Mededeling

Collapse
No announcement yet.

Chinese teken na rechtermuisklik

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Chinese teken na rechtermuisklik

    Ik heb wat gedownload natuurlijk en toen klachten gekregen. Eerst opende verschillende pop-ups. Als ik de rechtermuisklik doe, dan zie ik tussen de regels chinese stukken tekst staan, regels...
    Alle stappen doorgenomen die jullie vertellen om de besmetting te takkelen, maar volgens mij zitten er her en der nog restjes.
    Ik hoop dat ik geholpen kan worden mijn laptop weer schoon te krijgen groeten Quinten

  • #2
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 1-6-2016
    Scantijd: 22:05
    Logboekbestand: MBAM.txt
    Beheerder: Ja

    Versie: 2.2.1.1043
    Malware-database: v2016.06.01.06
    Rootkit-database: v2016.05.27.01
    Licentie: Proef
    Malware-bescherming: Ingeschakeld
    Bescherming tegen kwaadaardige websites: Ingeschakeld
    Zelfbescherming: Uitgeschakeld

    Besturingssysteem: Windows 8.1
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: User

    Scantype: Aangepaste scan
    Resultaat: Voltooid
    Objecten gescand: 535686
    Verstreken tijd: 13 u., 10 min, 42 sec

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Ingeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (Geen kwaadaardige items gedetecteerd)

    Modules: 0
    (Geen kwaadaardige items gedetecteerd)

    Registersleutels: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerwaarden: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)

    Mappen: 0
    (Geen kwaadaardige items gedetecteerd)

    Bestanden: 0
    (Geen kwaadaardige items gedetecteerd)

    Fysieke Sectoren: 0
    (Geen kwaadaardige items gedetecteerd)


    (end)

    # AdwCleaner v5.119 - Logbestand aangemaakt 02/06/2016 op 11:21:35
    # Laatste update 30/05/2016 door Xplode
    # Database : 2016-05-30.3 [Server]
    # Besturingssysteem : Windows 8.1 (X64)
    # Gebruikersnaam : User - LENOVO-PC
    # Gestart vanuit : C:\Users\User\Desktop\adwcleaner_5.119.exe
    # Optie : Scannen
    # Ondersteuning : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Mappen ] *****


    ***** [ Bestanden ] *****


    ***** [ DLL ] *****


    ***** [ WMI ] *****


    ***** [ Snelkoppelingen ] *****


    ***** [ Geplande taken ] *****


    ***** [ Register ] *****


    ***** [ Internetbrowsers ] *****


    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [21660 bytes] - [29/05/2016 01:01:08]
    C:\AdwCleaner\AdwCleaner[C2].txt - [1814 bytes] - [29/05/2016 01:58:00]
    C:\AdwCleaner\AdwCleaner[C3].txt - [3410 bytes] - [30/05/2016 14:32:55]
    C:\AdwCleaner\AdwCleaner[C4].txt - [2222 bytes] - [01/06/2016 20:00:15]
    C:\AdwCleaner\AdwCleaner[S10].txt - [955 bytes] - [02/06/2016 11:21:35]
    C:\AdwCleaner\AdwCleaner[S1].txt - [21469 bytes] - [29/05/2016 00:58:12]
    C:\AdwCleaner\AdwCleaner[S2].txt - [1572 bytes] - [29/05/2016 01:55:46]
    C:\AdwCleaner\AdwCleaner[S3].txt - [1264 bytes] - [29/05/2016 09:37:57]
    C:\AdwCleaner\AdwCleaner[S4].txt - [3144 bytes] - [30/05/2016 14:25:56]
    C:\AdwCleaner\AdwCleaner[S5].txt - [1327 bytes] - [30/05/2016 14:41:57]
    C:\AdwCleaner\AdwCleaner[S6].txt - [2130 bytes] - [01/06/2016 19:13:42]
    C:\AdwCleaner\AdwCleaner[S7].txt - [1546 bytes] - [01/06/2016 23:43:17]
    C:\AdwCleaner\AdwCleaner[S9].txt - [1619 bytes] - [01/06/2016 23:45:34]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [1613 bytes] ##########


    E-Peek v 1.9.9.0 ENHANCED 4 © Emphyrio/Onsia Patrick 2013-2016
    E Dev
    Run at do 2 jun 2016 11:28
    .
    Windows 8.1 (64 bits)
    C:\windows [NTFS - Fixed]
    Default Browser: Google Chrome
    Boot mode: Normal boot
    User logged in: User
    .
    Java x86: 1.8
    Java x64: n/a
    .
    AV : Emsisoft Anti-Malware [Updated - Running]
    AV : Windows Defender [Updated - Not Running]
    AS : Windows Defender [Updated - Not Running]
    AS : Emsisoft Anti-Malware [Updated - Running]
    FW : Windows firewall
    .
    ==================== Files and Folders history =================================

    Folders Created Last 7 days :

    31-05-2016 ##### r-h-s-d+a- C:\Users\User\AppData\Roaming\GlarySoft
    31-05-2016 ##### r-h-s-d+a- C:\Users\User\AppData\Roaming\DiskDefrag
    31-05-2016 ##### r-h-s-d+a- C:\Users\User\AppData\Local\Temp
    31-05-2016 ##### r-h-s-d+a- C:\ProgramData\Emsisoft
    31-05-2016 ##### r-h-s-d+a- C:\Program Files\Emsisoft Anti-Malware
    31-05-2016 ##### r-h-s-d+a- C:\Program Files (x86)\Glary Utilities 5
    31-05-2016 ##### r-h+s+d+a- C:\$RECYCLE.BIN
    30-05-2016 ##### r-h-s-d+a- C:\zoek_backup
    30-05-2016 ##### r-h-s-d+a- C:\Users\User\AppData\Roaming\taobao
    30-05-2016 ##### r-h-s-d+a- C:\Users\User\AppData\Roaming\favicons
    30-05-2016 ##### r-h-s-d+a- C:\rsit
    30-05-2016 ##### r-h-s-d+a- C:\Program Files\trend micro
    29-05-2016 ##### r-h-s-d+a- C:\Users\User\Start Menu
    29-05-2016 ##### r-h-s-d+a- C:\Users\User\AppData\Local\AvgSetupLog
    29-05-2016 ##### r-h-s-d+a- C:\Users\User\AppData\Local\Avg
    29-05-2016 ##### r-h-s-d+a- C:\ProgramData\Trend Micro
    29-05-2016 ##### r-h-s-d+a- C:\ProgramData\Avg
    29-05-2016 ##### r-h-s-d+a- C:\Program Files (x86)\Enigma Software Group
    29-05-2016 ##### r-h-s-d+a- C:\Program Files (x86)\AVG
    29-05-2016 ##### r-h-s-d+a- C:\AdwCleaner
    29-05-2016 ##### r-h+s-d+a- C:\ProgramData\Common Files
    28-05-2016 ##### r-h-s-d+a- C:\Users\User\AppData\Roaming\SNDA
    28-05-2016 ##### r-h-s-d+a- C:\Users\User\AppData\Roaming\ADSKIP
    28-05-2016 ##### r-h-s-d+a- C:\Users\User\AppData\Local\UCBrowser
    28-05-2016 ##### r-h-s-d+a- C:\ProgramData\Thunder Network
    28-05-2016 ##### r-h-s-d+a- C:\ProgramData\Malwarebytes
    28-05-2016 ##### r-h-s-d+a- C:\ProgramData\download
    28-05-2016 ##### r-h-s-d+a- C:\ProgramData\did
    28-05-2016 ##### r-h-s-d+a- C:\Program Files\¿ìѹ
    28-05-2016 ##### r-h-s-d+a- C:\Program Files (x86)\UCBrowser
    28-05-2016 ##### r-h-s-d+a- C:\Program Files (x86)\Malwarebytes Anti-Malware
    01-06-2016 ##### r-h-s-d+a- C:\Users\User\AppData\Roaming\Kuaizip
    01-06-2016 ##### r-h-s-d+a- C:\Users\User\AppData\Roaming\E Dev
    01-06-2016 ##### r-h-s-d+a- C:\Program Files\CCleaner
    01-06-2016 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev

    Files Modified Last 7 days :

    29-05-2016 00000094 r-h-s-d-a+ C:\windows\SysWOW64\cookies
    28-05-2016 01826596 r-h-s-d-a+ C:\windows\system32\PerfStringBackup.INI
    28-05-2016 00807742 r-h-s-d-a+ C:\windows\system32\perfh013.dat
    28-05-2016 00723514 r-h-s-d-a+ C:\windows\system32\perfh009.dat
    28-05-2016 00493312 r-h-s-d-a+ C:\windows\system32\FNTCACHE.DAT
    28-05-2016 00162706 r-h-s-d-a+ C:\windows\system32\perfc013.dat
    28-05-2016 00136128 r-h-s-d-a+ C:\windows\system32\perfc009.dat
    01-06-2016 00008704 r-h-s-d-a+ C:\windows\system32\VfService.trf

    Files Created Last 7 days :

    29-05-2016 00518681 r-h-s-d-a+ C:\Users\User\AppData\Local\census.cache
    29-05-2016 00176869 r-h-s-d-a+ C:\Users\User\AppData\Local\ars.cache
    29-05-2016 00000036 r-h-s-d-a+ C:\Users\User\AppData\Local\housecall.guid.cache
    29-05-2016 00000010 r-h-s-d-a+ C:\Users\User\AppData\Local\sponge.last.runtime.cache
    29-05-2016 00000000 r-h-s-d-a+ C:\Users\User\defogger_reenable
    28-05-2016 00829944 r-h-s-d-a+ C:\windows\SysWOW64\FlashPlayerApp.exe
    28-05-2016 00176632 r-h-s-d-a+ C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    28-05-2016 00000094 r-h-s-d-a+ C:\windows\SysWOW64\cookies
    01-06-2016 00000111 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

    ==================== RUNNING PROCESSES =========================================

    [a2guard] -User- C:\Program Files\Emsisoft Anti-Malware\a2guard.exe - (Emsisoft Ltd)
    [a2service] -SYSTEM- C:\Program Files\Emsisoft Anti-Malware\a2service.exe - (Emsisoft Ltd)
    [a2start] -User- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2start.exe - (Emsisoft Ltd)
    [ActivateDesktop] -User- C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe - ()
    [AdminService] -SYSTEM- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe - (Windows (R) Win 7 DDK provider)
    [Ath_CoexAgent] -SYSTEM- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe - (Atheros)
    [audiodg] -LOCAL SERVICE- C:\Windows\System32\audiodg.exe - (audiodg.exe)
    [avgsvca] -SYSTEM- C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe - (AVG Technologies CZ, s.r.o.)
    [avguix] -User- C:\Program Files (x86)\AVG\Framework\Common\avguix.exe - (AVG Technologies CZ, s.r.o.)
    [BtvStack] -User- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe - (Qualcomm®Atheros®)
    [CCleaner64] -User- C:\Program Files\CCleaner\CCleaner64.exe - (Piriform Ltd)
    [chrome] -User- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
    [chrome] -User- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
    [chrome] -User- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
    [chrome] -User- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
    [chrome] -User- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
    [chrome] -User- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)
    [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
    [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
    [dasHost] -LOCAL SERVICE- C:\windows\system32\dashost.exe - (Microsoft Corporation)
    [dllhost] -User- C:\windows\system32\DllHost.exe - (Microsoft Corporation)
    [dwm] -DWM-1- C:\windows\system32\dwm.exe - (Microsoft Corporation)
    [Energy Manager] -User- C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe - (Lenovo(beijing) Limited)
    [E-Peek 1.9.9.0] -User- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.exe - (E Dev)
    [explorer] -User- C:\windows\Explorer.EXE - (Microsoft Corporation)
    [GWX] -User- C:\windows\system32\GWX\GWX.exe - (Microsoft Corporation)
    [HeciServer] -SYSTEM- C:\Program Files\Intel\iCLS Client\HeciServer.exe - (Intel(R) Corporation)
    [IAStorDataMgrSvc] -SYSTEM- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe - (Intel Corporation)
    [igfxpers] -User- C:\Windows\System32\igfxpers.exe - (Intel Corporation)
    [igfxsrvc] -User- C:\windows\system32\igfxsrvc.exe - (Intel Corporation)
    [Integrator] -User- C:\Program Files (x86)\Glary Utilities 5\Integrator.exe - (Glarysoft Ltd)
    [IntelMeFWService] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe - (Intel Corporation)
    [jhi_service] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe - (Intel Corporation)
    [LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - (Intel Corporation)
    [lsass] -SYSTEM- C:\windows\system32\lsass.exe - (Microsoft Corporation)
    [mbam] -User- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe - (Malwarebytes)
    [mbamscheduler] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe - (Malwarebytes)
    [mbamservice] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe - (Malwarebytes)
    [msiexec] -SYSTEM- C:\windows\system32\msiexec.exe - (Microsoft Corporation)
    [OSPPSVC] -NETWORK SERVICE- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE - (Microsoft Corporation)
    [PGService] -SYSTEM- C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe - (PointGrab LTD)
    [RAVBg64] -User- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe - (Realtek Semiconductor)
    [RAVCpl64] -User- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe - (Realtek Semiconductor)
    [RTFTrack] -User- C:\Windows\RTFTrack.exe - (Realtek semiconductor)
    [SearchIndexer] -SYSTEM- C:\windows\system32\SearchIndexer.exe - (Microsoft Corporation)
    [services] -SYSTEM- C:\Windows\System32\services.exe - (services.exe)
    [SH4SER~1] -SYSTEM- C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE - (Enigma Software Group USA, LLC.)
    [smss] -SYSTEM- C:\Windows\System32\smss.exe - (smss.exe)
    [spoolsv] -SYSTEM- C:\windows\System32\spoolsv.exe - (Microsoft Corporation)
    [SpyHunter4] -User- C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe - (Enigma Software Group USA, LLC.)
    [SynTPEnh] -User- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - (Synaptics Incorporated)
    [SynTPHelper] -User- C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE - (Synaptics Incorporated)
    [System] -N/A- - (System)
    [taskeng] -SYSTEM- C:\windows\system32\taskeng.exe - (Microsoft Corporation)
    [taskhost] -LOCAL SERVICE- C:\windows\system32\taskhost.exe - (Microsoft Corporation)
    [taskhostex] -User- C:\windows\system32\taskhostex.exe - (Microsoft Corporation)
    [utility] -User- C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe - (Lenovo(beijing) Limited)
    [VfConnectorService] -SYSTEM- C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe - ()
    [wininit] -SYSTEM- C:\windows\system32\wininit.exe - (Microsoft Corporation)
    [winlogon] -SYSTEM- C:\windows\system32\winlogon.exe - (Microsoft Corporation)
    [wmpnetwk] -NETWORK SERVICE- C:\Program Files\Windows Media Player\wmpnetwk.exe - (Microsoft Corporation)
    [WUDFHost] -LOCAL SERVICE- C:\Windows\System32\WUDFHost.exe - (Microsoft Corporation)

    ==================== IE PAGES ==================================================

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main
    Start Page = about:blank
    Local Page = C:\Windows\SysWOW64\blank.htm
    Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes
    DefaultScope = {8F292455-2BAD-4543-B91B-AB089FA2655C}

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8F292455-2BAD-4543-B91B-AB089FA2655C}
    DisplayName = Bing
    URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB

    ==================== IE PAGES x64 ==============================================

    HKLM\Software\Microsoft\Internet Explorer\Main
    Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Local Page = C:\Windows\System32\blank.htm
    Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

    HKLM\Software\Microsoft\Internet Explorer\SearchScopes
    DefaultScope = {8F292455-2BAD-4543-B91B-AB089FA2655C}

    HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{8F292455-2BAD-4543-B91B-AB089FA2655C}
    DisplayName = Bing
    URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB

    ==================== Auto Load =================================================

    HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit = C:\windows\system32\userinit.exe,
    Shell = explorer.exe

    ==================== Auto Load x64 =============================================

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit = C:\windows\system32\userinit.exe,
    Shell = explorer.exe

    ==================== Browsers present ==========================================

    Google Chrome
    IEXPLORE.EXE

    ==================== Google Chrome =============================================

    ==================== Windows Host File =========================================

    Number of lines exceeds 10

    127.0.0.1 down.baidu2016.com
    127.0.0.1 123.sogou.com
    127.0.0.1 www.czzsyzgm.com
    127.0.0.1 www.czzsyzxl.com

    ==================== BHO =======================================================

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
    HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} Default = Groove GFS Browser Helper
    => HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\InProcServer32 Default = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Default = Java(tm) Plug-In SSV Helper
    => HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32 Default = C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll

    {B4F3A835-0E21-4959-BA22-42B3008E02FF}
    HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} Default = Office Document Cache Handler
    => HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\InProcServer32 Default = C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Default = Java(tm) Plug-In 2 SSV Helper
    => HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32 Default = C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll

    ==================== BHO x64 ===================================================

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
    HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} Default = Groove GFS Browser Helper
    => HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\InProcServer32 Default = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

    {B4F3A835-0E21-4959-BA22-42B3008E02FF}
    HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} Default = Office Document Cache Handler
    => HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\InProcServer32 Default = C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL

    ==================== Auto Start Programs =======================================

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
    AvgUi = "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
    BCSSync = "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
    Malwarebytes Anti-Malware (cleanup) = "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    BtvStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

    HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
    CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    GUDelayStartup = "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
    uTorrent = "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

    ==================== Auto Start Programs x64 ===================================

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    emsisoft anti-malware = "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
    Energy Manager = C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
    HotKeysCmds = "C:\windows\system32\hkcmd.exe"
    IgfxTray = "C:\windows\system32\igfxtray.exe"
    Lenovo Utility = C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe
    Persistence = "C:\windows\system32\igfxpers.exe"
    RtHDVBg_Dolby = "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
    RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    RtsFT = RTFTrack.exe

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    BtvStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved [2 = enabled 3= disabled]
    emsisoft anti-malware = 2
    Energy Manager = 2
    HotKeysCmds = 3
    IgfxTray = 3
    Lenovo Utility = 2
    Persistence = 2
    RtHDVBg_Dolby = 2
    RtHDVCpl = 2
    RtsFT = 2
    WINCOMJQ8 = 2
    QQPCTray = 3
    AvgUi = 2
    BCSSync = 3
    mcpltui_exe = 2
    tasklist.exe -start = 3

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    GUDelayStartup = "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
    uTorrent = "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

    ==================== Extra Items IE ============================================

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

    ==================== Extra Items IE x64 ========================================

    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

    ==================== Internet Default Prefix ===================================

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    Default = http://

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes
    WWW = http://

    ==================== Internet Default Prefix x64 ===============================

    HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    Default = http://

    HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes
    WWW = http://

    ==================== Protocol Hijackers ========================================

    HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Filter\text/xml
    CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
    => SOFTWARE\Classes\\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL <= Unknown


    ==================== Protocol Hijackers x64 ====================================

    HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
    CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
    => SOFTWARE\Classes\\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\InProcServer32 @ Default = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL <= Unknown


    ==================== ShellServiceObjectDelayLoad ===============================

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


    ==================== ShellServiceObjectDelayLoad x64 =========================

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


    ==================== Extra (Torpig/ConduitSearch) ==============================

    HKCR\Directory\shellex\CopyHookHandlers\Ath_CopyHook @ Default = {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735}
    => HKCR\CLSID\{8e10a039-fe03-4f9c-b7e1-c5eeeaf53735}\InProcServer32 @ Default = C:\Program Files (x86)\Bluetooth Suite\FolderViewImpl.dll

    HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
    => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\windows\system32\shell32.dll

    HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
    => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\windows\system32\ntshrui.dll


    ==================== DRIVERS and SERVICES ======================================

    *** Win32OwnProcess ***

    SERV - R2 - [a2AntiMalware] - Emsisoft Protection Service - c:\program files\emsisoft anti-malware\a2service.exe
    SERV - R2 - [AtherosSvc] - AtherosSvc - c:\program files (x86)\bluetooth suite\adminservice.exe
    SERV - R2 - [avgsvc] - AVG Service - c:\program files (x86)\avg\framework\common\avgsvca.exe
    SERV - R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
    SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
    SERV - R2 - [Intel(R) ME Service] - Intel(R) ME Service - c:\program files (x86)\intel\intel(r) management engine components\fwservice\intelmefwservice.exe
    SERV - R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
    SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
    SERV - R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
    SERV - R2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
    SERV - R2 - [PGService] - PGService - c:\program files (x86)\lenovo\motion control\pgservice.exe
    SERV - R2 - [SpyHunter 4 Service] - SpyHunter 4 Service - c:\progra~2\enigma~1\spyhun~1\sh4ser~1.exe
    SERV - R2 - [VeriFaceSrv] - VeriFaceSrv - c:\program files (x86)\lenovo\lenovo veriface\vfconnectorservice.exe
    SERV - R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
    SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
    SERV - R2 - [ZAtheros Bt and Wlan Coex Agent] - ZAtheros Bt and Wlan Coex Agent - c:\program files (x86)\bluetooth suite\ath_coexagent.exe
    SERV - R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
    SERV - R3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
    SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
    SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
    SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
    SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
    SERV - S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
    SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
    SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
    SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
    SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
    SERV - S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe
    SERV - S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files (x86)\microsoft office\office14\groove.exe
    SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
    SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
    SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
    SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
    SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
    SERV - S3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe
    SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
    SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
    SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
    SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
    SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
    SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
    SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
    SERV - S4 - [PG_Service_Launcher] - ##ID_STRING30## - c:\program files (x86)\lenovo\motion control\pg_service_launcher.exe

    *** Win32ShareProcess ***

    SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
    SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
    SERV - S3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
    SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
    SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
    SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

    *** Others ***

    SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
    SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

    *** File System Driver ***

    DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\windows\system32\Drivers\FileInfo.sys
    DRV - R0 - [FltMgr] - FltMgr - C:\windows\system32\Drivers\FltMgr.sys
    DRV - R0 - [MBAMSwissArmy] - MBAMSwissArmy - C:\windows\system32\Drivers\MBAMSwissArmy.sys
    DRV - R0 - [Mup] - Mup - C:\windows\system32\Drivers\Mup.sys
    DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\windows\system32\Drivers\Wof.sys
    DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\windows\system32\Drivers\NetBIOS.sys
    DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\windows\system32\Drivers\srv.sys
    DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\windows\system32\Drivers\srv2.sys

    *** Kernel Driver ***

    DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\windows\system32\Drivers\ACPI.sys
    DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\windows\system32\Drivers\acpiex.sys
    DRV - R0 - [CLFS] - Common Log (CLFS) - C:\windows\system32\Drivers\CLFS.sys
    DRV - R0 - [CNG] - CNG - C:\windows\system32\Drivers\CNG.sys
    DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\windows\system32\Drivers\disk.sys
    DRV - R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\windows\system32\Drivers\EhStorClass.sys
    DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\windows\system32\Drivers\fvevol.sys
    DRV - R0 - [iaStorA] - iaStorA - C:\windows\system32\Drivers\iaStorA.sys
    DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\windows\system32\Drivers\intelpep.sys
    DRV - R0 - [KSecDD] - KSecDD - C:\windows\system32\Drivers\KSecDD.sys
    DRV - R0 - [KSecPkg] - KSecPkg - C:\windows\system32\Drivers\KSecPkg.sys
    DRV - R0 - [mountmgr] - Mount Point Manager - C:\windows\system32\Drivers\mountmgr.sys
    DRV - R0 - [msisadrv] - msisadrv - C:\windows\system32\Drivers\msisadrv.sys
    DRV - R0 - [NDIS] - NDIS System Driver - C:\windows\system32\Drivers\NDIS.sys
    DRV - R0 - [partmgr] - Partition Manager - C:\windows\system32\Drivers\partmgr.sys
    DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\windows\system32\Drivers\pci.sys
    DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\windows\system32\Drivers\pcw.sys
    DRV - R0 - [pdc] - pdc - C:\windows\system32\Drivers\pdc.sys
    DRV - R0 - [rdyboost] - ReadyBoost - C:\windows\system32\Drivers\rdyboost.sys
    DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\windows\system32\Drivers\spaceport.sys
    DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\windows\system32\Drivers\Tcpip.sys
    DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\windows\system32\Drivers\vdrvroot.sys
    DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\windows\system32\Drivers\volmgr.sys
    DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\windows\system32\Drivers\volmgrx.sys
    DRV - R0 - [volsnap] - Opslagvolumes - C:\windows\system32\Drivers\volsnap.sys
    DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\windows\system32\Drivers\Wdf01000.sys
    DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\windows\system32\Drivers\WFPLWFS.sys
    DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\windows\system32\Drivers\AFD.sys
    DRV - R1 - [Beep] - Beep - C:\windows\system32\Drivers\Beep.sys
    DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\windows\system32\Drivers\tdx.sys
    DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\windows\system32\Drivers\tcpipreg.sys
    DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\windows\system32\Drivers\hwpolicy.sys
    DRV - S3 - [atapi] - IDE-kanaal - C:\windows\system32\Drivers\atapi.sys

    ==================== SvcHost - White Listed ====================================

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\[email protected]
    KuaizipUpdateChecker = ServiceDll = C:\Program Files\¿ìѹ\X86\kuaizipUpdateChecker.dll [1bb93021b6233015bbf6dcaa396e9b69]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\[email protected]
    SDDUpdate = ServiceDll = C:\Users\User\AppData\Roaming\SNDA\SDUpdate\SDDUpdateSvc.dll [e4dbd8dbbdb5c5a2e6e4fe3a47c9c76c]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\[email protected]
    ziphost = [e4dbd8dbbdb5c5a2e6e4fe3a47c9c76c]



    ==================== SvcHost x64 - White Listed ================================

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    BthHFSrv = ServiceDll = C:\windows\System32\BthHFSrv.dll [9307a4b743d277c499cda8e19e5687ac]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    DiagTrack = ServiceDll = C:\windows\system32\diagtrack.dll [21edad8188372c912b7bb9b1c6cb0d38]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    ziphost = [21edad8188372c912b7bb9b1c6cb0d38]



    ==================== SigCheck x86 Fast =========================================

    Fast Scan All ok

    ==================== SigCheck x64 Fast =========================================

    Fast Scan All ok

    ==================== Job tasks at C:\windows\Tasks =============================

    C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 1080 bytes [ 4-10-2014 14:19:12 ]

    C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 1084 bytes [ 4-10-2014 14:19:13 ]

    C:\windows\Tasks\GoogleUpdateTaskMachineUA1d045259cd1a41f.job 1084 bytes [ 10-2-2015 12:35:04 ]

    C:\windows\Tasks\SA.DAT 6 bytes [ 22-8-2013 16:45:54 ]


    ==================== Job tasks at C:\windows\system32\Tasks ====================

    C:\windows\system32\Tasks\CCleanerSkipUAC 2790 bytes [ 1-6-2016 17:19:07 ]
    => "C:\Program Files\CCleaner\CCleaner.exe"

    C:\windows\system32\Tasks\GlaryInitialize 5 3302 bytes [ 31-5-2016 18:08:50 ]
    => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe

    C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore 3820 bytes [ 4-10-2014 14:19:13 ]
    => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA 4056 bytes [ 4-10-2014 14:19:13 ]
    => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA1d045259cd1a41f 4056 bytes [ 10-2-2015 12:35:04 ]
    => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    C:\windows\system32\Tasks\GU5SkipUAC 2972 bytes [ 31-5-2016 18:08:51 ]
    => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe

    C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-278847328-4206653430-2381594855-500 3594 bytes [ 7-10-2013 20:31:12 ]

    C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3569595402-296400714-1548389596-1001 3596 bytes [ 25-9-2014 20:13:32 ]

    C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3569595402-296400714-1548389596-500 2324 bytes [ 28-12-2013 01:38:06 ]

    C:\windows\system32\Tasks\SpyHunter4Startup 3336 bytes [ 29-5-2016 01:17:59 ]
    => "C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe"

    C:\windows\system32\Tasks\Synaptics TouchPad Enhancements 2990 bytes [ 28-12-2013 02:25:53 ]
    => "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

    C:\windows\system32\Tasks\User_Feed_Synchronization-{567FD480-8517-447C-9BC2-69247981B32A} 3958 bytes [ 25-9-2014 10:16:44 ]
    => C:\windows\system32\msfeedssync.exe


    ==================== Job tasks at C:\windows\SysWOW64\Tasks ====================

    There are no .job files found.

    ==================== End scanning at do 2 jun 2016 11:29 (0 Min 39 Sec ) =======

    Comment


    • #3
      Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
      Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
      (hier en hier) kan je lezen hoe je dat doet.

      en download Zoek.exe naar het bureaublad.
      klik hier voor meer informatie over hoe zoek.exe te gebruiken)
      • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
      • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
      • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
      • Kopieer nu onderstaande code en plak die in het grote invulvenster:
      • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
        Code:
        emptyfolderscheck;delete
        torpigcheck; 
        firefoxlook; 
        Chromelook;
        services-list;  
        autoclean; 
        iedefaults;
      • Klik nu op de knop "Run script".
      • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
      • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
      • Post het geopende logje in het volgende bericht als bijlage.

      Windows 10 opstarten in Veilige Modus

      Comment


      • #4
        zoek-results.txt

        Comment


        • #5
          Gaat het al beter nu ?

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            Click image for larger version

Name:	foto chinese tekens.jpg
Views:	1
Size:	229,7 KB
ID:	1068851

            Er is veel verwijderd, maar dit staat er nig steeds na de rechtermuisklik :-)

            Comment


            • #7
              Als je met je rechtmuis erop klikt kan je de locatie vinden (Eigenschappen) met daar de naam, kan je daar ook een screenshot van maken?

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                Download de Farbar Recovery Scan Tool 32 of 64 bit van één van de onderstaande links
                Hier staat een beschrijving hoe u kunt kijken of u een 32 of 64 bit versie van Windows heeft.

                Farbar Recovery Scan Tool uitvoeren
                • Klik met de rechtermuisknop op FRST.exe en kies voor de optie "Als administrator uitvoeren".
                • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
                • Druk vervolgens op de Scan knop, er zal nu eerst een back-up van het register worden gemaakt.
                • Wanneer de scan gereed is worden er twee logbestanden aangemaakt met de naam (FRST.txt) & (Addition.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
                • Voeg beide logbestanden als bijlage toe aan het volgende bericht.

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  Oorspronkelijk geplaatst door Juisterr Bekijk Berichten
                  Als je met je rechtmuis erop klikt kan je de locatie vinden (Eigenschappen) met daar de naam, kan je daar ook een screenshot van maken?
                  nee dat lukt dus niet, vandaar alleen even de screenshot van de rechtermuisklik. Als ik namelijk op eigenschppen wil klikken, dan verdwijnt het scherm.

                  Comment


                  • #10
                    Addition.txt FRST.txt

                    Comment


                    • #11
                      Dank je, wil je nu eerst SpyHunter uninstallen aub, die kan de fix in de weg zitten. Mag niks negatiefs zeggen over spyhunter want dan krijg ik een proces aan mijn kleed.

                      Start de Farbar Recovery Scan Tool nogmaals.
                      • Download fixlist.txt uit de bijlage naar het bureaublad, waar ook FRST.exe aanwezig is.
                      • Dubbelklik op FRST.exe om de tool te starten.
                      • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
                      • Druk op de Fix knop
                      • Er zal u een logbestand aangemaakt worden (fixlog.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
                      • Voeg dit logbestand als bijlage toe aan het volgende bericht..
                      Bijgevoegde Bestanden
                      Last edited by Juisterr; 05-06-16, 11:55.

                      Windows 10 opstarten in Veilige Modus

                      Comment


                      • #12
                        Wil het lukken?

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          ik ben bezig, heb Spyhunter verwijderd. Ik heb het .txt bestand naar het bureaublad gekopieerd. De frst64.exe gestart, fixen geklikt, dan komt er te staan dat er geen fixlist gevonden is en dat het bestand in dezelfde map als FRST moet liggen

                          Comment


                          • #14
                            Fixlog.txt alsjeblieft....hoeplijk is dit gelukt zo !

                            Comment


                            • #15
                              Lijkt er wel op, heb je al herstart ? zo nee, doe dat dan even.

                              Vertel of je die chinese karakters nog terugvind.

                              Windows 10 opstarten in Veilige Modus

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X