:52:34 ]

                    C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4069903829-4235242597-1408532582-500 3596 bytes [ 11-10-2013 14:13:17 ]

                    C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-487102878-2576558178-201097663-1002 3594 bytes [ 10-1-2014 17:21:20 ]

                    C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-487102878-2576558178-201097663-500 2324 bytes [ 19-12-2013 19:10:04 ]

                    C:\Windows\system32\Tasks\User_Feed_Synchronization-{9556EC6E-4952-458C-B99F-77F9286537E0} 3966 bytes [ 10-1-2014 17:25:19 ]
                    => C:\Windows\system32\msfeedssync.exe

                    C:\Windows\system32\Tasks\{5A0EF710-F3EA-4732-97E7-D91A52869E0B} 3090 bytes [ 5-4-2015 13:54:11 ]
                    => "c:\program files (x86)\google\chrome\application\chrome.exe"


                    ==================== Job tasks at C:\Windows\SysWOW64\Tasks ====================

                    There are no .job files found.

                    ==================== End scanning at di 7 apr 2015 16:49 (3 Min 29 Sec ) =======

                    Comment


                    • #11
                      Ik had graag de MBAM scan log gehad, daarna pas een verse E-Peek log.
                      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                      Comment


                      • #12
                        Malwarebytes Anti-Malware
                        www.malwarebytes.org


                        Update, 8-4-2015 10:42:09, SYSTEM, DAPHNE, Manual, Remediation Database, 2015.3.9.1, 2015.4.6.2,
                        Update, 8-4-2015 10:42:09, SYSTEM, DAPHNE, Manual, Rootkit Database, 2015.2.25.1, 2015.3.31.1,
                        Update, 8-4-2015 10:42:14, SYSTEM, DAPHNE, Manual, Malware Database, 2015.3.9.5, 2015.4.8.2,
                        Scan, 8-4-2015 16:19:45, SYSTEM, DAPHNE, Manual, Start: 8-4-2015 10:44:26, Duur: 4 u 40 m 6 s, Aangepaste Scan, Voltooid, 0 Malware Detecties, 4 niet-Malware Detecties,
                        Error, 8-4-2015 16:21:13, SYSTEM, DAPHNE, Protection, IsLicensed, 13,
                        Protection, 8-4-2015 16:21:13, SYSTEM, DAPHNE, Protection, Malware Protection, Stopping,
                        Protection, 8-4-2015 16:21:13, SYSTEM, DAPHNE, Protection, Malware Protection, Stopped,

                        (end)
                        Malwarebytes Anti-Malware
                        www.malwarebytes.org

                        Scandatum: 8-4-2015
                        Scantijd: 10:44:26
                        Logbestand: onderhoud.txt
                        Beheerder: Ja

                        Versie: 2.01.4.1018
                        Malware Gegevensbestand: v2015.04.08.02
                        Rootkit Gegevensbestand: v2015.03.31.01
                        Licentie: Gratis
                        Malwarebescherming: Uitgeschakeld
                        Kwaadaardige Website Bescherming: Uitgeschakeld
                        Zelfbescherming: Uitgeschakeld

                        Besturingssysteem: Windows 8.1
                        Processor: x64
                        Bestandssysteem: NTFS
                        Gebruiker: daphn_000

                        Scantype: Aangepaste Scan
                        Resultaat: Voltooid
                        Objecten Gescand: 588939
                        Verstreken Tijd: 4 u, 40 m, 6 s

                        Geheugen: Ingeschakeld
                        Opstarten: Ingeschakeld
                        Bestandssysteem: Ingeschakeld
                        Archieven: Ingeschakeld
                        Rootkits: Ingeschakeld
                        Heuristiek: Ingeschakeld
                        POP: Ingeschakeld
                        POA: Ingeschakeld

                        Processen: 0
                        (Geen kwaadaardige items gedetecteerd)

                        Modules: 0
                        (Geen kwaadaardige items gedetecteerd)

                        Registersleutels: 0
                        (Geen kwaadaardige items gedetecteerd)

                        Registerwaardes: 2
                        PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1339052, , [8e94f476404ae0565c7c3485fe0524dc]
                        PUP.Optional.Conduit.A, HKU\S-1-5-21-487102878-2576558178-201097663-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1339052, , [46dc2545bfcbcd692dac4c6d13f028d8]

                        Registerdata: 0
                        (Geen kwaadaardige items gedetecteerd)

                        Mappen: 0
                        (Geen kwaadaardige items gedetecteerd)

                        Bestanden: 0
                        (Geen kwaadaardige items gedetecteerd)

                        Fysieke Sectoren: 0
                        (Geen kwaadaardige items gedetecteerd)


                        (end)

                        Comment


                        • #13
                          E-Peek v 1.9.9.0 © Emphyrio/Onsia Patrick 2013-2015
                          E Dev
                          Run at wo 8 apr 2015 16:34
                          .
                          Windows 8.1 (64 bits)
                          C:\Windows [NTFS - Fixed]
                          Default Browser: Google Chrome
                          Boot mode: Normal boot
                          User logged in: daphn_000
                          .
                          Java x86: n/a
                          Java x64: n/a
                          .
                          AV : ESET NOD32 Antivirus 7.0 [Updated - Not Running]
                          AV : Windows Defender [Updated - Not Running]
                          AS : Windows Defender [Updated - Not Running]
                          AS : ESET NOD32 Antivirus 7.0 [Updated - Not Running]
                          FW : Windows firewall
                          .
                          ==================== Files and Folders history =================================

                          Folders Created Last 7 days :

                          08-04-2015 ##### r-h-s-d+a- C:\Program Files (x86)\Microsoft Synchronization Services
                          07-04-2015 ##### r-h-s-d+a- C:\Users\daphn_000\AppData\Roaming\E Dev
                          07-04-2015 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
                          05-04-2015 ##### r-h-s-d+a- C:\Users\daphn_000\AppData\Local\ElevatedDiagnostics

                          Files Modified Last 7 days :

                          07-04-2015 01432116 r-h-s-d-a+ C:\Windows\system32\perfh013.dat
                          07-04-2015 00978368 r-h-s-d-a+ C:\Windows\system32\perfh009.dat
                          07-04-2015 00368740 r-h-s-d-a+ C:\Windows\system32\perfc013.dat
                          07-04-2015 00344372 r-h-s-d-a+ C:\Windows\system32\perfc009.dat
                          07-04-2015 00065536 r-h-s-d-a+ C:\Windows\system32\spu_storage.bin
                          07-04-2015 00006470 r-h-s-d-a+ C:\Windows\system32\PerfStringBackup.INI

                          Files Created Last 7 days :

                          07-04-2015 00051458 r-h+s-d-a+ C:\Users\daphn_000\AppData\Local\IconCache.db
                          07-04-2015 00000111 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
                          05-04-2015 01385256 r-h-s-d-a+ C:\Windows\system32\msctf.dll
                          05-04-2015 01124352 r-h-s-d-a+ C:\Windows\SysWOW64\msctf.dll

                          ==================== RUNNING PROCESSES =========================================

                          [AERTSr64] -SYSTEM- C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE - (Andrea Electronics Corporation)
                          [AppleMobileDeviceService] -SYSTEM- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - (Apple Inc.)
                          [atieclxx] -SYSTEM- C:\Windows\system32\atieclxx.exe - (AMD)
                          [atiesrxx] -SYSTEM- C:\Windows\system32\atiesrxx.exe - (AMD)
                          [audiodg] -LOCAL SERVICE- C:\Windows\System32\audiodg.exe - (audiodg.exe)
                          [CCC] -daphn_000- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe - (ATI Technologies Inc.)
                          [chrome] -daphn_000- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
                          [chrome] -daphn_000- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
                          [chrome] -daphn_000- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
                          [conhost] -SYSTEM- C:\Windows\system32\conhost.exe - (Microsoft Corporation)
                          [CoolSense] -daphn_000- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe - (Hewlett-Packard Development Company, L.P.)
                          [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
                          [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
                          [dasHost] -LOCAL SERVICE- C:\Windows\system32\dashost.exe - (Microsoft Corporation)
                          [dllhost] -SYSTEM- C:\Windows\system32\DllHost.exe - (Microsoft Corporation)
                          [dsAccessService] -SYSTEM- C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe - (Juniper Networks, Inc.)
                          [dwm] -DWM-1- C:\Windows\system32\dwm.exe - (Microsoft Corporation)
                          [egui] -daphn_000- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe - (ESET)
                          [ekrn] -SYSTEM- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe - (ESET)
                          [E-Peek 1.9.9.0] -daphn_000- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.exe - (E Dev)
                          [explorer] -daphn_000- C:\Windows\Explorer.EXE - (Microsoft Corporation)
                          [Fuel.Service] -SYSTEM- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe - (Advanced Micro Devices, Inc.)
                          [hpqwmiex] -SYSTEM- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe - (Hewlett-Packard Company)
                          [hpservice] -SYSTEM- C:\Windows\system32\Hpservice.exe - (Hewlett-Packard Company)
                          [HPWMISVC] -SYSTEM- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe - (Hewlett-Packard Development Company, L.P.)
                          [lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (Microsoft Corporation)
                          [mDNSResponder] -SYSTEM- C:\Program Files\Bonjour\mDNSResponder.exe - (Apple Inc.)
                          [MOM] -daphn_000- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe - (Advanced Micro Devices Inc.)
                          [msiexec] -SYSTEM- C:\Windows\system32\msiexec.exe - (Microsoft Corporation)
                          [OPBHOBroker] -daphn_000- C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe - (Hewlett-Packard)
                          [OPBHOBrokerDsktop] -daphn_000- C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe - (Hewlett-Packard)
                          [opvapp] -SYSTEM- C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe - ()
                          [RAVBg64] -daphn_000- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe - (Realtek Semiconductor)
                          [RAVBg64] -SYSTEM- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe - (Realtek Semiconductor)
                          [RtkAudioService64] -SYSTEM- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe - (Realtek Semiconductor)
                          [rundll32] -SYSTEM- C:\Windows\System32\rundll32.exe - (Microsoft Corporation)
                          [SearchFilterHost] -SYSTEM- C:\Windows\system32\SearchFilterHost.exe - (Microsoft Corporation)
                          [SearchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe - (Microsoft Corporation)
                          [SearchProtocolHost] -SYSTEM- C:\Windows\system32\SearchProtocolHost.exe - (Microsoft Corporation)
                          [services] -SYSTEM- C:\Windows\System32\services.exe - (services.exe)
                          [SettingSyncHost] -daphn_000- C:\Windows\System32\SettingSyncHost.exe - (Microsoft Corporation)
                          [SkyDrive] -daphn_000- C:\Windows\System32\skydrive.exe - (Microsoft Corporation)
                          [smss] -SYSTEM- C:\Windows\System32\smss.exe - (smss.exe)
                          [spoolsv] -SYSTEM- C:\Windows\System32\spoolsv.exe - (Microsoft Corporation)
                          [SrTasks] -SYSTEM- C:\Windows\system32\srtasks.exe - (Microsoft Corporation)
                          [sw2_service] -SYSTEM- C:\Program Files (x86)\SecureW2\sw2_service.exe - (SecureW2 B.V.)
                          [System] -N/A- - (System)
                          [TabTip] -daphn_000- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe - (Microsoft Corporation)
                          [TabTip32] -daphn_000- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe - (Microsoft Corporation)
                          [taskhostex] -daphn_000- C:\Windows\system32\taskhostex.exe - (Microsoft Corporation)
                          [VSSVC] -SYSTEM- C:\Windows\system32\vssvc.exe - (Microsoft Corporation)
                          [wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation)
                          [winlogon] -SYSTEM- C:\Windows\system32\winlogon.exe - (Microsoft Corporation)
                          [WmiPrvSE] -NETWORK SERVICE- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
                          [WmiPrvSE] -SYSTEM- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
                          [wmpnetwk] -NETWORK SERVICE- C:\Program Files\Windows Media Player\wmpnetwk.exe - (Microsoft Corporation)

                          ==================== IE PAGES ==================================================

                          HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main
                          Start Page = hxxp://g.uk.msn.com/HPCON14/8
                          Local Page = C:\Windows\SysWOW64\blank.htm
                          Default_Page_URL = hxxp://g.uk.msn.com/HPCON14/8
                          Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
                          Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

                          HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes
                          DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

                          HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                          DisplayName = Bing
                          URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

                          HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7F1FB3C9-B2F1-409F-A0E9-ED22B9E43DD4}
                          DisplayName = Amazon (UK) Search Suggestions
                          URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

                          HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}
                          DisplayName = eBay
                          URL = hxxp://rover.ebay.com/rover/1/1346-154357-12126-2/4?mpre=hxxp%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

                          ==================== IE PAGES x64 ==============================================

                          HKLM\Software\Microsoft\Internet Explorer\Main
                          Start Page = hxxp://g.uk.msn.com/HPCON14/8
                          Local Page = C:\Windows\System32\blank.htm
                          Default_Page_URL = hxxp://g.uk.msn.com/HPCON14/8
                          Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
                          Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

                          HKLM\Software\Microsoft\Internet Explorer\SearchScopes
                          DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

                          HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                          DisplayName = Bing
                          URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

                          HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{7F1FB3C9-B2F1-409F-A0E9-ED22B9E43DD4}
                          DisplayName = Amazon (UK) Search Suggestions
                          URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

                          HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}
                          DisplayName = eBay
                          URL = hxxp://rover.ebay.com/rover/1/1346-154357-12126-2/4?mpre=hxxp%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

                          ==================== Auto Load =================================================

                          HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
                          Userinit = userinit.exe,
                          Shell = explorer.exe

                          ==================== Auto Load x64 =============================================

                          HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
                          Userinit = C:\Windows\system32\userinit.exe,
                          Shell = explorer.exe

                          ==================== Google Chrome =============================================

                          GC - Prefpath: C:\Users\daphn_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                          GC - Homepage: ["hxxp://avhera.nl/"]

                          GC - Ext: [ Google Presentaties ] version: 0.9
                          Description: Presentaties maken en bewerken
                          Path: aapocclcgogkmnckokdopfmhonfmgoek\0.9_0

                          GC - Ext: [ Winkel ] version: 0.2
                          Description: Chrome Web Store
                          Path: C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\resources\web_store

                          GC - Ext: [ Google Documenten ] version: 0.9
                          Description: Documenten maken en bewerken
                          Path: aohghmighlieiainnegkcijnfilokake\0.9_0

                          GC - Ext: [ Google Drive ] version: 6.4
                          Description: Google Drive: alles op één plek maken, delen en bewaren.
                          Path: apdfllckaahabafndbhieahigkjlhalf\6.4_0


                          GC - Ext: [ YouTube ] version: 4.2.7
                          Description: 's Werelds populairste online video community.
                          Path: blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0

                          GC - Ext: [ Extutil ] version: 0.1
                          Description: Extutil
                          Path: C:\Users\DAPHN_~1\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B

                          GC - Ext: [ Google Search ] version: 0.0.0.30
                          Description: The fastest way to search the web.
                          Path: coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0

                          GC - Ext: [ Bookmark Manager ] version: 0.1
                          Description: Bookmark Manager
                          Path: C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\resources\bookmark_manager

                          GC - Ext: [ Settings ] version: 0.2
                          Description: Settings
                          Path: C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\resources\settings_app

                          GC - Ext: [ Google Spreadsheets ] version: 1.1
                          Description: Spreadsheets maken en bewerken
                          Path: felcaaldnbdncclmgdcncolpebgiejap\1.1_0

                          GC - Ext: [ Managera ] version: 0.1
                          Description: Managera
                          Path: C:\Users\DAPHN_~1\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42

                          GC - Ext: [ Feedback ] version: 1.0
                          Description: User feedback extension
                          Path: C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\resources\feedback

                          GC - Ext: [ CryptoTokenExtension ] version: 0.9.10
                          Description: CryptoToken Component Extension
                          Path: C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\resources\cryptotoken

                          GC - Ext: [ Cloud Print ] version: 0.1
                          Description: Cloud Print
                          Path: C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\resources\cloud_print

                          GC - Ext: [ Chrome ] version: 0.1
                          Description: Chrome as an app
                          Path: C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\resources\chrome_app

                          GC - Ext: [ Google Network Speech ] version: 1.0
                          Description: Component extension providing speech via the Google network text-to-speech service.
                          Path: C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\resources\network_speech_synthesis

                          GC - Ext: [ Hangout Services ] version: 1.0
                          Description:
                          Path: C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\resources\hangout_services

                          GC - Ext: [ Google Wallet ] version: 0.1.0.0
                          Description: Google Wallet voor digitale producten
                          Path: nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0

                          GC - Ext: [ Google Now ] version: 1.2.0.1
                          Description: Integrates Google Now into Chrome.
                          Path: C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\resources\google_now

                          GC - Ext: [ Gmail ] version: 8.1
                          Description: Een snelle, doorzoekbare e-mailfunctie met minder spam.
                          Path: pjkljhegncpnkpknbcohdijeoejaedia\8.1_0


                          ==================== Windows Host File =========================================


                          ==================== BHO =======================================================

                          HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
                          {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}
                          HKCR\CLSID\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} Default = [No Name]
                          {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
                          HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} Default = Groove GFS Browser Helper
                          => HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\InProcServer32 Default = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

                          {E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
                          HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Default = HP Network Check Helper
                          => HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\InProcServer32 Default = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

                          ==================== BHO x64 ===================================================

                          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
                          {E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
                          HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Default = HP Network Check Helper
                          => HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\InProcServer32 Default = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll

                          ==================== Auto Start Programs =======================================

                          HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
                          AccelerometerSysTrayApplet = C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
                          APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                          GrooveMonitor = "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
                          HPMessageService = C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
                          iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                          JunosPulse = C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe -tray
                          SecureW2 Tray = C:\Program Files (x86)\SecureW2\sw2_tray.exe
                          StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

                          HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
                          CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

                          ==================== Auto Start Programs x64 ===================================

                          HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
                          egui = "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
                          OPBHOBroker = C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
                          OPBHOBrokerDesktop = C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
                          RtHDVBg = "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /ANDREA_BF_BYPASS
                          RTHDVCPL = "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
                          SimplePass = C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe /hideui
                          SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

                          HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
                          NCPluginUpdater = "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update

                          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved [2 = enabled 3= disabled]
                          !DiskInfo = 4
                          DisableStartScreen = 4
                          egui = 2
                          OPBHOBroker = 6
                          OPBHOBrokerDesktop = 6
                          RTHDVCPL = 3
                          RUNFBI = 4
                          SimplePass = 6
                          SynTPEnh = 7
                          AccelerometerSysTrayApplet = 7
                          APSDaemon = 3
                          AVG_UI = 2
                          GrooveMonitor = 3
                          HPMessageService = 7
                          iTunesHelper = 3
                          JunosPulse = 3
                          mcpltui_exe = 4
                          QuickTime Task = 3
                          SecureW2 Tray = 3
                          StartCCC = 6
                          YouCam Service = 4

                          HKCU\Software\Microsoft\Windows\CurrentVersion\Run
                          CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

                          ==================== Extra Items IE ============================================

                          HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
                          HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
                          HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
                          HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
                          HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
                          HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
                          HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

                          HKCU\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\InProcServer32
                          => HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\InProcServer32 {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
                          ==================== Extra Items IE x64 ========================================

                          HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
                          HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
                          HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
                          HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
                          HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
                          HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
                          HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

                          ==================== Internet Default Prefix ===================================

                          HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
                          Default = http://

                          HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes
                          WWW = http://

                          ==================== Internet Default Prefix x64 ===============================

                          HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
                          Default = http://

                          HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes
                          WWW = http://

                          ==================== Protocol Hijackers ========================================

                          HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\grooveLocalGWS
                          CLSID = {88FED34C-F0CA-4636-A375-3CB6248B04CD}
                          => SOFTWARE\Classes\\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll # MD5 [d8c2b95bc2353e1f18850d6b8f5dba13]

                          HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\wlpg
                          CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}
                          => SOFTWARE\Classes\\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [41290ae21c588291f2fc9309ad38ead5]



                          ==================== Automatic Started DLL's ===================================

                          HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
                          AppInit_DLLs = C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

                          HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows
                          AppInit_DLLs = C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

                          ==================== Automatic Started DLL's x64 ===============================

                          HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
                          AppInit_DLLs = C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

                          ==================== ShellServiceObjectDelayLoad ===============================

                          HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
                          WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
                          => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


                          ==================== ShellServiceObjectDelayLoad x64 =========================

                          HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
                          WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
                          => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


                          ==================== Extra (Torpig/ConduitSearch) ==============================

                          HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
                          => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\Windows\system32\shell32.dll

                          HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
                          => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\Windows\system32\ntshrui.dll


                          ==================== DRIVERS and SERVICES ======================================

                          *** Win32OwnProcess ***

                          SERV - R2 - [AERTFilters] - Andrea RT Filters Service - c:\program files\realtek\audio\hda\aertsr64.exe
                          SERV - R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
                          SERV - R2 - [AMD FUEL Service] - AMD FUEL Service - c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe
                          SERV - R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
                          SERV - R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
                          SERV - R2 - [hpsrv] - HP Service - c:\windows\system32\hpservice.exe
                          SERV - R2 - [JuniperAccessService] - Juniper Unified Network Service - c:\program files (x86)\common files\juniper networks\juns\dsaccessservice.exe
                          SERV - R2 - [RtkAudioService] - Realtek Audio Service - c:\program files\realtek\audio\hda\rtkaudioservice64.exe
                          SERV - R2 - [SW2SVC] - SecureW2 Service - c:\program files (x86)\securew2\sw2_service.exe
                          SERV - R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
                          SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
                          SERV - R3 - [hpqwmiex] - HP Software Framework Service - c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
                          SERV - R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
                          SERV - R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
                          SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
                          SERV - S2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
                          SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
                          SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
                          SERV - S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
                          SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
                          SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
                          SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
                          SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
                          SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
                          SERV - S3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe
                          SERV - S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - c:\program files (x86)\microsoft office\office12\grooveauditservice.exe
                          SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
                          SERV - S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files (x86)\common files\microsoft shared\office12\odserv.exe
                          SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
                          SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
                          SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
                          SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
                          SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
                          SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
                          SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
                          SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
                          SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
                          SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe

                          *** Win32ShareProcess ***

                          SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
                          SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
                          SERV - R3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
                          SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
                          SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
                          SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

                          *** Others ***

                          SERV - R2 - [ekrn] - ESET Service - c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe
                          SERV - R2 - [HPWMISVC] - HPWMISVC - c:\program files (x86)\hewlett-packard\hp system event\hpwmisvc.exe
                          SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
                          SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

                          *** File System Driver ***

                          DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
                          DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
                          DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
                          DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\Windows\system32\Drivers\Wof.sys
                          DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
                          DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
                          DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys

                          *** Kernel Driver ***

                          DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys
                          DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\Windows\system32\Drivers\acpiex.sys
                          DRV - R0 - [amdsata] - amdsata - C:\Windows\system32\Drivers\amdsata.sys
                          DRV - R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
                          DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys
                          DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
                          DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\disk.sys
                          DRV - R0 - [edevmon] - edevmon - C:\Windows\system32\Drivers\edevmon.sys
                          DRV - R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\Windows\system32\Drivers\EhStorClass.sys
                          DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
                          DRV - R0 - [hpdskflt] - HP Filter - C:\Windows\system32\Drivers\hpdskflt.sys
                          DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\Windows\system32\Drivers\intelpep.sys
                          DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
                          DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
                          DRV - R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
                          DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
                          DRV - R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
                          DRV - R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
                          DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys
                          DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
                          DRV - R0 - [pdc] - pdc - C:\Windows\system32\Drivers\pdc.sys
                          DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
                          DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\Windows\system32\Drivers\spaceport.sys
                          DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys
                          DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\Windows\system32\Drivers\vdrvroot.sys
                          DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys
                          DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
                          DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys
                          DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
                          DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\Windows\system32\Drivers\WFPLWFS.sys
                          DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
                          DRV - R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
                          DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys
                          DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys
                          DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
                          DRV - S3 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys

                          ==================== SvcHost - White Listed ====================================

                          HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\[email protected]
                          apphostsvc = ServiceDll = C:\Windows\system32\inetsrv\apphostsvc.dll [9dcb42905f1ebf9cec57ee5df0bda965]

                          w3logsvc = ServiceDll = C:\Windows\system32\inetsrv\w3logsvc.dll [a22546b0093ebbde03c52e56c3391373]

                          HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\[email protected]
                          w3svc = [a22546b0093ebbde03c52e56c3391373]

                          was = ServiceDll = C:\Windows\system32\inetsrv\iisw3adm.dll [9bae40bd31e3ee0b0c70bef167e0a2bc]



                          ==================== SvcHost x64 - White Listed ================================

                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
                          apphostsvc = ServiceDll = C:\Windows\system32\inetsrv\apphostsvc.dll [9dcb42905f1ebf9cec57ee5df0bda965]

                          w3logsvc = ServiceDll = C:\Windows\system32\inetsrv\w3logsvc.dll [a22546b0093ebbde03c52e56c3391373]

                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
                          BthHFSrv = ServiceDll = C:\Windows\System32\BthHFSrv.dll [9307a4b743d277c499cda8e19e5687ac]

                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
                          w3svc = [9307a4b743d277c499cda8e19e5687ac]

                          was = ServiceDll = C:\Windows\system32\inetsrv\iisw3adm.dll [9bae40bd31e3ee0b0c70bef167e0a2bc]



                          ==================== SigCheck x86 Fast =========================================

                          Fast Scan All ok

                          ==================== SigCheck x64 Fast =========================================

                          Fast Scan All ok

                          ==================== Job tasks at C:\Windows\Tasks =============================

                          C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 1074 bytes [ 10-1-2014 18:10:43 ]

                          C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0439ec76b78a.job 1074 bytes [ 8-2-2015 13:52:08 ]

                          C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 1078 bytes [ 10-1-2014 18:10:45 ]

                          C:\Windows\Tasks\HPCeeScheduleFordaphn_000.job 362 bytes [ 25-8-2014 22:16:09 ]

                          C:\Windows\Tasks\SA.DAT 6 bytes [ 22-8-2013 16:45:54 ]


                          ==================== Job tasks at C:\Windows\system32\Tasks ====================

                          C:\Windows\system32\Tasks\CCleanerSkipUAC 2780 bytes [ 26-11-2014 20:13:20 ]
                          => "C:\Program Files\CCleaner\CCleaner.exe"

                          C:\Windows\system32\Tasks\CreateChoiceProcessTask 3554 bytes [ 11-1-2014 12:53:40 ]
                          => C:\Windows\BrowserChoice\browserchoice.exe

                          C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 3814 bytes [ 10-1-2014 18:10:44 ]
                          => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

                          C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore1d0439ec76b78a 3814 bytes [ 8-2-2015 13:52:08 ]
                          => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

                          C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 4050 bytes [ 10-1-2014 18:10:45 ]
                          => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

                          C:\Windows\system32\Tasks\HPCeeScheduleFordaphn_000 3184 bytes [ 25-8-2014 22:16:09 ]
                          => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

                          C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1314184813-1300351738-2939004454-500 3596 bytes [ 1-9-2013 17:13:06 ]

                          C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2323992412-533519598-971084482-500 3592 bytes [ 26-8-2013 08:11:30 ]

                          C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3900212922-1254537326-960218257-500 3594 bytes [ 19-12-2013 16:52:34 ]

                          C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4069903829-4235242597-1408532582-500 3596 bytes [ 11-10-2013 14:13:17 ]

                          C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-487102878-2576558178-201097663-1002 3596 bytes [ 10-1-2014 17:21:20 ]

                          C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-487102878-2576558178-201097663-500 2324 bytes [ 19-12-2013 19:10:04 ]

                          C:\Windows\system32\Tasks\User_Feed_Synchronization-{9556EC6E-4952-458C-B99F-77F9286537E0} 3966 bytes [ 10-1-2014 17:25:19 ]
                          => C:\Windows\system32\msfeedssync.exe

                          C:\Windows\system32\Tasks\{5A0EF710-F3EA-4732-97E7-D91A52869E0B} 3090 bytes [ 5-4-2015 13:54:11 ]
                          => "c:\program files (x86)\google\chrome\application\chrome.exe"

                          C:\Windows\system32\Tasks\{5E8E6847-5F2D-4E6C-A1AC-DAA1ACF2E709} 3090 bytes [ 7-4-2015 17:43:16 ]
                          => "c:\program files (x86)\google\chrome\application\chrome.exe"

                          C:\Windows\system32\Tasks\{6CFE0868-2B97-417E-B38C-4F05F4484433} 3090 bytes [ 7-4-2015 17:50:54 ]
                          => "c:\program files (x86)\google\chrome\application\chrome.exe"

                          C:\Windows\system32\Tasks\{7F3E88D5-E860-43EF-AC4C-3C35964597D1} 3090 bytes [ 7-4-2015 17:37:40 ]
                          => "c:\program files (x86)\google\chrome\application\chrome.exe"

                          C:\Windows\system32\Tasks\{D32F9583-06E2-49C9-99C4-25453F507E4C} 3090 bytes [ 7-4-2015 17:40:52 ]
                          => "c:\program files (x86)\google\chrome\application\chrome.exe"

                          C:\Windows\system32\Tasks\{DF82A4B6-9D82-4555-83CC-8FF31B38077C} 3090 bytes [ 7-4-2015 17:47:36 ]
                          => "c:\program files (x86)\google\chrome\application\chrome.exe"


                          ==================== Job tasks at C:\Windows\SysWOW64\Tasks ====================

                          There are no .job files found.

                          ==================== End scanning at wo 8 apr 2015 16:35 (1 Min 0 Sec ) ========

                          Comment


                          • #14
                            Ik had graag de MBAM scan log gehad, daarna pas een verse E-Peek log.

                            Zo Goed ? Is er al iets te zien ??

                            Comment


                            • #15
                              Download of Update Ccleaner

                              Start CCleaner op.
                              • Run Ccleaner en klik in de linkse kolom op Opties
                              • Selecteer het tabblad Geavanceerd
                              • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                              • Selecteer het tabblad Instellingen
                              • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                              • Klik in de linkse kolom op Cleaner.
                              • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                              • Klik vervolgens in de linkse kolom op Register
                              • Klik op Scan naar problemen.
                              • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                              • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

                              .


                              Google Chrome Browserinstellingen terugzetten:
                              .
                              • Open Google Chrome, en klik rechtsboven op het icoon met de drie streepjes.
                              • Ben je ingelogd bij Google Chrome, dan moet je Google Chrome Synchronisatie wellicht eerst resetten.
                              • Selecteer Instellingen.
                              • Klik onderaan op Geavanceerde instellingen weergeven.
                              • Klik onder het gedeelte 'Instellingen opnieuw instellen' op Instellingen opnieuw instellen.
                              • Klik op Terugzetten in het dialoogvenster dat wordt weergegeven.
                              • Sluit Google Chrome af om de wijzigingen door te voeren.

                              .


                              Internet Explorer opnieuw instellen:
                              • Start Internet Explorer.
                                • Opmerking: Als u Windows 8 gebruikt, start u Internet Explorer voor het bureaublad. Het wijzigen van de instellingen heeft dan invloed op zowel Internet Explorer als Internet Explorer voor het bureaublad.
                              • Open het menu Extra en tik of klik op Internetopties. Druk op Alt als het menu Extra niet wordt weergegeven.
                                • Opmerking: Als u Internet Explorer niet kunt starten, kunt u het instellingenvenster ook openen door tegelijkertijd op de Windows-toets en R te drukken, in het vak Uitvoeren de tekst inetcpl.cpl te typen en vervolgens op Enter te drukken.
                              • Tik of klik in het venster Internetopties op het tabblad Geavanceerd.
                              • Tik of klik op Opnieuw instellen.
                              • Klik in het dialoogvenster Instellingen voor Internet Explorer opnieuw instellen op Opnieuw instellen.
                              • Schakel het selectievakje Persoonlijke instellingen verwijderen in als u ook uw browsegeschiedenis, zoekproviders, webversnellers, startpagina's, traceerbeveiliging en gegevens voor ActiveX-filtering wilt verwijderen.
                              • Wanneer de standaardinstellingen van Internet Explorer zijn hersteld, tikt of klikt u op Sluiten en vervolgens op OK.
                              • Sluit Internet Explorer af en start het programma opnieuw op.




                              Vertel me nu eens hoe het is?
                              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X