Mededeling

Collapse
No announcement yet.

Malware probleem "ADS BY name"

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Malware probleem "ADS BY name"

    Hallo

    Sinds een week veel last van reclame soms zoveel dat ik de browser maar moet afsluiten, na diverse programma's te hebben geïnstalleerd nog geen verbetering geboekt :-( Via helpmij.nl werd ik doorverwezen naar deze site en ik hoop dat jullie mij met dit probleem kunnen helpen. Allereerst heb ik de stappen al doorlopen wat betreft malwarebytes en Epeek, malwarebytes kon niets detecteren en de bevindingen van Epeek zal ik hier toevoegen. Ik hoop dat jullie een oplossing voor mij hebben .

    Groetjes Adje
    Bijgevoegde Bestanden

  • #2
    De eerste stap is het uitvoeren van deze richtlijn:

    !!! BELANGRIJK !!!: Lees dit eerst voor je hier een bericht plaatst!

    Post de gevraagde logjes.

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Malware probleem "ADS BY name"

      Hallo Emphyrio

      Hier zijn de gevraagde logjes

      Groet Adje

      Malwarebytes Anti-Malware
      www.malwarebytes.org

      Scandatum: 20-4-2015
      Scantijd: 02:29:04
      Logbestand: malwarebytes.txt
      Beheerder: Ja

      Versie: 2.01.4.1018
      Malware Gegevensbestand: v2015.04.19.05
      Rootkit Gegevensbestand: v2015.03.31.01
      Licentie: Premium
      Malwarebescherming: Ingeschakeld
      Kwaadaardige Website Bescherming: Ingeschakeld
      Zelfbescherming: Uitgeschakeld

      Besturingssysteem: Windows 8.1
      Processor: x64
      Bestandssysteem: NTFS
      Gebruiker: Eduard

      Scantype: Bedreigingsscan
      Resultaat: Voltooid
      Objecten Gescand: 355273
      Verstreken Tijd: 16 m, 40 s

      Geheugen: Ingeschakeld
      Opstarten: Ingeschakeld
      Bestandssysteem: Ingeschakeld
      Archieven: Ingeschakeld
      Rootkits: Uitgeschakeld
      Heuristiek: Ingeschakeld
      POP: Ingeschakeld
      POA: Ingeschakeld

      Processen: 0
      (Geen kwaadaardige items gedetecteerd)

      Modules: 0
      (Geen kwaadaardige items gedetecteerd)

      Registersleutels: 0
      (Geen kwaadaardige items gedetecteerd)

      Registerwaardes: 0
      (Geen kwaadaardige items gedetecteerd)

      Registerdata: 0
      (Geen kwaadaardige items gedetecteerd)

      Mappen: 0
      (Geen kwaadaardige items gedetecteerd)

      Bestanden: 0
      (Geen kwaadaardige items gedetecteerd)

      Fysieke Sectoren: 0
      (Geen kwaadaardige items gedetecteerd)


      (end)


      # AdwCleaner v4.201 - Logbestand aangemaakt 19/04/2015 op 20:59:59
      # Laatste update 08/04/2015 door Xplode
      # Database : 2015-04-19.4 [Server]
      # Besturingssysteem : Windows 8.1 (x64)
      # Gebruikersnaam : Eduard - EDUARD
      # Gestart vanuit : C:\Users\Eduard\Downloads\adwcleaner_4.201.exe
      # Optie : Scannen

      ***** [ Services ] *****


      ***** [ Bestanden / Mappen ] *****


      ***** [ Geplande taken ] *****


      ***** [ Snelkoppelingen ] *****


      ***** [ Register ] *****

      Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}

      ***** [ Webbrowsers ] *****

      -\\ Internet Explorer v11.0.9600.17416


      -\\ Mozilla Firefox v37.0.1 (x86 nl)


      -\\ Google Chrome v42.0.2311.90

      [C:\Users\Eduard\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gevonden [Extension] : dlabcihlajghaekmikmkncdhekcaaenl

      *************************

      AdwCleaner[R0].txt - [9749 bytes] - [11/04/2015 20:17:24]
      AdwCleaner[R1].txt - [9808 bytes] - [11/04/2015 20:19:38]
      AdwCleaner[R2].txt - [981 bytes] - [13/04/2015 10:35:59]
      AdwCleaner[R3].txt - [1039 bytes] - [13/04/2015 10:37:36]
      AdwCleaner[R4].txt - [1161 bytes] - [16/04/2015 14:29:43]
      AdwCleaner[R5].txt - [1276 bytes] - [17/04/2015 19:18:13]
      AdwCleaner[R6].txt - [1454 bytes] - [17/04/2015 22:29:23]
      AdwCleaner[R7].txt - [1340 bytes] - [19/04/2015 20:59:59]
      AdwCleaner[S0].txt - [9498 bytes] - [11/04/2015 20:20:00]
      AdwCleaner[S1].txt - [1104 bytes] - [13/04/2015 10:38:11]
      AdwCleaner[S2].txt - [1226 bytes] - [16/04/2015 14:31:26]
      AdwCleaner[S3].txt - [1520 bytes] - [17/04/2015 22:30:34]

      ########## EOF - C:\AdwCleaner\AdwCleaner[R7].txt - [1635 bytes] ##########


      E-Peek v 1.9.9.0 © Emphyrio/Onsia Patrick 2013-2015
      E Dev
      Run at zo 19 apr 2015 17:17
      .
      Windows 8.1 (64 bits)
      C:\Windows [NTFS - Fixed]
      Default Browser: Firefox 37.0.1 (x86 nl)
      Boot mode: Normal boot
      User logged in: Eduard
      .
      Java x86: n/a
      Java x64: n/a
      .
      AV : ESET Smart Security 7.0 [Updated - Running]
      AV : Windows Defender [Updated - Not Running]
      AS : Windows Defender [Updated - Not Running]
      AS : ESET Smart Security 7.0 [Updated - Running]
      FW : FW : ESET Persoonlijke firewall [Updated - Running]

      .
      ==================== Files and Folders history =================================

      Folders Created Last 7 days :

      19-04-2015 ##### r-h-s-d+a- C:\Users\Eduard\AppData\Roaming\E Dev
      19-04-2015 ##### r-h-s-d+a- C:\Program Files (x86)\Malwarebytes Anti-Malware
      19-04-2015 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
      18-04-2015 ##### r-h-s-d+a- C:\Users\Eduard\Start Menu
      18-04-2015 ##### r-h-s-d+a- C:\Users\Eduard\AppData\Roaming\ZHP
      18-04-2015 ##### r-h-s-d+a- C:\EEK
      17-04-2015 ##### r-h-s-d+a- C:\ProgramData\HitmanPro
      16-04-2015 ##### r-h-s-d+a- C:\Users\Eduard\AppData\Local\CrashDumps
      16-04-2015 ##### r-h-s-d+a- C:\ProgramData\RogueKiller

      Files Modified Last 7 days :

      17-04-2015 00004160 r-h-s-d-a+ C:\Windows\system32\.crusader
      16-04-2015 128913832 r-h-s-d-a+ C:\Windows\system32\MRT.exe
      16-04-2015 00017408 r-h-s-d-a+ C:\Windows\system32\wuaext.dll
      14-04-2015 00792056 r-h-s-d-a+ C:\Windows\SysWOW64\FlashPlayerApp.exe
      14-04-2015 00178168 r-h-s-d-a+ C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

      Files Created Last 7 days :

      19-04-2015 00000000 r-h-s-d-a+ C:\Users\Eduard\defogger_reenable
      17-04-2015 00159306 r-h+s-d-a+ C:\Users\Eduard\AppData\Local\IconCache.db
      17-04-2015 00004160 r-h-s-d-a+ C:\Windows\system32\.crusader
      16-04-2015 24980480 r-h-s-d-a+ C:\Windows\system32\mshtml.dll
      16-04-2015 19695616 r-h-s-d-a+ C:\Windows\SysWOW64\mshtml.dll
      16-04-2015 14397440 r-h-s-d-a+ C:\Windows\system32\ieframe.dll
      16-04-2015 12825600 r-h-s-d-a+ C:\Windows\SysWOW64\ieframe.dll
      16-04-2015 07476032 r-h-s-d-a+ C:\Windows\system32\ntoskrnl.exe
      16-04-2015 06025216 r-h-s-d-a+ C:\Windows\system32\jscript9.dll
      16-04-2015 04305408 r-h-s-d-a+ C:\Windows\SysWOW64\jscript9.dll
      16-04-2015 03678720 r-h-s-d-a+ C:\Windows\system32\wuaueng.dll
      16-04-2015 02886144 r-h-s-d-a+ C:\Windows\system32\iertutil.dll
      16-04-2015 02373632 r-h-s-d-a+ C:\Windows\system32\wucltux.dll
      16-04-2015 02358784 r-h-s-d-a+ C:\Windows\system32\wininet.dll
      16-04-2015 02278400 r-h-s-d-a+ C:\Windows\SysWOW64\iertutil.dll
      16-04-2015 01888256 r-h-s-d-a+ C:\Windows\SysWOW64\wininet.dll
      16-04-2015 01733952 r-h-s-d-a+ C:\Windows\system32\ntdll.dll
      16-04-2015 01548288 r-h-s-d-a+ C:\Windows\system32\urlmon.dll
      16-04-2015 01498872 r-h-s-d-a+ C:\Windows\SysWOW64\ntdll.dll
      16-04-2015 01385256 r-h-s-d-a+ C:\Windows\system32\msctf.dll
      16-04-2015 01311232 r-h-s-d-a+ C:\Windows\SysWOW64\urlmon.dll
      16-04-2015 01124352 r-h-s-d-a+ C:\Windows\SysWOW64\msctf.dll
      16-04-2015 01111552 r-h-s-d-a+ C:\Windows\system32\aeinv.dll
      16-04-2015 01032704 r-h-s-d-a+ C:\Windows\system32\inetcomm.dll
      16-04-2015 00957440 r-h-s-d-a+ C:\Windows\system32\appraiser.dll
      16-04-2015 00950784 r-h-s-d-a+ C:\Windows\system32\tdh.dll
      16-04-2015 00891392 r-h-s-d-a+ C:\Windows\system32\wuapi.dll
      16-04-2015 00880128 r-h-s-d-a+ C:\Windows\SysWOW64\inetcomm.dll
      16-04-2015 00816128 r-h-s-d-a+ C:\Windows\system32\jscript.dll
      16-04-2015 00801280 r-h-s-d-a+ C:\Windows\system32\msfeeds.dll
      16-04-2015 00800768 r-h-s-d-a+ C:\Windows\system32\ieapfltr.dll
      16-04-2015 00780800 r-h-s-d-a+ C:\Windows\system32\lsm.dll
      16-04-2015 00769024 r-h-s-d-a+ C:\Windows\system32\invagent.dll
      16-04-2015 00749568 r-h-s-d-a+ C:\Windows\SysWOW64\tdh.dll
      16-04-2015 00726528 r-h-s-d-a+ C:\Windows\system32\generaltel.dll
      16-04-2015 00721920 r-h-s-d-a+ C:\Windows\SysWOW64\wuapi.dll
      16-04-2015 00720384 r-h-s-d-a+ C:\Windows\system32\ie4uinit.exe
      16-04-2015 00710144 r-h-s-d-a+ C:\Windows\SysWOW64\ieapfltr.dll
      16-04-2015 00689152 r-h-s-d-a+ C:\Windows\SysWOW64\msfeeds.dll
      16-04-2015 00664064 r-h-s-d-a+ C:\Windows\SysWOW64\jscript.dll
      16-04-2015 00584192 r-h-s-d-a+ C:\Windows\system32\vbscript.dll
      16-04-2015 00503296 r-h-s-d-a+ C:\Windows\SysWOW64\vbscript.dll
      16-04-2015 00419328 r-h-s-d-a+ C:\Windows\system32\devinv.dll
      16-04-2015 00411648 r-h-s-d-a+ C:\Windows\system32\tracerpt.exe
      16-04-2015 00408064 r-h-s-d-a+ C:\Windows\system32\WUSettingsProvider.dll
      16-04-2015 00369152 r-h-s-d-a+ C:\Windows\SysWOW64\tracerpt.exe
      16-04-2015 00360480 r-h-s-d-a+ C:\Windows\system32\sechost.dll
      16-04-2015 00285184 r-h-s-d-a+ C:\Windows\system32\wow64.dll
      16-04-2015 00267264 r-h-s-d-a+ C:\Windows\system32\WinSetupUI.dll
      16-04-2015 00259072 r-h-s-d-a+ C:\Windows\system32\pku2u.dll
      16-04-2015 00257216 r-h-s-d-a+ C:\Windows\SysWOW64\sechost.dll
      16-04-2015 00246272 r-h-s-d-a+ C:\Windows\system32\microsoft-windows-system-events.dll
      16-04-2015 00227328 r-h-s-d-a+ C:\Windows\system32\aepdu.dll
      16-04-2015 00208896 r-h-s-d-a+ C:\Windows\SysWOW64\pku2u.dll
      16-04-2015 00200192 r-h-s-d-a+ C:\Windows\system32\storewuauth.dll
      16-04-2015 00192000 r-h-s-d-a+ C:\Windows\system32\aepic.dll
      16-04-2015 00140288 r-h-s-d-a+ C:\Windows\system32\wuwebv.dll
      16-04-2015 00133256 r-h-s-d-a+ C:\Windows\system32\wuauclt.exe
      16-04-2015 00124928 r-h-s-d-a+ C:\Windows\SysWOW64\wuwebv.dll
      16-04-2015 00095744 r-h-s-d-a+ C:\Windows\system32\wudriver.dll
      16-04-2015 00092160 r-h-s-d-a+ C:\Windows\system32\mshtmled.dll
      16-04-2015 00081920 r-h-s-d-a+ C:\Windows\SysWOW64\wudriver.dll
      16-04-2015 00075264 r-h-s-d-a+ C:\Windows\system32\clfsw32.dll
      16-04-2015 00066048 r-h-s-d-a+ C:\Windows\system32\wups.dll
      16-04-2015 00058880 r-h-s-d-a+ C:\Windows\SysWOW64\clfsw32.dll
      16-04-2015 00052224 r-h-s-d-a+ C:\Windows\system32\wups2.dll
      16-04-2015 00035840 r-h-s-d-a+ C:\Windows\system32\wuapp.exe
      16-04-2015 00030720 r-h-s-d-a+ C:\Windows\system32\acmigration.dll
      16-04-2015 00029696 r-h-s-d-a+ C:\Windows\SysWOW64\wuapp.exe
      16-04-2015 00027136 r-h-s-d-a+ C:\Windows\SysWOW64\wups.dll
      16-04-2015 00016303 r-h-s-d-a+ C:\Windows\SysWOW64\ieuinit.inf
      16-04-2015 00016303 r-h-s-d-a+ C:\Windows\system32\ieuinit.inf
      16-04-2015 00015360 r-h-s-d-a+ C:\Windows\system32\wu.upgrade.ps.dll
      16-04-2015 00013312 r-h-s-d-a+ C:\Windows\system32\wow64cpu.dll

      ==================== RUNNING PROCESSES =========================================

      [AdminService] -SYSTEM- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe - (Windows (R) Win 7 DDK provider)
      [AppleMobileDeviceService] -SYSTEM- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - (Apple Inc.)
      [armsvc] -SYSTEM- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - (Adobe Systems Incorporated)
      [audiodg] -LOCAL SERVICE- C:\Windows\System32\audiodg.exe - (audiodg.exe)
      [CAudioFilterAgent64] -Eduard- C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe - (Conexant Systems, Inc.)
      [conhost] -NETWORK SERVICE- C:\Windows\system32\conhost.exe - (Microsoft Corporation)
      [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
      [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
      [CxAudMsg64] -SYSTEM- C:\Windows\system32\CxAudMsg64.exe - (Conexant Systems Inc.)
      [dasHost] -LOCAL SERVICE- C:\Windows\system32\dashost.exe - (Microsoft Corporation)
      [dts_apo_service] -SYSTEM- C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe - ()
      [dwm] -DWM-2- C:\Windows\System32\dwm.exe - (Microsoft Corporation)
      [egui] -Eduard- C:\Program Files\ESET\ESET Smart Security\egui.exe - (ESET)
      [ekrn] -SYSTEM- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe - (ESET)
      [E-Peek 1.9.9.0] -Eduard- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.exe - (E Dev)
      [ETDCtrl] -Eduard- C:\Program Files\Elantech\ETDCtrl.exe - (ELAN Microelectronics Corp.)
      [ETDCtrlHelper] -Eduard- C:\Program Files\Elantech\ETDCtrlHelper.exe - (ELAN Microelectronics Corp.)
      [ETDTouch] -Eduard- C:\Program Files\Elantech\ETDTouch.exe - (ELAN Microelectronics Corp.)
      [explorer] -Eduard- C:\Windows\explorer.exe - (Microsoft Corporation)
      [firefox] -Eduard- C:\Program Files (x86)\Mozilla Firefox\firefox.exe - (Mozilla Corporation)
      [FlashPlayerPlugin_16_0_0_305] -Eduard- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe - (Adobe Systems, Inc.)
      [FlashPlayerPlugin_16_0_0_305] -Eduard- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe - (Adobe Systems, Inc.)
      [GoogleUpdate] -SYSTEM- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - (Google Inc.)
      [HeciServer] -SYSTEM- C:\Program Files\Intel\iCLS Client\HeciServer.exe - (Intel(R) Corporation)
      [hkcmd] -Eduard- C:\Windows\System32\hkcmd.exe - (Intel Corporation)
      [HPNetworkCommunicator] -Eduard- C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe - (Hewlett-Packard Co.)
      [hpqtra08] -Eduard- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
      [hpwuschd2] -Eduard- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe - (Hewlett-Packard)
      [igfxpers] -Eduard- C:\Windows\System32\igfxpers.exe - (Intel Corporation)
      [igfxsrvc] -Eduard- C:\Windows\system32\igfxsrvc.exe - (Intel Corporation)
      [igfxtray] -Eduard- C:\Windows\System32\igfxtray.exe - (Intel Corporation)
      [IntelMeFWService] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe - (Intel Corporation)
      [iPodService] -SYSTEM- C:\Program Files\iPod\bin\iPodService.exe - (Apple Inc.)
      [iTunesHelper] -Eduard- C:\Program Files\iTunes\iTunesHelper.exe - (Apple Inc.)
      [jhi_service] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe - (Intel Corporation)
      [LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - (Intel Corporation)
      [lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (Microsoft Corporation)
      [mbam] -Eduard- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe - (Malwarebytes Corporation)
      [mbamscheduler] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe - (Malwarebytes Corporation)
      [mbamservice] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe - (Malwarebytes Corporation)
      [msiexec] -SYSTEM- C:\Windows\system32\msiexec.exe - (Microsoft Corporation)
      [NASvc] -SYSTEM- C:\Program Files (x86)\Nero\Update\NASvc.exe - (Nero AG)
      [NvBackend] -Eduard- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe - (NVIDIA Corporation)
      [NvNetworkService] -SYSTEM- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe - (NVIDIA Corporation)
      [nvstreamsvc] -NETWORK SERVICE- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe - (NVIDIA Corporation)
      [nvstreamsvc] -SYSTEM- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe - (NVIDIA Corporation)
      [nvtray] -Eduard- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe - (NVIDIA Corporation)
      [nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation)
      [nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation)
      [nvxdsync] -SYSTEM- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - (NVIDIA Corporation)
      [OUTLOOK] -Eduard- C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE - (Microsoft Corporation)
      [plugin-container] -Eduard- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe - (Mozilla Corporation)
      [ScanToPCActivationApp] -Eduard- C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe - (Hewlett-Packard Co.)
      [SearchFilterHost] -SYSTEM- C:\Windows\system32\SearchFilterHost.exe - (Microsoft Corporation)
      [SearchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe - (Microsoft Corporation)
      [SearchProtocolHost] -SYSTEM- C:\Windows\system32\SearchProtocolHost.exe - (Microsoft Corporation)
      [services] -SYSTEM- C:\Windows\System32\services.exe - (services.exe)
      [SettingSyncHost] -Eduard- C:\Windows\System32\SettingSyncHost.exe - (Microsoft Corporation)
      [smss] -SYSTEM- C:\Windows\System32\smss.exe - (smss.exe)
      [spoolsv] -SYSTEM- C:\Windows\System32\spoolsv.exe - (Microsoft Corporation)
      [SppExtComObj] -NETWORK SERVICE- C:\Windows\system32\SppExtComObj.exe - (Microsoft Corporation)
      [sppsvc] -NETWORK SERVICE- C:\Windows\System32\sppsvc.exe - (sppsvc.exe)
      [System] -N/A- - (System)
      [taskeng] -SYSTEM- C:\Windows\system32\taskeng.exe - (Microsoft Corporation)
      [taskhost] -Eduard- C:\Windows\system32\taskhost.exe - (Microsoft Corporation)
      [taskhostex] -Eduard- C:\Windows\system32\taskhostex.exe - (Microsoft Corporation)
      [Taskmgr] -Eduard- C:\Windows\System32\Taskmgr.exe - (Microsoft Corporation)
      [TCrdMain_Win8] -Eduard- C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe - (TOSHIBA Corporation)
      [TecoResident] -Eduard- C:\Program Files\Toshiba\Teco\TecoResident.exe - (TOSHIBA Corporation)
      [TecoService] -SYSTEM- C:\Program Files\Toshiba\Teco\TecoService.exe - (Toshiba Corporation)
      [TODDSrv] -SYSTEM- C:\Windows\system32\TODDSrv.exe - (TOSHIBA Corporation)
      [TPCHSrv] -SYSTEM- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe - (TOSHIBA Corporation)
      [TPCHWMsg] -Eduard- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe - (TOSHIBA Corporation)
      [TssSrv] -Eduard- C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe - (TOSHIBA Corporation)
      [UMonit64] -Eduard- C:\Windows\SysWOW64\UMonit64.exe - ()
      [wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation)
      [winlogon] -SYSTEM- C:\Windows\System32\WinLogon.exe - (Microsoft Corporation)
      [WmiPrvSE] -NETWORK SERVICE- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
      [WmiPrvSE] -SYSTEM- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation)

      ==================== IE PAGES ==================================================

      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main
      Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
      Local Page = C:\Windows\SysWOW64\blank.htm
      Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
      Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
      Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes
      DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      DisplayName = @ieframe.dll,-12512
      URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks
      Default = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
      ==================== IE PAGES x64 ==============================================

      HKLM\Software\Microsoft\Internet Explorer\Main
      Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
      Local Page = C:\Windows\System32\blank.htm
      Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
      Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
      Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

      HKLM\Software\Microsoft\Internet Explorer\SearchScopes
      DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

      HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      DisplayName = @ieframe.dll,-12512
      URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

      HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{89E35DE2-23E1-4182-B6FA-AC0B7E9B4EB0}
      DisplayName = Bing
      URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TEJB

      ==================== Auto Load =================================================

      HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
      Userinit = userinit.exe,
      Shell = explorer.exe

      ==================== Auto Load x64 =============================================

      HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
      Userinit = C:\Windows\system32\userinit.exe,
      Shell = explorer.exe

      ==================== Firefox ===================================================

      FF - ProfilePath - C:\Users\Eduard\AppData\Roaming\Mozilla\firefox\Profiles\kxi2gu8x.default-1429376927052
      FF - Ext: [Default 37.0.1 ] - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} visible: True active: True

      FF - PlugIn: [Adobe® Flash® Player 16.0.0.305 Plugin] - C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll
      FF - PlugIn: [Microsoft SharePoint Plug-in for Firefox] - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL


      ==================== Google Chrome =============================================

      GC - Prefpath: C:\Users\Eduard\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

      GC - Homepage: ["hxxp://www.google.com"]

      GC - Ext: [ Google Presentaties ] version: 0.8
      Description: Presentaties maken en bewerken
      Path: aapocclcgogkmnckokdopfmhonfmgoek\0.8_0

      GC - Ext: [ Winkel ] version: 0.2
      Description: Chrome Web Store
      Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\resources\web_store

      GC - Ext: [ Google Documenten ] version: 0.7
      Description: Documenten maken en bewerken
      Path: aohghmighlieiainnegkcijnfilokake\0.7_0

      GC - Ext: [ Google Drive ] version: 6.3
      Description: Google Drive: alles op één plek maken, delen en bewaren.
      Path: apdfllckaahabafndbhieahigkjlhalf\6.3_0


      GC - Ext: [ YouTube ] version: 4.2.6
      Description: 's Werelds populairste online video community.
      Path: blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

      GC - Ext: [ Google Zoeken ] version: 0.0.0.20
      Description: De snelste manier om op internet te zoeken.
      Path: coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

      GC - Ext: [ shopping blast ] version: 15326.538.3646
      Description: shopping blast
      Path: dlabcihlajghaekmikmkncdhekcaaenl\15326.538.3646_0

      GC - Ext: [ Bookmark Manager ] version: 0.1
      Description: Bookmark Manager
      Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\resources\bookmark_manager

      GC - Ext: [ Settings ] version: 0.2
      Description: Settings
      Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\resources\settings_app

      GC - Ext: [ Google Spreadsheets ] version: 1.0
      Description: Spreadsheets maken en bewerken
      Path: felcaaldnbdncclmgdcncolpebgiejap\1.0_0

      GC - Ext: [ gdefoklganepljiopdnglodohlgfikkl ] version: 10771.56.7
      Description: gdefoklganepljiopdnglodohlgfikkl
      Path: gdefoklganepljiopdnglodohlgfikkl\10771.56.7_0

      GC - Ext: [ Feedback ] version: 1.0
      Description: User feedback extension
      Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\resources\feedback

      GC - Ext: [ CryptoTokenExtension ] version: 0.9.20
      Description: CryptoToken Component Extension
      Path: C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\resources\cryptotoken

      GC - Ext: [ Cloud Print ] version: 0.1
      Description: Cloud Print
      Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\resources\cloud_print

      GC - Ext: [ Chrome ] version: 0.1
      Description: Chrome as an app
      Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\resources\chrome_app

      GC - Ext: [ Chrome PDF Viewer ] version: 1
      Description:
      Path: C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\resources\pdf

      GC - Ext: [ Google Network Speech ] version: 1.0
      Description: Component extension providing speech via the Google network text-to-speech service.
      Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\resources\network_speech_synthesis

      GC - Ext: [ Google+ Hangouts ] version: 1.0
      Description:
      Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\resources\hangout_services

      GC - Ext: [ Google Wallet ] version: 0.0.6.1
      Description: Google Wallet voor digitale producten
      Path: nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0

      GC - Ext: [ Google Now ] version: 1.2.0.1
      Description: Integrates Google Now into Chrome.
      Path: C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\resources\google_now

      GC - Ext: [ Gmail ] version: 7
      Description: Een snelle, doorzoekbare e-mailfunctie met minder spam.
      Path: pjkljhegncpnkpknbcohdijeoejaedia\7_1

      ==================== Windows Host File =========================================


      ==================== BHO =======================================================

      HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
      {B4F3A835-0E21-4959-BA22-42B3008E02FF}
      HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} Default = Office Document Cache Handler
      => HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\InProcServer32 Default = C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL

      {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
      HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} Default = Microsoft SkyDrive Pro Browser Helper
      => HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\InProcServer32 Default = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

      ==================== BHO x64 ===================================================

      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
      {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
      HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Default = Lync Browser Helper
      => HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InProcServer32 Default = C:\Program Files\Microsoft Office\Office15\OCHelper.dll

      {B4F3A835-0E21-4959-BA22-42B3008E02FF}
      HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} Default = Office Document Cache Handler
      => HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\InProcServer32 Default = C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL

      ==================== Auto Start Programs =======================================

      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
      Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      AdobeCS5.5ServiceManager = "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
      HP Software Update = C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      SwitchBoard = C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      TSVU = "c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe"

      HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
      CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      HP Officejet 6500 E710n-z (NET) = "C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe" -deviceID "CN1CN340YD05JW:NW" -scfn "HP Officejet 6500 E710n-z (NET)" -AutoStart 1
      Spotify Web Helper = "C:\Users\Eduard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

      ==================== Auto Start Programs x64 ===================================

      HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
      AdobeAAMUpdater-1.0 = "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
      cAudioFilterAgent = C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
      egui = "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
      ETDCtrl = C:\Program Files\Elantech\ETDCtrl.exe
      HotKeysCmds = "C:\Windows\system32\hkcmd.exe"
      IgfxTray = "C:\Windows\system32\igfxtray.exe"
      iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
      Logitech Download Assistant = C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
      NvBackend = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
      Persistence = "C:\Windows\system32\igfxpers.exe"
      ShadowPlay = C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
      SmartAudio = C:\Program Files\CONEXANT\SAII\SACpl.exe /t
      TCrdMain = C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
      TecoResident = C:\Program Files\TOSHIBA\Teco\TecoResident.exe
      TosWaitSrv = C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
      TSSSrv = C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe

      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved [2 = enabled 3= disabled]
      = 4
      AdobeAAMUpdater-1.0 = 3
      cAudioFilterAgent = 2
      egui = 2
      ETDCtrl = 2
      HotKeysCmds = 2
      IgfxTray = 2
      iTunesHelper = 2
      Logitech Download Assistant = 2
      NvBackend = 2
      Nvtmru = 2
      Persistence = 2
      ShadowPlay = 2
      SmartAudio = 2
      TCrdMain = 2
      TecoResident = 2
      TosWaitSrv = 2
      TSSSrv = 2
      Adobe ARM = 3
      AdobeCS5.5ServiceManager = 3
      HP Software Update = 2
      SwitchBoard = 2
      TSVU = 2
      B1.BAT = 4
      HP Digital Imaging Monitor.lnk = 2
      McAfee Security Scan Plus.lnk = 2

      HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      HP Officejet 6500 E710n-z (NET) = "C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe" -deviceID "CN1CN340YD05JW:NW" -scfn "HP Officejet 6500 E710n-z (NET)" -AutoStart 1
      Spotify Web Helper = "C:\Users\Eduard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

      CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
      ==================== Extra Items IE ============================================

      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

      ==================== Extra Items IE x64 ========================================

      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

      ==================== Internet Default Prefix ===================================

      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
      Default = http://

      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes
      WWW = http://

      ==================== Internet Default Prefix x64 ===============================

      HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
      Default = http://

      HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes
      WWW = http://

      ==================== Protocol Hijackers ========================================

      HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\osf
      CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1}
      => SOFTWARE\Classes\\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL # MD5 [c6472164e8467e73857e6fa4eb31d4ef]


      HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\text/xml
      CLSID = {807583E5-5146-11D5-A672-00B0D022E945}
      => SOFTWARE\Classes\\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown


      ==================== Protocol Hijackers x64 ====================================

      HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\osf
      CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1}
      => SOFTWARE\Classes\\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1}\InProcServer32 @ Default = Unknown # C:\Program Files\Microsoft Office\Office15\MSOSB.DLL # MD5 [6628cdac2763357cf62c038cfadd53e2]


      HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
      CLSID = {807583E5-5146-11D5-A672-00B0D022E945}
      => SOFTWARE\Classes\\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown


      ==================== ShellServiceObjectDelayLoad ===============================

      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
      WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
      => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


      ==================== ShellServiceObjectDelayLoad x64 =========================

      HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
      WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
      => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


      ==================== Extra (Torpig/ConduitSearch) ==============================

      HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
      => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\Windows\system32\shell32.dll

      HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
      => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\Windows\system32\ntshrui.dll


      ==================== DRIVERS and SERVICES ======================================

      *** Win32OwnProcess ***

      SERV - R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
      SERV - R2 - [Apple Mobile Device Service] - Apple Mobile Device Service - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
      SERV - R2 - [AtherosSvc] - AtherosSvc - c:\program files (x86)\bluetooth suite\adminservice.exe
      SERV - R2 - [CxAudMsg] - Conexant Audio Message Service - c:\windows\system32\cxaudmsg64.exe
      SERV - R2 - [dts_apo_service] - DTS APO Service - c:\program files (x86)\dts, inc\dts studio sound\dts_apo_service.exe
      SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
      SERV - R2 - [Intel(R) ME Service] - Intel(R) ME Service - c:\program files (x86)\intel\intel(r) management engine components\fwservice\intelmefwservice.exe
      SERV - R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
      SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
      SERV - R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
      SERV - R2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
      SERV - R2 - [NAUpdate] - Nero Update - c:\program files (x86)\nero\update\nasvc.exe
      SERV - R2 - [NvNetworkService] - NVIDIA Network Service - c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe
      SERV - R2 - [NvStreamSvc] - NVIDIA Streamer Service - c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe
      SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
      SERV - R2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
      SERV - R2 - [TODDSrv] - TOSHIBA Optical Disc Drive Service - c:\windows\system32\toddsrv.exe
      SERV - R2 - [TOSHIBA eco Utility Service] - TOSHIBA eco Utility Service - c:\program files\toshiba\teco\tecoservice.exe
      SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
      SERV - R3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe
      SERV - R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
      SERV - R3 - [TPCHSrv] - TPCH Service - c:\program files\toshiba\tphm\tpchsrv.exe
      SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
      SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
      SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
      SERV - S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
      SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
      SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
      SERV - S3 - [GamesAppService] - GamesAppService - c:\program files (x86)\wildtangent games\app\gamesappservice.exe
      SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
      SERV - S3 - [gusvc] - Google Updater Service - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
      SERV - S3 - [IDriverT] - InstallDriver Table Manager - c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe
      SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
      SERV - S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe
      SERV - S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
      SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
      SERV - S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
      SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
      SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
      SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
      SERV - S3 - [SwitchBoard] - SwitchBoard - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
      SERV - S3 - [TemproMonitoringService] - TEMPRO Service - c:\program files (x86)\toshiba tempro\temprosvc.exe
      SERV - S3 - [TMachInfo] - TMachInfo - c:\program files\toshiba\toshiba service station\tmachinfo.exe
      SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
      SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
      SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
      SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
      SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
      SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
      SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
      SERV - S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe

      *** Win32ShareProcess ***

      SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
      SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
      SERV - R3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
      SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
      SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
      SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

      *** Others ***

      SERV - R2 - [ekrn] - ESET Service - c:\program files\eset\eset smart security\x86\ekrn.exe
      SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
      SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

      *** File System Driver ***

      DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
      DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
      DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
      DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\Windows\system32\Drivers\Wof.sys
      DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
      DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
      DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys

      *** Kernel Driver ***

      DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys
      DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\Windows\system32\Drivers\acpiex.sys
      DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys
      DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
      DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\disk.sys
      DRV - R0 - [edevmon] - edevmon - C:\Windows\system32\Drivers\edevmon.sys
      DRV - R0 - [epfwwfp] - epfwwfp - C:\Windows\system32\Drivers\epfwwfp.sys
      DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
      DRV - R0 - [iaStorA] - iaStorA - C:\Windows\system32\Drivers\iaStorA.sys
      DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\Windows\system32\Drivers\intelpep.sys
      DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
      DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
      DRV - R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
      DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
      DRV - R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
      DRV - R0 - [nvpciflt] - nvpciflt - C:\Windows\system32\Drivers\nvpciflt.sys
      DRV - R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
      DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys
      DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
      DRV - R0 - [pdc] - pdc - C:\Windows\system32\Drivers\pdc.sys
      DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
      DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\Windows\system32\Drivers\spaceport.sys
      DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys
      DRV - R0 - [TVALZ] - TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver - C:\Windows\system32\Drivers\TVALZ.sys [x]
      DRV - R0 - [TVALZFL] - TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver - C:\Windows\system32\Drivers\TVALZFL.sys
      DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\Windows\system32\Drivers\vdrvroot.sys
      DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys
      DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
      DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys
      DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
      DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\Windows\system32\Drivers\WFPLWFS.sys
      DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
      DRV - R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
      DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys
      DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys
      DRV - S0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\Windows\system32\Drivers\EhStorClass.sys
      DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
      DRV - S3 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys

      ==================== SvcHost - White Listed ====================================

      HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\[email protected]
      hpqcxs08 = ServiceDll = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [0d0213498683414dde29b1686a4c08d5]

      hpqddsvc = ServiceDll = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [ee281dd6843f3f697c1ad7933eeb1e9b]



      ==================== SvcHost x64 - White Listed ================================

      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
      BthHFSrv = ServiceDll = C:\Windows\System32\BthHFSrv.dll [9307a4b743d277c499cda8e19e5687ac]

      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
      HPSLPSVC = ServiceDll = C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [c995ea1c6915d897e06d41af95b9312c]

      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
      Pml Driver HPZ12 = ServiceDll = C:\Windows\System32\HPZipm12.dll [ac78df349f0e4cfb8b667c0cfff83cce]

      Net Driver HPZ12 = ServiceDll = C:\Windows\System32\HPZinw12.dll [2334dc48997ba203b794df3ee70521db]



      ==================== SigCheck x86 Fast =========================================

      Fast Scan All ok

      ==================== SigCheck x64 Fast =========================================

      Fast Scan All ok

      ==================== Job tasks at C:\Windows\Tasks =============================

      C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfdb51d6a6e7c1.job 1074 bytes [ 28-9-2014 21:24:35 ]

      C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 1078 bytes [ 19-10-2014 11:15:26 ]

      C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfeb7d3835796b.job 1078 bytes [ 19-10-2014 11:15:26 ]

      C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00111ab4aab7e.job 1078 bytes [ 15-11-2014 21:20:59 ]

      C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0414e27c1bd13.job 1078 bytes [ 5-2-2015 15:15:12 ]

      C:\Windows\Tasks\SA.DAT 6 bytes [ 22-8-2013 16:45:54 ]


      ==================== Job tasks at C:\Windows\system32\Tasks ====================

      C:\Windows\system32\Tasks\5UO48i4X0phOUJQK 2640 bytes [ 7-4-2015 20:43:37 ]
      => C:\Program Files (x86)\globalUpdate\Update\Install\{63B4F9DF-2F9C-48AB-8C2E-AF117090BAA0}\setup.exe

      C:\Windows\system32\Tasks\gKrbYAULT4WNJGTyt 2640 bytes [ 2-4-2015 16:28:03 ]
      => C:\Program Files (x86)\globalUpdate\Update\Install\{FFCAA3A7-5451-4780-A6EA-68A9ED3CC586}\setup.exe

      C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 3806 bytes [ 28-9-2014 21:15:15 ]
      => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

      C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore1cfdb51d6a6e7c1 3814 bytes [ 28-9-2014 21:24:40 ]
      => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

      C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 4050 bytes [ 19-10-2014 11:15:26 ]
      => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

      C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA1cfeb7d3835796b 4050 bytes [ 19-10-2014 11:15:26 ]
      => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

      C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA1d00111ab4aab7e 4050 bytes [ 15-11-2014 21:20:59 ]
      => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

      C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA1d0414e27c1bd13 4050 bytes [ 5-2-2015 15:15:12 ]
      => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

      C:\Windows\system32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z 3618 bytes [ 9-7-2014 14:41:52 ]
      => "C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe"

      C:\Windows\system32\Tasks\kG7pSOKjLpekPNotGc 2640 bytes [ 6-4-2015 18:21:26 ]
      => C:\Program Files (x86)\globalUpdate\Update\Install\{16CCBF52-5DA8-47E1-93C6-1495765FA11E}\setup.exe

      C:\Windows\system32\Tasks\KoXH8oynR8O 2640 bytes [ 5-4-2015 12:47:51 ]
      => C:\Program Files (x86)\globalUpdate\Update\Install\{E9120A7F-6541-43DC-8681-391DCB61F80D}\setup.exe

      C:\Windows\system32\Tasks\MaSAf9pxYXtrDAnXrs 2640 bytes [ 2-4-2015 22:59:34 ]
      => C:\Program Files (x86)\globalUpdate\Update\Install\{9A493838-124E-4CB6-AFD6-BC0BF4055043}\setup.exe

      C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2713537743-3426775794-1442715819-1002 3600 bytes [ 3-5-2014 15:09:08 ]

      C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2713537743-3426775794-1442715819-500 3596 bytes [ 9-4-2014 10:52:02 ]

      C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3346357531-3327840203-3679863310-500 3596 bytes [ 24-11-2013 18:04:24 ]

      C:\Windows\system32\Tasks\Resolution+ Setting Task 3128 bytes [ 9-4-2014 11:22:27 ]
      => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe

      C:\Windows\system32\Tasks\S1kt6k6DsNxnvgyI2 2640 bytes [ 8-4-2015 10:29:07 ]
      => C:\Program Files (x86)\globalUpdate\Update\Install\{139E6B66-CAAA-4C8E-851A-9BF60BC32F2D}\setup.exe

      C:\Windows\system32\Tasks\SQuAgRz2kDN3ecSz 2640 bytes [ 10-4-2015 12:41:58 ]
      => C:\Program Files (x86)\globalUpdate\Update\Install\{5B57004E-5428-42B0-BC49-5C37ED437296}\setup.exe

      C:\Windows\system32\Tasks\TrFJsDO1a3 2640 bytes [ 9-4-2015 17:47:35 ]
      => C:\Program Files (x86)\globalUpdate\Update\Install\{61090764-8E37-4AD6-9354-23A3B0593E1E}\setup.exe

      C:\Windows\system32\Tasks\UMonitor Task 3016 bytes [ 9-4-2014 11:17:24 ]
      => C:\Windows\SysWOW64\UMonit64.exe

      C:\Windows\system32\Tasks\User_Feed_Synchronization-{1B426197-90EF-4D45-BAA9-1365683BED6E} 3954 bytes [ 3-5-2014 15:08:08 ]
      => C:\Windows\system32\msfeedssync.exe

      C:\Windows\system32\Tasks\xn6OrMiOKtuW6ivSu7d 2640 bytes [ 5-4-2015 18:47:50 ]
      => C:\Program Files (x86)\globalUpdate\Update\Install\{7D01911D-6094-4DEA-B7D8-A5C0AE51A6BF}\setup.exe


      ==================== Job tasks at C:\Windows\SysWOW64\Tasks ====================

      There are no .job files found.

      ==================== End scanning at zo 19 apr 2015 17:18 (0 Min 21 Sec ) ======
      Last edited by Emphyrio; 20-04-15, 17:13. Reden: Log bijlagen verwijderdt

      Comment


      • #4
        Je moet niet telkens een nieuw topic starten als je post.
        Gewoon in jouw topic (hier dus) posten.

        Tevens is er gevraagd om de logs niet als bijlage noch tussen codertags te zetten.
        Even aandachtig de instructies lezen aub. Dit bespaart ons onnodig werk


        Google Chrome Browserinstellingen terugzetten:
        .
        • Open Google Chrome, en klik rechtsboven op het icoon met de drie streepjes.
        • Ben je ingelogd bij Google Chrome, dan moet je Google Chrome Synchronisatie wellicht eerst resetten.
        • Selecteer Instellingen.
        • Klik onderaan op Geavanceerde instellingen weergeven.
        • Klik onder het gedeelte 'Instellingen opnieuw instellen' op Instellingen opnieuw instellen.
        • Klik op Terugzetten in het dialoogvenster dat wordt weergegeven.
        • Sluit Google Chrome af om de wijzigingen door te voeren.



        Firefox terugzetten naar de standaardtoestand:
        • Klik op de menuknop en klik daarna op Help .
        • Kies Probleemoplossingsinformatie vanuit het menu Help.
          • Als u het menu Help niet kunt benaderen, typ dan about:support in uw locatiebalk om de pagina Probleemoplossingsinformatie zichtbaar te maken.
        • Klik in de rechterbovenhoek van de pagina Probleemoplossingsinformatie op de knop Firefox vernieuwen….
        • Klik in het bevestigingsvenster dat verschijnt op Firefox vernieuwen om verder te gaan.
        • Firefox zal worden gesloten en opnieuw worden ingesteld. Zodra dit is gebeurd, zal een venster de geïmporteerde gegevens weergeven. Klik op Voltooien en Firefox zal worden geopend.



        Download of Update Ccleaner

        Start CCleaner op.
        • Run Ccleaner en klik in de linkse kolom op Opties
        • Selecteer het tabblad Geavanceerd
        • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
        • Selecteer het tabblad Instellingen
        • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
        • Klik in de linkse kolom op Cleaner.
        • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
        • Klik vervolgens in de linkse kolom op Register
        • Klik op Scan naar problemen.
        • Op de vraag of je een backup wil maken van het register, klik je "Ja".
        • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

        .
        Last edited by Emphyrio; 20-04-15, 17:19.
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          Excuses dat ik je extra werk heb bezorgd, zal beter lezen ;-) Ik heb chrome en firefox vernieuwd en Ccleaner een scan laten uitvoeren maar dit heeft helaas geen resultaat.

          Comment


          • #6
            Mag ik een verse E-Peek log aub?
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment


            • #7
              Een verse E-Peek

              E-Peek v 1.9.9.0 © Emphyrio/Onsia Patrick 2013-2015
              E Dev
              Run at ma 20 apr 2015 22:13
              .
              Windows 8.1 (64 bits)
              C:\Windows [NTFS - Fixed]
              Default Browser: Firefox 37.0.1 (x86 nl)
              Boot mode: Normal boot
              User logged in: Eduard
              .
              Java x86: n/a
              Java x64: n/a
              .
              AV : ESET Smart Security 7.0 [Updated - Running]
              AV : Windows Defender [Updated - Not Running]
              AS : Windows Defender [Updated - Not Running]
              AS : ESET Smart Security 7.0 [Updated - Running]
              FW : FW : ESET Persoonlijke firewall [Updated - Running]

              .
              ==================== Files and Folders history =================================

              Folders Created Last 7 days :

              19-04-2015 ##### r-h-s-d+a- C:\Users\Eduard\AppData\Roaming\E Dev
              19-04-2015 ##### r-h-s-d+a- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
              19-04-2015 ##### r-h-s-d+a- C:\Program Files\iTunes
              19-04-2015 ##### r-h-s-d+a- C:\Program Files\iPod
              19-04-2015 ##### r-h-s-d+a- C:\Program Files\Bonjour
              19-04-2015 ##### r-h-s-d+a- C:\Program Files (x86)\Malwarebytes Anti-Malware
              19-04-2015 ##### r-h-s-d+a- C:\Program Files (x86)\iTunes
              19-04-2015 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
              19-04-2015 ##### r-h-s-d+a- C:\Program Files (x86)\Bonjour
              18-04-2015 ##### r-h-s-d+a- C:\Users\Eduard\Start Menu
              18-04-2015 ##### r-h-s-d+a- C:\Users\Eduard\AppData\Roaming\ZHP
              18-04-2015 ##### r-h-s-d+a- C:\EEK
              17-04-2015 ##### r-h-s-d+a- C:\ProgramData\HitmanPro
              16-04-2015 ##### r-h-s-d+a- C:\Users\Eduard\AppData\Local\CrashDumps
              16-04-2015 ##### r-h-s-d+a- C:\ProgramData\RogueKiller

              Files Modified Last 7 days :

              17-04-2015 00004160 r-h-s-d-a+ C:\Windows\system32\.crusader
              16-04-2015 128913832 r-h-s-d-a+ C:\Windows\system32\MRT.exe
              16-04-2015 00017408 r-h-s-d-a+ C:\Windows\system32\wuaext.dll
              14-04-2015 00792056 r-h-s-d-a+ C:\Windows\SysWOW64\FlashPlayerApp.exe
              14-04-2015 00178168 r-h-s-d-a+ C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

              Files Created Last 7 days :

              19-04-2015 00000111 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
              19-04-2015 00000000 r-h-s-d-a+ C:\Users\Eduard\defogger_reenable
              17-04-2015 00164096 r-h+s-d-a+ C:\Users\Eduard\AppData\Local\IconCache.db
              17-04-2015 00004160 r-h-s-d-a+ C:\Windows\system32\.crusader
              16-04-2015 24980480 r-h-s-d-a+ C:\Windows\system32\mshtml.dll
              16-04-2015 19695616 r-h-s-d-a+ C:\Windows\SysWOW64\mshtml.dll
              16-04-2015 14397440 r-h-s-d-a+ C:\Windows\system32\ieframe.dll
              16-04-2015 12825600 r-h-s-d-a+ C:\Windows\SysWOW64\ieframe.dll
              16-04-2015 07476032 r-h-s-d-a+ C:\Windows\system32\ntoskrnl.exe
              16-04-2015 06025216 r-h-s-d-a+ C:\Windows\system32\jscript9.dll
              16-04-2015 04305408 r-h-s-d-a+ C:\Windows\SysWOW64\jscript9.dll
              16-04-2015 03678720 r-h-s-d-a+ C:\Windows\system32\wuaueng.dll
              16-04-2015 02886144 r-h-s-d-a+ C:\Windows\system32\iertutil.dll
              16-04-2015 02373632 r-h-s-d-a+ C:\Windows\system32\wucltux.dll
              16-04-2015 02358784 r-h-s-d-a+ C:\Windows\system32\wininet.dll
              16-04-2015 02278400 r-h-s-d-a+ C:\Windows\SysWOW64\iertutil.dll
              16-04-2015 01888256 r-h-s-d-a+ C:\Windows\SysWOW64\wininet.dll
              16-04-2015 01733952 r-h-s-d-a+ C:\Windows\system32\ntdll.dll
              16-04-2015 01548288 r-h-s-d-a+ C:\Windows\system32\urlmon.dll
              16-04-2015 01498872 r-h-s-d-a+ C:\Windows\SysWOW64\ntdll.dll
              16-04-2015 01385256 r-h-s-d-a+ C:\Windows\system32\msctf.dll
              16-04-2015 01311232 r-h-s-d-a+ C:\Windows\SysWOW64\urlmon.dll
              16-04-2015 01124352 r-h-s-d-a+ C:\Windows\SysWOW64\msctf.dll
              16-04-2015 01111552 r-h-s-d-a+ C:\Windows\system32\aeinv.dll
              16-04-2015 01032704 r-h-s-d-a+ C:\Windows\system32\inetcomm.dll
              16-04-2015 00957440 r-h-s-d-a+ C:\Windows\system32\appraiser.dll
              16-04-2015 00950784 r-h-s-d-a+ C:\Windows\system32\tdh.dll
              16-04-2015 00891392 r-h-s-d-a+ C:\Windows\system32\wuapi.dll
              16-04-2015 00880128 r-h-s-d-a+ C:\Windows\SysWOW64\inetcomm.dll
              16-04-2015 00816128 r-h-s-d-a+ C:\Windows\system32\jscript.dll
              16-04-2015 00801280 r-h-s-d-a+ C:\Windows\system32\msfeeds.dll
              16-04-2015 00800768 r-h-s-d-a+ C:\Windows\system32\ieapfltr.dll
              16-04-2015 00780800 r-h-s-d-a+ C:\Windows\system32\lsm.dll
              16-04-2015 00769024 r-h-s-d-a+ C:\Windows\system32\invagent.dll
              16-04-2015 00749568 r-h-s-d-a+ C:\Windows\SysWOW64\tdh.dll
              16-04-2015 00726528 r-h-s-d-a+ C:\Windows\system32\generaltel.dll
              16-04-2015 00721920 r-h-s-d-a+ C:\Windows\SysWOW64\wuapi.dll
              16-04-2015 00720384 r-h-s-d-a+ C:\Windows\system32\ie4uinit.exe
              16-04-2015 00710144 r-h-s-d-a+ C:\Windows\SysWOW64\ieapfltr.dll
              16-04-2015 00689152 r-h-s-d-a+ C:\Windows\SysWOW64\msfeeds.dll
              16-04-2015 00664064 r-h-s-d-a+ C:\Windows\SysWOW64\jscript.dll
              16-04-2015 00584192 r-h-s-d-a+ C:\Windows\system32\vbscript.dll
              16-04-2015 00503296 r-h-s-d-a+ C:\Windows\SysWOW64\vbscript.dll
              16-04-2015 00419328 r-h-s-d-a+ C:\Windows\system32\devinv.dll
              16-04-2015 00411648 r-h-s-d-a+ C:\Windows\system32\tracerpt.exe
              16-04-2015 00408064 r-h-s-d-a+ C:\Windows\system32\WUSettingsProvider.dll
              16-04-2015 00369152 r-h-s-d-a+ C:\Windows\SysWOW64\tracerpt.exe
              16-04-2015 00360480 r-h-s-d-a+ C:\Windows\system32\sechost.dll
              16-04-2015 00285184 r-h-s-d-a+ C:\Windows\system32\wow64.dll
              16-04-2015 00267264 r-h-s-d-a+ C:\Windows\system32\WinSetupUI.dll
              16-04-2015 00259072 r-h-s-d-a+ C:\Windows\system32\pku2u.dll
              16-04-2015 00257216 r-h-s-d-a+ C:\Windows\SysWOW64\sechost.dll
              16-04-2015 00246272 r-h-s-d-a+ C:\Windows\system32\microsoft-windows-system-events.dll
              16-04-2015 00227328 r-h-s-d-a+ C:\Windows\system32\aepdu.dll
              16-04-2015 00208896 r-h-s-d-a+ C:\Windows\SysWOW64\pku2u.dll
              16-04-2015 00200192 r-h-s-d-a+ C:\Windows\system32\storewuauth.dll
              16-04-2015 00192000 r-h-s-d-a+ C:\Windows\system32\aepic.dll
              16-04-2015 00140288 r-h-s-d-a+ C:\Windows\system32\wuwebv.dll
              16-04-2015 00133256 r-h-s-d-a+ C:\Windows\system32\wuauclt.exe
              16-04-2015 00124928 r-h-s-d-a+ C:\Windows\SysWOW64\wuwebv.dll
              16-04-2015 00095744 r-h-s-d-a+ C:\Windows\system32\wudriver.dll
              16-04-2015 00092160 r-h-s-d-a+ C:\Windows\system32\mshtmled.dll
              16-04-2015 00081920 r-h-s-d-a+ C:\Windows\SysWOW64\wudriver.dll
              16-04-2015 00075264 r-h-s-d-a+ C:\Windows\system32\clfsw32.dll
              16-04-2015 00066048 r-h-s-d-a+ C:\Windows\system32\wups.dll
              16-04-2015 00058880 r-h-s-d-a+ C:\Windows\SysWOW64\clfsw32.dll
              16-04-2015 00052224 r-h-s-d-a+ C:\Windows\system32\wups2.dll
              16-04-2015 00035840 r-h-s-d-a+ C:\Windows\system32\wuapp.exe
              16-04-2015 00030720 r-h-s-d-a+ C:\Windows\system32\acmigration.dll
              16-04-2015 00029696 r-h-s-d-a+ C:\Windows\SysWOW64\wuapp.exe
              16-04-2015 00027136 r-h-s-d-a+ C:\Windows\SysWOW64\wups.dll
              16-04-2015 00016303 r-h-s-d-a+ C:\Windows\SysWOW64\ieuinit.inf
              16-04-2015 00016303 r-h-s-d-a+ C:\Windows\system32\ieuinit.inf
              16-04-2015 00015360 r-h-s-d-a+ C:\Windows\system32\wu.upgrade.ps.dll
              16-04-2015 00013312 r-h-s-d-a+ C:\Windows\system32\wow64cpu.dll

              ==================== RUNNING PROCESSES =========================================

              [AdminService] -SYSTEM- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe - (Windows (R) Win 7 DDK provider)
              [AdobeARM] -Eduard- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - (Adobe Systems Incorporated)
              [AppleMobileDeviceService] -SYSTEM- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - (Apple Inc.)
              [armsvc] -SYSTEM- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - (Adobe Systems Incorporated)
              [audiodg] -LOCAL SERVICE- C:\Windows\System32\audiodg.exe - (audiodg.exe)
              [CAudioFilterAgent64] -Eduard- C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe - (Conexant Systems, Inc.)
              [CCleaner64] -Eduard- C:\Program Files\CCleaner\CCleaner64.exe - (Piriform Ltd)
              [conhost] -NETWORK SERVICE- C:\Windows\system32\conhost.exe - (Microsoft Corporation)
              [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
              [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
              [CxAudMsg64] -SYSTEM- C:\Windows\system32\CxAudMsg64.exe - (Conexant Systems Inc.)
              [dasHost] -LOCAL SERVICE- C:\Windows\system32\dashost.exe - (Microsoft Corporation)
              [dts_apo_service] -SYSTEM- C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe - ()
              [dwm] -DWM-4- C:\Windows\System32\dwm.exe - (Microsoft Corporation)
              [egui] -Eduard- C:\Program Files\ESET\ESET Smart Security\egui.exe - (ESET)
              [ekrn] -SYSTEM- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe - (ESET)
              [E-Peek 1.9.9.0] -Eduard- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.exe - (E Dev)
              [ETDCtrl] -Eduard- C:\Program Files\Elantech\ETDCtrl.exe - (ELAN Microelectronics Corp.)
              [ETDCtrlHelper] -Eduard- C:\Program Files\Elantech\ETDCtrlHelper.exe - (ELAN Microelectronics Corp.)
              [ETDTouch] -Eduard- C:\Program Files\Elantech\ETDTouch.exe - (ELAN Microelectronics Corp.)
              [explorer] -Eduard- C:\Windows\Explorer.EXE - (Microsoft Corporation)
              [firefox] -Eduard- C:\Program Files (x86)\Mozilla Firefox\firefox.exe - (Mozilla Corporation)
              [FlashPlayerPlugin_16_0_0_305] -Eduard- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe - (Adobe Systems, Inc.)
              [FlashPlayerPlugin_16_0_0_305] -Eduard- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe - (Adobe Systems, Inc.)
              [GoogleUpdate] -SYSTEM- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - (Google Inc.)
              [HeciServer] -SYSTEM- C:\Program Files\Intel\iCLS Client\HeciServer.exe - (Intel(R) Corporation)
              [hkcmd] -Eduard- C:\Windows\System32\hkcmd.exe - (Intel Corporation)
              [HPNetworkCommunicator] -Eduard- C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe - (Hewlett-Packard Co.)
              [hpqtra08] -Eduard- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
              [hpwuschd2] -Eduard- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe - (Hewlett-Packard)
              [igfxpers] -Eduard- C:\Windows\System32\igfxpers.exe - (Intel Corporation)
              [igfxsrvc] -Eduard- C:\Windows\system32\igfxsrvc.exe - (Intel Corporation)
              [igfxtray] -Eduard- C:\Windows\System32\igfxtray.exe - (Intel Corporation)
              [IntelMeFWService] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe - (Intel Corporation)
              [iPodService] -SYSTEM- C:\Program Files\iPod\bin\iPodService.exe - (Apple Inc.)
              [iTunesHelper] -Eduard- C:\Program Files\iTunes\iTunesHelper.exe - (Apple Inc.)
              [jhi_service] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe - (Intel Corporation)
              [LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - (Intel Corporation)
              [lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (Microsoft Corporation)
              [mbam] -Eduard- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe - (Malwarebytes Corporation)
              [mbamscheduler] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe - (Malwarebytes Corporation)
              [mbamservice] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe - (Malwarebytes Corporation)
              [mDNSResponder] -SYSTEM- C:\Program Files\Bonjour\mDNSResponder.exe - (Apple Inc.)
              [NASvc] -SYSTEM- C:\Program Files (x86)\Nero\Update\NASvc.exe - (Nero AG)
              [NvBackend] -Eduard- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe - (NVIDIA Corporation)
              [NvNetworkService] -SYSTEM- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe - (NVIDIA Corporation)
              [nvstreamsvc] -NETWORK SERVICE- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe - (NVIDIA Corporation)
              [nvstreamsvc] -SYSTEM- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe - (NVIDIA Corporation)
              [nvtray] -Eduard- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe - (NVIDIA Corporation)
              [nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation)
              [nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation)
              [nvxdsync] -SYSTEM- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - (NVIDIA Corporation)
              [plugin-container] -Eduard- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe - (Mozilla Corporation)
              [ScanToPCActivationApp] -Eduard- C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe - (Hewlett-Packard Co.)
              [SearchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe - (Microsoft Corporation)
              [services] -SYSTEM- C:\Windows\System32\services.exe - (services.exe)
              [SettingSyncHost] -Eduard- C:\Windows\System32\SettingSyncHost.exe - (Microsoft Corporation)
              [SkyDrive] -Eduard- C:\Windows\System32\skydrive.exe - (Microsoft Corporation)
              [smss] -SYSTEM- C:\Windows\System32\smss.exe - (smss.exe)
              [spoolsv] -SYSTEM- C:\Windows\System32\spoolsv.exe - (Microsoft Corporation)
              [System] -N/A- - (System)
              [taskeng] -SYSTEM- C:\Windows\system32\taskeng.exe - (Microsoft Corporation)
              [taskhostex] -Eduard- C:\Windows\system32\taskhostex.exe - (Microsoft Corporation)
              [TCrdMain_Win8] -Eduard- C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe - (TOSHIBA Corporation)
              [TecoResident] -Eduard- C:\Program Files\Toshiba\Teco\TecoResident.exe - (TOSHIBA Corporation)
              [TecoService] -SYSTEM- C:\Program Files\Toshiba\Teco\TecoService.exe - (Toshiba Corporation)
              [TODDSrv] -SYSTEM- C:\Windows\system32\TODDSrv.exe - (TOSHIBA Corporation)
              [TPCHSrv] -SYSTEM- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe - (TOSHIBA Corporation)
              [TPCHWMsg] -Eduard- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe - (TOSHIBA Corporation)
              [TssSrv] -Eduard- C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe - (TOSHIBA Corporation)
              [UMonit64] -Eduard- C:\Windows\SysWOW64\UMonit64.exe - ()
              [unsecapp] -Eduard- C:\Windows\system32\wbem\unsecapp.exe - (Microsoft Corporation)
              [wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation)
              [winlogon] -SYSTEM- C:\Windows\System32\WinLogon.exe - (Microsoft Corporation)
              [WmiPrvSE] -NETWORK SERVICE- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
              [WmiPrvSE] -SYSTEM- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation)

              ==================== IE PAGES ==================================================

              HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main
              Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
              Local Page = C:\Windows\SysWOW64\blank.htm
              Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
              Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
              Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

              HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes
              DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

              HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
              DisplayName = @ieframe.dll,-12512
              URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

              HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks
              Default = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
              ==================== IE PAGES x64 ==============================================

              HKLM\Software\Microsoft\Internet Explorer\Main
              Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
              Local Page = C:\Windows\System32\blank.htm
              Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
              Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
              Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

              HKLM\Software\Microsoft\Internet Explorer\SearchScopes
              DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

              HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
              DisplayName = @ieframe.dll,-12512
              URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

              HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{89E35DE2-23E1-4182-B6FA-AC0B7E9B4EB0}
              DisplayName = Bing
              URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TEJB

              ==================== Auto Load =================================================

              HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
              Userinit = userinit.exe,
              Shell = explorer.exe

              ==================== Auto Load x64 =============================================

              HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
              Userinit = C:\Windows\system32\userinit.exe,
              Shell = explorer.exe

              ==================== Firefox ===================================================

              FF - ProfilePath - C:\Users\Eduard\AppData\Roaming\Mozilla\firefox\Profiles\sb0xkmb1.default-1429555009635
              FF - Ext: [Default 37.0.1 ] - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} visible: True active: True

              FF - PlugIn: [Adobe® Flash® Player 16.0.0.305 Plugin] - C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll
              FF - PlugIn: [Microsoft SharePoint Plug-in for Firefox] - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL


              ==================== Google Chrome =============================================

              GC - Prefpath: C:\Users\Eduard\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

              GC - Homepage: ["hxxp://www.google.com"]

              GC - Ext: [ Google Presentaties ] version: 0.8
              Description: Presentaties maken en bewerken
              Path: aapocclcgogkmnckokdopfmhonfmgoek\0.8_0

              GC - Ext: [ Winkel ] version: 0.2
              Description: Chrome Web Store
              Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\resources\web_store

              GC - Ext: [ Google Documenten ] version: 0.7
              Description: Documenten maken en bewerken
              Path: aohghmighlieiainnegkcijnfilokake\0.7_0

              GC - Ext: [ Google Drive ] version: 6.3
              Description: Google Drive: alles op één plek maken, delen en bewaren.
              Path: apdfllckaahabafndbhieahigkjlhalf\6.3_0


              GC - Ext: [ YouTube ] version: 4.2.6
              Description: 's Werelds populairste online video community.
              Path: blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

              GC - Ext: [ Google Zoeken ] version: 0.0.0.20
              Description: De snelste manier om op internet te zoeken.
              Path: coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

              GC - Ext: [ shopping blast ] version: 15326.538.3646
              Description: shopping blast
              Path: dlabcihlajghaekmikmkncdhekcaaenl\15326.538.3646_0

              GC - Ext: [ Bookmark Manager ] version: 0.1
              Description: Bookmark Manager
              Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\resources\bookmark_manager

              GC - Ext: [ Settings ] version: 0.2
              Description: Settings
              Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\resources\settings_app

              GC - Ext: [ Google Spreadsheets ] version: 1.0
              Description: Spreadsheets maken en bewerken
              Path: felcaaldnbdncclmgdcncolpebgiejap\1.0_0

              GC - Ext: [ gdefoklganepljiopdnglodohlgfikkl ] version: 10771.56.7
              Description: gdefoklganepljiopdnglodohlgfikkl
              Path: gdefoklganepljiopdnglodohlgfikkl\10771.56.7_0

              GC - Ext: [ Feedback ] version: 1.0
              Description: User feedback extension
              Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\resources\feedback

              GC - Ext: [ CryptoTokenExtension ] version: 0.9.20
              Description: CryptoToken Component Extension
              Path: C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\resources\cryptotoken

              GC - Ext: [ Cloud Print ] version: 0.1
              Description: Cloud Print
              Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\resources\cloud_print

              GC - Ext: [ Chrome ] version: 0.1
              Description: Chrome as an app
              Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\resources\chrome_app

              GC - Ext: [ Chrome PDF Viewer ] version: 1
              Description:
              Path: C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\resources\pdf

              GC - Ext: [ Google Network Speech ] version: 1.0
              Description: Component extension providing speech via the Google network text-to-speech service.
              Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\resources\network_speech_synthesis

              GC - Ext: [ Google+ Hangouts ] version: 1.0
              Description:
              Path: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\resources\hangout_services

              GC - Ext: [ Google Wallet ] version: 0.0.6.1
              Description: Google Wallet voor digitale producten
              Path: nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0

              GC - Ext: [ Google Now ] version: 1.2.0.1
              Description: Integrates Google Now into Chrome.
              Path: C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\resources\google_now

              GC - Ext: [ Gmail ] version: 7
              Description: Een snelle, doorzoekbare e-mailfunctie met minder spam.
              Path: pjkljhegncpnkpknbcohdijeoejaedia\7_1

              ==================== Windows Host File =========================================


              ==================== BHO =======================================================

              HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
              {B4F3A835-0E21-4959-BA22-42B3008E02FF}
              HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} Default = Office Document Cache Handler
              => HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\InProcServer32 Default = C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL

              {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
              HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} Default = Microsoft SkyDrive Pro Browser Helper
              => HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\InProcServer32 Default = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

              ==================== BHO x64 ===================================================

              HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
              {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
              HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Default = Lync Browser Helper
              => HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InProcServer32 Default = C:\Program Files\Microsoft Office\Office15\OCHelper.dll

              {B4F3A835-0E21-4959-BA22-42B3008E02FF}
              HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} Default = Office Document Cache Handler
              => HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\InProcServer32 Default = C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL

              ==================== Auto Start Programs =======================================

              HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
              Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
              AdobeCS5.5ServiceManager = "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
              HP Software Update = C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
              SwitchBoard = C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
              TSVU = "c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe"

              HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
              CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
              HP Officejet 6500 E710n-z (NET) = "C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe" -deviceID "CN1CN340YD05JW:NW" -scfn "HP Officejet 6500 E710n-z (NET)" -AutoStart 1
              Spotify Web Helper = "C:\Users\Eduard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

              HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
              Adobe Speed Launcher = 1429557018

              ==================== Auto Start Programs x64 ===================================

              HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
              AdobeAAMUpdater-1.0 = "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
              cAudioFilterAgent = C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
              egui = "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
              ETDCtrl = C:\Program Files\Elantech\ETDCtrl.exe
              HotKeysCmds = "C:\Windows\system32\hkcmd.exe"
              IgfxTray = "C:\Windows\system32\igfxtray.exe"
              iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
              Logitech Download Assistant = C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
              NvBackend = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
              Persistence = "C:\Windows\system32\igfxpers.exe"
              ShadowPlay = C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
              SmartAudio = C:\Program Files\CONEXANT\SAII\SACpl.exe /t
              TCrdMain = C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
              TecoResident = C:\Program Files\TOSHIBA\Teco\TecoResident.exe
              TosWaitSrv = C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
              TSSSrv = C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe

              HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved [2 = enabled 3= disabled]
              = 4
              AdobeAAMUpdater-1.0 = 3
              cAudioFilterAgent = 2
              egui = 2
              ETDCtrl = 2
              HotKeysCmds = 2
              IgfxTray = 2
              iTunesHelper = 2
              Logitech Download Assistant = 2
              NvBackend = 2
              Nvtmru = 2
              Persistence = 2
              ShadowPlay = 2
              SmartAudio = 2
              TCrdMain = 2
              TecoResident = 2
              TosWaitSrv = 2
              TSSSrv = 2
              Adobe ARM = 3
              AdobeCS5.5ServiceManager = 3
              HP Software Update = 2
              SwitchBoard = 2
              TSVU = 2
              B1.BAT = 4
              HP Digital Imaging Monitor.lnk = 2
              McAfee Security Scan Plus.lnk = 2

              HKCU\Software\Microsoft\Windows\CurrentVersion\Run
              CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
              HP Officejet 6500 E710n-z (NET) = "C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe" -deviceID "CN1CN340YD05JW:NW" -scfn "HP Officejet 6500 E710n-z (NET)" -AutoStart 1
              Spotify Web Helper = "C:\Users\Eduard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

              HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
              Adobe Speed Launcher = 1429557018

              CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
              ==================== Extra Items IE ============================================

              HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
              HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
              HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
              HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
              HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
              HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
              HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

              ==================== Extra Items IE x64 ========================================

              HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
              HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
              HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
              HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
              HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
              HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
              HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

              ==================== Internet Default Prefix ===================================

              HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
              Default = http://

              HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes
              WWW = http://

              ==================== Internet Default Prefix x64 ===============================

              HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
              Default = http://

              HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes
              WWW = http://

              ==================== Protocol Hijackers ========================================

              HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\osf
              CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1}
              => SOFTWARE\Classes\\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL # MD5 [c6472164e8467e73857e6fa4eb31d4ef]


              HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\text/xml
              CLSID = {807583E5-5146-11D5-A672-00B0D022E945}
              => SOFTWARE\Classes\\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown


              ==================== Protocol Hijackers x64 ====================================

              HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\osf
              CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1}
              => SOFTWARE\Classes\\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1}\InProcServer32 @ Default = Unknown # C:\Program Files\Microsoft Office\Office15\MSOSB.DLL # MD5 [6628cdac2763357cf62c038cfadd53e2]


              HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
              CLSID = {807583E5-5146-11D5-A672-00B0D022E945}
              => SOFTWARE\Classes\\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown


              ==================== ShellServiceObjectDelayLoad ===============================

              HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
              WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
              => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


              ==================== ShellServiceObjectDelayLoad x64 =========================

              HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
              WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
              => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


              ==================== Extra (Torpig/ConduitSearch) ==============================

              HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
              => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\Windows\system32\shell32.dll

              HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
              => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\Windows\system32\ntshrui.dll


              ==================== DRIVERS and SERVICES ======================================

              *** Win32OwnProcess ***

              SERV - R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
              SERV - R2 - [Apple Mobile Device Service] - Apple Mobile Device Service - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
              SERV - R2 - [AtherosSvc] - AtherosSvc - c:\program files (x86)\bluetooth suite\adminservice.exe
              SERV - R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
              SERV - R2 - [CxAudMsg] - Conexant Audio Message Service - c:\windows\system32\cxaudmsg64.exe
              SERV - R2 - [dts_apo_service] - DTS APO Service - c:\program files (x86)\dts, inc\dts studio sound\dts_apo_service.exe
              SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
              SERV - R2 - [Intel(R) ME Service] - Intel(R) ME Service - c:\program files (x86)\intel\intel(r) management engine components\fwservice\intelmefwservice.exe
              SERV - R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
              SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
              SERV - R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
              SERV - R2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
              SERV - R2 - [NAUpdate] - Nero Update - c:\program files (x86)\nero\update\nasvc.exe
              SERV - R2 - [NvNetworkService] - NVIDIA Network Service - c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe
              SERV - R2 - [NvStreamSvc] - NVIDIA Streamer Service - c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe
              SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
              SERV - R2 - [TODDSrv] - TOSHIBA Optical Disc Drive Service - c:\windows\system32\toddsrv.exe
              SERV - R2 - [TOSHIBA eco Utility Service] - TOSHIBA eco Utility Service - c:\program files\toshiba\teco\tecoservice.exe
              SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
              SERV - R3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe
              SERV - R3 - [TPCHSrv] - TPCH Service - c:\program files\toshiba\tphm\tpchsrv.exe
              SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
              SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
              SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
              SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
              SERV - S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
              SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
              SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
              SERV - S3 - [GamesAppService] - GamesAppService - c:\program files (x86)\wildtangent games\app\gamesappservice.exe
              SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
              SERV - S3 - [gusvc] - Google Updater Service - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
              SERV - S3 - [IDriverT] - InstallDriver Table Manager - c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe
              SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
              SERV - S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe
              SERV - S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
              SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
              SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
              SERV - S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
              SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
              SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
              SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
              SERV - S3 - [SwitchBoard] - SwitchBoard - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
              SERV - S3 - [TemproMonitoringService] - TEMPRO Service - c:\program files (x86)\toshiba tempro\temprosvc.exe
              SERV - S3 - [TMachInfo] - TMachInfo - c:\program files\toshiba\toshiba service station\tmachinfo.exe
              SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
              SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
              SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
              SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
              SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
              SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
              SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
              SERV - S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe

              *** Win32ShareProcess ***

              SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
              SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
              SERV - R3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
              SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
              SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
              SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

              *** Others ***

              SERV - R2 - [ekrn] - ESET Service - c:\program files\eset\eset smart security\x86\ekrn.exe
              SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
              SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

              *** File System Driver ***

              DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
              DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
              DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
              DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\Windows\system32\Drivers\Wof.sys
              DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
              DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
              DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys

              *** Kernel Driver ***

              DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys
              DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\Windows\system32\Drivers\acpiex.sys
              DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys
              DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
              DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\disk.sys
              DRV - R0 - [edevmon] - edevmon - C:\Windows\system32\Drivers\edevmon.sys
              DRV - R0 - [epfwwfp] - epfwwfp - C:\Windows\system32\Drivers\epfwwfp.sys
              DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
              DRV - R0 - [iaStorA] - iaStorA - C:\Windows\system32\Drivers\iaStorA.sys
              DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\Windows\system32\Drivers\intelpep.sys
              DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
              DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
              DRV - R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
              DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
              DRV - R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
              DRV - R0 - [nvpciflt] - nvpciflt - C:\Windows\system32\Drivers\nvpciflt.sys
              DRV - R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
              DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys
              DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
              DRV - R0 - [pdc] - pdc - C:\Windows\system32\Drivers\pdc.sys
              DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
              DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\Windows\system32\Drivers\spaceport.sys
              DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys
              DRV - R0 - [TVALZ] - TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver - C:\Windows\system32\Drivers\TVALZ.sys [x]
              DRV - R0 - [TVALZFL] - TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver - C:\Windows\system32\Drivers\TVALZFL.sys
              DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\Windows\system32\Drivers\vdrvroot.sys
              DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys
              DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
              DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys
              DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
              DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\Windows\system32\Drivers\WFPLWFS.sys
              DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
              DRV - R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
              DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys
              DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys
              DRV - S0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\Windows\system32\Drivers\EhStorClass.sys
              DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
              DRV - S3 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys

              ==================== SvcHost - White Listed ====================================

              HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\[email protected]
              hpqcxs08 = ServiceDll = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [0d0213498683414dde29b1686a4c08d5]

              hpqddsvc = ServiceDll = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [ee281dd6843f3f697c1ad7933eeb1e9b]



              ==================== SvcHost x64 - White Listed ================================

              HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
              BthHFSrv = ServiceDll = C:\Windows\System32\BthHFSrv.dll [9307a4b743d277c499cda8e19e5687ac]

              HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
              HPSLPSVC = ServiceDll = C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [c995ea1c6915d897e06d41af95b9312c]

              HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
              Pml Driver HPZ12 = ServiceDll = C:\Windows\System32\HPZipm12.dll [ac78df349f0e4cfb8b667c0cfff83cce]

              Net Driver HPZ12 = ServiceDll = C:\Windows\System32\HPZinw12.dll [2334dc48997ba203b794df3ee70521db]



              ==================== SigCheck x86 Fast =========================================

              Fast Scan All ok

              ==================== SigCheck x64 Fast =========================================

              Fast Scan All ok

              ==================== Job tasks at C:\Windows\Tasks =============================

              C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfdb51d6a6e7c1.job 1074 bytes [ 28-9-2014 21:24:35 ]

              C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 1078 bytes [ 19-10-2014 11:15:26 ]

              C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfeb7d3835796b.job 1078 bytes [ 19-10-2014 11:15:26 ]

              C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00111ab4aab7e.job 1078 bytes [ 15-11-2014 21:20:59 ]

              C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0414e27c1bd13.job 1078 bytes [ 5-2-2015 15:15:12 ]

              C:\Windows\Tasks\SA.DAT 6 bytes [ 22-8-2013 16:45:54 ]


              ==================== Job tasks at C:\Windows\system32\Tasks ====================

              C:\Windows\system32\Tasks\5UO48i4X0phOUJQK 2640 bytes [ 7-4-2015 20:43:37 ]
              => C:\Program Files (x86)\globalUpdate\Update\Install\{63B4F9DF-2F9C-48AB-8C2E-AF117090BAA0}\setup.exe

              C:\Windows\system32\Tasks\gKrbYAULT4WNJGTyt 2640 bytes [ 2-4-2015 16:28:03 ]
              => C:\Program Files (x86)\globalUpdate\Update\Install\{FFCAA3A7-5451-4780-A6EA-68A9ED3CC586}\setup.exe

              C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 3806 bytes [ 28-9-2014 21:15:15 ]
              => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

              C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore1cfdb51d6a6e7c1 3814 bytes [ 28-9-2014 21:24:40 ]
              => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

              C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 4050 bytes [ 19-10-2014 11:15:26 ]
              => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

              C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA1cfeb7d3835796b 4050 bytes [ 19-10-2014 11:15:26 ]
              => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

              C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA1d00111ab4aab7e 4050 bytes [ 15-11-2014 21:20:59 ]
              => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

              C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA1d0414e27c1bd13 4050 bytes [ 5-2-2015 15:15:12 ]
              => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

              C:\Windows\system32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z 3618 bytes [ 9-7-2014 14:41:52 ]
              => "C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe"

              C:\Windows\system32\Tasks\kG7pSOKjLpekPNotGc 2640 bytes [ 6-4-2015 18:21:26 ]
              => C:\Program Files (x86)\globalUpdate\Update\Install\{16CCBF52-5DA8-47E1-93C6-1495765FA11E}\setup.exe

              C:\Windows\system32\Tasks\KoXH8oynR8O 2640 bytes [ 5-4-2015 12:47:51 ]
              => C:\Program Files (x86)\globalUpdate\Update\Install\{E9120A7F-6541-43DC-8681-391DCB61F80D}\setup.exe

              C:\Windows\system32\Tasks\MaSAf9pxYXtrDAnXrs 2640 bytes [ 2-4-2015 22:59:34 ]
              => C:\Program Files (x86)\globalUpdate\Update\Install\{9A493838-124E-4CB6-AFD6-BC0BF4055043}\setup.exe

              C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2713537743-3426775794-1442715819-1002 3600 bytes [ 3-5-2014 15:09:08 ]

              C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2713537743-3426775794-1442715819-500 3596 bytes [ 9-4-2014 10:52:02 ]

              C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3346357531-3327840203-3679863310-500 3596 bytes [ 24-11-2013 18:04:24 ]

              C:\Windows\system32\Tasks\Resolution+ Setting Task 3128 bytes [ 9-4-2014 11:22:27 ]
              => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe

              C:\Windows\system32\Tasks\S1kt6k6DsNxnvgyI2 2640 bytes [ 8-4-2015 10:29:07 ]
              => C:\Program Files (x86)\globalUpdate\Update\Install\{139E6B66-CAAA-4C8E-851A-9BF60BC32F2D}\setup.exe

              C:\Windows\system32\Tasks\SQuAgRz2kDN3ecSz 2640 bytes [ 10-4-2015 12:41:58 ]
              => C:\Program Files (x86)\globalUpdate\Update\Install\{5B57004E-5428-42B0-BC49-5C37ED437296}\setup.exe

              C:\Windows\system32\Tasks\TrFJsDO1a3 2640 bytes [ 9-4-2015 17:47:35 ]
              => C:\Program Files (x86)\globalUpdate\Update\Install\{61090764-8E37-4AD6-9354-23A3B0593E1E}\setup.exe

              C:\Windows\system32\Tasks\UMonitor Task 3016 bytes [ 9-4-2014 11:17:24 ]
              => C:\Windows\SysWOW64\UMonit64.exe

              C:\Windows\system32\Tasks\User_Feed_Synchronization-{1B426197-90EF-4D45-BAA9-1365683BED6E} 3954 bytes [ 3-5-2014 15:08:08 ]
              => C:\Windows\system32\msfeedssync.exe

              C:\Windows\system32\Tasks\xn6OrMiOKtuW6ivSu7d 2640 bytes [ 5-4-2015 18:47:50 ]
              => C:\Program Files (x86)\globalUpdate\Update\Install\{7D01911D-6094-4DEA-B7D8-A5C0AE51A6BF}\setup.exe


              ==================== Job tasks at C:\Windows\SysWOW64\Tasks ====================

              There are no .job files found.

              ==================== End scanning at ma 20 apr 2015 22:13 (0 Min 18 Sec ) ======

              Comment


              • #8
                Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
                Deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
                Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

                Download Zoek.exe naar het bureaublad.
                • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
                • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken" als je zip- of rar-download hebt gebruikt.
                • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
                • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
                • Kopieer nu onderstaande code en plak die in het grote invulvenster:
                • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkwaardig probleem.
                  Code:
                  emptyclsid;
                  emptyfolderscheck;
                  firefoxlook; 
                  Chromelook; 
                  CHRdefaults;
                  autoclean; 
                  iedefaults; 
                  filesrcm;  
                  startupall;
                • Klik nu op de knop "Run script".
                • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
                • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
                • Post het geopende logje in het volgende bericht
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  De resultaten kon ik niet plaatsen in de reactie omdat deze uit te veel tekens bestaat, dus nu maar wel als bijlage gedaan ;-)
                  Bijgevoegde Bestanden

                  Comment


                  • #10
                    Hoe is het nu?
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      nog steeds reclame, geen enkele verbetering.

                      Comment


                      • #12
                        Oorspronkelijk geplaatst door Adje30 Bekijk Berichten
                        nog steeds reclame, geen enkele verbetering.
                        Kan je hier eens een screenshot van posten aub?
                        (liefst van deze Ads by name)



                        Start E-Peek, ga naar Tools en klik op Software Installed.
                        Post deze log.
                        Last edited by Emphyrio; 22-04-15, 13:58.
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          Geinstalleerde software

                          E-Peek v 1.9.9.0 © Emphyrio/Onsia Patrick 2013-2015
                          Run at wo 22 apr 2015 15:25
                          Windows 8.1 (64 bits)
                          C:\Windows [NTFS - Fixed]
                          Default Browser: Firefox 37.0.1 (x86 nl)
                          Boot mode: Normal boot
                          User logged in: Eduard
                          .
                          AV : ESET Smart Security 7.0 [Updated - Running]
                          AV : Windows Defender [Updated - Not Running]
                          AS : Windows Defender [Updated - Not Running]
                          AS : ESET Smart Security 7.0 [Updated - Running]
                          FW : FW : ESET Persoonlijke firewall [Updated - Running]

                          .
                          ==================== Software Installed ========================================

                          6500_E709_eDocs | Vers: 1.00.0000 | Pub: Hewlett-Packard
                          Adobe AIR | Vers: 2.5.1.17730 | Pub: Adobe Systems Inc.
                          Adobe Community Help | Vers: 3.4.980 | Pub: Adobe Systems Incorporated.
                          Adobe Flash Player 16 NPAPI | Vers: 16.0.0.305 | Pub: Adobe Systems Incorporated
                          Adobe Photoshop CS5.1 | Vers: 12.1 | Pub: Adobe Systems Incorporated
                          Adobe Reader XI (11.0.10) - Nederlands | Vers: 11.0.10 | Pub: Adobe Systems Incorporated
                          Aloha TriPeaks | Vers: 2.2.0.98 | Pub: WildTangent
                          Apple Application Support (32-bit) | Vers: 3.1.3 | Pub: Apple Inc.
                          Apple Software Update | Vers: 2.1.3.127 | Pub: Apple Inc.
                          Atheros Driver Installation Program | Vers: 10.0 | Pub: Atheros
                          Bejeweled 3 | Vers: 2.2.0.98 | Pub: WildTangent
                          bpd_scan | Vers: 3.00.0000 | Pub: Hewlett-Packard
                          BPDSoftware | Vers: 140.0.001.000 | Pub: Hewlett-Packard
                          BPDSoftware_Ini | Vers: 1.00.0000 | Pub: Hewlett-Packard
                          BufferChm | Vers: 140.0.298.000 | Pub: Hewlett-Packard
                          Chuzzle Deluxe | Vers: 2.2.0.95 | Pub: WildTangent
                          Destinations | Vers: 140.0.253.000 | Pub: Hewlett-Packard
                          DeviceDiscovery | Vers: 140.0.298.000 | Pub: Hewlett-Packard
                          DocProc | Vers: 140.0.185.000 | Pub: Hewlett-Packard
                          DTS Sound | Vers: 1.01.2700 | Pub: DTS, Inc.
                          Empress of the Deep - The Darkest Secret | Vers: 2.2.0.98 | Pub: WildTangent
                          E-Peek | Vers: 1.0.9 | Pub: E Dev
                          Fax | Vers: 140.0.307.000 | Pub: Hewlett-Packard
                          Genesys USB Mass Storage Device | Vers: 4.3.0.8 | Pub: Genesys Logic
                          Google Chrome | Vers: 42.0.2311.90 | Pub: Google Inc.
                          Google Update Helper | Vers: 1.3.25.11 | Pub: Google Inc.
                          Google Update Helper | Vers: 1.3.26.9 | Pub: Google Inc.
                          GPBaseService2 | Vers: 140.0.297.000 | Pub: Hewlett-Packard
                          GrabIt 1.7.2 Beta 6 (build 1008) | Pub: Ilan Shemes
                          HP Officejet 6500 E710n-z Haelp | Vers: 140.0.2.2 | Pub: Hewlett Packard
                          HP Unified IO | Vers: 2.0.0.434 | Pub: HP
                          HP Update | Vers: 5.003.003.001 | Pub: Hewlett-Packard
                          HPProductAssistant | Vers: 140.0.298.000 | Pub: Hewlett-Packard
                          I.R.I.S. OCR | Vers: 12.3.4.0 | Pub: HP
                          Image Resizer for Windows | Vers: 3.0.4802.35565 | Pub: Brice Lambson
                          ImgBurn | Vers: 2.5.8.0 | Pub: LIGHTNING UK!
                          Intel(R) Management Engine Components | Vers: 9.5.14.1724 | Pub: Intel Corporation
                          Intel(R) Processor Graphics | Vers: 10.18.10.3308 | Pub: Intel Corporation
                          Island Tribe | Vers: 2.2.0.98 | Pub: WildTangent
                          Jewel Quest Solitaire 2 | Vers: 2.2.0.98 | Pub: WildTangent
                          LG United Mobile Drivers | Vers: 3.6.0.0 | Pub: LG Electronics
                          Magic Academy | Vers: 2.2.0.98 | Pub: WildTangent
                          Malwarebytes Anti-Malware versie 2.1.4.1018 | Vers: 2.1.4.1018 | Pub: Malwarebytes Corporation
                          MarketResearch | Vers: 140.0.212.000 | Pub: Hewlett-Packard
                          Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 | Vers: 10.0.40219 | Pub: Microsoft
                          Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 | Vers: 11.0.50727.1 | Pub: Microsoft
                          Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 | Vers: 11.0.61030.0 | Pub: Microsoft
                          Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 | Vers: 11.0.50727.1 | Pub: Microsoft
                          Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 | Vers: 11.0.61030.0 | Pub: Microsoft
                          Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 | Vers: 11.0.50727 | Pub: Microsoft
                          Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 | Vers: 11.0.61030 | Pub: Microsoft
                          Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 | Vers: 11.0.50727 | Pub: Microsoft
                          Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 | Vers: 11.0.61030 | Pub: Microsoft
                          Microsoft_VC80_CRT_x86 | Vers: 8.0.50727.4053 | Pub: Adobe
                          Microsoft_VC80_MFC_x86 | Vers: 8.0.50727.4053 | Pub: Adobe
                          Microsoft_VC80_MFCLOC_x86 | Vers: 8.0.50727.4053 | Pub: Adobe
                          Microsoft_VC90_ATL_x86 | Vers: 1.00.0000 | Pub: Adobe
                          Microsoft_VC90_CRT_x86 | Vers: 1.00.0000 | Pub: Adobe
                          Microsoft_VC90_MFC_x86 | Vers: 1.00.0000 | Pub: Adobe
                          Microsoft_VC90_MFCLOC_x86 | Vers: 1.00.0000 | Pub: Adobe
                          Mozilla Firefox 37.0.1 (x86 nl) | Vers: 37.0.1 | Pub: Mozilla
                          Mozilla Maintenance Service | Vers: 29.0 | Pub: Mozilla
                          Nero Burning Core | Vers: 15.0.19000 | Pub: Nero AG
                          Nero Burning ROM | Vers: 15.0.19000 | Pub: Nero AG
                          Nero Burning ROM 2014 | Vers: 15.0.02100 | Pub: Nero AG
                          Nero Burning ROM Help (CHM) | Vers: 15.0.00015 | Pub: Nero AG
                          Nero ControlCenter | Vers: 11.0.16700 | Pub: Nero AG
                          Nero ControlCenter Help (CHM) | Vers: 15.0.00015 | Pub: Nero AG
                          Nero Core Components | Vers: 11.0.22500 | Pub: Nero AG
                          Nero SharedVideoCodecs | Vers: 1.0.15003 | Pub: Nero AG
                          Nero Update | Vers: 11.0.13300.42.0 | Pub: Nero AG
                          NVIDIA PhysX | Vers: 9.13.1220 | Pub: NVIDIA Corporation
                          PDF Settings CS5 | Vers: 10.0 | Pub: Adobe Systems Incorporated
                          Peggle Nights | Vers: 2.2.0.98 | Pub: WildTangent
                          Picasa 3 | Vers: 3.9 | Pub: Google, Inc.
                          Plants vs. Zombies - Game of the Year | Vers: 2.2.0.98 | Pub: WildTangent
                          Polar Bowler | Vers: 2.2.0.97 | Pub: WildTangent
                          Prerequisite installer | Vers: 15.0.0005 | Pub: Nero AG
                          Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver | Vers: 2.1.0.21 | Pub: Qualcomm Atheros Inc.
                          Scan | Vers: 140.0.253.000 | Pub: Hewlett-Packard
                          SolutionCenter | Vers: 140.0.299.000 | Pub: Hewlett-Packard
                          Spotify | Vers: 0.8.5.1333.g822e0de8 | Pub: Spotify AB
                          Spotnet | Vers: 1.8.1 | Pub: Spotnet
                          Status | Vers: 140.0.342.000 | Pub: Hewlett-Packard
                          Toolbox | Vers: 140.0.596.000 | Pub: Hewlett-Packard
                          TOSHIBA Addendum | Vers: 1.00 | Pub: TOSHIBA
                          TOSHIBA Gesture Controller | Vers: 4.0.110.2 | Pub: Toshiba Corporation
                          TOSHIBA Manuals | Vers: 10.10 | Pub: TOSHIBA
                          TOSHIBA Password Utility | Vers: 5.0.1.0 | Pub: Toshiba Corporation
                          TOSHIBA Recovery Media Creator | Vers: 3.1.02.55065006 | Pub: Toshiba Corporation
                          TOSHIBA System Driver | Vers: 1.00.0030 | Pub: Toshiba Corporation
                          TOSHIBA System Settings | Vers: 1.1.2.32001 | Pub: Toshiba Corporation
                          Toshiba TEMPRO | Vers: 4.5.0 | Pub: Toshiba Europe GmbH
                          TrayApp | Vers: 140.0.297.000 | Pub: Hewlett-Packard
                          Update Installer for WildTangent Games App | Pub: WildTangent
                          Virtual Villagers 4 - The Tree of Life | Vers: 2.2.0.98 | Pub: WildTangent
                          WebReg | Vers: 140.0.297.017 | Pub: Hewlett-Packard
                          WildTangent Games | Vers: 1.0.3.0 | Pub: WildTangent
                          WildTangent Games App (Toshiba Games) | Vers: 4.0.11.9 | Pub: WildTangent
                          Winamp | Vers: 5.666 | Pub: Nullsoft, Inc
                          WinRAR 5.10 (32-bit) | Vers: 5.10.0 | Pub: win.rar GmbH

                          ==================== End scanning at wo 22 apr 2015 15:25 (0 Min 0 Sec ) =======

                          Click image for larger version

Name:	Knipsel.PNG
Views:	1
Size:	514,2 KB
ID:	1068223

                          Comment


                          • #14
                            Download rkill via één van de onderstaande links naar het bureaublad.
                            .
                            .
                            Dubbelklik op "rkill" om het te starten
                            Dit kan een beetje tijd in beslag nemen.

                            Indien er een melding komt dat rkill een infectie is kunt u dit negeren, het is namelijk een vals alarm.
                            Indien u problemen blijft houden qua meldingen download dan hier (iExplorer.exe) een hernoemde rkill versie naar uw bureaublad en voer deze uit.

                            Als "rkill" gereed is zal er LOG bestanden geopend worden, deze is ook terug te vinden op de systeemschijf C:\rkill.log plaats de inhoud hiervan in het volgende bericht.

                            Let op!!! Herstart niet de computer na het gebruik van rkill


                            Doe een MBAM scan en post deze log.


                            Post een verse E-Peek log.
                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment


                            • #15
                              Het logje van rkill

                              Rkill 2.7.0 by Lawrence Abrams (Grinler)
                              http://www.bleepingcomputer.com/
                              Copyright 2008-2015 BleepingComputer.com
                              More Information about Rkill can be found at this link:
                              http://www.bleepingcomputer.com/forums/topic308364.html

                              Program started at: 04/22/2015 08:50:46 PM in x64 mode.
                              Windows Version: Windows 8.1

                              Checking for Windows services to stop:

                              * No malware services found to stop.

                              Checking for processes to terminate:

                              * No malware processes found to kill.

                              Checking Registry for malware related settings:

                              * No issues found in the Registry.

                              Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

                              Performing miscellaneous checks:

                              * No issues found.

                              Checking Windows Service Integrity:

                              * No issues found.

                              Searching for Missing Digital Signatures:

                              * No issues found.

                              Checking HOSTS File:

                              * No issues found.

                              Program finished at: 04/22/2015 08:52:35 PM
                              Execution time: 0 hours(s), 1 minute(s), and 48 seconds(s)

                              Logje van malwarebytes

                              Malwarebytes Anti-Malware
                              www.malwarebytes.org

                              Scandatum: 22-4-2015
                              Scantijd: 20:56:43
                              Logbestand: mbam.txt
                              Beheerder: Ja

                              Versie: 2.01.6.1022
                              Malware Gegevensbestand: v2015.04.22.05
                              Rootkit Gegevensbestand: v2015.04.21.01
                              Licentie: Premium
                              Malwarebescherming: Ingeschakeld
                              Kwaadaardige Website Bescherming: Ingeschakeld
                              Zelfbescherming: Uitgeschakeld

                              Besturingssysteem: Windows 8.1
                              Processor: x64
                              Bestandssysteem: NTFS
                              Gebruiker: Eduard

                              Scantype: Bedreigingsscan
                              Resultaat: Voltooid
                              Objecten Gescand: 355576
                              Verstreken Tijd: 17 m, 58 s

                              Geheugen: Ingeschakeld
                              Opstarten: Ingeschakeld
                              Bestandssysteem: Ingeschakeld
                              Archieven: Ingeschakeld
                              Rootkits: Uitgeschakeld
                              Heuristiek: Ingeschakeld
                              POP: Ingeschakeld
                              POA: Ingeschakeld

                              Processen: 0
                              (Geen kwaadaardige items gedetecteerd)

                              Modules: 0
                              (Geen kwaadaardige items gedetecteerd)

                              Registersleutels: 0
                              (Geen kwaadaardige items gedetecteerd)

                              Registerwaardes: 0
                              (Geen kwaadaardige items gedetecteerd)

                              Registerdata: 0
                              (Geen kwaadaardige items gedetecteerd)

                              Mappen: 0
                              (Geen kwaadaardige items gedetecteerd)

                              Bestanden: 0
                              (Geen kwaadaardige items gedetecteerd)

                              Fysieke Sectoren: 0
                              (Geen kwaadaardige items gedetecteerd)


                              (end)


                              En Epeek logje

                              E-Peek v 1.9.9.0 © Emphyrio/Onsia Patrick 2013-2015
                              E Dev
                              Run at wo 22 apr 2015 21:16
                              .
                              Windows 8.1 (64 bits)
                              C:\Windows [NTFS - Fixed]
                              Default Browser: Firefox 37.0.1 (x86 nl)
                              Boot mode: Normal boot
                              User logged in: Eduard
                              .
                              Java x86: n/a
                              Java x64: n/a
                              .
                              AV : ESET Smart Security 7.0 [Updated - Running]
                              AV : Windows Defender [Updated - Not Running]
                              AS : Windows Defender [Updated - Not Running]
                              AS : ESET Smart Security 7.0 [Updated - Running]
                              FW : FW : ESET Persoonlijke firewall [Updated - Running]

                              .
                              ==================== Files and Folders history =================================

                              Folders Created Last 7 days :

                              21-04-2015 ##### r-h-s-d+a- C:\zoek_backup
                              21-04-2015 ##### r-h-s-d+a- C:\Users\Eduard\AppData\Local\Temp
                              21-04-2015 ##### r-h+s+d+a- C:\$RECYCLE.BIN
                              19-04-2015 ##### r-h-s-d+a- C:\Users\Eduard\AppData\Roaming\E Dev
                              19-04-2015 ##### r-h-s-d+a- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
                              19-04-2015 ##### r-h-s-d+a- C:\Program Files\iTunes
                              19-04-2015 ##### r-h-s-d+a- C:\Program Files\iPod
                              19-04-2015 ##### r-h-s-d+a- C:\Program Files\Bonjour
                              19-04-2015 ##### r-h-s-d+a- C:\Program Files (x86)\Malwarebytes Anti-Malware
                              19-04-2015 ##### r-h-s-d+a- C:\Program Files (x86)\iTunes
                              19-04-2015 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
                              19-04-2015 ##### r-h-s-d+a- C:\Program Files (x86)\Bonjour
                              18-04-2015 ##### r-h-s-d+a- C:\Users\Eduard\Start Menu
                              18-04-2015 ##### r-h-s-d+a- C:\Users\Eduard\AppData\Roaming\ZHP
                              18-04-2015 ##### r-h-s-d+a- C:\EEK
                              17-04-2015 ##### r-h-s-d+a- C:\ProgramData\HitmanPro
                              16-04-2015 ##### r-h-s-d+a- C:\ProgramData\RogueKiller

                              Files Modified Last 7 days :

                              17-04-2015 00004160 r-h-s-d-a+ C:\Windows\system32\.crusader
                              16-04-2015 128913832 r-h-s-d-a+ C:\Windows\system32\MRT.exe
                              16-04-2015 00017408 r-h-s-d-a+ C:\Windows\system32\wuaext.dll

                              Files Created Last 7 days :

                              19-04-2015 00000111 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
                              19-04-2015 00000000 r-h-s-d-a+ C:\Users\Eduard\defogger_reenable
                              17-04-2015 00165744 r-h+s-d-a+ C:\Users\Eduard\AppData\Local\IconCache.db
                              17-04-2015 00004160 r-h-s-d-a+ C:\Windows\system32\.crusader
                              16-04-2015 24980480 r-h-s-d-a+ C:\Windows\system32\mshtml.dll
                              16-04-2015 19695616 r-h-s-d-a+ C:\Windows\SysWOW64\mshtml.dll
                              16-04-2015 14397440 r-h-s-d-a+ C:\Windows\system32\ieframe.dll
                              16-04-2015 12825600 r-h-s-d-a+ C:\Windows\SysWOW64\ieframe.dll
                              16-04-2015 07476032 r-h-s-d-a+ C:\Windows\system32\ntoskrnl.exe
                              16-04-2015 06025216 r-h-s-d-a+ C:\Windows\system32\jscript9.dll
                              16-04-2015 04305408 r-h-s-d-a+ C:\Windows\SysWOW64\jscript9.dll
                              16-04-2015 03678720 r-h-s-d-a+ C:\Windows\system32\wuaueng.dll
                              16-04-2015 02886144 r-h-s-d-a+ C:\Windows\system32\iertutil.dll
                              16-04-2015 02373632 r-h-s-d-a+ C:\Windows\system32\wucltux.dll
                              16-04-2015 02358784 r-h-s-d-a+ C:\Windows\system32\wininet.dll
                              16-04-2015 02278400 r-h-s-d-a+ C:\Windows\SysWOW64\iertutil.dll
                              16-04-2015 01888256 r-h-s-d-a+ C:\Windows\SysWOW64\wininet.dll
                              16-04-2015 01733952 r-h-s-d-a+ C:\Windows\system32\ntdll.dll
                              16-04-2015 01548288 r-h-s-d-a+ C:\Windows\system32\urlmon.dll
                              16-04-2015 01498872 r-h-s-d-a+ C:\Windows\SysWOW64\ntdll.dll
                              16-04-2015 01385256 r-h-s-d-a+ C:\Windows\system32\msctf.dll
                              16-04-2015 01311232 r-h-s-d-a+ C:\Windows\SysWOW64\urlmon.dll
                              16-04-2015 01124352 r-h-s-d-a+ C:\Windows\SysWOW64\msctf.dll
                              16-04-2015 01111552 r-h-s-d-a+ C:\Windows\system32\aeinv.dll
                              16-04-2015 01032704 r-h-s-d-a+ C:\Windows\system32\inetcomm.dll
                              16-04-2015 00957440 r-h-s-d-a+ C:\Windows\system32\appraiser.dll
                              16-04-2015 00950784 r-h-s-d-a+ C:\Windows\system32\tdh.dll
                              16-04-2015 00891392 r-h-s-d-a+ C:\Windows\system32\wuapi.dll
                              16-04-2015 00880128 r-h-s-d-a+ C:\Windows\SysWOW64\inetcomm.dll
                              16-04-2015 00816128 r-h-s-d-a+ C:\Windows\system32\jscript.dll
                              16-04-2015 00801280 r-h-s-d-a+ C:\Windows\system32\msfeeds.dll
                              16-04-2015 00800768 r-h-s-d-a+ C:\Windows\system32\ieapfltr.dll
                              16-04-2015 00780800 r-h-s-d-a+ C:\Windows\system32\lsm.dll
                              16-04-2015 00769024 r-h-s-d-a+ C:\Windows\system32\invagent.dll
                              16-04-2015 00749568 r-h-s-d-a+ C:\Windows\SysWOW64\tdh.dll
                              16-04-2015 00726528 r-h-s-d-a+ C:\Windows\system32\generaltel.dll
                              16-04-2015 00721920 r-h-s-d-a+ C:\Windows\SysWOW64\wuapi.dll
                              16-04-2015 00720384 r-h-s-d-a+ C:\Windows\system32\ie4uinit.exe
                              16-04-2015 00710144 r-h-s-d-a+ C:\Windows\SysWOW64\ieapfltr.dll
                              16-04-2015 00689152 r-h-s-d-a+ C:\Windows\SysWOW64\msfeeds.dll
                              16-04-2015 00664064 r-h-s-d-a+ C:\Windows\SysWOW64\jscript.dll
                              16-04-2015 00584192 r-h-s-d-a+ C:\Windows\system32\vbscript.dll
                              16-04-2015 00503296 r-h-s-d-a+ C:\Windows\SysWOW64\vbscript.dll
                              16-04-2015 00419328 r-h-s-d-a+ C:\Windows\system32\devinv.dll
                              16-04-2015 00411648 r-h-s-d-a+ C:\Windows\system32\tracerpt.exe
                              16-04-2015 00408064 r-h-s-d-a+ C:\Windows\system32\WUSettingsProvider.dll
                              16-04-2015 00369152 r-h-s-d-a+ C:\Windows\SysWOW64\tracerpt.exe
                              16-04-2015 00360480 r-h-s-d-a+ C:\Windows\system32\sechost.dll
                              16-04-2015 00285184 r-h-s-d-a+ C:\Windows\system32\wow64.dll
                              16-04-2015 00267264 r-h-s-d-a+ C:\Windows\system32\WinSetupUI.dll
                              16-04-2015 00259072 r-h-s-d-a+ C:\Windows\system32\pku2u.dll
                              16-04-2015 00257216 r-h-s-d-a+ C:\Windows\SysWOW64\sechost.dll
                              16-04-2015 00246272 r-h-s-d-a+ C:\Windows\system32\microsoft-windows-system-events.dll
                              16-04-2015 00227328 r-h-s-d-a+ C:\Windows\system32\aepdu.dll
                              16-04-2015 00208896 r-h-s-d-a+ C:\Windows\SysWOW64\pku2u.dll
                              16-04-2015 00200192 r-h-s-d-a+ C:\Windows\system32\storewuauth.dll
                              16-04-2015 00192000 r-h-s-d-a+ C:\Windows\system32\aepic.dll
                              16-04-2015 00140288 r-h-s-d-a+ C:\Windows\system32\wuwebv.dll
                              16-04-2015 00133256 r-h-s-d-a+ C:\Windows\system32\wuauclt.exe
                              16-04-2015 00124928 r-h-s-d-a+ C:\Windows\SysWOW64\wuwebv.dll
                              16-04-2015 00095744 r-h-s-d-a+ C:\Windows\system32\wudriver.dll
                              16-04-2015 00092160 r-h-s-d-a+ C:\Windows\system32\mshtmled.dll
                              16-04-2015 00081920 r-h-s-d-a+ C:\Windows\SysWOW64\wudriver.dll
                              16-04-2015 00075264 r-h-s-d-a+ C:\Windows\system32\clfsw32.dll
                              16-04-2015 00066048 r-h-s-d-a+ C:\Windows\system32\wups.dll
                              16-04-2015 00058880 r-h-s-d-a+ C:\Windows\SysWOW64\clfsw32.dll
                              16-04-2015 00052224 r-h-s-d-a+ C:\Windows\system32\wups2.dll
                              16-04-2015 00035840 r-h-s-d-a+ C:\Windows\system32\wuapp.exe
                              16-04-2015 00030720 r-h-s-d-a+ C:\Windows\system32\acmigration.dll
                              16-04-2015 00029696 r-h-s-d-a+ C:\Windows\SysWOW64\wuapp.exe
                              16-04-2015 00027136 r-h-s-d-a+ C:\Windows\SysWOW64\wups.dll
                              16-04-2015 00016303 r-h-s-d-a+ C:\Windows\SysWOW64\ieuinit.inf
                              16-04-2015 00016303 r-h-s-d-a+ C:\Windows\system32\ieuinit.inf
                              16-04-2015 00015360 r-h-s-d-a+ C:\Windows\system32\wu.upgrade.ps.dll
                              16-04-2015 00013312 r-h-s-d-a+ C:\Windows\system32\wow64cpu.dll

                              ==================== RUNNING PROCESSES =========================================

                              [AdminService] -SYSTEM- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe - (Windows (R) Win 7 DDK provider)
                              [AppleMobileDeviceService] -SYSTEM- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - (Apple Inc.)
                              [armsvc] -SYSTEM- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - (Adobe Systems Incorporated)
                              [audiodg] -LOCAL SERVICE- C:\Windows\System32\audiodg.exe - (audiodg.exe)
                              [CAudioFilterAgent64] -Eduard- C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe - (Conexant Systems, Inc.)
                              [conhost] -NETWORK SERVICE- C:\Windows\system32\conhost.exe - (Microsoft Corporation)
                              [conhost] -SYSTEM- C:\Windows\system32\conhost.exe - (Microsoft Corporation)
                              [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
                              [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
                              [CxAudMsg64] -SYSTEM- C:\Windows\system32\CxAudMsg64.exe - (Conexant Systems Inc.)
                              [dasHost] -LOCAL SERVICE- C:\Windows\system32\dashost.exe - (Microsoft Corporation)
                              [dts_apo_service] -SYSTEM- C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe - ()
                              [dwm] -DWM-2- C:\Windows\System32\dwm.exe - (Microsoft Corporation)
                              [egui] -Eduard- C:\Program Files\ESET\ESET Smart Security\egui.exe - (ESET)
                              [ekrn] -SYSTEM- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe - (ESET)
                              [E-Peek 1.9.9.0] -Eduard- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.exe - (E Dev)
                              [ETDCtrl] -Eduard- C:\Program Files\Elantech\ETDCtrl.exe - (ELAN Microelectronics Corp.)
                              [ETDCtrlHelper] -Eduard- C:\Program Files\Elantech\ETDCtrlHelper.exe - (ELAN Microelectronics Corp.)
                              [ETDTouch] -Eduard- C:\Program Files\Elantech\ETDTouch.exe - (ELAN Microelectronics Corp.)
                              [explorer] -Eduard- C:\Windows\Explorer.EXE - (Microsoft Corporation)
                              [firefox] -Eduard- C:\Program Files (x86)\Mozilla Firefox\firefox.exe - (Mozilla Corporation)
                              [FlashPlayerPlugin_16_0_0_305] -Eduard- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe - (Adobe Systems, Inc.)
                              [FlashPlayerPlugin_16_0_0_305] -Eduard- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe - (Adobe Systems, Inc.)
                              [GoogleUpdate] -SYSTEM- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - (Google Inc.)
                              [HeciServer] -SYSTEM- C:\Program Files\Intel\iCLS Client\HeciServer.exe - (Intel(R) Corporation)
                              [hkcmd] -Eduard- C:\Windows\System32\hkcmd.exe - (Intel Corporation)
                              [HPNetworkCommunicator] -Eduard- C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe - (Hewlett-Packard Co.)
                              [hpqtra08] -Eduard- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
                              [hpwuschd2] -Eduard- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe - (Hewlett-Packard)
                              [igfxpers] -Eduard- C:\Windows\System32\igfxpers.exe - (Intel Corporation)
                              [igfxsrvc] -Eduard- C:\Windows\system32\igfxsrvc.exe - (Intel Corporation)
                              [igfxtray] -Eduard- C:\Windows\System32\igfxtray.exe - (Intel Corporation)
                              [IntelMeFWService] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe - (Intel Corporation)
                              [iPodService] -SYSTEM- C:\Program Files\iPod\bin\iPodService.exe - (Apple Inc.)
                              [iTunesHelper] -Eduard- C:\Program Files\iTunes\iTunesHelper.exe - (Apple Inc.)
                              [jhi_service] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe - (Intel Corporation)
                              [LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - (Intel Corporation)
                              [lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (Microsoft Corporation)
                              [mbam] -Eduard- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe - (Malwarebytes Corporation)
                              [mbamscheduler] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe - (Malwarebytes Corporation)
                              [mbamservice] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe - (Malwarebytes Corporation)
                              [mDNSResponder] -SYSTEM- C:\Program Files\Bonjour\mDNSResponder.exe - (Apple Inc.)
                              [NASvc] -SYSTEM- C:\Program Files (x86)\Nero\Update\NASvc.exe - (Nero AG)
                              [NvBackend] -Eduard- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe - (NVIDIA Corporation)
                              [NvNetworkService] -SYSTEM- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe - (NVIDIA Corporation)
                              [nvstreamsvc] -NETWORK SERVICE- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe - (NVIDIA Corporation)
                              [nvstreamsvc] -SYSTEM- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe - (NVIDIA Corporation)
                              [nvstreamsvc] -SYSTEM- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe - (NVIDIA Corporation)
                              [nvtray] -Eduard- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe - (NVIDIA Corporation)
                              [nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation)
                              [nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation)
                              [nvxdsync] -SYSTEM- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - (NVIDIA Corporation)
                              [plugin-container] -Eduard- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe - (Mozilla Corporation)
                              [ScanToPCActivationApp] -Eduard- C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe - (Hewlett-Packard Co.)
                              [SearchFilterHost] -SYSTEM- C:\Windows\system32\SearchFilterHost.exe - (Microsoft Corporation)
                              [SearchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe - (Microsoft Corporation)
                              [SearchProtocolHost] -SYSTEM- C:\Windows\system32\SearchProtocolHost.exe - (Microsoft Corporation)
                              [services] -SYSTEM- C:\Windows\System32\services.exe - (services.exe)
                              [SettingSyncHost] -Eduard- C:\Windows\System32\SettingSyncHost.exe - (Microsoft Corporation)
                              [SkyDrive] -Eduard- C:\Windows\System32\skydrive.exe - (Microsoft Corporation)
                              [smss] -SYSTEM- C:\Windows\System32\smss.exe - (smss.exe)
                              [spoolsv] -SYSTEM- C:\Windows\System32\spoolsv.exe - (Microsoft Corporation)
                              [System] -N/A- - (System)
                              [taskeng] -SYSTEM- C:\Windows\system32\taskeng.exe - (Microsoft Corporation)
                              [taskhostex] -Eduard- C:\Windows\system32\taskhostex.exe - (Microsoft Corporation)
                              [TCrdMain_Win8] -Eduard- C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe - (TOSHIBA Corporation)
                              [TecoResident] -Eduard- C:\Program Files\Toshiba\Teco\TecoResident.exe - (TOSHIBA Corporation)
                              [TecoService] -SYSTEM- C:\Program Files\Toshiba\Teco\TecoService.exe - (Toshiba Corporation)
                              [TODDSrv] -SYSTEM- C:\Windows\system32\TODDSrv.exe - (TOSHIBA Corporation)
                              [TPCHSrv] -SYSTEM- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe - (TOSHIBA Corporation)
                              [TPCHWMsg] -Eduard- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe - (TOSHIBA Corporation)
                              [TssSrv] -Eduard- C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe - (TOSHIBA Corporation)
                              [wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation)
                              [winlogon] -SYSTEM- C:\Windows\System32\WinLogon.exe - (Microsoft Corporation)
                              [WmiPrvSE] -NETWORK SERVICE- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
                              [WmiPrvSE] -SYSTEM- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation)

                              ==================== IE PAGES ==================================================

                              HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main
                              Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
                              Local Page = C:\Windows\SysWOW64\blank.htm
                              Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
                              Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
                              Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

                              HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes
                              DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

                              HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                              DisplayName = @ieframe.dll,-12512
                              URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

                              HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks
                              Default = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
                              ==================== IE PAGES x64 ==============================================

                              HKLM\Software\Microsoft\Internet Explorer\Main
                              Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
                              Local Page = C:\Windows\System32\blank.htm
                              Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
                              Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
                              Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

                              HKLM\Software\Microsoft\Internet Explorer\SearchScopes
                              DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

                              HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                              DisplayName = @ieframe.dll,-12512
                              URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

                              HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{89E35DE2-23E1-4182-B6FA-AC0B7E9B4EB0}
                              DisplayName = Bing
                              URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TEJB

                              ==================== Auto Load =================================================

                              HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
                              Userinit = userinit.exe,
                              Shell = explorer.exe

                              ==================== Auto Load x64 =============================================

                              HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
                              Userinit = C:\Windows\system32\userinit.exe,
                              Shell = explorer.exe

                              ==================== Firefox ===================================================

                              FF - ProfilePath - C:\Users\Eduard\AppData\Roaming\Mozilla\firefox\Profiles\sb0xkmb1.default-1429555009635
                              FF - Ext: [Default 37.0.1 ] - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} visible: True active: True

                              FF - PlugIn: [Adobe® Flash® Player 16.0.0.305 Plugin] - C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll
                              FF - PlugIn: [Microsoft SharePoint Plug-in for Firefox] - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL


                              ==================== Google Chrome =============================================

                              ==================== Windows Host File =========================================


                              ==================== BHO =======================================================

                              HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
                              {B4F3A835-0E21-4959-BA22-42B3008E02FF}
                              HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} Default = Office Document Cache Handler
                              => HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\InProcServer32 Default = C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL

                              {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
                              HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} Default = Microsoft SkyDrive Pro Browser Helper
                              => HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\InProcServer32 Default = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

                              ==================== BHO x64 ===================================================

                              HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
                              {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
                              HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Default = Lync Browser Helper
                              => HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InProcServer32 Default = C:\Program Files\Microsoft Office\Office15\OCHelper.dll

                              {B4F3A835-0E21-4959-BA22-42B3008E02FF}
                              HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} Default = Office Document Cache Handler
                              => HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\InProcServer32 Default = C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL

                              ==================== Auto Start Programs =======================================

                              HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
                              Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                              AdobeCS5.5ServiceManager = "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
                              HP Software Update = C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
                              SwitchBoard = C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
                              TSVU = "c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe"

                              HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
                              CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
                              HP Officejet 6500 E710n-z (NET) = "C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe" -deviceID "CN1CN340YD05JW:NW" -scfn "HP Officejet 6500 E710n-z (NET)" -AutoStart 1
                              Spotify Web Helper = "C:\Users\Eduard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

                              ==================== Auto Start Programs x64 ===================================

                              HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
                              AdobeAAMUpdater-1.0 = "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
                              cAudioFilterAgent = C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
                              egui = "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
                              ETDCtrl = C:\Program Files\Elantech\ETDCtrl.exe
                              HotKeysCmds = "C:\Windows\system32\hkcmd.exe"
                              IgfxTray = "C:\Windows\system32\igfxtray.exe"
                              iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
                              Logitech Download Assistant = C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
                              NvBackend = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
                              Persistence = "C:\Windows\system32\igfxpers.exe"
                              ShadowPlay = C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
                              SmartAudio = C:\Program Files\CONEXANT\SAII\SACpl.exe /t
                              TCrdMain = C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
                              TecoResident = C:\Program Files\TOSHIBA\Teco\TecoResident.exe
                              TosWaitSrv = C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
                              TSSSrv = C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe

                              HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved [2 = enabled 3= disabled]
                              = 4
                              AdobeAAMUpdater-1.0 = 3
                              cAudioFilterAgent = 2
                              egui = 2
                              ETDCtrl = 2
                              HotKeysCmds = 2
                              IgfxTray = 2
                              iTunesHelper = 2
                              Logitech Download Assistant = 2
                              NvBackend = 2
                              Nvtmru = 2
                              Persistence = 2
                              ShadowPlay = 2
                              SmartAudio = 2
                              TCrdMain = 2
                              TecoResident = 2
                              TosWaitSrv = 2
                              TSSSrv = 2
                              Adobe ARM = 3
                              AdobeCS5.5ServiceManager = 3
                              HP Software Update = 2
                              SwitchBoard = 2
                              TSVU = 2
                              B1.BAT = 4
                              HP Digital Imaging Monitor.lnk = 2
                              McAfee Security Scan Plus.lnk = 2

                              HKCU\Software\Microsoft\Windows\CurrentVersion\Run
                              CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
                              HP Officejet 6500 E710n-z (NET) = "C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe" -deviceID "CN1CN340YD05JW:NW" -scfn "HP Officejet 6500 E710n-z (NET)" -AutoStart 1
                              Spotify Web Helper = "C:\Users\Eduard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

                              CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
                              ==================== Extra Items IE ============================================

                              HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
                              HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
                              HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
                              HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
                              HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
                              HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
                              HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

                              ==================== Extra Items IE x64 ========================================

                              HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
                              HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
                              HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
                              HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
                              HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
                              HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
                              HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

                              ==================== Internet Default Prefix ===================================

                              HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
                              Default = http://

                              HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes
                              WWW = http://

                              ==================== Internet Default Prefix x64 ===============================

                              HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
                              Default = http://

                              HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes
                              WWW = http://

                              ==================== Protocol Hijackers ========================================

                              HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\osf
                              CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1}
                              => SOFTWARE\Classes\\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL # MD5 [c6472164e8467e73857e6fa4eb31d4ef]


                              HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\text/xml
                              CLSID = {807583E5-5146-11D5-A672-00B0D022E945}
                              => SOFTWARE\Classes\\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown


                              ==================== Protocol Hijackers x64 ====================================

                              HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\osf
                              CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1}
                              => SOFTWARE\Classes\\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1}\InProcServer32 @ Default = Unknown # C:\Program Files\Microsoft Office\Office15\MSOSB.DLL # MD5 [6628cdac2763357cf62c038cfadd53e2]


                              HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
                              CLSID = {807583E5-5146-11D5-A672-00B0D022E945}
                              => SOFTWARE\Classes\\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown


                              ==================== ShellServiceObjectDelayLoad ===============================

                              HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
                              WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
                              => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


                              ==================== ShellServiceObjectDelayLoad x64 =========================

                              HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
                              WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
                              => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


                              ==================== Extra (Torpig/ConduitSearch) ==============================

                              HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
                              => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\Windows\system32\shell32.dll

                              HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
                              => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\Windows\system32\ntshrui.dll


                              ==================== DRIVERS and SERVICES ======================================

                              *** Win32OwnProcess ***

                              SERV - R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
                              SERV - R2 - [Apple Mobile Device Service] - Apple Mobile Device Service - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
                              SERV - R2 - [AtherosSvc] - AtherosSvc - c:\program files (x86)\bluetooth suite\adminservice.exe
                              SERV - R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
                              SERV - R2 - [CxAudMsg] - Conexant Audio Message Service - c:\windows\system32\cxaudmsg64.exe
                              SERV - R2 - [dts_apo_service] - DTS APO Service - c:\program files (x86)\dts, inc\dts studio sound\dts_apo_service.exe
                              SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
                              SERV - R2 - [Intel(R) ME Service] - Intel(R) ME Service - c:\program files (x86)\intel\intel(r) management engine components\fwservice\intelmefwservice.exe
                              SERV - R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
                              SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
                              SERV - R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
                              SERV - R2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
                              SERV - R2 - [NAUpdate] - Nero Update - c:\program files (x86)\nero\update\nasvc.exe
                              SERV - R2 - [NvNetworkService] - NVIDIA Network Service - c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe
                              SERV - R2 - [NvStreamSvc] - NVIDIA Streamer Service - c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe
                              SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
                              SERV - R2 - [TODDSrv] - TOSHIBA Optical Disc Drive Service - c:\windows\system32\toddsrv.exe
                              SERV - R2 - [TOSHIBA eco Utility Service] - TOSHIBA eco Utility Service - c:\program files\toshiba\teco\tecoservice.exe
                              SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
                              SERV - R3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe
                              SERV - R3 - [TPCHSrv] - TPCH Service - c:\program files\toshiba\tphm\tpchsrv.exe
                              SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
                              SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
                              SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
                              SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
                              SERV - S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
                              SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
                              SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
                              SERV - S3 - [GamesAppService] - GamesAppService - c:\program files (x86)\wildtangent games\app\gamesappservice.exe
                              SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
                              SERV - S3 - [gusvc] - Google Updater Service - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
                              SERV - S3 - [IDriverT] - InstallDriver Table Manager - c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe
                              SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
                              SERV - S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe
                              SERV - S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
                              SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
                              SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
                              SERV - S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
                              SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
                              SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
                              SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
                              SERV - S3 - [SwitchBoard] - SwitchBoard - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
                              SERV - S3 - [TemproMonitoringService] - TEMPRO Service - c:\program files (x86)\toshiba tempro\temprosvc.exe
                              SERV - S3 - [TMachInfo] - TMachInfo - c:\program files\toshiba\toshiba service station\tmachinfo.exe
                              SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
                              SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
                              SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
                              SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
                              SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
                              SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
                              SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
                              SERV - S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe

                              *** Win32ShareProcess ***

                              SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
                              SERV - R3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
                              SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
                              SERV - S3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
                              SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
                              SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

                              *** Others ***

                              SERV - R2 - [ekrn] - ESET Service - c:\program files\eset\eset smart security\x86\ekrn.exe
                              SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
                              SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

                              *** File System Driver ***

                              DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
                              DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
                              DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
                              DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\Windows\system32\Drivers\Wof.sys
                              DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
                              DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
                              DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys

                              *** Kernel Driver ***

                              DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys
                              DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\Windows\system32\Drivers\acpiex.sys
                              DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys
                              DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
                              DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\disk.sys
                              DRV - R0 - [edevmon] - edevmon - C:\Windows\system32\Drivers\edevmon.sys
                              DRV - R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\Windows\system32\Drivers\EhStorClass.sys
                              DRV - R0 - [epfwwfp] - epfwwfp - C:\Windows\system32\Drivers\epfwwfp.sys
                              DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
                              DRV - R0 - [iaStorA] - iaStorA - C:\Windows\system32\Drivers\iaStorA.sys
                              DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\Windows\system32\Drivers\intelpep.sys
                              DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
                              DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
                              DRV - R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
                              DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
                              DRV - R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
                              DRV - R0 - [nvpciflt] - nvpciflt - C:\Windows\system32\Drivers\nvpciflt.sys
                              DRV - R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
                              DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys
                              DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
                              DRV - R0 - [pdc] - pdc - C:\Windows\system32\Drivers\pdc.sys
                              DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
                              DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\Windows\system32\Drivers\spaceport.sys
                              DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys
                              DRV - R0 - [TVALZ] - TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver - C:\Windows\system32\Drivers\TVALZ.sys [x]
                              DRV - R0 - [TVALZFL] - TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver - C:\Windows\system32\Drivers\TVALZFL.sys
                              DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\Windows\system32\Drivers\vdrvroot.sys
                              DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys
                              DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
                              DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys
                              DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
                              DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\Windows\system32\Drivers\WFPLWFS.sys
                              DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
                              DRV - R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
                              DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys
                              DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys
                              DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
                              DRV - S3 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys

                              ==================== SvcHost - White Listed ====================================

                              HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\[email protected]
                              hpqcxs08 = ServiceDll = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [0d0213498683414dde29b1686a4c08d5]

                              hpqddsvc = ServiceDll = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [ee281dd6843f3f697c1ad7933eeb1e9b]



                              ==================== SvcHost x64 - White Listed ================================

                              HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
                              BthHFSrv = ServiceDll = C:\Windows\System32\BthHFSrv.dll [9307a4b743d277c499cda8e19e5687ac]

                              HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
                              HPSLPSVC = ServiceDll = C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [c995ea1c6915d897e06d41af95b9312c]

                              HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
                              Pml Driver HPZ12 = ServiceDll = C:\Windows\System32\HPZipm12.dll [ac78df349f0e4cfb8b667c0cfff83cce]

                              Net Driver HPZ12 = ServiceDll = C:\Windows\System32\HPZinw12.dll [2334dc48997ba203b794df3ee70521db]



                              ==================== SigCheck x86 Fast =========================================

                              Fast Scan All ok

                              ==================== SigCheck x64 Fast =========================================

                              Fast Scan All ok

                              ==================== Job tasks at C:\Windows\Tasks =============================

                              C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfdb51d6a6e7c1.job 1074 bytes [ 28-9-2014 21:24:35 ]

                              C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 1078 bytes [ 19-10-2014 11:15:26 ]

                              C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfeb7d3835796b.job 1078 bytes [ 19-10-2014 11:15:26 ]

                              C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00111ab4aab7e.job 1078 bytes [ 15-11-2014 21:20:59 ]

                              C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0414e27c1bd13.job 1078 bytes [ 5-2-2015 15:15:12 ]

                              C:\Windows\Tasks\SA.DAT 6 bytes [ 22-8-2013 16:45:54 ]


                              ==================== Job tasks at C:\Windows\system32\Tasks ====================

                              C:\Windows\system32\Tasks\5UO48i4X0phOUJQK 2640 bytes [ 7-4-2015 20:43:37 ]
                              => C:\Program Files (x86)\globalUpdate\Update\Install\{63B4F9DF-2F9C-48AB-8C2E-AF117090BAA0}\setup.exe

                              C:\Windows\system32\Tasks\gKrbYAULT4WNJGTyt 2640 bytes [ 2-4-2015 16:28:03 ]
                              => C:\Program Files (x86)\globalUpdate\Update\Install\{FFCAA3A7-5451-4780-A6EA-68A9ED3CC586}\setup.exe

                              C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 3806 bytes [ 28-9-2014 21:15:15 ]
                              => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

                              C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore1cfdb51d6a6e7c1 3814 bytes [ 28-9-2014 21:24:40 ]
                              => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

                              C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 4050 bytes [ 19-10-2014 11:15:26 ]
                              => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

                              C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA1cfeb7d3835796b 4050 bytes [ 19-10-2014 11:15:26 ]
                              => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

                              C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA1d00111ab4aab7e 4050 bytes [ 15-11-2014 21:20:59 ]
                              => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

                              C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA1d0414e27c1bd13 4050 bytes [ 5-2-2015 15:15:12 ]
                              => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

                              C:\Windows\system32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z 3618 bytes [ 9-7-2014 14:41:52 ]
                              => "C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe"

                              C:\Windows\system32\Tasks\kG7pSOKjLpekPNotGc 2640 bytes [ 6-4-2015 18:21:26 ]
                              => C:\Program Files (x86)\globalUpdate\Update\Install\{16CCBF52-5DA8-47E1-93C6-1495765FA11E}\setup.exe

                              C:\Windows\system32\Tasks\KoXH8oynR8O 2640 bytes [ 5-4-2015 12:47:51 ]
                              => C:\Program Files (x86)\globalUpdate\Update\Install\{E9120A7F-6541-43DC-8681-391DCB61F80D}\setup.exe

                              C:\Windows\system32\Tasks\MaSAf9pxYXtrDAnXrs 2640 bytes [ 2-4-2015 22:59:34 ]
                              => C:\Program Files (x86)\globalUpdate\Update\Install\{9A493838-124E-4CB6-AFD6-BC0BF4055043}\setup.exe

                              C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2713537743-3426775794-1442715819-1002 3598 bytes [ 3-5-2014 15:09:08 ]

                              C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2713537743-3426775794-1442715819-500 3596 bytes [ 9-4-2014 10:52:02 ]

                              C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3346357531-3327840203-3679863310-500 3596 bytes [ 24-11-2013 18:04:24 ]

                              C:\Windows\system32\Tasks\Resolution+ Setting Task 3128 bytes [ 9-4-2014 11:22:27 ]
                              => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe

                              C:\Windows\system32\Tasks\S1kt6k6DsNxnvgyI2 2640 bytes [ 8-4-2015 10:29:07 ]
                              => C:\Program Files (x86)\globalUpdate\Update\Install\{139E6B66-CAAA-4C8E-851A-9BF60BC32F2D}\setup.exe

                              C:\Windows\system32\Tasks\SQuAgRz2kDN3ecSz 2640 bytes [ 10-4-2015 12:41:58 ]
                              => C:\Program Files (x86)\globalUpdate\Update\Install\{5B57004E-5428-42B0-BC49-5C37ED437296}\setup.exe

                              C:\Windows\system32\Tasks\TrFJsDO1a3 2640 bytes [ 9-4-2015 17:47:35 ]
                              => C:\Program Files (x86)\globalUpdate\Update\Install\{61090764-8E37-4AD6-9354-23A3B0593E1E}\setup.exe

                              C:\Windows\system32\Tasks\UMonitor Task 3016 bytes [ 9-4-2014 11:17:24 ]
                              => C:\Windows\SysWOW64\UMonit64.exe

                              C:\Windows\system32\Tasks\User_Feed_Synchronization-{1B426197-90EF-4D45-BAA9-1365683BED6E} 3954 bytes [ 3-5-2014 15:08:08 ]
                              => C:\Windows\system32\msfeedssync.exe

                              C:\Windows\system32\Tasks\xn6OrMiOKtuW6ivSu7d 2640 bytes [ 5-4-2015 18:47:50 ]
                              => C:\Program Files (x86)\globalUpdate\Update\Install\{7D01911D-6094-4DEA-B7D8-A5C0AE51A6BF}\setup.exe


                              ==================== Job tasks at C:\Windows\SysWOW64\Tasks ====================

                              There are no .job files found.

                              ==================== End scanning at wo 22 apr 2015 21:17 (0 Min 15 Sec ) ======

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X