Mededeling

Collapse
No announcement yet.

Pop up infectie

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Pop up infectie

    Mijn internet explorer bestookt mij met reclame pop ups.
    Ik zou graag google chrome installeren maar dat lukt me niet meer, ik krijg deze melding: "De installatie is mislukt, het starten van het installatieprogramma van google chrome is mislukt."
    Hieronder de logs...

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 24/06/2015
    Scantijd: 14:25:13
    Logbestand: mbam log.txt
    Beheerder: Ja

    Versie: 2.01.6.1022
    Malware Gegevensbestand: v2015.06.24.01
    Rootkit Gegevensbestand: v2015.06.22.01
    Licentie: Gratis
    Malwarebescherming: Uitgeschakeld
    Kwaadaardige Website Bescherming: Uitgeschakeld
    Zelfbescherming: Uitgeschakeld

    Besturingssysteem: Windows 8.1
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: hans22

    Scantype: Aangepaste Scan
    Resultaat: Voltooid
    Objecten Gescand: 582232
    Verstreken Tijd: 2 u, 18 m, 57 s

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Ingeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (Geen kwaadaardige items gedetecteerd)

    Modules: 0
    (Geen kwaadaardige items gedetecteerd)

    Registersleutels: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerwaardes: 1
    PUM.Bad.Proxy, HKU\S-1-5-21-1091015126-3145330374-1353040903-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:9880, In Quarantaine, [b5cc2c925b2fce68d37a67b6768e3ec2]

    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)

    Mappen: 0
    (Geen kwaadaardige items gedetecteerd)

    Bestanden: 0
    (Geen kwaadaardige items gedetecteerd)

    Fysieke Sectoren: 0
    (Geen kwaadaardige items gedetecteerd)


    (end)

  • #2
    # AdwCleaner v4.207 - Logbestand aangemaakt 24/06/2015 op 17:46:08
    # Laatste update 21/06/2015 door Xplode
    # Database : 2015-06-23.1 [Server]
    # Besturingssysteem : Windows 8.1 (x64)
    # Gebruikersnaam : hans22 - HANS
    # Gestart vanuit : C:\Users\hans22\AppData\Local\Microsoft\Windows\INetCache\IE\F4YGHVOR\adwcleaner_4.207.exe
    # Optie : Verwijderen

    ***** [ Services ] *****


    ***** [ Bestanden / Mappen ] *****

    Map Verwijderd : C:\ProgramData\{2858186d-acb9-4de0-2858-8186dacb61b6}
    Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc speed up
    Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
    Map Verwijderd : C:\Users\hans22\AppData\Local\cool_mirage
    Map Verwijderd : C:\Users\hans22\AppData\Local\globalUpdate
    Map Verwijderd : C:\Users\hans22\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp
    Map Verwijderd : C:\Users\hans22\AppData\Roaming\Uniblue
    Bestand Verwijderd : C:\Users\hans22\AppData\Roaming\73awbOOTjq
    Bestand Verwijderd : C:\Users\hans22\AppData\Roaming\VRWHJ
    Bestand Verwijderd : C:\Users\hans22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PC-Mechanic.lnk

    ***** [ Geplande taken ] *****

    Taak Verwijderd : PC-Mechanic Maintenance
    Taak Verwijderd : PC-Mechanic Startup
    Taak Verwijderd : RocketTab
    Taak Verwijderd : RocketTab Update Task
    Taak Verwijderd : PC-Mechanic Subscription
    Taak Verwijderd : PrivacyDR_Start
    Taak Verwijderd : PrivacyDR_Popup
    Taak Verwijderd : 73awbOOTjq
    Taak Verwijderd : VRWHJ

    ***** [ Snelkoppelingen ] *****

    Snelkoppeling Gedesinfecteerd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\Star Wars - The Old Republic.lnk

    ***** [ Register ] *****

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\pc-mechanic
    Sleutel Verwijderd : HKLM\SOFTWARE\95407f19-eb8a-4495-b237-41c32b8b6aeb
    Sleutel Verwijderd : HKLM\SOFTWARE\d1999940-0fe2-438f-a023-ff938ab5d562
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Sleutel Verwijderd : HKCU\Software\APN PIP
    Sleutel Verwijderd : HKCU\Software\GlobalUpdate
    Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\BetterMarkIt
    Sleutel Verwijderd : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Sleutel Verwijderd : HKLM\SOFTWARE\GlobalUpdate
    Sleutel Verwijderd : HKLM\SOFTWARE\SupDp
    Sleutel Verwijderd : HKLM\SOFTWARE\Uniblue
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
    Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chrome.nl.softonic.com
    Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
    Gegevens Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
    Gegevens Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

    ***** [ Webbrowsers ] *****

    -\\ Internet Explorer v11.0.9600.17840


    -\\ Mozilla Firefox v


    -\\ Google Chrome v43.0.2357.130


    *************************

    AdwCleaner[R0].txt - [4454 bytes] - [24/06/2015 17:44:56]
    AdwCleaner[S0].txt - [4290 bytes] - [24/06/2015 17:46:08]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4349 bytes] ##########

    Comment


    • #3
      E-Peek v 1.9.9.0 ENHANCED 4 © Emphyrio/Onsia Patrick 2013-2015
      E Dev
      Run at wo 24 jun 2015 17:54
      .
      Windows 8.1 (64 bits)
      C:\WINDOWS [NTFS - Fixed]
      Default Browser: Google Chrome
      Boot mode: Normal boot
      User logged in: hans22
      .
      Java x86: n/a
      Java x64: n/a
      .
      AV : Windows Defender [Updated - Not Running]
      AS : Windows Defender [Updated - Not Running]
      FW : Windows firewall
      .
      ==================== Files and Folders history =================================

      Folders Created Last 7 days :

      24/06/2015 ##### r-h-s-d+a- C:\Users\hans22\Start Menu
      24/06/2015 ##### r-h-s-d+a- C:\Users\hans22\AppData\Roaming\E Dev
      24/06/2015 ##### r-h-s-d+a- C:\Users\hans22\AppData\Local\Google
      24/06/2015 ##### r-h-s-d+a- C:\Program Files\Microsoft Silverlight
      24/06/2015 ##### r-h-s-d+a- C:\Program Files (x86)\Microsoft Silverlight
      24/06/2015 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
      24/06/2015 ##### r-h-s-d+a- C:\AdwCleaner
      23/06/2015 ##### r-h-s-d+a- C:\Users\hans22\AppData\Local\Deployment
      23/06/2015 ##### r-h-s-d+a- C:\Users\hans22\AppData\Local\Apps
      23/06/2015 ##### r-h+s+d+a- C:\Program Files (x86)\ZyaAtanished

      Files Modified Last 7 days :

      24/06/2015 00012800 r-h-s-d-a+ C:\WINDOWS\system32\VfService.trf
      24/06/2015 00000018 r-h-s-d-a+ C:\WINDOWS\SysWOW64\log.txt
      23/06/2015 06103040 r-h-s-d-a+ C:\Program Files (x86)\GUTD6ED.tmp
      23/06/2015 00000004 r-h-s-d-a+ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
      21/06/2015 01826596 r-h-s-d-a+ C:\WINDOWS\system32\PerfStringBackup.INI
      21/06/2015 00807742 r-h-s-d-a+ C:\WINDOWS\system32\perfh013.dat
      21/06/2015 00723514 r-h-s-d-a+ C:\WINDOWS\system32\perfh009.dat
      21/06/2015 00162706 r-h-s-d-a+ C:\WINDOWS\system32\perfc013.dat
      21/06/2015 00136128 r-h-s-d-a+ C:\WINDOWS\system32\perfc009.dat

      Files Created Last 7 days :

      24/06/2015 00000000 r-h-s-d-a+ C:\Users\hans22\defogger_reenable
      23/06/2015 06103040 r-h-s-d-a+ C:\Program Files (x86)\GUTD6ED.tmp
      23/06/2015 00000004 r-h-s-d-a+ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7

      ==================== RUNNING PROCESSES =========================================

      [alg] -LOCAL SERVICE- C:\WINDOWS\System32\alg.exe - (Microsoft Corporation)
      [atieclxx] -SYSTEM- C:\WINDOWS\system32\atieclxx.exe - (AMD)
      [atiesrxx] -SYSTEM- C:\WINDOWS\system32\atiesrxx.exe - (AMD)
      [audiodg] -LOCAL SERVICE- C:\Windows\System32\audiodg.exe - (audiodg.exe)
      [BTStackServer] -hans22- C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe - (Broadcom Corporation.)
      [BTTray] -hans22- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
      [btwdins] -SYSTEM- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe - (Broadcom Corporation.)
      [CAudioFilterAgent64] -hans22- C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe - (Conexant Systems, Inc.)
      [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
      [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
      [CxAudMsg64] -SYSTEM- C:\WINDOWS\system32\CxAudMsg64.exe - (Conexant Systems Inc.)
      [dasHost] -LOCAL SERVICE- C:\WINDOWS\system32\dashost.exe - (Microsoft Corporation)
      [DiscSoftBusService] -SYSTEM- C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe - (Disc Soft Ltd)
      [dwm] -DWM-1- C:\WINDOWS\system32\dwm.exe - (Microsoft Corporation)
      [Energy Management] -hans22- C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe - (Lenovo (Beijing) Limited)
      [E-Peek 1.9.9.0] -hans22- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.exe - (E Dev)
      [ETDCtrl] -hans22- C:\Program Files\Elantech\ETDCtrl.exe - (ELAN Microelectronics Corp.)
      [ETDCtrlHelper] -hans22- C:\Program Files\Elantech\ETDCtrlHelper.exe - (ELAN Microelectronics Corp.)
      [ETDIntelligent] -hans22- C:\Program Files\Elantech\ETDIntelligent.exe - (ELAN Microelectronics Corp.)
      [explorer] -hans22- C:\WINDOWS\Explorer.EXE - (Microsoft Corporation)
      [FlashUtil_ActiveX] -hans22- C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe - (Adobe Systems Incorporated)
      [HeciServer] -SYSTEM- C:\Program Files\Intel\iCLS Client\HeciServer.exe - (Intel(R) Corporation)
      [HPSupportSolutionsFrameworkService] -SYSTEM- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe - (Hewlett-Packard Company)
      [IAStorDataMgrSvc] -SYSTEM- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe - (Intel Corporation)
      [IAStorIcon] -hans22- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe - (Intel Corporation)
      [iexplore] -hans22- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE - (Microsoft Corporation)
      [iexplore] -hans22- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE - (Microsoft Corporation)
      [iexplore] -hans22- C:\Program Files\Internet Explorer\iexplore.exe - (Microsoft Corporation)
      [igfxCUIService] -SYSTEM- C:\WINDOWS\system32\igfxCUIService.exe - (Intel Corporation)
      [igfxEM] -hans22- C:\WINDOWS\system32\igfxEM.exe - (Intel Corporation)
      [igfxHK] -hans22- C:\WINDOWS\system32\igfxHK.exe - (Intel Corporation)
      [Jhi_service] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe - (Intel Corporation)
      [LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - (Intel Corporation)
      [lsass] -SYSTEM- C:\WINDOWS\system32\lsass.exe - (Microsoft Corporation)
      [LSCNotify] -hans22- C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe - (Lenovo)
      [mDNSResponder] -SYSTEM- C:\Program Files\Bonjour\mDNSResponder.exe - (Apple Inc.)
      [msiexec] -SYSTEM- C:\WINDOWS\system32\msiexec.exe - (Microsoft Corporation)
      [NitroPDFDriverService8x64] -SYSTEM- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe - (Nitro PDF Software)
      [NLSSRV32] -SYSTEM- C:\windows\SysWOW64\NLSSRV32.EXE - (Nalpeiron Ltd.)
      [pcee4] -hans22- C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe - (Dolby Laboratories Inc.)
      [PDVD10Serv] -hans22- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe - (CyberLink Corp.)
      [PresentationFontCache] -LOCAL SERVICE- C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe - (Microsoft Corporation)
      [PWRISOVM] -hans22- C:\Program Files\PowerISO\PWRISOVM.EXE - (Power Software Ltd)
      [RTFTrack] -hans22- C:\Windows\RTFTrack.exe - (Realtek semiconductor)
      [rundll32] -hans22- C:\WINDOWS\SysWOW64\RunDll32.exe - (Microsoft Corporation)
      [SASrv] -SYSTEM- C:\WINDOWS\SysWOW64\SAsrv.exe - (Conexant Systems, Inc.)
      [SearchFilterHost] -SYSTEM- C:\WINDOWS\system32\SearchFilterHost.exe - (Microsoft Corporation)
      [SearchIndexer] -SYSTEM- C:\WINDOWS\system32\SearchIndexer.exe - (Microsoft Corporation)
      [SearchProtocolHost] -hans22- C:\WINDOWS\system32\SearchProtocolHost.exe - (Microsoft Corporation)
      [SearchProtocolHost] -SYSTEM- C:\WINDOWS\system32\SearchProtocolHost.exe - (Microsoft Corporation)
      [services] -SYSTEM- C:\Windows\System32\services.exe - (services.exe)
      [SettingSyncHost] -hans22- C:\Windows\System32\SettingSyncHost.exe - (Microsoft Corporation)
      [SkyDrive] -hans22- C:\Windows\System32\skydrive.exe - (Microsoft Corporation)
      [smss] -SYSTEM- C:\Windows\System32\smss.exe - (smss.exe)
      [spoolsv] -SYSTEM- C:\WINDOWS\System32\spoolsv.exe - (Microsoft Corporation)
      [System] -N/A- - (System)
      [taskhostex] -hans22- C:\WINDOWS\system32\taskhostex.exe - (Microsoft Corporation)
      [UNS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe - (Intel Corporation)
      [utility] -hans22- C:\Program Files (x86)\Lenovo\Energy Management\utility.exe - (Lenovo(beijing) Limited)
      [VfConnectorService] -SYSTEM- C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe - ()
      [wininit] -SYSTEM- C:\WINDOWS\system32\wininit.exe - (Microsoft Corporation)
      [winlogon] -SYSTEM- C:\WINDOWS\system32\winlogon.exe - (Microsoft Corporation)
      [WmiPrvSE] -NETWORK SERVICE- C:\WINDOWS\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
      [ZyaAtanished] -hans22- C:\Program Files (x86)\ZyaAtanished\ZyaAtanished.exe - ()
      [ZyaAtanished] -SYSTEM- C:\Program Files (x86)\ZyaAtanished\ZyaAtanished.exe - ()

      ==================== IE PAGES ==================================================

      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main
      Start Page = www.google.com
      Local Page = C:\Windows\SysWOW64\blank.htm
      Default_Page_URL = www.google.com
      Default_Search_URL = www.google.com
      Search Page = www.google.com

      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes
      DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      DisplayName = @ieframe.dll,-12512
      URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{CB341521-53F0-495A-B98D-E4C7CB5EBAE3}
      DisplayName = Bing
      URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB

      ==================== IE PAGES x64 ==============================================

      HKLM\Software\Microsoft\Internet Explorer\Main
      Start Page = www.google.com
      Local Page = C:\Windows\System32\blank.htm
      Default_Page_URL = www.google.com
      Default_Search_URL = www.google.com
      Search Page = www.google.com

      HKLM\Software\Microsoft\Internet Explorer\SearchScopes
      DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

      HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      DisplayName = @ieframe.dll,-12512
      URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

      HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CB341521-53F0-495A-B98D-E4C7CB5EBAE3}
      DisplayName = Bing
      URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB

      ==================== Auto Load =================================================

      HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
      Userinit = userinit.exe,
      Shell = explorer.exe

      ==================== Auto Load x64 =============================================

      HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
      Userinit = C:\Windows\system32\userinit.exe,
      Shell = explorer.exe

      ==================== Browsers present ==========================================

      Google Chrome
      IEXPLORE.EXE

      ==================== Google Chrome =============================================

      GC - Local State Path: C:\Users\hans22\AppData\Local\Google\Chrome\User Data\Local State

      GC - Profile: [Default] Name: Persoon 1 - Shortcut name: - Username:

      ==================== Google Chrome Profile: Default ============================

      GC - Prefpath: C:\Users\hans22\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

      GC - Homepage: n/a

      GC - Ext: [ Web Store ] version: 0.2
      Description: Ontdek fantastische apps, games, extensies en thema's voor Google Chrome.
      Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\web_store

      GC - Ext: [ Bookmark Manager ] version: 0.1
      Description: Bookmark Manager
      Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\bookmark_manager

      GC - Ext: [ Settings ] version: 0.2
      Description: Settings
      Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\settings_app

      GC - Ext: [ Feedback ] version: 1.0
      Description: User feedback extension
      Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\feedback

      GC - Ext: [ CryptoTokenExtension ] version: 0.9.22
      Description: CryptoToken Component Extension
      Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\cryptotoken

      GC - Ext: [ Cloud Print ] version: 0.1
      Description: Cloud Print
      Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\cloud_print

      GC - Ext: [ GaiaAuthExtension ] version: 0.0.1
      Description: GAIA Component Extension
      Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\gaia_auth

      GC - Ext: [ Chrome ] version: 0.1
      Description: Een snelle, eenvoudige en veilige webbrowser voor het moderne internet.
      Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\chrome_app

      GC - Ext: [ Chrome PDF Viewer ] version: 1
      Description:
      Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\pdf

      GC - Ext: [ Google Network Speech ] version: 1.0
      Description: Component extension providing speech via the Google network text-to-speech service.
      Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\network_speech_synthesis

      GC - Ext: [ Google+ Hangouts ] version: 1.0
      Description:
      Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\hangout_services

      GC - Ext: [ Google Now ] version: 1.2.0.1
      Description: Integrates Google Now into Chrome.
      Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\google_now

      ==================== Windows Host File =========================================


      ==================== BHO =======================================================

      HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
      {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
      HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Default = Skype for Business Browser Helper
      => HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InProcServer32 Default = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

      {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
      HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} Default = Microsoft SkyDrive Pro Browser Helper
      => HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\InProcServer32 Default = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

      ==================== BHO x64 ===================================================

      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
      {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
      HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Default = Skype for Business Browser Helper
      => HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InProcServer32 Default = C:\Program Files\Microsoft Office\Office15\OCHelper.dll

      {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
      HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} Default = Microsoft SkyDrive Pro Browser Helper
      => HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\InProcServer32 Default = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL

      ==================== Auto Start Programs =======================================

      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
      iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      PWRISOVM.EXE = C:\Program Files\PowerISO\PWRISOVM.EXE -startup
      RemoteControl10 = "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
      StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
      UpdateP2GShortCut = "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
      YouCam Tray = "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

      HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
      CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      DAEMON Tools Lite Automount = "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
      EADM = "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

      ==================== Auto Start Programs x64 ===================================

      HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
      cAudioFilterAgent = C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
      Energy Management = C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
      EnergyUtility = C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
      ETDCtrl = C:\Program Files\Elantech\ETDCtrl.exe
      IAStorIcon = "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
      RtsFT = RTFTrack.exe
      SmartAudio = C:\Program Files\CONEXANT\SAII\SACpl.exe /t

      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved [2 = enabled 3= disabled]
      cAudioFilterAgent = 2
      Energy Management = 2
      EnergyUtility = 2
      ETDCtrl = 2
      HotKeysCmds = 2
      IAStorIcon = 2
      IgfxTray = 2
      Persistence = 2
      PWRISOVM.EXE = 3
      RtsFT = 2
      SmartAudio = 2
      StartCCC = 3
      HP Software Update = 3
      Intel AppUp(SM) center = 2
      iTunesHelper = 3
      PWRISOVM.EXE = 2
      RemoteControl10 = 2
      Smart File Advisor = 2
      StartCCC = 3
      SunJavaUpdateSched = 2
      UpdateP2GShortCut = 2
      YouCam Tray = 3
      Bluetooth.lnk = 2
      HP Digital Imaging Monitor.lnk = 2

      HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      DAEMON Tools Lite Automount = "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
      EADM = "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

      Startup - C:\Users\hans22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
      CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
      ==================== Extra Items IE ============================================

      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

      ==================== Extra Items IE x64 ========================================

      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

      ==================== Internet Default Prefix ===================================

      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
      Default = http://

      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes
      WWW = http://

      ==================== Internet Default Prefix x64 ===============================

      HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
      Default = http://

      HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes
      WWW = http://

      ==================== Protocol Hijackers ========================================

      HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\osf
      CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1}
      => SOFTWARE\Classes\\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL # MD5 [e735e207423b5abfcebf86fe5cc0a30b]


      HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\text/xml
      CLSID = {807583E5-5146-11D5-A672-00B0D022E945}
      => SOFTWARE\Classes\\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown


      ==================== Protocol Hijackers x64 ====================================

      HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
      CLSID = {807583E5-5146-11D5-A672-00B0D022E945}
      => SOFTWARE\Classes\\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown


      ==================== ShellServiceObjectDelayLoad ===============================

      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
      WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
      => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


      ==================== ShellServiceObjectDelayLoad x64 =========================

      HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
      WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
      => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


      ==================== Extra (Torpig/ConduitSearch) ==============================

      HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
      => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\WINDOWS\system32\shell32.dll

      HKCR\Directory\shellex\CopyHookHandlers\Monitor @ Default = {7842554E-6BED-11D2-8CDB-B05550C10000}
      => HKCR\CLSID\{7842554E-6BED-11D2-8CDB-B05550C10000}\InProcServer32 @ Default = C:\Program Files\Lenovo\Bluetooth Software\btncopy.dll

      HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
      => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\WINDOWS\system32\ntshrui.dll


      ==================== DRIVERS and SERVICES ======================================

      *** Win32OwnProcess ***

      SERV - R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
      SERV - R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
      SERV - R2 - [btwdins] - Bluetooth Service - c:\program files\lenovo\bluetooth software\btwdins.exe
      SERV - R2 - [CxAudMsg] - Conexant Audio Message Service - c:\windows\system32\cxaudmsg64.exe
      SERV - R2 - [HPSupportSolutionsFrameworkService] - HP Support Solutions Framework Service - c:\program files (x86)\hp\common\hpsupportsolutionsframeworkservice.exe
      SERV - R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
      SERV - R2 - [igfxCUIService1.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe
      SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
      SERV - R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
      SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
      SERV - R2 - [nlsX86cc] - Nalpeiron Licensing Service - c:\windows\syswow64\nlssrv32.exe
      SERV - R2 - [SAService] - Conexant SmartAudio service - c:\windows\system32\sasrv.exe [x]
      SERV - R2 - [UNS] - Intel(R) Management and Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
      SERV - R2 - [VeriFaceSrv] - VeriFaceSrv - c:\program files (x86)\lenovo\lenovo veriface\vfconnectorservice.exe
      SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
      SERV - R3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
      SERV - R3 - [Disc Soft Lite Bus Service] - Disc Soft Lite Bus Service - c:\program files\daemon tools lite\discsoftbusservice.exe
      SERV - R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
      SERV - R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
      SERV - S2 - [BcmBtRSupport] - Bluetooth Driver Management Service - c:\windows\system32\btwrsupportservice.exe
      SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe [x]
      SERV - S2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
      SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
      SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
      SERV - S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
      SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
      SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe [x]
      SERV - S3 - [ICCS] - Intel(R) Integrated Clock Controller Service - Intel(R) ICCS - c:\program files (x86)\intel\intel(r) integrated clock controller service\iccproxy.exe
      SERV - S3 - [IDriverT] - InstallDriver Table Manager - c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe
      SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
      SERV - S3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe
      SERV - S3 - [LSCWinService] - LSCWinService - c:\program files\lenovo\lenovo solution center\app\lscwinservice.exe
      SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
      SERV - S3 - [Origin Client Service] - Origin Client Service - c:\program files (x86)\origin\originclientservice.exe
      SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
      SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
      SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
      SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
      SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
      SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
      SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
      SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
      SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
      SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
      SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
      SERV - S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe

      *** Win32ShareProcess ***

      SERV - R2 - [NitroDriverReadSpool8] - NitroPDFDriverCreatorReadSpool8 - c:\program files\common files\nitro\pro\8.0\nitropdfdriverservice8x64.exe
      SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
      SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
      SERV - S3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
      SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
      SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
      SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

      *** Others ***

      SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
      SERV - R2 - [ZyaAtanished] - ZyaAtanished - c:\program files (x86)\zyaatanished\zyaatanished.exe
      SERV - S2 - [WikiBrowserUpdateService] - WikiBrowserUpdateService - c:\users\hans22\appdata\local\wikiupdate.exe [x]
      SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

      *** File System Driver ***

      DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys
      DRV - R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys
      DRV - R0 - [MBAMSwissArmy] - MBAMSwissArmy - C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
      DRV - R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys
      DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys
      DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys
      DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\WINDOWS\system32\Drivers\srv.sys
      DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\WINDOWS\system32\Drivers\srv2.sys

      *** Kernel Driver ***

      DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\WINDOWS\system32\Drivers\ACPI.sys
      DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys
      DRV - R0 - [amdkmpfd] - AMD PCI Root Bus Lower Filter - C:\WINDOWS\system32\Drivers\amdkmpfd.sys
      DRV - R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys
      DRV - R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys
      DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\WINDOWS\system32\Drivers\disk.sys
      DRV - R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys
      DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\WINDOWS\system32\Drivers\fvevol.sys
      DRV - R0 - [iaStorA] - iaStorA - C:\WINDOWS\system32\Drivers\iaStorA.sys
      DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\WINDOWS\system32\Drivers\intelpep.sys
      DRV - R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys
      DRV - R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys
      DRV - R0 - [LHDmgr] - LHDmgr - C:\WINDOWS\system32\Drivers\LHDmgr.sys [x]
      DRV - R0 - [mountmgr] - Mount Point Manager - C:\WINDOWS\system32\Drivers\mountmgr.sys
      DRV - R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys
      DRV - R0 - [NDIS] - NDIS System Driver - C:\WINDOWS\system32\Drivers\NDIS.sys
      DRV - R0 - [partmgr] - Partition Manager - C:\WINDOWS\system32\Drivers\partmgr.sys
      DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\WINDOWS\system32\Drivers\pci.sys
      DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys
      DRV - R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys
      DRV - R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys
      DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\WINDOWS\system32\Drivers\spaceport.sys
      DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\WINDOWS\system32\Drivers\Tcpip.sys
      DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\WINDOWS\system32\Drivers\vdrvroot.sys
      DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\WINDOWS\system32\Drivers\volmgr.sys
      DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\WINDOWS\system32\Drivers\volmgrx.sys
      DRV - R0 - [volsnap] - Opslagvolumes - C:\WINDOWS\system32\Drivers\volsnap.sys
      DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\WINDOWS\system32\Drivers\Wdf01000.sys
      DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\WINDOWS\system32\Drivers\WFPLWFS.sys
      DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys
      DRV - R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys
      DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\WINDOWS\system32\Drivers\tdx.sys
      DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys
      DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys
      DRV - S3 - [atapi] - IDE-kanaal - C:\WINDOWS\system32\Drivers\atapi.sys

      ==================== SvcHost - White Listed ====================================

      WOW x64 - All Ok

      ==================== SvcHost x64 - White Listed ================================

      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
      BthHFSrv = ServiceDll = C:\WINDOWS\System32\BthHFSrv.dll [9307a4b743d277c499cda8e19e5687ac]

      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
      HPSLPSVC = ServiceDll = C:\Users\hans22\AppData\Local\Temp\7zS5B54\hpslpsvc64.dll [f37882f128efacefe353e0bae2766909]

      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
      Pml Driver HPZ12 = ServiceDll = C:\Windows\System32\HPZipm12.dll [ac78df349f0e4cfb8b667c0cfff83cce]

      Net Driver HPZ12 = ServiceDll = C:\Windows\System32\HPZinw12.dll [2334dc48997ba203b794df3ee70521db]

      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
      DiagTrack = ServiceDll = C:\WINDOWS\system32\diagtrack.dll [3ecb752a6963b1cbc9ad65ed89c8aced]



      ==================== SigCheck x86 Fast =========================================

      Fast Scan All ok

      ==================== SigCheck x64 Fast =========================================

      Fast Scan All ok

      ==================== Job tasks at C:\WINDOWS\Tasks =============================

      C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 1070 bytes [ 19/04/2014 22:50:02 ]

      C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 1074 bytes [ 19/04/2014 22:50:04 ]

      C:\WINDOWS\Tasks\SA.DAT 6 bytes [ 22/08/2013 16:45:54 ]


      ==================== Job tasks at C:\WINDOWS\system32\Tasks ====================

      C:\WINDOWS\system32\Tasks\AutoKMS 3758 bytes [ 25/04/2014 19:29:54 ]
      => C:\windows\AutoKMS\AutoKMS.exe

      C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2774 bytes [ 19/04/2014 7:35:25 ]
      => "C:\Program Files\CCleaner\CCleaner.exe"

      C:\WINDOWS\system32\Tasks\Dolby Selector 2996 bytes [ 16/10/2013 0:29:10 ]
      => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

      C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 3810 bytes [ 19/04/2014 22:50:02 ]
      => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

      C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 4046 bytes [ 19/04/2014 22:50:04 ]
      => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

      C:\WINDOWS\system32\Tasks\Microsoft Office 15 Sync Maintenance for HANS-hans22 Hans 4958 bytes [ 9/06/2015 19:26:04 ]
      => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe

      C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1091015126-3145330374-1353040903-1001 3598 bytes [ 20/04/2014 0:22:39 ]

      C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{E76D1489-BFBE-4F12-AFA3-8ECBE717B0D2} 3946 bytes [ 3/05/2014 17:51:29 ]
      => C:\WINDOWS\system32\msfeedssync.exe

      C:\WINDOWS\system32\Tasks\{22EFE353-A993-4A8E-855F-4223A6C0E8C5} 3202 bytes [ 21/05/2015 17:42:28 ]
      => C:\WINDOWS\system32\pcalua.exe

      C:\WINDOWS\system32\Tasks\{3894B70A-5C98-4626-A89F-3FA7B9944B69} 3632 bytes [ 25/04/2014 19:16:28 ]
      => C:\windows\system32\pcalua.exe

      C:\WINDOWS\system32\Tasks\{723F4069-F62A-44FC-8C01-14CB8E58229A} 3548 bytes [ 25/04/2014 19:23:52 ]
      => C:\windows\system32\pcalua.exe

      C:\WINDOWS\system32\Tasks\{F77799F1-34EA-4061-B03B-1CA1C698B8C2} 3196 bytes [ 12/05/2015 17:52:33 ]
      => C:\WINDOWS\system32\pcalua.exe


      ==================== Job tasks at C:\WINDOWS\SysWOW64\Tasks ====================

      There are no .job files found.

      ==================== End scanning at wo 24 jun 2015 17:54 (0 Min 25 Sec ) ======

      Comment


      • #4
        GMER 2.1.19357 - http://www.gmer.net
        Rootkit scan 2015-06-24 18:00:04
        Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000021 ST500LT012-9WS142 rev.0001LVM1 465,76GB
        Running: 3byi3xf2.exe; Driver: C:\Users\hans22\AppData\Local\Temp\uxrdipoc.sys


        ---- Threads - GMER 2.1 ----

        Thread C:\WINDOWS\system32\csrss.exe [716:728] fffff960008c62d0
        Thread C:\WINDOWS\system32\svchost.exe [720:2568] 00007ffbeaa71050
        Thread C:\Windows\System32\SettingSyncHost.exe [5088:4196] 00007ffbfa147090
        Thread C:\Windows\System32\SettingSyncHost.exe [5088:4432] 00007ffc04877470
        ---- Processes - GMER 2.1 ----

        Process C:\Program Files (x86)\ZyaAtanished\ZyaAtanished.exe (*** suspicious ***) @ C:\Program Files (x86)\ZyaAtanished\ZyaAtanished.exe [2296](2015-06-23 19:14:57) 0000000000950000
        Library C:\Program Files (x86)\ZyaAtanished\Qt5Network.dll (*** suspicious ***) @ C:\Program Files (x86)\ZyaAtanished\ZyaAtanished.exe [2296] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-06-23 19:14:57) 0000000070e50000
        Library C:\Program Files (x86)\ZyaAtanished\Qt5Core.dll (*** suspicious ***) @ C:\Program Files (x86)\ZyaAtanished\ZyaAtanished.exe [2296] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-06-23 19:14:57) 00000000709f0000
        Process C:\Program Files (x86)\ZyaAtanished\ZyaAtanished.exe (*** suspicious ***) @ C:\Program Files (x86)\ZyaAtanished\ZyaAtanished.exe [4012](2015-06-23 19:14:57) 0000000000950000
        Library C:\Program Files (x86)\ZyaAtanished\Qt5Network.dll (*** suspicious ***) @ C:\Program Files (x86)\ZyaAtanished\ZyaAtanished.exe [4012] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-06-23 19:14:57) 0000000070e50000
        Library C:\Program Files (x86)\ZyaAtanished\Qt5Core.dll (*** suspicious ***) @ C:\Program Files (x86)\ZyaAtanished\ZyaAtanished.exe [4012] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-06-23 19:14:57) 00000000709f0000
        Library c:\users\hans22\appdata\local\temp\7zs5b54\hpslpsvc64.dll (*** suspicious ***) @ C:\WINDOWS\system32\svchost.exe [5884] (HP Network Devices Support/Hewlett-Packard Co.)(2014-07-24 17:21:04) 0000000180000000
        Process C:\Users\hans22\AppData\Local\Microsoft\Windows\INetCache\IE\F4YGHVOR\3byi3xf2.exe (*** suspicious ***) @ C:\Users\hans22\AppData\Local\Microsoft\Windows\INetCache\IE\F4YGHVOR\3byi3xf2.exe [2680](2015-06-24 15:55:05) 0000000000400000

        ---- Disk sectors - GMER 2.1 ----

        Disk \Device\Harddisk0\DR0 unknown MBR code

        ---- EOF - GMER 2.1 ----

        Comment


        • #5
          Je Google Chrome is wel degelijk geinstalleerd.
          Tevens zou ik je dringend willen aanraden om een actieve Antivirus scanner te installeren.
          WindowsDefender is niet je het van het.


          Download of Update Ccleaner

          Start CCleaner op.
          • Run Ccleaner en klik in de linkse kolom op Opties
          • Selecteer het tabblad Geavanceerd
          • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
          • Selecteer het tabblad Instellingen
          • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
          • Klik in de linkse kolom op Cleaner.
          • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
          • Klik vervolgens in de linkse kolom op Register
          • Klik op Scan naar problemen.
          • Op de vraag of je een backup wil maken van het register, klik je "Ja".
          • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

          .
          Post een verse E-Peek log.
          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

          Comment


          • #6
            E-Peek v 1.9.9.0 ENHANCED 4 © Emphyrio/Onsia Patrick 2013-2015
            E Dev
            Run at wo 24 jun 2015 19:55
            .
            Windows 8.1 (64 bits)
            C:\WINDOWS [NTFS - Fixed]
            Default Browser: Google Chrome
            Boot mode: Normal boot
            User logged in: hans22
            .
            Java x86: n/a
            Java x64: n/a
            .
            AV : Windows Defender [Updated - Not Running]
            AS : Windows Defender [Updated - Not Running]
            FW : Windows firewall
            .
            ==================== Files and Folders history =================================

            Folders Created Last 7 days :

            24/06/2015 ##### r-h-s-d+a- C:\Users\hans22\Start Menu
            24/06/2015 ##### r-h-s-d+a- C:\Users\hans22\AppData\Roaming\E Dev
            24/06/2015 ##### r-h-s-d+a- C:\Users\hans22\AppData\Local\Google
            24/06/2015 ##### r-h-s-d+a- C:\Program Files\Microsoft Silverlight
            24/06/2015 ##### r-h-s-d+a- C:\Program Files (x86)\Microsoft Silverlight
            24/06/2015 ##### r-h-s-d+a- C:\Program Files (x86)\Google
            24/06/2015 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
            24/06/2015 ##### r-h-s-d+a- C:\AdwCleaner
            23/06/2015 ##### r-h-s-d+a- C:\Users\hans22\AppData\Local\Deployment
            23/06/2015 ##### r-h-s-d+a- C:\Users\hans22\AppData\Local\Apps
            23/06/2015 ##### r-h+s+d+a- C:\Program Files (x86)\ZyaAtanished

            Files Modified Last 7 days :

            24/06/2015 00012800 r-h-s-d-a+ C:\WINDOWS\system32\VfService.trf
            24/06/2015 00000018 r-h-s-d-a+ C:\WINDOWS\SysWOW64\log.txt
            23/06/2015 06103040 r-h-s-d-a+ C:\Program Files (x86)\GUTD6ED.tmp
            23/06/2015 00000004 r-h-s-d-a+ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
            21/06/2015 01826596 r-h-s-d-a+ C:\WINDOWS\system32\PerfStringBackup.INI
            21/06/2015 00807742 r-h-s-d-a+ C:\WINDOWS\system32\perfh013.dat
            21/06/2015 00723514 r-h-s-d-a+ C:\WINDOWS\system32\perfh009.dat
            21/06/2015 00162706 r-h-s-d-a+ C:\WINDOWS\system32\perfc013.dat
            21/06/2015 00136128 r-h-s-d-a+ C:\WINDOWS\system32\perfc009.dat

            Files Created Last 7 days :

            24/06/2015 00000111 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
            24/06/2015 00000000 r-h-s-d-a+ C:\Users\hans22\defogger_reenable
            23/06/2015 06103040 r-h-s-d-a+ C:\Program Files (x86)\GUTD6ED.tmp
            23/06/2015 00000004 r-h-s-d-a+ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7

            ==================== RUNNING PROCESSES =========================================

            [alg] -LOCAL SERVICE- C:\WINDOWS\System32\alg.exe - (Microsoft Corporation)
            [atieclxx] -SYSTEM- C:\WINDOWS\system32\atieclxx.exe - (AMD)
            [atiesrxx] -SYSTEM- C:\WINDOWS\system32\atiesrxx.exe - (AMD)
            [audiodg] -LOCAL SERVICE- C:\Windows\System32\audiodg.exe - (audiodg.exe)
            [BTStackServer] -hans22- C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe - (Broadcom Corporation.)
            [BTTray] -hans22- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
            [btwdins] -SYSTEM- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe - (Broadcom Corporation.)
            [CAudioFilterAgent64] -hans22- C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe - (Conexant Systems, Inc.)
            [CCleaner64] -hans22- C:\Program Files\CCleaner\CCleaner64.exe - (Piriform Ltd)
            [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
            [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
            [CxAudMsg64] -SYSTEM- C:\WINDOWS\system32\CxAudMsg64.exe - (Conexant Systems Inc.)
            [dasHost] -LOCAL SERVICE- C:\WINDOWS\system32\dashost.exe - (Microsoft Corporation)
            [DiscSoftBusService] -SYSTEM- C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe - (Disc Soft Ltd)
            [dwm] -DWM-1- C:\WINDOWS\system32\dwm.exe - (Microsoft Corporation)
            [Energy Management] -hans22- C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe - (Lenovo (Beijing) Limited)
            [E-Peek 1.9.9.0] -hans22- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.exe - (E Dev)
            [ETDCtrl] -hans22- C:\Program Files\Elantech\ETDCtrl.exe - (ELAN Microelectronics Corp.)
            [ETDCtrlHelper] -hans22- C:\Program Files\Elantech\ETDCtrlHelper.exe - (ELAN Microelectronics Corp.)
            [ETDIntelligent] -hans22- C:\Program Files\Elantech\ETDIntelligent.exe - (ELAN Microelectronics Corp.)
            [explorer] -hans22- C:\WINDOWS\Explorer.EXE - (Microsoft Corporation)
            [FlashUtil_ActiveX] -hans22- C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe - (Adobe Systems Incorporated)
            [HeciServer] -SYSTEM- C:\Program Files\Intel\iCLS Client\HeciServer.exe - (Intel(R) Corporation)
            [HPSupportSolutionsFrameworkService] -SYSTEM- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe - (Hewlett-Packard Company)
            [IAStorDataMgrSvc] -SYSTEM- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe - (Intel Corporation)
            [IAStorIcon] -hans22- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe - (Intel Corporation)
            [igfxCUIService] -SYSTEM- C:\WINDOWS\system32\igfxCUIService.exe - (Intel Corporation)
            [igfxEM] -hans22- C:\WINDOWS\system32\igfxEM.exe - (Intel Corporation)
            [igfxHK] -hans22- C:\WINDOWS\system32\igfxHK.exe - (Intel Corporation)
            [Jhi_service] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe - (Intel Corporation)
            [LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - (Intel Corporation)
            [lsass] -SYSTEM- C:\WINDOWS\system32\lsass.exe - (Microsoft Corporation)
            [LSCNotify] -hans22- C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe - (Lenovo)
            [mDNSResponder] -SYSTEM- C:\Program Files\Bonjour\mDNSResponder.exe - (Apple Inc.)
            [NitroPDFDriverService8x64] -SYSTEM- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe - (Nitro PDF Software)
            [NLSSRV32] -SYSTEM- C:\windows\SysWOW64\NLSSRV32.EXE - (Nalpeiron Ltd.)
            [pcee4] -hans22- C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe - (Dolby Laboratories Inc.)
            [PDVD10Serv] -hans22- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe - (CyberLink Corp.)
            [PresentationFontCache] -LOCAL SERVICE- C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe - (Microsoft Corporation)
            [PWRISOVM] -hans22- C:\Program Files\PowerISO\PWRISOVM.EXE - (Power Software Ltd)
            [RTFTrack] -hans22- C:\Windows\RTFTrack.exe - (Realtek semiconductor)
            [rundll32] -hans22- C:\WINDOWS\SysWOW64\RunDll32.exe - (Microsoft Corporation)
            [rundll32] -SYSTEM- C:\WINDOWS\system32\rundll32.exe - (Microsoft Corporation)
            [SASrv] -SYSTEM- C:\WINDOWS\SysWOW64\SAsrv.exe - (Conexant Systems, Inc.)
            [SearchFilterHost] -SYSTEM- C:\WINDOWS\system32\SearchFilterHost.exe - (Microsoft Corporation)
            [SearchIndexer] -SYSTEM- C:\WINDOWS\system32\SearchIndexer.exe - (Microsoft Corporation)
            [SearchProtocolHost] -hans22- C:\WINDOWS\system32\SearchProtocolHost.exe - (Microsoft Corporation)
            [SearchProtocolHost] -SYSTEM- C:\WINDOWS\system32\SearchProtocolHost.exe - (Microsoft Corporation)
            [services] -SYSTEM- C:\Windows\System32\services.exe - (services.exe)
            [SettingSyncHost] -hans22- C:\Windows\System32\SettingSyncHost.exe - (Microsoft Corporation)
            [SkyDrive] -hans22- C:\Windows\System32\skydrive.exe - (Microsoft Corporation)
            [smss] -SYSTEM- C:\Windows\System32\smss.exe - (smss.exe)
            [spoolsv] -SYSTEM- C:\WINDOWS\System32\spoolsv.exe - (Microsoft Corporation)
            [System] -N/A- - (System)
            [taskhostex] -hans22- C:\WINDOWS\system32\taskhostex.exe - (Microsoft Corporation)
            [UNS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe - (Intel Corporation)
            [utility] -hans22- C:\Program Files (x86)\Lenovo\Energy Management\utility.exe - (Lenovo(beijing) Limited)
            [VfConnectorService] -SYSTEM- C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe - ()
            [wininit] -SYSTEM- C:\WINDOWS\system32\wininit.exe - (Microsoft Corporation)
            [winlogon] -SYSTEM- C:\WINDOWS\system32\winlogon.exe - (Microsoft Corporation)
            [WmiPrvSE] -NETWORK SERVICE- C:\WINDOWS\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
            [ZyaAtanished] -hans22- C:\Program Files (x86)\ZyaAtanished\ZyaAtanished.exe - ()
            [ZyaAtanished] -SYSTEM- C:\Program Files (x86)\ZyaAtanished\ZyaAtanished.exe - ()

            ==================== IE PAGES ==================================================

            HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main
            Start Page = www.google.com
            Local Page = C:\Windows\SysWOW64\blank.htm
            Default_Page_URL = www.google.com
            Default_Search_URL = www.google.com
            Search Page = www.google.com

            HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes
            DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

            HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
            DisplayName = @ieframe.dll,-12512
            URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

            HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{CB341521-53F0-495A-B98D-E4C7CB5EBAE3}
            DisplayName = Bing
            URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB

            ==================== IE PAGES x64 ==============================================

            HKLM\Software\Microsoft\Internet Explorer\Main
            Start Page = www.google.com
            Local Page = C:\Windows\System32\blank.htm
            Default_Page_URL = www.google.com
            Default_Search_URL = www.google.com
            Search Page = www.google.com

            HKLM\Software\Microsoft\Internet Explorer\SearchScopes
            DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

            HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
            DisplayName = @ieframe.dll,-12512
            URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

            HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CB341521-53F0-495A-B98D-E4C7CB5EBAE3}
            DisplayName = Bing
            URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB

            ==================== Auto Load =================================================

            HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
            Userinit = userinit.exe,
            Shell = explorer.exe

            ==================== Auto Load x64 =============================================

            HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
            Userinit = C:\Windows\system32\userinit.exe,
            Shell = explorer.exe

            ==================== Browsers present ==========================================

            Google Chrome
            IEXPLORE.EXE

            ==================== Google Chrome =============================================

            GC - Local State Path: C:\Users\hans22\AppData\Local\Google\Chrome\User Data\Local State

            GC - Profile: [Default] Name: Persoon 1 - Shortcut name: - Username:

            ==================== Google Chrome Profile: Default ============================

            GC - Prefpath: C:\Users\hans22\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

            GC - Homepage: n/a

            GC - Ext: [ Web Store ] version: 0.2
            Description: Ontdek fantastische apps, games, extensies en thema's voor Google Chrome.
            Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\web_store

            GC - Ext: [ Bookmark Manager ] version: 0.1
            Description: Bookmark Manager
            Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\bookmark_manager

            GC - Ext: [ Settings ] version: 0.2
            Description: Settings
            Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\settings_app

            GC - Ext: [ Feedback ] version: 1.0
            Description: User feedback extension
            Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\feedback

            GC - Ext: [ CryptoTokenExtension ] version: 0.9.22
            Description: CryptoToken Component Extension
            Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\cryptotoken

            GC - Ext: [ Cloud Print ] version: 0.1
            Description: Cloud Print
            Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\cloud_print

            GC - Ext: [ GaiaAuthExtension ] version: 0.0.1
            Description: GAIA Component Extension
            Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\gaia_auth

            GC - Ext: [ Chrome ] version: 0.1
            Description: Een snelle, eenvoudige en veilige webbrowser voor het moderne internet.
            Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\chrome_app

            GC - Ext: [ Chrome PDF Viewer ] version: 1
            Description:
            Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\pdf

            GC - Ext: [ Google Network Speech ] version: 1.0
            Description: Component extension providing speech via the Google network text-to-speech service.
            Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\network_speech_synthesis

            GC - Ext: [ Google+ Hangouts ] version: 1.0
            Description:
            Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\hangout_services

            GC - Ext: [ Google Now ] version: 1.2.0.1
            Description: Integrates Google Now into Chrome.
            Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\google_now

            ==================== Windows Host File =========================================


            ==================== BHO =======================================================

            HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
            {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
            HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Default = Skype for Business Browser Helper
            => HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InProcServer32 Default = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

            {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
            HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} Default = Microsoft SkyDrive Pro Browser Helper
            => HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\InProcServer32 Default = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

            ==================== BHO x64 ===================================================

            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
            {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
            HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Default = Skype for Business Browser Helper
            => HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InProcServer32 Default = C:\Program Files\Microsoft Office\Office15\OCHelper.dll

            {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
            HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} Default = Microsoft SkyDrive Pro Browser Helper
            => HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\InProcServer32 Default = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL

            ==================== Auto Start Programs =======================================

            HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
            iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
            PWRISOVM.EXE = C:\Program Files\PowerISO\PWRISOVM.EXE -startup
            RemoteControl10 = "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
            StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
            UpdateP2GShortCut = "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
            YouCam Tray = "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

            HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
            CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
            DAEMON Tools Lite Automount = "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
            EADM = "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

            ==================== Auto Start Programs x64 ===================================

            HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
            cAudioFilterAgent = C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
            Energy Management = C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
            EnergyUtility = C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
            ETDCtrl = C:\Program Files\Elantech\ETDCtrl.exe
            IAStorIcon = "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
            RtsFT = RTFTrack.exe
            SmartAudio = C:\Program Files\CONEXANT\SAII\SACpl.exe /t

            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved [2 = enabled 3= disabled]
            cAudioFilterAgent = 2
            Energy Management = 2
            EnergyUtility = 2
            ETDCtrl = 2
            HotKeysCmds = 2
            IAStorIcon = 2
            IgfxTray = 2
            Persistence = 2
            PWRISOVM.EXE = 3
            RtsFT = 2
            SmartAudio = 2
            StartCCC = 3
            HP Software Update = 3
            Intel AppUp(SM) center = 2
            iTunesHelper = 3
            PWRISOVM.EXE = 2
            RemoteControl10 = 2
            Smart File Advisor = 2
            StartCCC = 3
            SunJavaUpdateSched = 2
            UpdateP2GShortCut = 2
            YouCam Tray = 3
            Bluetooth.lnk = 2
            HP Digital Imaging Monitor.lnk = 2

            HKCU\Software\Microsoft\Windows\CurrentVersion\Run
            CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
            DAEMON Tools Lite Automount = "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
            EADM = "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

            Startup - C:\Users\hans22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
            CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
            ==================== Extra Items IE ============================================

            HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
            HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
            HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
            HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
            HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
            HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
            HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

            ==================== Extra Items IE x64 ========================================

            HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
            HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
            HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
            HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
            HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
            HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
            HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

            ==================== Internet Default Prefix ===================================

            HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
            Default = http://

            HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes
            WWW = http://

            ==================== Internet Default Prefix x64 ===============================

            HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
            Default = http://

            HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes
            WWW = http://

            ==================== Protocol Hijackers ========================================

            HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\osf
            CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1}
            => SOFTWARE\Classes\\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL # MD5 [e735e207423b5abfcebf86fe5cc0a30b]


            HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\text/xml
            CLSID = {807583E5-5146-11D5-A672-00B0D022E945}
            => SOFTWARE\Classes\\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown


            ==================== Protocol Hijackers x64 ====================================

            HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
            CLSID = {807583E5-5146-11D5-A672-00B0D022E945}
            => SOFTWARE\Classes\\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown


            ==================== ShellServiceObjectDelayLoad ===============================

            HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
            WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
            => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


            ==================== ShellServiceObjectDelayLoad x64 =========================

            HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
            WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
            => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


            ==================== Extra (Torpig/ConduitSearch) ==============================

            HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
            => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\WINDOWS\system32\shell32.dll

            HKCR\Directory\shellex\CopyHookHandlers\Monitor @ Default = {7842554E-6BED-11D2-8CDB-B05550C10000}
            => HKCR\CLSID\{7842554E-6BED-11D2-8CDB-B05550C10000}\InProcServer32 @ Default = C:\Program Files\Lenovo\Bluetooth Software\btncopy.dll

            HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
            => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\WINDOWS\system32\ntshrui.dll


            ==================== DRIVERS and SERVICES ======================================

            *** Win32OwnProcess ***

            SERV - R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
            SERV - R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
            SERV - R2 - [btwdins] - Bluetooth Service - c:\program files\lenovo\bluetooth software\btwdins.exe
            SERV - R2 - [CxAudMsg] - Conexant Audio Message Service - c:\windows\system32\cxaudmsg64.exe
            SERV - R2 - [HPSupportSolutionsFrameworkService] - HP Support Solutions Framework Service - c:\program files (x86)\hp\common\hpsupportsolutionsframeworkservice.exe
            SERV - R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
            SERV - R2 - [igfxCUIService1.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe
            SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
            SERV - R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
            SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
            SERV - R2 - [nlsX86cc] - Nalpeiron Licensing Service - c:\windows\syswow64\nlssrv32.exe
            SERV - R2 - [SAService] - Conexant SmartAudio service - c:\windows\system32\sasrv.exe [x]
            SERV - R2 - [UNS] - Intel(R) Management and Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
            SERV - R2 - [VeriFaceSrv] - VeriFaceSrv - c:\program files (x86)\lenovo\lenovo veriface\vfconnectorservice.exe
            SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
            SERV - R3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
            SERV - R3 - [Disc Soft Lite Bus Service] - Disc Soft Lite Bus Service - c:\program files\daemon tools lite\discsoftbusservice.exe
            SERV - R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
            SERV - S2 - [BcmBtRSupport] - Bluetooth Driver Management Service - c:\windows\system32\btwrsupportservice.exe
            SERV - S2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
            SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
            SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
            SERV - S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
            SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
            SERV - S3 - [ICCS] - Intel(R) Integrated Clock Controller Service - Intel(R) ICCS - c:\program files (x86)\intel\intel(r) integrated clock controller service\iccproxy.exe
            SERV - S3 - [IDriverT] - InstallDriver Table Manager - c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe
            SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
            SERV - S3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe
            SERV - S3 - [LSCWinService] - LSCWinService - c:\program files\lenovo\lenovo solution center\app\lscwinservice.exe
            SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
            SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
            SERV - S3 - [Origin Client Service] - Origin Client Service - c:\program files (x86)\origin\originclientservice.exe
            SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
            SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
            SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
            SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
            SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
            SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
            SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
            SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
            SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
            SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
            SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
            SERV - S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
            SERV - Sx - [gupdate] - Google Update-service (gupdate) - C:\WINDOWS\system32\sysWOW64\Drivers\gupdate.sys [x]
            SERV - Sx - [gupdatem] - Google Update-service (gupdatem) - C:\WINDOWS\system32\sysWOW64\Drivers\gupdatem.sys [x]

            *** Win32ShareProcess ***

            SERV - R2 - [NitroDriverReadSpool8] - NitroPDFDriverCreatorReadSpool8 - c:\program files\common files\nitro\pro\8.0\nitropdfdriverservice8x64.exe
            SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
            SERV - R3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
            SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
            SERV - S3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
            SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
            SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

            *** Others ***

            SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
            SERV - R2 - [ZyaAtanished] - ZyaAtanished - c:\program files (x86)\zyaatanished\zyaatanished.exe
            SERV - S2 - [WikiBrowserUpdateService] - WikiBrowserUpdateService - c:\users\hans22\appdata\local\wikiupdate.exe [x]
            SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

            *** File System Driver ***

            DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys
            DRV - R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys
            DRV - R0 - [MBAMSwissArmy] - MBAMSwissArmy - C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
            DRV - R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys
            DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys
            DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys
            DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\WINDOWS\system32\Drivers\srv.sys
            DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\WINDOWS\system32\Drivers\srv2.sys

            *** Kernel Driver ***

            DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\WINDOWS\system32\Drivers\ACPI.sys
            DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys
            DRV - R0 - [amdkmpfd] - AMD PCI Root Bus Lower Filter - C:\WINDOWS\system32\Drivers\amdkmpfd.sys
            DRV - R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys
            DRV - R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys
            DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\WINDOWS\system32\Drivers\disk.sys
            DRV - R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys
            DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\WINDOWS\system32\Drivers\fvevol.sys
            DRV - R0 - [iaStorA] - iaStorA - C:\WINDOWS\system32\Drivers\iaStorA.sys
            DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\WINDOWS\system32\Drivers\intelpep.sys
            DRV - R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys
            DRV - R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys
            DRV - R0 - [LHDmgr] - LHDmgr - C:\WINDOWS\system32\Drivers\LHDmgr.sys [x]
            DRV - R0 - [mountmgr] - Mount Point Manager - C:\WINDOWS\system32\Drivers\mountmgr.sys
            DRV - R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys
            DRV - R0 - [NDIS] - NDIS System Driver - C:\WINDOWS\system32\Drivers\NDIS.sys
            DRV - R0 - [partmgr] - Partition Manager - C:\WINDOWS\system32\Drivers\partmgr.sys
            DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\WINDOWS\system32\Drivers\pci.sys
            DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys
            DRV - R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys
            DRV - R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys
            DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\WINDOWS\system32\Drivers\spaceport.sys
            DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\WINDOWS\system32\Drivers\Tcpip.sys
            DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\WINDOWS\system32\Drivers\vdrvroot.sys
            DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\WINDOWS\system32\Drivers\volmgr.sys
            DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\WINDOWS\system32\Drivers\volmgrx.sys
            DRV - R0 - [volsnap] - Opslagvolumes - C:\WINDOWS\system32\Drivers\volsnap.sys
            DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\WINDOWS\system32\Drivers\Wdf01000.sys
            DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\WINDOWS\system32\Drivers\WFPLWFS.sys
            DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys
            DRV - R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys
            DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\WINDOWS\system32\Drivers\tdx.sys
            DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys
            DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys
            DRV - S3 - [atapi] - IDE-kanaal - C:\WINDOWS\system32\Drivers\atapi.sys

            ==================== SvcHost - White Listed ====================================

            WOW x64 - All Ok

            ==================== SvcHost x64 - White Listed ================================

            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
            BthHFSrv = ServiceDll = C:\WINDOWS\System32\BthHFSrv.dll [9307a4b743d277c499cda8e19e5687ac]

            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
            HPSLPSVC = ServiceDll = C:\Users\hans22\AppData\Local\Temp\7zS5B54\hpslpsvc64.dll [f37882f128efacefe353e0bae2766909]

            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
            Pml Driver HPZ12 = ServiceDll = C:\Windows\System32\HPZipm12.dll [ac78df349f0e4cfb8b667c0cfff83cce]

            Net Driver HPZ12 = ServiceDll = C:\Windows\System32\HPZinw12.dll [2334dc48997ba203b794df3ee70521db]

            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
            DiagTrack = ServiceDll = C:\WINDOWS\system32\diagtrack.dll [3ecb752a6963b1cbc9ad65ed89c8aced]



            ==================== SigCheck x86 Fast =========================================

            Fast Scan All ok

            ==================== SigCheck x64 Fast =========================================

            Fast Scan All ok

            ==================== Job tasks at C:\WINDOWS\Tasks =============================

            C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 1070 bytes [ 19/04/2014 22:50:02 ]

            C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 1074 bytes [ 19/04/2014 22:50:04 ]

            C:\WINDOWS\Tasks\SA.DAT 6 bytes [ 22/08/2013 16:45:54 ]


            ==================== Job tasks at C:\WINDOWS\system32\Tasks ====================

            C:\WINDOWS\system32\Tasks\AutoKMS 3758 bytes [ 25/04/2014 19:29:54 ]
            => C:\windows\AutoKMS\AutoKMS.exe

            C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2774 bytes [ 19/04/2014 7:35:25 ]
            => "C:\Program Files\CCleaner\CCleaner.exe"

            C:\WINDOWS\system32\Tasks\Dolby Selector 2996 bytes [ 16/10/2013 0:29:10 ]
            => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

            C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 3810 bytes [ 19/04/2014 22:50:02 ]
            => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

            C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 4046 bytes [ 19/04/2014 22:50:04 ]
            => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

            C:\WINDOWS\system32\Tasks\Microsoft Office 15 Sync Maintenance for HANS-hans22 Hans 4958 bytes [ 9/06/2015 19:26:04 ]
            => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe

            C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1091015126-3145330374-1353040903-1001 3600 bytes [ 20/04/2014 0:22:39 ]

            C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{E76D1489-BFBE-4F12-AFA3-8ECBE717B0D2} 3946 bytes [ 3/05/2014 17:51:29 ]
            => C:\WINDOWS\system32\msfeedssync.exe

            C:\WINDOWS\system32\Tasks\{22EFE353-A993-4A8E-855F-4223A6C0E8C5} 3202 bytes [ 21/05/2015 17:42:28 ]
            => C:\WINDOWS\system32\pcalua.exe

            C:\WINDOWS\system32\Tasks\{3894B70A-5C98-4626-A89F-3FA7B9944B69} 3632 bytes [ 25/04/2014 19:16:28 ]
            => C:\windows\system32\pcalua.exe

            C:\WINDOWS\system32\Tasks\{723F4069-F62A-44FC-8C01-14CB8E58229A} 3548 bytes [ 25/04/2014 19:23:52 ]
            => C:\windows\system32\pcalua.exe

            C:\WINDOWS\system32\Tasks\{F77799F1-34EA-4061-B03B-1CA1C698B8C2} 3196 bytes [ 12/05/2015 17:52:33 ]
            => C:\WINDOWS\system32\pcalua.exe


            ==================== Job tasks at C:\WINDOWS\SysWOW64\Tasks ====================

            There are no .job files found.

            ==================== End scanning at wo 24 jun 2015 19:55 (0 Min 8 Sec ) =======

            Comment


            • #7
              Oorspronkelijk geplaatst door Emphyrio Bekijk Berichten
              Tevens zou ik je dringend willen aanraden om een actieve Antivirus scanner te installeren.
              WindowsDefender is niet je het van het.



              Geef je verborgen bestanden en mappen weer.

              Ga naar Virus Total en upload de volgende file:

              C:\Program Files (x86)\GUTD6ED.tmp

              Druk op verzenden en wacht tot de resultaten verschijnen.
              Indien het bestand reeds gescant is, laat je deze heranalyseren.(Je klikt dan op Re Analyse)

              Uit het rapport, koppieer je het volgende:

              KLIK HIER voor een vergroting! 
              .
              Plaats ook even de link naar dat rapport.
              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

              Comment


              • #8
                SHA256: 5b36d7e17f60df5af1078ea66e8ae2ad7bdcd348d0b91a2ad2aaacca8ddb8bc7
                Bestandsnaam: GUTD6ED.tmp
                Detectieverhouding: 1 / 55
                Datum van analyse: 2015-06-24 22:16:14 UTC (1 minuut geleden)

                link: https://www.virustotal.com/nl/file/5...is/1435184174/

                Comment


                • #9
                  Zijn er nog problemen?
                  Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                  E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                  Comment


                  • #10
                    Ja de pop ups zijn persistent, vooral als ik op links klik die mij doorverwijzen naar een andere pagina, enfin ik zit nu wel in explorer en zou graag naar Chrome overschakelen maar ik geloof dat die installatie nog altijd een foutmelding geeft..

                    Comment


                    • #11
                      1. Verwijder Chrome volledig van je pc.
                      2. Laat Ccleaner runnen.
                      3. Installeer een actieve AntiVirus.

                      .
                      Als je dat hebt gedaan, post je een verse E-peek log.
                      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                      Comment


                      • #12
                        Ok, nu lukt de installatie van Chrome wel, maar ook daar vele pop ups..


                        E-Peek v 1.9.9.0 ENHANCED 4 © Emphyrio/Onsia Patrick 2013-2015
                        E Dev
                        Run at do 25 jun 2015 00:47
                        .
                        Windows 8.1 (64 bits)
                        C:\WINDOWS [NTFS - Fixed]
                        Default Browser: Google Chrome
                        Boot mode: Normal boot
                        User logged in: hans22
                        .
                        Java x86: n/a
                        Java x64: n/a
                        .
                        AV : Windows Defender [Updated - Not Running]
                        AV : Bitdefender Antivirus Free Edition [Updated - Running]
                        AS : Windows Defender [Updated - Not Running]
                        AS : Bitdefender Antivirus Free Edition [Updated - Running]
                        FW : Windows firewall
                        .
                        ==================== Files and Folders history =================================

                        Folders Created Last 7 days :

                        25/06/2015 ##### r-h-s-d+a- C:\Program Files (x86)\Google
                        24/06/2015 ##### r-h-s-d+a- C:\Users\hans22\Start Menu
                        24/06/2015 ##### r-h-s-d+a- C:\Users\hans22\AppData\Roaming\QuickScan
                        24/06/2015 ##### r-h-s-d+a- C:\Users\hans22\AppData\Roaming\E Dev
                        24/06/2015 ##### r-h-s-d+a- C:\Users\hans22\AppData\Local\Google
                        24/06/2015 ##### r-h-s-d+a- C:\ProgramData\Bitdefender
                        24/06/2015 ##### r-h-s-d+a- C:\Program Files\Microsoft Silverlight
                        24/06/2015 ##### r-h-s-d+a- C:\Program Files\Bitdefender
                        24/06/2015 ##### r-h-s-d+a- C:\Program Files (x86)\Microsoft Silverlight
                        24/06/2015 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
                        24/06/2015 ##### r-h-s-d+a- C:\AdwCleaner
                        23/06/2015 ##### r-h-s-d+a- C:\Users\hans22\AppData\Local\Deployment
                        23/06/2015 ##### r-h-s-d+a- C:\Users\hans22\AppData\Local\Apps
                        23/06/2015 ##### r-h+s+d+a- C:\Program Files (x86)\ZyaAtanished

                        Files Modified Last 7 days :

                        24/06/2015 00012800 r-h-s-d-a+ C:\WINDOWS\system32\VfService.trf
                        24/06/2015 00000018 r-h-s-d-a+ C:\WINDOWS\SysWOW64\log.txt
                        23/06/2015 06103040 r-h-s-d-a+ C:\Program Files (x86)\GUTD6ED.tmp
                        23/06/2015 00000004 r-h-s-d-a+ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
                        21/06/2015 01826596 r-h-s-d-a+ C:\WINDOWS\system32\PerfStringBackup.INI
                        21/06/2015 00807742 r-h-s-d-a+ C:\WINDOWS\system32\perfh013.dat
                        21/06/2015 00723514 r-h-s-d-a+ C:\WINDOWS\system32\perfh009.dat
                        21/06/2015 00162706 r-h-s-d-a+ C:\WINDOWS\system32\perfc013.dat
                        21/06/2015 00136128 r-h-s-d-a+ C:\WINDOWS\system32\perfc009.dat

                        Files Created Last 7 days :

                        25/06/2015 00174073 r-h-s-d-a+ C:\ProgramData\1435185333.bdinstall.bin
                        25/06/2015 00042419 r-h-s-d-a+ C:\ProgramData\1435185313.4912.bin
                        25/06/2015 00002059 r-h-s-d-a+ C:\ProgramData\1435185313.2788.bin
                        25/06/2015 00000497 r-h-s-d-a+ C:\ProgramData\1435185313.4852.bin
                        24/06/2015 00049872 r-h-s-d-a+ C:\ProgramData\1435170480.bdinstall.bin
                        24/06/2015 00047484 r-h-s-d-a+ C:\ProgramData\1435170396.5200.bin
                        24/06/2015 00047462 r-h-s-d-a+ C:\ProgramData\1435170190.2220.bin
                        24/06/2015 00042419 r-h-s-d-a+ C:\ProgramData\1435170374.3320.bin
                        24/06/2015 00020194 r-h-s-d-a+ C:\ProgramData\1435170190.6240.bin
                        24/06/2015 00013538 r-h-s-d-a+ C:\ProgramData\1435170190.2824.bin
                        24/06/2015 00012926 r-h-s-d-a+ C:\ProgramData\1435170396.2696.bin
                        24/06/2015 00009129 r-h-s-d-a+ C:\ProgramData\1435170396.6924.bin
                        24/06/2015 00009129 r-h-s-d-a+ C:\ProgramData\1435170190.5868.bin
                        24/06/2015 00007100 r-h-s-d-a+ C:\ProgramData\1435170396.3220.bin
                        24/06/2015 00005882 r-h-s-d-a+ C:\ProgramData\1435170190.6288.bin
                        24/06/2015 00005855 r-h-s-d-a+ C:\ProgramData\1435170396.6932.bin
                        24/06/2015 00004422 r-h-s-d-a+ C:\ProgramData\1435170396.3688.bin
                        24/06/2015 00004422 r-h-s-d-a+ C:\ProgramData\1435170190.4568.bin
                        24/06/2015 00002120 r-h-s-d-a+ C:\ProgramData\1435170396.3356.bin
                        24/06/2015 00002120 r-h-s-d-a+ C:\ProgramData\1435170190.6560.bin
                        24/06/2015 00002059 r-h-s-d-a+ C:\ProgramData\1435170374.5224.bin
                        24/06/2015 00000497 r-h-s-d-a+ C:\ProgramData\1435170374.1100.bin
                        24/06/2015 00000111 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
                        24/06/2015 00000000 r-h-s-d-a+ C:\Users\hans22\defogger_reenable
                        23/06/2015 06103040 r-h-s-d-a+ C:\Program Files (x86)\GUTD6ED.tmp
                        23/06/2015 00000004 r-h-s-d-a+ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7

                        ==================== RUNNING PROCESSES =========================================

                        [alg] -LOCAL SERVICE- C:\WINDOWS\System32\alg.exe - (Microsoft Corporation)
                        [atieclxx] -SYSTEM- C:\WINDOWS\system32\atieclxx.exe - (AMD)
                        [atiesrxx] -SYSTEM- C:\WINDOWS\system32\atiesrxx.exe - (AMD)
                        [audiodg] -LOCAL SERVICE- C:\Windows\System32\audiodg.exe - (audiodg.exe)
                        [BTStackServer] -hans22- C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe - (Broadcom Corporation.)
                        [BTTray] -hans22- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
                        [btwdins] -SYSTEM- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe - (Broadcom Corporation.)
                        [CAudioFilterAgent64] -hans22- C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe - (Conexant Systems, Inc.)
                        [CCleaner64] -hans22- C:\Program Files\CCleaner\CCleaner64.exe - (Piriform Ltd)
                        [chrome] -hans22- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
                        [chrome] -hans22- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
                        [chrome] -hans22- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
                        [chrome] -hans22- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
                        [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
                        [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
                        [CxAudMsg64] -SYSTEM- C:\WINDOWS\system32\CxAudMsg64.exe - (Conexant Systems Inc.)
                        [dasHost] -LOCAL SERVICE- C:\WINDOWS\system32\dashost.exe - (Microsoft Corporation)
                        [dfsvc] -hans22- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe - (Microsoft Corporation)
                        [DiscSoftBusService] -SYSTEM- C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe - (Disc Soft Ltd)
                        [dwm] -DWM-1- C:\WINDOWS\system32\dwm.exe - (Microsoft Corporation)
                        [Energy Management] -hans22- C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe - (Lenovo (Beijing) Limited)
                        [E-Peek 1.9.9.0] -hans22- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.exe - (E Dev)
                        [ETDCtrl] -hans22- C:\Program Files\Elantech\ETDCtrl.exe - (ELAN Microelectronics Corp.)
                        [ETDCtrlHelper] -hans22- C:\Program Files\Elantech\ETDCtrlHelper.exe - (ELAN Microelectronics Corp.)
                        [ETDIntelligent] -hans22- C:\Program Files\Elantech\ETDIntelligent.exe - (ELAN Microelectronics Corp.)
                        [explorer] -hans22- C:\WINDOWS\Explorer.EXE - (Microsoft Corporation)
                        [FlashUtil_ActiveX] -hans22- C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe - (Adobe Systems Incorporated)
                        [GoogleUpdate] -SYSTEM- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - (Google Inc.)
                        [gziface] -hans22- C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe - (Bitdefender)
                        [gzserv] -SYSTEM- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe - (Bitdefender)
                        [HeciServer] -SYSTEM- C:\Program Files\Intel\iCLS Client\HeciServer.exe - (Intel(R) Corporation)
                        [HPSupportSolutionsFrameworkService] -SYSTEM- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe - (Hewlett-Packard Company)
                        [IAStorDataMgrSvc] -SYSTEM- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe - (Intel Corporation)
                        [IAStorIcon] -hans22- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe - (Intel Corporation)
                        [iexplore] -hans22- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE - (Microsoft Corporation)
                        [iexplore] -hans22- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE - (Microsoft Corporation)
                        [iexplore] -hans22- C:\Program Files\Internet Explorer\iexplore.exe - (Microsoft Corporation)
                        [iexplore] -hans22- C:\Program Files\Internet Explorer\iexplore.exe - (Microsoft Corporation)
                        [igfxCUIService] -SYSTEM- C:\WINDOWS\system32\igfxCUIService.exe - (Intel Corporation)
                        [igfxEM] -hans22- C:\WINDOWS\system32\igfxEM.exe - (Intel Corporation)
                        [igfxHK] -hans22- C:\WINDOWS\system32\igfxHK.exe - (Intel Corporation)
                        [Jhi_service] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe - (Intel Corporation)
                        [livecomm] -hans22- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.ex e - (Microsoft Corporation)
                        [LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - (Intel Corporation)
                        [lsass] -SYSTEM- C:\WINDOWS\system32\lsass.exe - (Microsoft Corporation)
                        [mDNSResponder] -SYSTEM- C:\Program Files\Bonjour\mDNSResponder.exe - (Apple Inc.)
                        [msiexec] -SYSTEM- C:\WINDOWS\system32\msiexec.exe - (Microsoft Corporation)
                        [NitroPDFDriverService8x64] -SYSTEM- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe - (Nitro PDF Software)
                        [NLSSRV32] -SYSTEM- C:\windows\SysWOW64\NLSSRV32.EXE - (Nalpeiron Ltd.)
                        [pcee4] -hans22- C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe - (Dolby Laboratories Inc.)
                        [pdscan] -SYSTEM- C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe - (Bitdefender)
                        [PDVD10Serv] -hans22- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe - (CyberLink Corp.)
                        [PresentationFontCache] -LOCAL SERVICE- C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe - (Microsoft Corporation)
                        [PWRISOVM] -hans22- C:\Program Files\PowerISO\PWRISOVM.EXE - (Power Software Ltd)
                        [RTFTrack] -hans22- C:\Windows\RTFTrack.exe - (Realtek semiconductor)
                        [rundll32] -hans22- C:\WINDOWS\SysWOW64\RunDll32.exe - (Microsoft Corporation)
                        [rundll32] -SYSTEM- C:\WINDOWS\system32\rundll32.exe - (Microsoft Corporation)
                        [RuntimeBroker] -hans22- C:\Windows\System32\RuntimeBroker.exe - (Microsoft Corporation)
                        [SASrv] -SYSTEM- C:\WINDOWS\SysWOW64\SAsrv.exe - (Conexant Systems, Inc.)
                        [SearchIndexer] -SYSTEM- C:\WINDOWS\system32\SearchIndexer.exe - (Microsoft Corporation)
                        [services] -SYSTEM- C:\Windows\System32\services.exe - (services.exe)
                        [SettingSyncHost] -hans22- C:\Windows\System32\SettingSyncHost.exe - (Microsoft Corporation)
                        [SkyDrive] -hans22- C:\Windows\System32\skydrive.exe - (Microsoft Corporation)
                        [smss] -SYSTEM- C:\Windows\System32\smss.exe - (smss.exe)
                        [spoolsv] -SYSTEM- C:\WINDOWS\System32\spoolsv.exe - (Microsoft Corporation)
                        [System] -N/A- - (System)
                        [taskeng] -SYSTEM- C:\WINDOWS\system32\taskeng.exe - (Microsoft Corporation)
                        [taskhost] -hans22- C:\WINDOWS\system32\taskhost.exe - (Microsoft Corporation)
                        [taskhostex] -hans22- C:\WINDOWS\system32\taskhostex.exe - (Microsoft Corporation)
                        [UNS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe - (Intel Corporation)
                        [unsecapp] -SYSTEM- C:\WINDOWS\system32\wbem\unsecapp.exe - (Microsoft Corporation)
                        [utility] -hans22- C:\Program Files (x86)\Lenovo\Energy Management\utility.exe - (Lenovo(beijing) Limited)
                        [VfConnectorService] -SYSTEM- C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe - ()
                        [wininit] -SYSTEM- C:\WINDOWS\system32\wininit.exe - (Microsoft Corporation)
                        [winlogon] -SYSTEM- C:\WINDOWS\system32\winlogon.exe - (Microsoft Corporation)
                        [WmiPrvSE] -NETWORK SERVICE- C:\WINDOWS\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
                        [ZyaAtanished] -hans22- C:\Program Files (x86)\ZyaAtanished\ZyaAtanished.exe - ()
                        [ZyaAtanished] -SYSTEM- C:\Program Files (x86)\ZyaAtanished\ZyaAtanished.exe - ()

                        ==================== IE PAGES ==================================================

                        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main
                        Start Page = www.google.com
                        Local Page = C:\Windows\SysWOW64\blank.htm
                        Default_Page_URL = www.google.com
                        Default_Search_URL = www.google.com
                        Search Page = www.google.com

                        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes
                        DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

                        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                        DisplayName = @ieframe.dll,-12512
                        URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

                        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{CB341521-53F0-495A-B98D-E4C7CB5EBAE3}
                        DisplayName = Bing
                        URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB

                        ==================== IE PAGES x64 ==============================================

                        HKLM\Software\Microsoft\Internet Explorer\Main
                        Start Page = www.google.com
                        Local Page = C:\Windows\System32\blank.htm
                        Default_Page_URL = www.google.com
                        Default_Search_URL = www.google.com
                        Search Page = www.google.com

                        HKLM\Software\Microsoft\Internet Explorer\SearchScopes
                        DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

                        HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                        DisplayName = @ieframe.dll,-12512
                        URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

                        HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CB341521-53F0-495A-B98D-E4C7CB5EBAE3}
                        DisplayName = Bing
                        URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB

                        ==================== Auto Load =================================================

                        HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
                        Userinit = userinit.exe,
                        Shell = explorer.exe

                        ==================== Auto Load x64 =============================================

                        HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
                        Userinit = C:\Windows\system32\userinit.exe,
                        Shell = explorer.exe

                        ==================== Browsers present ==========================================

                        Google Chrome
                        IEXPLORE.EXE

                        ==================== Google Chrome =============================================

                        GC - Local State Path: C:\Users\hans22\AppData\Local\Google\Chrome\User Data\Local State

                        GC - Profile: [Default] Name: Persoon 1 - Shortcut name: - Username:

                        ==================== Google Chrome Profile: Default ============================

                        GC - Prefpath: C:\Users\hans22\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                        GC - Homepage: n/a

                        GC - Ext: [ Web Store ] version: 0.2
                        Description: Ontdek fantastische apps, games, extensies en thema's voor Google Chrome.
                        Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\web_store

                        GC - Ext: [ Bookmark Manager ] version: 0.1
                        Description: Bookmark Manager
                        Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\bookmark_manager

                        GC - Ext: [ Settings ] version: 0.2
                        Description: Settings
                        Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\settings_app

                        GC - Ext: [ Feedback ] version: 1.0
                        Description: User feedback extension
                        Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\feedback

                        GC - Ext: [ CryptoTokenExtension ] version: 0.9.22
                        Description: CryptoToken Component Extension
                        Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\cryptotoken

                        GC - Ext: [ Cloud Print ] version: 0.1
                        Description: Cloud Print
                        Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\cloud_print

                        GC - Ext: [ GaiaAuthExtension ] version: 0.0.1
                        Description: GAIA Component Extension
                        Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\gaia_auth

                        GC - Ext: [ Chrome ] version: 0.1
                        Description: Een snelle, eenvoudige en veilige webbrowser voor het moderne internet.
                        Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\chrome_app

                        GC - Ext: [ Chrome PDF Viewer ] version: 1
                        Description:
                        Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\pdf

                        GC - Ext: [ Google Network Speech ] version: 1.0
                        Description: Component extension providing speech via the Google network text-to-speech service.
                        Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\network_speech_synthesis

                        GC - Ext: [ Google+ Hangouts ] version: 1.0
                        Description:
                        Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\hangout_services

                        GC - Ext: [ Google Now ] version: 1.2.0.1
                        Description: Integrates Google Now into Chrome.
                        Path: C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources\google_now

                        ==================== Windows Host File =========================================


                        ==================== BHO =======================================================

                        HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
                        {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
                        HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Default = Skype for Business Browser Helper
                        => HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InProcServer32 Default = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

                        {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
                        HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} Default = Microsoft SkyDrive Pro Browser Helper
                        => HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\InProcServer32 Default = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

                        ==================== BHO x64 ===================================================

                        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
                        {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
                        HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Default = Skype for Business Browser Helper
                        => HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InProcServer32 Default = C:\Program Files\Microsoft Office\Office15\OCHelper.dll

                        {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
                        HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} Default = Microsoft SkyDrive Pro Browser Helper
                        => HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\InProcServer32 Default = C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL

                        ==================== Auto Start Programs =======================================

                        HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
                        iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                        PWRISOVM.EXE = C:\Program Files\PowerISO\PWRISOVM.EXE -startup
                        RemoteControl10 = "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
                        StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
                        UpdateP2GShortCut = "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
                        YouCam Tray = "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

                        HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
                        CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
                        DAEMON Tools Lite Automount = "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
                        EADM = "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
                        pdiface = C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow

                        ==================== Auto Start Programs x64 ===================================

                        HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
                        cAudioFilterAgent = C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
                        Energy Management = C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
                        EnergyUtility = C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
                        ETDCtrl = C:\Program Files\Elantech\ETDCtrl.exe
                        IAStorIcon = "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
                        RtsFT = RTFTrack.exe
                        SmartAudio = C:\Program Files\CONEXANT\SAII\SACpl.exe /t

                        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved [2 = enabled 3= disabled]
                        cAudioFilterAgent = 2
                        Energy Management = 2
                        EnergyUtility = 2
                        ETDCtrl = 2
                        HotKeysCmds = 2
                        IAStorIcon = 2
                        IgfxTray = 2
                        Persistence = 2
                        PWRISOVM.EXE = 3
                        RtsFT = 2
                        SmartAudio = 2
                        StartCCC = 3
                        HP Software Update = 3
                        Intel AppUp(SM) center = 2
                        iTunesHelper = 3
                        PWRISOVM.EXE = 2
                        RemoteControl10 = 2
                        Smart File Advisor = 2
                        StartCCC = 3
                        SunJavaUpdateSched = 2
                        UpdateP2GShortCut = 2
                        YouCam Tray = 3
                        Bluetooth.lnk = 2
                        HP Digital Imaging Monitor.lnk = 2

                        HKCU\Software\Microsoft\Windows\CurrentVersion\Run
                        CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
                        DAEMON Tools Lite Automount = "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
                        EADM = "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
                        pdiface = C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow

                        Startup - C:\Users\hans22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
                        CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
                        ==================== Extra Items IE ============================================

                        HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
                        HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
                        HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
                        HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
                        HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
                        HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
                        HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

                        ==================== Extra Items IE x64 ========================================

                        HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
                        HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
                        HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
                        HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
                        HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
                        HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
                        HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

                        ==================== Internet Default Prefix ===================================

                        HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
                        Default = http://

                        HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes
                        WWW = http://

                        ==================== Internet Default Prefix x64 ===============================

                        HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
                        Default = http://

                        HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes
                        WWW = http://

                        ==================== Protocol Hijackers ========================================

                        HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\osf
                        CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1}
                        => SOFTWARE\Classes\\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL # MD5 [e735e207423b5abfcebf86fe5cc0a30b]


                        HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\text/xml
                        CLSID = {807583E5-5146-11D5-A672-00B0D022E945}
                        => SOFTWARE\Classes\\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown


                        ==================== Protocol Hijackers x64 ====================================

                        HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
                        CLSID = {807583E5-5146-11D5-A672-00B0D022E945}
                        => SOFTWARE\Classes\\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown


                        ==================== ShellServiceObjectDelayLoad ===============================

                        HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
                        WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
                        => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


                        ==================== ShellServiceObjectDelayLoad x64 =========================

                        HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
                        WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
                        => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


                        ==================== Extra (Torpig/ConduitSearch) ==============================

                        HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
                        => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\WINDOWS\system32\shell32.dll

                        HKCR\Directory\shellex\CopyHookHandlers\Monitor @ Default = {7842554E-6BED-11D2-8CDB-B05550C10000}
                        => HKCR\CLSID\{7842554E-6BED-11D2-8CDB-B05550C10000}\InProcServer32 @ Default = C:\Program Files\Lenovo\Bluetooth Software\btncopy.dll

                        HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
                        => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\WINDOWS\system32\ntshrui.dll


                        ==================== DRIVERS and SERVICES ======================================

                        *** Win32OwnProcess ***

                        SERV - R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
                        SERV - R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
                        SERV - R2 - [btwdins] - Bluetooth Service - c:\program files\lenovo\bluetooth software\btwdins.exe
                        SERV - R2 - [CxAudMsg] - Conexant Audio Message Service - c:\windows\system32\cxaudmsg64.exe
                        SERV - R2 - [gzserv] - Bitdefender Antivirus Free Edition - c:\program files\bitdefender\antivirus free edition\gzserv.exe
                        SERV - R2 - [HPSupportSolutionsFrameworkService] - HP Support Solutions Framework Service - c:\program files (x86)\hp\common\hpsupportsolutionsframeworkservice.exe
                        SERV - R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
                        SERV - R2 - [igfxCUIService1.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe
                        SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
                        SERV - R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
                        SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
                        SERV - R2 - [nlsX86cc] - Nalpeiron Licensing Service - c:\windows\syswow64\nlssrv32.exe
                        SERV - R2 - [pdserv] - Bitdefender 60-Second Virus Scanner Service - c:\program files\bitdefender\60-second virus scanner\pdscan.exe
                        SERV - R2 - [SAService] - Conexant SmartAudio service - c:\windows\system32\sasrv.exe [x]
                        SERV - R2 - [UNS] - Intel(R) Management and Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
                        SERV - R2 - [VeriFaceSrv] - VeriFaceSrv - c:\program files (x86)\lenovo\lenovo veriface\vfconnectorservice.exe
                        SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
                        SERV - R3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
                        SERV - R3 - [Disc Soft Lite Bus Service] - Disc Soft Lite Bus Service - c:\program files\daemon tools lite\discsoftbusservice.exe
                        SERV - R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
                        SERV - R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
                        SERV - S2 - [BcmBtRSupport] - Bluetooth Driver Management Service - c:\windows\system32\btwrsupportservice.exe
                        SERV - S2 - [gupdate1d0aecf2420d2c6] - Google Update-service (gupdate1d0aecf2420d2c6) - c:\program files (x86)\google\update\googleupdate.exe
                        SERV - S2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
                        SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
                        SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
                        SERV - S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
                        SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
                        SERV - S3 - [gupdatem1d0aecf242335c1] - Google Update-service (gupdatem1d0aecf242335c1) - c:\program files (x86)\google\update\googleupdate.exe
                        SERV - S3 - [ICCS] - Intel(R) Integrated Clock Controller Service - Intel(R) ICCS - c:\program files (x86)\intel\intel(r) integrated clock controller service\iccproxy.exe
                        SERV - S3 - [IDriverT] - InstallDriver Table Manager - c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe
                        SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
                        SERV - S3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe
                        SERV - S3 - [LSCWinService] - LSCWinService - c:\program files\lenovo\lenovo solution center\app\lscwinservice.exe
                        SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
                        SERV - S3 - [Origin Client Service] - Origin Client Service - c:\program files (x86)\origin\originclientservice.exe
                        SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
                        SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
                        SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
                        SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
                        SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
                        SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
                        SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
                        SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
                        SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
                        SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
                        SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
                        SERV - S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe

                        *** Win32ShareProcess ***

                        SERV - R2 - [NitroDriverReadSpool8] - NitroPDFDriverCreatorReadSpool8 - c:\program files\common files\nitro\pro\8.0\nitropdfdriverservice8x64.exe
                        SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
                        SERV - R3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
                        SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
                        SERV - S3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
                        SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
                        SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

                        *** Others ***

                        SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
                        SERV - R2 - [ZyaAtanished] - ZyaAtanished - c:\program files (x86)\zyaatanished\zyaatanished.exe
                        SERV - S2 - [WikiBrowserUpdateService] - WikiBrowserUpdateService - c:\users\hans22\appdata\local\wikiupdate.exe [x]
                        SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

                        *** File System Driver ***

                        DRV - R0 - [avc3] - avc3 - C:\WINDOWS\system32\Drivers\avc3.sys
                        DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys
                        DRV - R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys
                        DRV - R0 - [MBAMSwissArmy] - MBAMSwissArmy - C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
                        DRV - R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys
                        DRV - R0 - [trufos] - trufos - C:\WINDOWS\system32\Drivers\trufos.sys
                        DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys
                        DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys
                        DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\WINDOWS\system32\Drivers\srv.sys
                        DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\WINDOWS\system32\Drivers\srv2.sys

                        *** Kernel Driver ***

                        DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\WINDOWS\system32\Drivers\ACPI.sys
                        DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys
                        DRV - R0 - [amdkmpfd] - AMD PCI Root Bus Lower Filter - C:\WINDOWS\system32\Drivers\amdkmpfd.sys
                        DRV - R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys
                        DRV - R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys
                        DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\WINDOWS\system32\Drivers\disk.sys
                        DRV - R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys
                        DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\WINDOWS\system32\Drivers\fvevol.sys
                        DRV - R0 - [iaStorA] - iaStorA - C:\WINDOWS\system32\Drivers\iaStorA.sys
                        DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\WINDOWS\system32\Drivers\intelpep.sys
                        DRV - R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys
                        DRV - R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys
                        DRV - R0 - [LHDmgr] - LHDmgr - C:\WINDOWS\system32\Drivers\LHDmgr.sys [x]
                        DRV - R0 - [mountmgr] - Mount Point Manager - C:\WINDOWS\system32\Drivers\mountmgr.sys
                        DRV - R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys
                        DRV - R0 - [NDIS] - NDIS System Driver - C:\WINDOWS\system32\Drivers\NDIS.sys
                        DRV - R0 - [partmgr] - Partition Manager - C:\WINDOWS\system32\Drivers\partmgr.sys
                        DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\WINDOWS\system32\Drivers\pci.sys
                        DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys
                        DRV - R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys
                        DRV - R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys
                        DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\WINDOWS\system32\Drivers\spaceport.sys
                        DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\WINDOWS\system32\Drivers\Tcpip.sys
                        DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\WINDOWS\system32\Drivers\vdrvroot.sys
                        DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\WINDOWS\system32\Drivers\volmgr.sys
                        DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\WINDOWS\system32\Drivers\volmgrx.sys
                        DRV - R0 - [volsnap] - Opslagvolumes - C:\WINDOWS\system32\Drivers\volsnap.sys
                        DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\WINDOWS\system32\Drivers\Wdf01000.sys
                        DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\WINDOWS\system32\Drivers\WFPLWFS.sys
                        DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys
                        DRV - R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys
                        DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\WINDOWS\system32\Drivers\tdx.sys
                        DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys
                        DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys
                        DRV - S3 - [atapi] - IDE-kanaal - C:\WINDOWS\system32\Drivers\atapi.sys

                        ==================== SvcHost - White Listed ====================================

                        WOW x64 - All Ok

                        ==================== SvcHost x64 - White Listed ================================

                        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
                        BthHFSrv = ServiceDll = C:\WINDOWS\System32\BthHFSrv.dll [9307a4b743d277c499cda8e19e5687ac]

                        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
                        HPSLPSVC = ServiceDll = C:\Users\hans22\AppData\Local\Temp\7zS5B54\hpslpsvc64.dll [f37882f128efacefe353e0bae2766909]

                        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
                        Pml Driver HPZ12 = ServiceDll = C:\Windows\System32\HPZipm12.dll [ac78df349f0e4cfb8b667c0cfff83cce]

                        Net Driver HPZ12 = ServiceDll = C:\Windows\System32\HPZinw12.dll [2334dc48997ba203b794df3ee70521db]

                        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
                        DiagTrack = ServiceDll = C:\WINDOWS\system32\diagtrack.dll [3ecb752a6963b1cbc9ad65ed89c8aced]



                        ==================== SigCheck x86 Fast =========================================

                        Fast Scan All ok

                        ==================== SigCheck x64 Fast =========================================

                        Fast Scan All ok

                        ==================== Job tasks at C:\WINDOWS\Tasks =============================

                        C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 1062 bytes [ 19/04/2014 22:50:02 ]

                        C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 1066 bytes [ 19/04/2014 22:50:04 ]

                        C:\WINDOWS\Tasks\SA.DAT 6 bytes [ 22/08/2013 16:45:54 ]


                        ==================== Job tasks at C:\WINDOWS\system32\Tasks ====================

                        C:\WINDOWS\system32\Tasks\AutoKMS 3758 bytes [ 25/04/2014 19:29:54 ]
                        => C:\windows\AutoKMS\AutoKMS.exe

                        C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2774 bytes [ 19/04/2014 7:35:25 ]
                        => "C:\Program Files\CCleaner\CCleaner.exe"

                        C:\WINDOWS\system32\Tasks\Dolby Selector 2996 bytes [ 16/10/2013 0:29:10 ]
                        => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

                        C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 3802 bytes [ 19/04/2014 22:50:02 ]
                        => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

                        C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 4038 bytes [ 19/04/2014 22:50:04 ]
                        => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

                        C:\WINDOWS\system32\Tasks\Microsoft Office 15 Sync Maintenance for HANS-hans22 Hans 4958 bytes [ 9/06/2015 19:26:04 ]
                        => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe

                        C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1091015126-3145330374-1353040903-1001 3600 bytes [ 20/04/2014 0:22:39 ]

                        C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{E76D1489-BFBE-4F12-AFA3-8ECBE717B0D2} 3946 bytes [ 3/05/2014 17:51:29 ]
                        => C:\WINDOWS\system32\msfeedssync.exe

                        C:\WINDOWS\system32\Tasks\{22EFE353-A993-4A8E-855F-4223A6C0E8C5} 3202 bytes [ 21/05/2015 17:42:28 ]
                        => C:\WINDOWS\system32\pcalua.exe

                        C:\WINDOWS\system32\Tasks\{3894B70A-5C98-4626-A89F-3FA7B9944B69} 3632 bytes [ 25/04/2014 19:16:28 ]
                        => C:\windows\system32\pcalua.exe

                        C:\WINDOWS\system32\Tasks\{723F4069-F62A-44FC-8C01-14CB8E58229A} 3548 bytes [ 25/04/2014 19:23:52 ]
                        => C:\windows\system32\pcalua.exe

                        C:\WINDOWS\system32\Tasks\{F77799F1-34EA-4061-B03B-1CA1C698B8C2} 3196 bytes [ 12/05/2015 17:52:33 ]
                        => C:\WINDOWS\system32\pcalua.exe


                        ==================== Job tasks at C:\WINDOWS\SysWOW64\Tasks ====================

                        There are no .job files found.

                        ==================== End scanning at do 25 jun 2015 00:48 (0 Min 31 Sec ) ======

                        Comment


                        • #13
                          Geef je verborgen bestanden en mappen weer.

                          Ga naar Virus Total en upload de volgende file:

                          c:\program files (x86)\zyaatanished\zyaatanished.exe

                          Druk op verzenden en wacht tot de resultaten verschijnen.
                          Indien het bestand reeds gescant is, laat je deze heranalyseren.(Je klikt dan op Re Analyse)

                          Uit het rapport, koppieer je het volgende:

                          KLIK HIER voor een vergroting! 
                          .
                          Plaats ook even de link naar dat rapport.
                          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                          Comment


                          • #14
                            SHA256: 6e5f6ac866e38101817c6dce20180677c4c9668a17de49e5a8725f8ad4dd862d
                            Bestandsnaam: ZyaAtanished.exe
                            Detectieverhouding: 0 / 53
                            Datum van analyse: 2015-06-25 08:27:37 UTC (3 minuten geleden)

                            link: https://www.virustotal.com/nl/file/6...is/1435220857/

                            Comment


                            • #15
                              Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
                              Deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
                              Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

                              Download Zoek.exe naar het bureaublad.
                              • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
                              • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken" als je zip- of rar-download hebt gebruikt.
                              • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
                              • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
                              • Kopieer nu onderstaande code en plak die in het grote invulvenster:
                              • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkwaardig probleem.
                                Code:
                                shortcutfix;
                                emptyclsid;
                                emptyfolderscheck;
                                firefoxlook; 
                                Chromelook; 
                                CHRdefaults;
                                autoclean; 
                                iedefaults; 
                                filesrcm;  
                                startupall;
                              • Klik nu op de knop "Run script".
                              • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
                              • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
                              • Post het geopende logje in het volgende bericht
                              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X