Mededeling

Collapse
No announcement yet.

trage computer

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • trage computer

    Mijn desktop werkt de laatste tijd heel traag, ook de internetverbinding. (Windows 8.1)
    Ik heb al geprobeerd met een herstelpunt om de snelheid te verhogen, maar zonder effect.
    In bijlage de gevraagde logs.
    Naast deze logs heb ik ook een sscan gedaan met "Winzip Malware Protector 1" die ook verschijnt op je website.
    HIer werden er 17 zaken gevonden, die ik evenwel niet kan verwijderen zonder de "full version" te kopen.
    Ik stuur deze scan ook mee na alle andere logs.
    Met dank voor een reactie.
    Met vriendelijke groeten
    Paul

    ********** defogger ************

    defogger_disable by jpshortstuff (23.02.10.1)
    Log created at 16:11 on 31/07/2015 (thuis)

    Checking for autostart values...
    HKCU\~\Run values retrieved.
    HKLM\~\Run values retrieved.

    Checking for services/drivers...


    -=E.O.F=-


    *********** Malwarebytes Anti-Malware***********

    SCANLOGBOEK

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 31/07/2015
    Scantijd: 1:54
    Logboekbestand: mbm scanlogboek.txt
    Beheerder: Ja

    Versie: 2.1.8.1057
    Malware-database: v2015.07.30.05
    Rootkit-database: v2015.07.29.02
    Licentie: Gratis
    Malware-bescherming: Uitgeschakeld
    Bescherming tegen kwaadaardige websites: Uitgeschakeld
    Zelfbescherming: Uitgeschakeld

    Besturingssysteem: Windows 8.1
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: thuis

    Scantype: Aangepaste scan
    Resultaat: Voltooid
    Objecten gescand: 638939
    Verstreken tijd: 2 u., 2 min, 34 sec

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Uitgeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (Geen kwaadaardige items gedetecteerd)

    Modules: 0
    (Geen kwaadaardige items gedetecteerd)

    Registersleutels: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerwaarden: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)

    Mappen: 0
    (Geen kwaadaardige items gedetecteerd)

    Bestanden: 0
    (Geen kwaadaardige items gedetecteerd)

    Fysieke Sectoren: 0
    (Geen kwaadaardige items gedetecteerd)


    (end)


    =======

    BESCHERMINGSLOGBOEK

    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Error, 31/07/2015 0:48, SYSTEM, THUIS-PC, Update, Bad md5 or size: akadomains, 11,
    Error, 31/07/2015 0:48, SYSTEM, THUIS-PC, Update, Bad md5 or size: akaips, 11,
    Update, 31/07/2015 0:48, SYSTEM, THUIS-PC, Manual, Domain Database, 0.0.0.0, 2015.7.24.2,
    Update, 31/07/2015 0:48, SYSTEM, THUIS-PC, Manual, Remediation Database, 2015.5.13.1, 2015.7.28.1,
    Update, 31/07/2015 0:48, SYSTEM, THUIS-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.7.29.2,
    Update, 31/07/2015 0:48, SYSTEM, THUIS-PC, Manual, IP Database, 0.0.0.0, 2015.7.24.3,
    Update, 31/07/2015 0:48, SYSTEM, THUIS-PC, Manual, AKA IP Database, 0.0.0.0, 2015.7.29.1,
    Update, 31/07/2015 0:48, SYSTEM, THUIS-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.7.29.3,
    Update, 31/07/2015 0:48, SYSTEM, THUIS-PC, Manual, Malware Database, 2015.6.3.3, 2015.7.30.5,
    Error, 31/07/2015 1:46, SYSTEM, THUIS-PC, Update, Bad md5 or size: akadomains, 11,
    Error, 31/07/2015 1:46, SYSTEM, THUIS-PC, Update, Bad md5 or size: akaips, 11,
    Update, 31/07/2015 1:46, SYSTEM, THUIS-PC, Manual, Domain Database, 0.0.0.0, 2015.7.24.2,
    Update, 31/07/2015 1:46, SYSTEM, THUIS-PC, Manual, IP Database, 0.0.0.0, 2015.7.24.3,
    Update, 31/07/2015 1:46, SYSTEM, THUIS-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.7.29.2,
    Update, 31/07/2015 1:46, SYSTEM, THUIS-PC, Manual, Remediation Database, 2015.5.13.1, 2015.7.28.1,
    Update, 31/07/2015 1:46, SYSTEM, THUIS-PC, Manual, AKA IP Database, 0.0.0.0, 2015.7.29.1,
    Update, 31/07/2015 1:46, SYSTEM, THUIS-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.7.29.3,
    Update, 31/07/2015 1:46, SYSTEM, THUIS-PC, Manual, Malware Database, 2015.6.3.3, 2015.7.30.5,
    Scan, 31/07/2015 3:57, SYSTEM, THUIS-PC, Manual, Start: 31/07/2015 1:54, Duur: 2 u. 2 min 34 sec, Aangepaste scan, Voltooid, 0 malwaredetecties, 0 niet-malware detecties,

    (end)


    ************* ADW Cleaner ************

    # AdwCleaner v4.208 - Logbestand aangemaakt 31/07/2015 op 09:03:45
    # Laatste update 09/07/2015 door Xplode
    # Database : 2015-07-26.2 [Server]
    # Besturingssysteem : Windows 8.1 (x64)
    # Gebruikersnaam : thuis - THUIS-PC
    # Gestart vanuit : C:\Users\thuis\Downloads\adwcleaner_4.208.exe
    # Optie : Verwijderen

    ***** [ Services ] *****


    ***** [ Bestanden / Mappen ] *****

    Map Verwijderd : C:\ProgramData\Computer Updater
    Map Verwijderd : C:\ProgramData\Kromtech
    Map Verwijderd : C:\ProgramData\FreeRIP
    Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
    Map Verwijderd : C:\Program Files (x86)\WinZip Malware Protector
    Map Verwijderd : C:\Program Files (x86)\FreeRIP3
    Map Verwijderd : C:\Users\thuis\AppData\Local\Kromtech
    Map Verwijderd : C:\Users\thuis\Documents\smart pc cleaner
    Bestand Verwijderd : C:\Users\Public\Desktop\WinZip Malware Protector.lnk
    Bestand Verwijderd : C:\WINDOWS\System32\wsusnative64.exe

    ***** [ Geplande taken ] *****

    Taak Verwijderd : WinZip Malware Protector_startup

    ***** [ Snelkoppelingen ] *****


    ***** [ Register ] *****

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Waarde Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PCKeeper2]
    Sleutel Verwijderd : HKCU\Software\MGShareware
    Sleutel Verwijderd : HKCU\Software\Softonic
    Sleutel Verwijderd : HKCU\Software\Kromtech
    Sleutel Verwijderd : HKLM\SOFTWARE\MGShareware
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Malware Protector_is1
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Kromtech

    ***** [ Webbrowsers ] *****

    -\\ Internet Explorer v11.0.9600.17840


    -\\ Mozilla Firefox v38.0.5 (x86 nl)


    -\\ Google Chrome v


    *************************

    AdwCleaner[R0].txt - [2123 bytes] - [31/07/2015 09:01:43]
    AdwCleaner[S0].txt - [1934 bytes] - [31/07/2015 09:03:45]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1993 bytes] ##########


    *********** E-PEEK ***************

    E-Peek v 1.9.9.0 ENHANCED 4 © Emphyrio/Onsia Patrick 2013-2015
    E Dev
    Run at vr 31 jul 2015 16:00
    .
    Windows 8.1 (64 bits)
    C:\WINDOWS [NTFS - Fixed]
    Default Browser: Internet Explorer
    Boot mode: Normal boot
    User logged in: thuis
    .
    Java x86: 1.8
    Java x64: 1.7.0_65
    .
    AV : Windows Defender [Updated - Running]
    AS : Windows Defender [Updated - Running]
    FW : Windows firewall
    .
    ==================== Files and Folders history =================================

    Folders Created Last 7 days :

    31/07/2015 ##### r-h-s-d+a- C:\Users\thuis\AppData\Roaming\E Dev
    31/07/2015 ##### r-h-s-d+a- C:\Program Files (x86)\Malwarebytes Anti-Malware
    31/07/2015 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
    31/07/2015 ##### r-h-s-d+a- C:\AdwCleaner
    30/07/2015 ##### r-h-s-d+a- C:\Users\thuis\AppData\Roaming\Nico Mak Computing
    30/07/2015 ##### r-h-s-d+a- C:\ProgramData\Nico Mak Computing

    Files Modified Last 7 days :

    31/07/2015 01823174 r-h-s-d-a+ C:\WINDOWS\system32\PerfStringBackup.INI
    31/07/2015 00805462 r-h-s-d-a+ C:\WINDOWS\system32\perfh013.dat
    31/07/2015 00722278 r-h-s-d-a+ C:\WINDOWS\system32\perfh009.dat
    31/07/2015 00161964 r-h-s-d-a+ C:\WINDOWS\system32\perfc013.dat
    31/07/2015 00135394 r-h-s-d-a+ C:\WINDOWS\system32\perfc009.dat

    Files Created Last 7 days :

    31/07/2015 00000111 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

    ==================== RUNNING PROCESSES =========================================

    [armsvc] -SYSTEM- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - (Adobe Systems Incorporated)
    [atieclxx] -SYSTEM- C:\WINDOWS\system32\atieclxx.exe - (AMD)
    [atiesrxx] -SYSTEM- C:\WINDOWS\system32\atiesrxx.exe - (AMD)
    [audiodg] -LOCAL SERVICE- C:\Windows\System32\audiodg.exe - (audiodg.exe)
    [bgsvcgen] -SYSTEM- C:\Windows\SysWOW64\bgsvcgen.exe - (B.H.A Corporation)
    [chrome] -thuis- C:\Users\thuis\AppData\Local\Google\Chrome\Application\chrome.exe - (Google Inc.)
    [chrome] -thuis- C:\Users\thuis\AppData\Local\Google\Chrome\Application\chrome.exe - (Google Inc.)
    [chrome] -thuis- C:\Users\thuis\AppData\Local\Google\Chrome\Application\chrome.exe - (Google Inc.)
    [CLMLSvc_P2G8] -thuis- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe - (CyberLink)
    [CLMSMonitorService] -SYSTEM- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe - (CyberLink)
    [CLMSServer] -SYSTEM- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe - (CyberLink)
    [conhost] -SYSTEM- C:\WINDOWS\system32\conhost.exe - (Microsoft Corporation)
    [CSISYNCCLIENT] -thuis- C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE - (Microsoft Corporation)
    [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
    [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
    [dasHost] -LOCAL SERVICE- C:\WINDOWS\system32\dashost.exe - (Microsoft Corporation)
    [dllhost] -SYSTEM- C:\WINDOWS\system32\DllHost.exe - (Microsoft Corporation)
    [dwm] -DWM-2- C:\WINDOWS\System32\dwm.exe - (Microsoft Corporation)
    [E-Peek 1.9.9.0] -thuis- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.exe - (E Dev)
    [explorer] -thuis- C:\WINDOWS\Explorer.EXE - (Microsoft Corporation)
    [F5CredMgrSrv] -SYSTEM- C:\WINDOWS\SysWOW64\F5CredMgrSrv.exe - (F5 Networks, Inc.)
    [F5FltSrv] -SYSTEM- C:\WINDOWS\SysWOW64\F5FltSrv.exe - (F5 Networks, Inc.)
    [F5InstallerService] -SYSTEM- C:\WINDOWS\SysWOW64\F5InstallerService.exe - (F5 Networks, Inc.)
    [F5MachineCertService] -SYSTEM- C:\WINDOWS\SysWOW64\F5MachineCertService.exe - (F5 Networks, Inc.)
    [Fuel.Service] -SYSTEM- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe - (Advanced Micro Devices, Inc.)
    [GWX] -thuis- C:\WINDOWS\system32\GWX\GWX.exe - (Microsoft Corporation)
    [HPNetworkCommunicator] -thuis- C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe - (Hewlett-Packard Co.)
    [HPSupportSolutionsFrameworkService] -SYSTEM- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe - (Hewlett-Packard Company)
    [livecomm] -thuis- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.ex e - (Microsoft Corporation)
    [lsass] -SYSTEM- C:\WINDOWS\system32\lsass.exe - (Microsoft Corporation)
    [msiexec] -SYSTEM- C:\WINDOWS\system32\msiexec.exe - (Microsoft Corporation)
    [MsMpEng] -SYSTEM- C:\Program Files\Windows Defender\MsMpEng.exe - (MsMpEng.exe)
    [NASvc] -SYSTEM- C:\Program Files (x86)\Nero\Update\NASvc.exe - (Nero AG)
    [NisSrv] -LOCAL SERVICE- C:\Program Files\Windows Defender\NisSrv.exe - (NisSrv.exe)
    [officeclicktorun] -SYSTEM- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe - (Microsoft Corporation)
    [RAVCpl64] -thuis- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe - (Realtek Semiconductor)
    [RichVideo64] -SYSTEM- C:\Program Files\CyberLink\Shared files\RichVideo64.exe - ()
    [RuntimeBroker] -thuis- C:\Windows\System32\RuntimeBroker.exe - (Microsoft Corporation)
    [ScanToPCActivationApp] -thuis- C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe - (Hewlett-Packard Co.)
    [SearchIndexer] -SYSTEM- C:\WINDOWS\system32\SearchIndexer.exe - (Microsoft Corporation)
    [services] -SYSTEM- C:\Windows\System32\services.exe - (services.exe)
    [SettingSyncHost] -thuis- C:\Windows\System32\SettingSyncHost.exe - (Microsoft Corporation)
    [SkyDrive] -thuis- C:\Windows\System32\skydrive.exe - (Microsoft Corporation)
    [smss] -SYSTEM- C:\Windows\System32\smss.exe - (smss.exe)
    [spoolsv] -SYSTEM- C:\WINDOWS\System32\spoolsv.exe - (Microsoft Corporation)
    [SrTasks] -SYSTEM- C:\WINDOWS\system32\srtasks.exe - (Microsoft Corporation)
    [System] -N/A- - (System)
    [taskhost] -LOCAL SERVICE- C:\WINDOWS\system32\taskhost.exe - (Microsoft Corporation)
    [taskhostex] -thuis- C:\WINDOWS\system32\taskhostex.exe - (Microsoft Corporation)
    [Updater] -SYSTEM- C:\Program Files (x86)\Popcorn Time\Updater.exe - (Company)
    [vmware-usbarbitrator64] -SYSTEM- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe - (VMware, Inc.)
    [vmware-view-usbd] -SYSTEM- C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe - (VMware, Inc.)
    [VSSVC] -SYSTEM- C:\WINDOWS\system32\vssvc.exe - (Microsoft Corporation)
    [wininit] -SYSTEM- C:\WINDOWS\system32\wininit.exe - (Microsoft Corporation)
    [winlogon] -SYSTEM- C:\WINDOWS\System32\WinLogon.exe - (Microsoft Corporation)
    [WmiPrvSE] -NETWORK SERVICE- C:\WINDOWS\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
    [wmpnetwk] -NETWORK SERVICE- C:\Program Files\Windows Media Player\wmpnetwk.exe - (Microsoft Corporation)
    [wsnm] -SYSTEM- C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe - (VMware, Inc.)
    [WUDFHost] -LOCAL SERVICE- C:\Windows\System32\WUDFHost.exe - (Microsoft Corporation)

    ==================== IE PAGES ==================================================

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main
    Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    Local Page = C:\Windows\SysWOW64\blank.htm
    Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes
    DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    DisplayName = @ieframe.dll,-12512
    URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar
    {2318C2B1-4965-11d4-9B18-009027A5CD4F}
    => HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InProcServer32 DefaultC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    ==================== IE PAGES x64 ==============================================

    HKLM\Software\Microsoft\Internet Explorer\Main
    Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    Local Page = C:\Windows\System32\blank.htm
    Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

    HKLM\Software\Microsoft\Internet Explorer\SearchScopes
    DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    DisplayName = @ieframe.dll,-12512
    URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    HKLM\Software\Microsoft\Internet Explorer\Toolbar
    {2318C2B1-4965-11d4-9B18-009027A5CD4F}
    => HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InProcServer32 DefaultC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    ==================== Auto Load =================================================

    HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit = userinit.exe
    Shell = explorer.exe

    ==================== Auto Load x64 =============================================

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit = C:\Windows\system32\userinit.exe,
    Shell = explorer.exe

    ==================== Browsers present ==========================================

    FIREFOX.EXE
    IEXPLORE.EXE

    ==================== Firefox ===================================================

    FF - ProfilePath - C:\Users\thuis\AppData\Roaming\Mozilla\firefox\Profiles\wucp8a80.default

    FF - Ext: [Default 38.0.5 ] - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} [ visible: True # active: True]
    FF - Ext: [ 13.0.1.4307 ] - extension - [email protected] [ visible: True # active: False]
    FF - Ext: [ 13.0.1.4307 ] - extension - [email protected] [ visible: True # active: False]
    FF - Ext: [ 13.0.1.4307 ] - extension - [email protected] [ visible: True # active: False]
    FF - Ext: [ 13.0.1.4307 ] - extension - [email protected] [ visible: True # active: False]
    FF - Ext: [ 13.0.1.4307 ] - extension - [email protected] [ visible: True # active: False]
    FF - Ext: [Belgium eID 1.0.18.1-signed ] - extension - [email protected] [ visible: True # active: True]

    FF - Search: [Bing] - C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\bing.xml [ hidden: False]
    FF - Search: [bol.com] - C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\bolcom-nl.xml [ hidden: False]
    FF - Search: [DuckDuckGo] - C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml [ hidden: False]
    FF - Search: [Google] - C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\google.xml [ hidden: False]
    FF - Search: [Marktplaats.nl] - C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\marktplaats-nl.xml [ hidden: False]
    FF - Search: [Wikipedia (nl)] - C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wikipedia-nl.xml [ hidden: False]

    FF - PlugIn: [Java™ Deployment Toolkit] - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
    FF - PlugIn: [Oracle® Java™ Plug-In] - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    FF - PlugIn: [Ag Player] - C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll


    ==================== Windows Host File =========================================


    ==================== BHO =======================================================

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
    {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
    HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Default = Skype for Business Browser Helper
    => HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InProcServer32 Default = C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll

    {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}
    HKCR\CLSID\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} Default = Content Blocker Plugin
    => HKCR\CLSID\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}\InProcServer32 Default = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

    {73455575-E40C-433C-9784-C78DC7761455}
    HKCR\CLSID\{73455575-E40C-433C-9784-C78DC7761455} Default = Virtual Keyboard Plugin
    => HKCR\CLSID\{73455575-E40C-433C-9784-C78DC7761455}\InProcServer32 Default = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Default = Java(tm) Plug-In SSV Helper
    => HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32 Default = C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll

    {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}
    HKCR\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} Default = Safe Money Plugin
    => HKCR\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}\InProcServer32 Default = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll

    {AA58ED58-01DD-4d91-8333-CF10577473F7}
    HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} Default = Google Toolbar Helper
    => HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InProcServer32 Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
    HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} Default = Microsoft SkyDrive Pro Browser Helper
    => HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\InProcServer32 Default = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL

    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Default = Java(tm) Plug-In 2 SSV Helper
    => HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32 Default = C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll

    {E33CF602-D945-461A-83F0-819F76A199F8}
    HKCR\CLSID\{E33CF602-D945-461A-83F0-819F76A199F8} Default = URL Advisor Plugin
    => HKCR\CLSID\{E33CF602-D945-461A-83F0-819F76A199F8}\InProcServer32 Default = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

    ==================== BHO x64 ===================================================

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
    {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
    HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Default = Skype for Business Browser Helper
    => HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InProcServer32 Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll

    {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}
    HKCR\CLSID\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} Default = Content Blocker Plugin
    => HKCR\CLSID\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}\InProcServer32 Default = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

    {73455575-E40C-433C-9784-C78DC7761455}
    HKCR\CLSID\{73455575-E40C-433C-9784-C78DC7761455} Default = Virtual Keyboard Plugin
    => HKCR\CLSID\{73455575-E40C-433C-9784-C78DC7761455}\InProcServer32 Default = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Default = Java(tm) Plug-In SSV Helper
    => HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32 Default = C:\Program Files\Java\jre7\bin\ssv.dll

    {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}
    HKCR\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} Default = Safe Money Plugin
    => HKCR\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}\InProcServer32 Default = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll

    {AA58ED58-01DD-4d91-8333-CF10577473F7}
    HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} Default = Google Toolbar Helper
    => HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InProcServer32 Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

    {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
    HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} Default = Microsoft SkyDrive Pro Browser Helper
    => HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\InProcServer32 Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Default = Java(tm) Plug-In 2 SSV Helper
    => HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32 Default = C:\Program Files\Java\jre7\bin\jp2ssv.dll

    {E33CF602-D945-461A-83F0-819F76A199F8}
    HKCR\CLSID\{E33CF602-D945-461A-83F0-819F76A199F8} Default = URL Advisor Plugin
    => HKCR\CLSID\{E33CF602-D945-461A-83F0-819F76A199F8}\InProcServer32 Default = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll

    ==================== Auto Start Programs =======================================

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
    beid = "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
    CLMLServer_For_P2G8 = "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
    CLVirtualDrive = "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
    HP Software Update = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    RemoteControl10 = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
    CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    Google Update = "C:\Users\thuis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    HP Officejet 6700 (NET) = "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN41PD50H405RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
    OneDrive = "C:\Users\thuis\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background

    ==================== Auto Start Programs x64 ===================================

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    RTHDVCPL = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved [2 = enabled 3= disabled]
    RTHDVCPL = 6
    Adobe ARM = 2
    AVP = 6
    beid = 2
    CLMLServer_For_P2G8 = 6
    CLVirtualDrive = 7
    HP Software Update = 3
    RemoteControl10 = 7
    StartCCC = 7
    SunJavaUpdateSched = 3
    HD Writer.lnk = 3

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    Google Update = "C:\Users\thuis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    HP Officejet 6700 (NET) = "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN41PD50H405RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
    OneDrive = "C:\Users\thuis\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background

    Startup - C:\Users\thuis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    Startup - C:\Users\thuis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Officejet 6700 (netwerk).lnk
    Startup - C:\Users\thuis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk
    CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
    ==================== Extra Items IE ============================================

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

    HKCU\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\InProcServer32
    => HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\InProcServer32 {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
    ==================== Extra Items IE x64 ========================================

    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

    ==================== Internet Default Prefix ===================================

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    Default = http://

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes
    WWW = http://

    ==================== Internet Default Prefix x64 ===============================

    HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    Default = http://

    HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes
    WWW = http://

    ==================== Protocol Hijackers ========================================

    HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\osf
    CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1}
    => SOFTWARE\Classes\\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1}\InProcServer32 @ Default = Unknown # C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL # MD5 [e735e207423b5abfcebf86fe5cc0a30b]

    HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\wlpg
    CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}
    => SOFTWARE\Classes\\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\InProcServer32 @ Default = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [4cf29c44e072c377b6866c399947e99a]



    ==================== ShellServiceObjectDelayLoad ===============================

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


    ==================== ShellServiceObjectDelayLoad x64 =========================

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


    ==================== Extra (Torpig/ConduitSearch) ==============================

    HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
    => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\WINDOWS\system32\shell32.dll

    HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
    => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\WINDOWS\system32\ntshrui.dll


    ==================== DRIVERS and SERVICES ======================================

    *** Win32OwnProcess ***

    SERV - R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
    SERV - R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
    SERV - R2 - [AMD FUEL Service] - AMD FUEL Service - c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe
    SERV - R2 - [bgsvcgen] - B's Recorder GOLD Library General Service - c:\windows\syswow64\bgsvcgen.exe
    SERV - R2 - [ClickToRunSvc] - Microsoft Office ClickToRun Service - c:\program files\microsoft office 15\clientx64\officeclicktorun.exe
    SERV - R2 - [F5CredMgrSrv] - F5 Networks Credentials Management Service - c:\windows\syswow64\f5credmgrsrv.exe
    SERV - R2 - [F5FltSrv] - F5 Networks DNS Relay Proxy Service - c:\windows\syswow64\f5fltsrv.exe
    SERV - R2 - [HPSupportSolutionsFrameworkService] - HP Support Solutions Framework Service - c:\program files (x86)\hp\common\hpsupportsolutionsframeworkservice.exe
    SERV - R2 - [MachineCertService] - F5 Networks Machine Certificate Checker service - c:\windows\syswow64\f5machinecertservice.exe
    SERV - R2 - [NAUpdate] - Nero Update - c:\program files (x86)\nero\update\nasvc.exe
    SERV - R2 - [RichVideo64] - Cyberlink RichVideo64 Service(CRVS) - c:\program files\cyberlink\shared files\richvideo64.exe
    SERV - R2 - [Update service] - Update service - c:\program files (x86)\popcorn time\updater.exe
    SERV - R2 - [VMUSBArbService] - VMware USB Arbitration Service - c:\program files (x86)\common files\vmware\usb\vmware-usbarbitrator64.exe
    SERV - R2 - [vmware-view-usbd] - VMware View USB - c:\program files (x86)\vmware\vmware horizon view client\bin\vmware-view-usbd.exe
    SERV - R2 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
    SERV - R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
    SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
    SERV - R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
    SERV - R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
    SERV - R3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
    SERV - S2 - [F5TrafficSrv] - F5 Networks Traffic Control Service - c:\windows\syswow64\f5trafficsrv.exe
    SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
    SERV - S2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
    SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
    SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
    SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
    SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
    SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
    SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
    SERV - S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
    SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
    SERV - S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
    SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
    SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
    SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
    SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
    SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
    SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
    SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
    SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
    SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe

    *** Win32ShareProcess ***

    SERV - R2 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
    SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
    SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
    SERV - R3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
    SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
    SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

    *** Others ***

    SERV - R2 - [CyberLink PowerDVD 10 MS Monitor Service] - CyberLink PowerDVD 10 MS Monitor Service - c:\program files (x86)\cyberlink\powerdvd10\device\mediaserver\clmsmonitorservice.exe
    SERV - R2 - [CyberLink PowerDVD 10 MS Service] - CyberLink PowerDVD 10 MS Service - c:\program files (x86)\cyberlink\powerdvd10\device\mediaserver\clmsserver.exe
    SERV - R2 - [F5 Networks Component Installer] - F5 Networks Component Installer - c:\windows\syswow64\f5installerservice.exe
    SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
    SERV - R2 - [wsnm] - VMware View Client - c:\program files (x86)\vmware\vmware horizon view client\wsnm\wsnm.exe
    SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

    *** File System Driver ***

    DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys
    DRV - R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys
    DRV - R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys
    DRV - R0 - [WdFilter] - Windows Defender Mini-Filter Driver - C:\WINDOWS\system32\Drivers\WdFilter.sys
    DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys
    DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys
    DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\WINDOWS\system32\Drivers\srv.sys
    DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\WINDOWS\system32\Drivers\srv2.sys

    *** Kernel Driver ***

    DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\WINDOWS\system32\Drivers\ACPI.sys
    DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys
    DRV - R0 - [amd_sata] - amd_sata - C:\WINDOWS\system32\Drivers\amd_sata.sys
    DRV - R0 - [amd_xata] - amd_xata - C:\WINDOWS\system32\Drivers\amd_xata.sys
    DRV - R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys
    DRV - R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys
    DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\WINDOWS\system32\Drivers\disk.sys
    DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\WINDOWS\system32\Drivers\fvevol.sys
    DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\WINDOWS\system32\Drivers\intelpep.sys
    DRV - R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys
    DRV - R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys
    DRV - R0 - [mountmgr] - Mount Point Manager - C:\WINDOWS\system32\Drivers\mountmgr.sys
    DRV - R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys
    DRV - R0 - [NDIS] - NDIS System Driver - C:\WINDOWS\system32\Drivers\NDIS.sys
    DRV - R0 - [partmgr] - Partition Manager - C:\WINDOWS\system32\Drivers\partmgr.sys
    DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\WINDOWS\system32\Drivers\pci.sys
    DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys
    DRV - R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys
    DRV - R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys
    DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\WINDOWS\system32\Drivers\spaceport.sys
    DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\WINDOWS\system32\Drivers\Tcpip.sys
    DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\WINDOWS\system32\Drivers\vdrvroot.sys
    DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\WINDOWS\system32\Drivers\volmgr.sys
    DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\WINDOWS\system32\Drivers\volmgrx.sys
    DRV - R0 - [volsnap] - Opslagvolumes - C:\WINDOWS\system32\Drivers\volsnap.sys
    DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\WINDOWS\system32\Drivers\Wdf01000.sys
    DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\WINDOWS\system32\Drivers\WFPLWFS.sys
    DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys
    DRV - R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys
    DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\WINDOWS\system32\Drivers\tdx.sys
    DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys
    DRV - S0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys
    DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys
    DRV - S0 - [WdBoot] - Windows Defender Boot Driver - C:\WINDOWS\system32\Drivers\WdBoot.sys
    DRV - S3 - [atapi] - IDE-kanaal - C:\WINDOWS\system32\Drivers\atapi.sys

    ==================== SvcHost - White Listed ====================================

    WOW x64 - All Ok

    ==================== SvcHost x64 - White Listed ================================

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    BthHFSrv = ServiceDll = C:\WINDOWS\System32\BthHFSrv.dll [9307a4b743d277c499cda8e19e5687ac]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    HPSLPSVC = ServiceDll = C:\Users\thuis\AppData\Local\Temp\7zS4434\hpslpsvc64.dll [f37882f128efacefe353e0bae2766909]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    Pml Driver HPZ12 = ServiceDll = C:\WINDOWS\system32\HPZipm12.dll [64ca1485214340cacc315ffdfded73ef]

    Net Driver HPZ12 = [64ca1485214340cacc315ffdfded73ef]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    DiagTrack = ServiceDll = C:\WINDOWS\system32\diagtrack.dll [3ecb752a6963b1cbc9ad65ed89c8aced]



    ==================== SigCheck x86 Fast =========================================

    Fast Scan All ok

    ==================== SigCheck x64 Fast =========================================

    Fast Scan All ok

    ==================== Job tasks at C:\WINDOWS\Tasks =============================

    C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 1078 bytes [ 30/03/2014 20:28:00 ]

    C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 1082 bytes [ 30/03/2014 20:28:01 ]

    C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1660593553-535394395-1430106362-1002Core.job 1032 bytes [ 3/02/2014 9:20:54 ]

    C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1660593553-535394395-1430106362-1002UA.job 1084 bytes [ 3/02/2014 9:20:55 ]

    C:\WINDOWS\Tasks\SA.DAT 6 bytes [ 22/08/2013 16:45:54 ]


    ==================== Job tasks at C:\WINDOWS\system32\Tasks ====================

    C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 3886 bytes [ 24/12/2014 11:20:46 ]
    => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2772 bytes [ 15/11/2013 17:49:52 ]
    => "C:\Program Files\CCleaner\CCleaner.exe"

    C:\WINDOWS\system32\Tasks\CreateChoiceProcessTask 3550 bytes [ 12/06/2013 20:30:48 ]
    => C:\Windows\BrowserChoice\browserchoice.exe

    C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 3818 bytes [ 30/03/2014 20:28:00 ]
    => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 4054 bytes [ 30/03/2014 20:28:01 ]
    => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-1660593553-535394395-1430106362-1002Core 3650 bytes [ 3/02/2014 9:20:54 ]
    => C:\Users\thuis\AppData\Local\Google\Update\GoogleUpdate.exe

    C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-1660593553-535394395-1430106362-1002UA 4030 bytes [ 3/02/2014 9:20:55 ]
    => C:\Users\thuis\AppData\Local\Google\Update\GoogleUpdate.exe

    C:\WINDOWS\system32\Tasks\HPCustParticipation HP Officejet 6700 3602 bytes [ 11/07/2014 13:30:02 ]
    => "C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe"

    C:\WINDOWS\system32\Tasks\Microsoft Office 15 Sync Maintenance for THUIS-PC-thuis thuis-pc 5050 bytes [ 15/05/2015 0:56:30 ]
    => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe

    C:\WINDOWS\system32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1660593553-535394395-1430106362-1002 3096 bytes [ 20/02/2014 11:10:40 ]
    => %localappdata%\Microsoft\OneDrive\OneDrive.exe

    C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-119049297-1832914483-3260436520-500 2324 bytes [ 14/01/2013 12:41:15 ]

    C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1660593553-535394395-1430106362-1002 3598 bytes [ 8/06/2013 22:29:23 ]

    C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1660593553-535394395-1430106362-500 2324 bytes [ 24/05/2013 15:06:50 ]

    C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2035374548-2493763689-3393287330-500 2324 bytes [ 16/01/2013 12:49:18 ]

    C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-210822007-823805649-3950569852-500 3592 bytes [ 4/04/2013 13:04:40 ]

    C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2403990692-3340217265-4224516670-500 2324 bytes [ 11/01/2013 14:09:20 ]

    C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-248657475-3052877795-3274610397-500 3594 bytes [ 8/01/2013 9:50:42 ]

    C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2988267949-4077397901-3112144511-500 3596 bytes [ 2/04/2013 15:45:56 ]

    C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3434302212-2063257778-1098049283-500 2324 bytes [ 11/01/2013 13:20:48 ]

    C:\WINDOWS\system32\Tasks\START SKYDRIVE 3376 bytes [ 4/12/2014 12:03:24 ]
    => C:\WINDOWS\System32\SkyDrive.exe

    C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{291AEB60-55A1-4810-AF4A-DD2FB81F8582} 3958 bytes [ 7/11/2013 9:31:35 ]
    => C:\WINDOWS\system32\msfeedssync.exe

    C:\WINDOWS\system32\Tasks\{DB0EF714-CE5D-4811-A7F6-1FE4D37E6D96} 3100 bytes [ 5/09/2014 10:53:22 ]
    => C:\WINDOWS\system32\pcalua.exe


    ==================== Job tasks at C:\WINDOWS\SysWOW64\Tasks ====================

    There are no .job files found.

    ==================== End scanning at vr 31 jul 2015 16:00 (0 Min 11 Sec ) ======


    **************************** winzip malware Protector ************************************


    Nico Mak Computing
    WinZip Malware Protector

    Scandatum donderdag 30 juli 2015
    Databaseversie 2335
    Tot. aant. gevonden items 17
    Gescande objecten: 386006
    Verstreken tijd: 00:15:36
    Naam Gevonden items

    Naam van infectie pup.iminent
    Categorie Potentially Unwanted Application
    Dreigingsniveau High
    Uitgevoerde actie NoActionTaken
    Gevonden items 14

    Gevonden gebied Registry
    Details
    Registersleutel hkey_local_machine
    software\classes\cominterface.iid



    Gevonden gebied Registry
    Details
    Registersleutel hkey_local_machine
    software\classes\cominterface.iid\clsid



    Gevonden gebied Registry
    Details
    Registersleutel hkey_local_machine
    software\classes\diagmetadata



    Gevonden gebied Registry
    Details
    Registersleutel hkey_local_machine
    software\classes\diagmetadata\clsid



    Gevonden gebied Registry
    Details
    Registersleutel hkey_local_machine
    software\classes\issueresult



    Gevonden gebied Registry
    Details
    Registersleutel hkey_local_machine
    software\classes\issueresult\clsid



    Gevonden gebied Registry
    Details
    Registersleutel hkey_local_machine
    software\classes\issueresultissue



    Gevonden gebied Registry
    Details
    Registersleutel hkey_local_machine
    software\classes\issueresultissue\clsid



    Gevonden gebied Registry
    Details
    Registersleutel hkey_local_machine
    software\classes\issueresultissuefreeinfo



    Gevonden gebied Registry
    Details
    Registersleutel hkey_local_machine
    software\classes\issueresultissuefreeinfo\clsid



    Gevonden gebied Registry
    Details
    Registersleutel hkey_local_machine
    software\classes\issueresultissuefreeinfopersistant



    Gevonden gebied Registry
    Details
    Registersleutel hkey_local_machine
    software\classes\issueresultissuefreeinfopersistant\clsid



    Gevonden gebied Registry
    Details
    Registersleutel hkey_local_machine
    software\classes\issueresultissuefreeinfotype



    Gevonden gebied Registry
    Details
    Registersleutel hkey_local_machine
    software\classes\issueresultissuefreeinfotype\clsid




    Naam van infectie pup.koyote
    Categorie Potentially Unwanted Application
    Dreigingsniveau Low
    Uitgevoerde actie NoActionTaken
    Gevonden items 3

    Gevonden gebied Registry
    Details
    Registersleutel hkey_current_user
    software\microsoft\windows\currentversion\uninstall\free cd ripper



    Gevonden gebied Registry
    Details
    Registersleutel hkey_current_user
    software\microsoft\windows\currentversion\uninstall\free cd ripper
    uninstallstring


    Gevonden gebied Registry
    Details
    Registersleutel hkey_current_user
    software\microsoft\windows\currentversion\uninstall\free cd ripper
    traffic_type

  • #2
    Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
    Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
    (hier en hier) kan je lezen hoe je dat doet.

    Download Zoek.exe naar het bureaublad (klik hier voor meer informatie over hoe zoek.exe te gebruiken)
    • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
    • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Kopieer nu onderstaande code en plak die in het grote invulvenster:
    • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
      Code:
       
      emptyfolderscheck;delete
      firefoxlook; 
      Chromelook; 
      CHRdefaults;
      autoclean; 
      iedefaults;  
      resetieproxy;
    • Klik nu op de knop "Run script".
    • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
    • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
    • Post het geopende logje in het volgende bericht als bijlage.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Beste,

      zoals gevraagd hierbij het logbestand na uitvoering van zoek.exe
      Ik vond evenwel geen enkel icoontje waaruit ik kon afleiden dat ik een virusbescherming heb, die actief is.
      Evenwel via ik in configuratiescherm-onderhoudscentrum dat is beschermd ben door Windows Defender.
      ik heb dus niets kunnen uitschakelen.

      Groetjes

      Zoek.exe v5.0.0.0 Updated 04-May-2015
      Tool run by thuis on ma 03/08/2015 at 13:09:23,23.
      Microsoft Windows 8.1 6.3.9600 x64
      Running in: Normal Mode Internet Access Detected
      Launched: C:\Users\thuis\Desktop\zoek.exe [Scan all users] [Script inserted]

      ==== System Restore Info ======================

      3/08/2015 13:18:08 Zoek.exe System Restore Point Created Successfully.

      ==== Empty Folders Check ======================

      C:\PROGRA~2\ahead deleted successfully
      C:\PROGRA~2\Panasonic (update - recentere versie) deleted successfully
      C:\Program Files\log deleted successfully
      C:\Users\thuis\AppData\Local\EmieBrowserModeList deleted successfully
      C:\Users\thuis\AppData\Local\EmieSiteList deleted successfully
      C:\Users\thuis\AppData\Local\EmieUserList deleted successfully
      C:\Users\thuis\AppData\Local\LogMeIn Rescue Applet deleted successfully
      C:\Users\thuis\AppData\Local\ntr deleted successfully
      C:\Users\thuis\AppData\Local\photoOptimizeHistoryDataBase deleted successfully

      ==== Deleting CLSID Registry Keys ======================


      ==== Deleting CLSID Registry Values ======================


      ==== Deleting Services ======================


      ==== Deleting Files \ Folders ======================

      C:\PROGRA~2\ahead not found
      C:\PROGRA~2\Panasonic (update - recentere versie) not found
      C:\Users\thuis\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector deleted
      C:\PROGRA~3\Nico Mak Computing\WinZip Malware Protector deleted
      C:\PROGRA~3\Package Cache deleted
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
      C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
      C:\WINDOWS\SysWow64\AI_RecycleBin deleted

      ==== Firefox Extensions Registry ======================

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
      "[email protected]"="C:\Program Files\Mozilla Firefox\extensions\[email protected]"

      ==== Firefox Extensions ======================

      ProfilePath: C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\wucp8a80.default
      - Belgium eID - %ProfilePath%\extensions\[email protected]

      ProfilePath: C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\kwh1c3e9.default
      - Belgium eID - %ProfilePath%\extensions\[email protected]

      AppDir: C:\Program Files (x86)\Mozilla Firefox
      - Belgium eID - %AppDir%\extensions\[email protected]
      - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

      ==== Firefox Plugins ======================

      Profilepath: C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\kwh1c3e9.default
      9291708CCD967887AF94BE708B43D64D - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
      18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013

      Profilepath: C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\wucp8a80.default
      18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
      9291708CCD967887AF94BE708B43D64D - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
      CAF78E18A9E1380A0A38065B3B1210E0 - C:\Users\thuis\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll - VASCO Card Reader Plugin
      1CDD28B47D8198F868349BDFBCD1281B - C:\Users\thuis\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin64.dll - VASCO Card Reader Plugin


      ==== Chromium Look ======================

      HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
      dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx[04/10/2012 18:35]
      hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx[04/10/2012 18:36]
      hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx[04/10/2012 18:36]
      jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx[08/06/2013 23:09]
      pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx[04/10/2012 18:35]

      Google Docs - thuis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
      Google Drive - thuis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
      YouTube - thuis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
      Google Search - thuis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
      Kaspersky URL Advisor - thuis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dchlnpcodkpfdpacogkljefecpegganj
      Safe Money - thuis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hakdifolhalapjijoafobooafbilfakh
      Content Blocker - thuis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
      Virtual Keyboard - thuis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
      Chrome Web Store Payments - thuis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
      Gmail - thuis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
      Anti-Banner - thuis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjldcfjmnllhmgjclecdnfampinooman

      ==== Chromium Startpages ======================

      C:\Users\thuis\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
      i\":600},{\"horizontal_dpi\":300,\"vertical_dpi\":300}]},\"duplex\":{\"option\":[{\"is_default\":true,\"type\":\"NO_DUPLEX\"},{\"type\":\"LONG_EDGE\"},{\"type\":\"SHORT_EDGE\"}]},\"media_size\":{\"option\":[{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"name\":\"NA_LETTER\",\"vendor_id\":\ "1\",\"width_microns\":215900},{\"custom_display_name\":\"Legal\",\"height_microns\":355600,\"name\" :\"NA_LEGAL\",\"vendor_id\":\"5\",\"width_microns\":215900},{\"custom_display_name\":\"Executive\",\ "height_microns\":266700,\"name\":\"NA_EXECUTIVE\",\"vendor_id\":\"7\",\"width_microns\":184100},{\" custom_display_name\":\"A3\",\"height_microns\":420000,\"name\":\"ISO_A3\",\"vendor_id\":\"8\",\"wid th_microns\":297000},{\"custom_display_name\":\"A4\",\"height_microns\":297000,\"is_default\":true,\ "name\":\"ISO_A4\",\"vendor_id\":\"9\",\"width_microns\":210000},{\"custom_display_name\":\"A5\",\"h eight_microns\":210000,\"name\":\"ISO_A5\",\"vendor_id\":\"11\",\"width_microns\":148000},{\"custom_ display_name\":\"B4 (JIS)\",\"height_microns\":364000,\"name\":\"JIS_B4\",\"vendor_id\":\"12\",\"width_microns\":257000} ,{\"custom_display_name\":\"B5 (JIS)\",\"height_microns\":257000,\"name\":\"JIS_B5\",\"vendor_id\":\"13\",\"width_microns\":182000} ,{\"custom_display_name\":\"11 x 17\",\"height_microns\":431800,\"name\":\"NA_LEDGER\",\"vendor_id\":\"17\",\"width_microns\":279400} ,{\"custom_display_name\":\"Envelop nr. 10\",\"height_microns\":241300,\"name\":\"NA_NUMBER_10\",\"vendor_id\":\"20\",\"width_microns\":1047 00},{\"custom_display_name\":\"Envelop DL\",\"height_microns\":220000,\"name\":\"ISO_DL\",\"vendor_id\":\"27\",\"width_microns\":110000},{\ "custom_display_name\":\"Envelop C5\",\"height_microns\":229000,\"name\":\"ISO_C5\",\"vendor_id\":\"28\",\"width_microns\":162000},{\ "custom_display_name\":\"Envelop B5\",\"height_microns\":250000,\"name\":\"ISO_B5\",\"vendor_id\":\"34\",\"width_microns\":176000},{\ "custom_display_name\":\"Envelop Monarch\",\"height_microns\":190500,\"name\":\"NA_MONARCH\",\"vendor_id\":\"37\",\"width_microns\":9 8400},{\"custom_display_name\":\"Dubb. Japanse kaart (gedraaid)\",\"height_microns\":200000,\"name\":\"JPN_OUFUKU\",\"vendor_id\":\"82\",\"width_microns\ ":148000},{\"custom_display_name\":\"Statement\",\"height_microns\":215900,\"name\":\"NA_INVOICE\",\ "vendor_id\":\"119\",\"width_microns\":139700},{\"custom_display_name\":\"8,5x13inch\",\"height_micr ons\":330200,\"name\":\"JIS_EXEC\",\"vendor_id\":\"120\",\"width_microns\":215900},{\"custom_display _name\":\"Executive (JIS)\",\"height_microns\":329900,\"name\":\"JIS_EXEC\",\"vendor_id\":\"121\",\"width_microns\":2159 00},{\"custom_display_name\":\"16K\",\"height_microns\":273000,\"name\":\"ROC_16K\",\"vendor_id\":\" 122\",\"width_microns\":196800},{\"custom_display_name\":\"8K\",\"height_microns\":393700,\"name\":\ "ROC_8K\",\"vendor_id\":\"123\",\"width_microns\":273000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"HP LaserJet 1200 Series PCL 5\",\"mediaSize\":{\"custom_display_name\":\"A4\",\"height_microns\":297000,\"is_default\":true,\"na me\":\"ISO_A4\",\"vendor_id\":\"9\",\"width_microns\":210000},\"isColorEnabled\":true,\"customMargin s\":null,\"vendorOptions\":{},\"dpi\":{\"horizontal_dpi\":600,\"is_default\":true,\"vertical_dpi\":6 00},\"marginsType\":0,\"selectedDestinationExtensionId\":\"\",\"selectedDestinationExtensionName\":\ "\"}","savePath":"C:\\Users\\thuis\\Desktop"}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_i ndex":26,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_selec t_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"[*.]kinepolis.be,*":{"setting":1},"[*.]timeorange.ing.com,*":{"setting":1},"https://www.youtube.com:443,http://gentsefeesten.gent:80":{"setting":1},"https://www.youtube.com:443,https://mypension.onprvp.fgov.be:443":{"setting":1},"https://www.youtube.com:443,https://oneplus.net:443":{"setting":1}},"geolocation":{"https://www.delijn.be:443,https://www.delijn.be:443":{"setting":2}},"images":{},"javascript":{},"media_stream":{},"media_stream_camera ":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock ":{},"notifications":{"https://mail.google.com:443,*":{"setting":1}},"plugins":{},"popups":{"https://[*.]www.enterprise.gr:443,*":{"setting":1},"https://[*.]www.homebank.recordbank.be:443,*":{"setting":1}},"ppapi_broker":{},"protocol_handlers":{},"push_mess aging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]kinepolis.be,*":{"fullscreen":1},"[*.]timeorange.ing.com,*":{"fullscreen":1},"https://[*.]www.enterprise.gr:443,*":{"popups":1},"https://[*.]www.homebank.recordbank.be:443,*":{"popups":1},"https://mail.google.com:443,*":{"last_used":{"notifications":1431661000},"notifications":1},"https://www.youtube.com:443,http://gentsefeesten.gent:80":{"fullscreen":1},"https://www.youtube.com:443,https://mypension.onprvp.fgov.be:443":{"fullscreen":1},"https://www.youtube.com:443,https://oneplus.net:443":{"fullscreen":1}},"pref_version":1},"created_by_version":"39.0.2171.95","exit_type" :"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exc eptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settin gs":true,"name":"Persoon 1","per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{},"selectfile":{"last_directory": "C:\\Users\\thuis\\SkyDrive\\Greta's foto's"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13063501315144 526"},"sync":{"memory_warning_count":2131},"sync_promo":{"startup_count":3,"user_skipped":true},"tra nslate_accepted_count":{"de":0,"en":0,"fr":0},"translate_blocked_languages":["nl"],"translate_denied_count":{"de":1,"en":1},"translate_denied_count_for_language":{"en":2,"fr":2},"tra nslate_last_denied_time":1.419028e+12,"translate_last_denied_time_for_language":{"en":1438350741852. 721,"fr":1438386678142.351},"translate_too_often_denied":true,"translate_too_often_denied_for_langua ge":{"en":true,"fr":true},"translate_whitelists":{}}


      ==== Chromium Fix ======================

      C:\Users\thuis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.olark.com_0.localstorage deleted successfully
      C:\Users\thuis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully

      ==== Set IE to Default ======================

      Old Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://www.google.be/"

      New Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://www.google.be/"

      ==== All HKCU SearchScopes ======================

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
      "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
      {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
      {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
      {8761D156-5A9E-4118-8B71-76C717B1336C} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS"

      ==== Reset Google Chrome ======================

      C:\Users\thuis\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
      C:\Users\thuis\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
      C:\Users\thuis\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
      C:\Users\thuis\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully

      ==== Deleting CLSID Registry Keys ======================


      ==== Deleting CLSID Registry Values ======================


      ==== Reset IE Proxy ======================

      Value(s) before fix:
      "ProxyEnable"=dword:00000000

      Value(s) after fix:
      "ProxyEnable"=dword:00000000

      ==== Empty IE Cache ======================

      C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\thuis\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\thuis\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
      C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Users\thuis\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Users\thuis\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
      C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

      ==== Empty FireFox Cache ======================

      C:\Users\thuis\AppData\Local\Mozilla\Firefox\Profiles\kwh1c3e9.default\cache2 emptied successfully

      ==== Empty Chrome Cache ======================

      C:\Users\thuis\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

      ==== Empty All Flash Cache ======================

      Flash Cache Emptied Successfully

      ==== Empty All Java Cache ======================

      Java Cache cleared successfully

      ==== C:\zoek_backup content ======================

      C:\zoek_backup (files=41 folders=29 290073409 bytes)

      ==== Empty Temp Folders ======================

      C:\Users\Default\AppData\Local\Temp emptied successfully
      C:\Users\Default User\AppData\Local\Temp emptied successfully
      C:\Users\thuis\AppData\Local\Temp will be emptied at reboot
      C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
      C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
      C:\WINDOWS\Temp will be emptied at reboot

      ==== After Reboot ======================

      ==== Empty Temp Folders ======================

      C:\WINDOWS\Temp successfully emptied
      C:\Users\thuis\AppData\Local\Temp successfully emptied

      ==== Empty Recycle Bin ======================

      C:\$RECYCLE.BIN successfully emptied

      ==== Deleting Files / Folders ======================

      "C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\mpam-db9b30b1.exe" not found
      "C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\MpSigStub.log" not found

      ==== EOF on ma 03/08/2015 at 13:43:24,09 ======================

      Comment


      • #4
        Gaat het al beter ?

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          Ja, het gaat toch iets beter, maar nog verre van perfect.

          2 opmerkingen

          - als ik kijk in taakbeheer, zie ik steeds dat mijn geheugen voor 80 à 100% gebruikt wordt.
          dit lijkt me toch niet normaal te zijn

          - als ik bepaalde programma opstart (bvb Microsoft Jigsaw of Microsoft Mahjong) gebeurt er niets of soms na 2 of 3 minuten. Het lukt soms wel als ik eerst het programma Wordament open en wacht tot ik (automatisch) aangelogd ben.


          Zou een overstap naar Windows 10 een oplossing kunnen bieden?

          Comment


          • #6
            Staat er bij taakbeheer ook toevallig welke programma's zoveel wegslurpen ?

            Ik zou nog even wachten met installeren van W10

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              In bijlage stuur ik je het bovenste stuk van mijn taakbeheer, gesorteerd volgens gebruikt vermogen.
              Bijgevoegde Bestanden

              Comment


              • #8
                Dat ziet er toch niet zo schokkend uit.

                Verwijder al je antimalware programma's en start opnieuw op, vertel even of je verbetering ziet.

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  Beste,

                  Ik heb al het nodige gedaan zoals gevraagd.
                  Snelheid is nu best doenbaar, dus dit item mag je afsluiten, waarvoor mijn beste dank.

                  toch nog 2 vraagjes :

                  1. Is een bescherming met Windows Defender alleen voldoende ?
                  Of raad je me aan om nog iets bijkomends te installeren, en zo ja, wat ?

                  Ik zie ook in mijn taakbeheer dat het programma dat meest geheugen in beslag neemt "antimalware service executable" is. Is dit normaal ?


                  2. In taakbeheer zie ik staat dat er slechts 1 van de 4 sleuven gebruikt zijn (tabblad geheugen)
                  snelheid 1600 MHz - Vormfactor DIMM - gereserveerd voor hardware 553 MB
                  "In gebruik 1,3 GB - beschikbaar (momenteel) 195 mb"
                  "toegewezen 2.9/3.6 GB - In cache 215 mb"
                  "wisselbare pool 264 mb - niet wisselbare pool 105 mb"

                  Kan ik daaruit afleiden dat bijkomend geheugen geplaatst kan worden ? Acht u dit nuttig/wenselijk ?


                  Mvg
                  Paul

                  Comment


                  • #10
                    Bescherming tegen ongewenste software.

                    Unchecky voorkomt installatie van ongewenste software

                    Dubbelklik op het installatiebestand unchecky_setup.exe om de installatie te starten.
                    In het scherm wat nu verschijnt kunt u voor meer opties kiezen, op deze manier kunt u zelf de locatie instellen waar Unchecky geïnstalleerd dien te worden.
                    Klik vervolgens op de knop Install om Unchecky te installeren.
                    Wanneer de installatie van Unchecky gereed is klikt u op Finish.
                    Start na de installatie wel even de computer opnieuw op, dit om de wijzigingen in het hostsbestand van Windows door te voeren.



                    Misschien ook beter om Hitmanproalert te installeren. Alert
                    Uitleg hieronder.
                    Uitleg

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      Ik heb beide programma's geïnstalleerd die je me aanraadde.
                      Kan ik nog een reactie op punt 2 van mijn bericht nr 9?

                      Met dank

                      Comment


                      • #12
                        Dat is wel mogelijk, laat u even informeren bij uw computer winkel wat u precies moet hebben, meestal moeten die bankjes in paren gezet worden, dat wil zeggen 2.

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          ok
                          bedankt

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X