Mededeling

**tini** · 20-11-13, 14:07

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 10.40.2
Run by Sander at 14:55:30 on 2013-11-20
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.31.1043.18.2047.792 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Users\Sander\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=74&bd=Presario&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=74&bd=Presario&pf=desktop
BHO: Adobe PDF Reader Help bij koppelingen: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [CCUTRAYICON] FactoryMode
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [Reader Application Helper] c:\program files\sony\readerdesktop\apphelper\ReaderAppHelper.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
StartupFolder: c:\users\sander\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\sander\appdata\roaming\dropbox\bin\Dropbox.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: NameServer = 213.46.228.196 62.179.104.196
TCP: Interfaces\{FFF5943F-F9D6-48B4-A7A3-DA7305ABAFB4} : DHCPNameServer = 213.46.228.196 62.179.104.196
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.1.2\ViProtocol.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-9-2 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-9-2 223032]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-8-20 102200]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-8 27448]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-9-25 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-9-2 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-9-2 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-4 37664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-7 119024]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-4 217088]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-10-3 3538480]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-25 301152]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000]
R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\common files\avg secure search\vtoolbarupdater\17.1.2\ToolbarUpdater.exe [2013-11-11 1734680]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2012-2-23 83984]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-11-20 40776]
S2 BrowserProtect;BrowserProtect;c:\programdata\browserprotect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.exe --> c:\programdata\browserprotect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [?]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
.
=============== Created Last 30 ================
.
2013-11-20 13:48:08 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-11-20 10:56:25 7772552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ab8d193e-4e08-472f-8b52-0a075092ba40}\mpengine.dll
2013-11-18 18:17:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-11-18 18:17:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-11-18 12:11:51 7796464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-11-16 10:48:56 -------- d-----w- c:\programdata\WinterSoft
2013-11-16 10:48:50 -------- d-----w- c:\program files\Sk-Enhancer
2013-11-16 10:48:44 -------- d-----w- c:\programdata\YoutubeAdblocker
2013-11-16 10:48:43 -------- d-----w- c:\program files\YoutubeAdblocker
2013-11-16 10:48:36 -------- d-----w- c:\programdata\Surf aand keeP
2013-11-16 10:48:35 -------- d-----w- c:\program files\Surf aand keeP
2013-11-16 10:48:29 -------- d-----w- c:\programdata\87f3ae21440ee2a2
2013-11-16 10:48:04 -------- d-----w- c:\programdata\InstallMate
.
==================== Find3M ====================
.
2013-11-11 12:44:25 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-10-04 12:01:51 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-04 12:01:45 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-10-04 12:01:45 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-25 18:57:14 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-09-10 20:11:44 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-08 20:12:16 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 08:39:32 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-09-02 08:28:06 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-02 08:28:04 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 08:28:00 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
.
============= FINISH: 14:57:56,27 ===============

**tini** · 20-11-13, 14:08

Malwarebytes Anti-Malware 1.75.0.1300

Cyber Security Software & Anti-Malware | Malwarebytes

https://www.malwarebytes.org

Protect your home and business PCs, Macs, iOS and Android devices from the latest cyber threats and malware, including ransomware.

Databaseversie: v2013.11.20.07

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Sander :: SANDER_RUK_BUNK [administrator]

20-11-2013 14:48:37
mbam-log-2013-11-20 (14-48-37).txt

Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 221949
Verstreken tijd: 14 minuut/minuten, 49 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)

**tini** · 20-11-13, 14:48

het GMer log lukt niet. Tijdens het scannen stopt het ermee. Blijft hangen bij: Program Files Sidebar\sidebar.exe (716) C:\Windows\system32\kernel32.dll

**Juisterr** · 20-11-13, 20:23

Download Zoek.zip naar het bureaublad.

Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
Dubbelklik vervolgens op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Kopieer nu onderstaande code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
Code:
```
torpigcheck;
emptyclsid;
emptyfolderscheck;delete
firefoxlook; 
Chromelook;  
autoclean; 
iedefaults; 
filesrcm;
```
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post het geopende logje in het volgende bericht als bijlage.

**tini** · 21-11-13, 18:21

Bedankt voor je hulp.
Het lukt helaas niet om de resultaten als bijlage hier te plaatsen. Wanneer ik gekopieerd heb en het hier wil plakken gebeurt er niets.

**tini** · 21-11-13, 18:23

zoek-results.txt

toch gelukt!

**Juisterr** · 21-11-13, 18:23

Een bijlage plakken kan ook niet, je kan de inhoud kopiëren en plakken of het hele bestand toevoegen als bijlage.

**tini** · 21-11-13, 18:53

Ik zag het al!
Hoop dat het nu goed is.

Groet Tini

**Juisterr** · 22-11-13, 11:27

Uhh nee, wat heb je precies gedaan.?

**Juisterr** · 22-11-13, 15:02

O wacht ik zie het al, je bijlage dan.

Wil je onderstaande doen aub.

Download zhpdiag.exe vanaf deze website: http://en.kioskea.net/download/download-23176-zhpdiag

(Klik bovenstaande afbeelding aan voor een vergroting!)

XP gebruikers: dubbelklik zhpdiag.exe om het te installeren.
Voor Windows Vista en hoger: rechtsklik zhpdiag.exe en kies voor "Uitvoeren als administrator".
Klik meerdere keren op "Suivant" om het installatieproces te doorlopen.
Klik op "Installer" wanneer daar om gevraagd wordt en op "Terminer" wanneer de installatie voltooid is.
Er zijn nu 2 pictogrammen op je bureaublad verschenen: ZHPDiag en ZHPFix.
Dubbelklik nu op de snelkoppeling met de naam ZHPDiag
Het startvenster verschijnt, klik nu op "Configureren".
Als de taal niet als Nederlands is ingesteld klik rechts onderaan op het icoontje met het huisje "Sélectionner une langue" en kies "Néerlandais".
Klik daarna links onderaan op het middelste icoontje(een vergrootglas en een + symbool) "Diagnosemogelijkheden".
Er wordt nu een scan van je systeem gemaakt wacht geduldig tot deze voltooid is.
Na afloop staat er een tekstbestand met de naam ZHPDiag.txt op je bureaublad, post deze in je volgende bericht.

**tini** · 22-11-13, 18:02

~ Verslag van ZHPDiag v2013.11.22.46 - Nicolas Coolman (22-11-2013)
~ Gelanceerd door Sander (22-11-2013 18:51:05)
~ Het adres van de website : http://nicolascoolman.webs.com
~ Gratis supportforum voor desinfectie : http://nicolascoolman.webs.com/apps/links/
~ Vertaald door de gebruiker
~ Staat van de versie :
~ Lijst wit : Ingeschakeld door het programma
~ Tot misbruik van bevoegdheden : OK
~ Gebruikersaccountbeheer (UAC) : Activate by user

---\\ Internet-browsers
MSIE: Internet Explorer v7.0.6000.16982
GCIE: Google Chrome v31.0.1650.57 (Defaut)

---\\ Windows productinformatie
~ Langage: Néerlandais
Windows Vista Home Premium Edition, 32-bit (Build 6000)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK

---\\ Software om het systeem te beveiligen
AVG 2014 v14.0.3629
Malwarebytes Anti-Malware versie 1.75.0.1300
Microsoft Security Client v4.0.1526.0
SUPERAntiSpyware v5.6.1018

---\\ Systeem optimalisatie software
CCleaner v4.01 =>Piriform Ltd

---\\ Delen van software PeerToPeer
Pando Media Booster v2.6.0.8
µTorrent v3.2.0 =>P2P.µTorrent

---\\ Software die extra aandacht behoeft
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.0 - Nederlands
Java 7 Update 40

---\\ Informatie over het systeem
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (35% free)
System Restore: Activé (Enable)
System drive C: has 289 GB (63%) free of 458 GB

---\\ Verbinding met het systeem-modus
~ Computer Name: SANDER_RUK_BUNK
~ User Name: Sander
~ All Users Names: Sander, IUSR_NMPR, Gast, Administrator,
~ Unselected Option: None
Logged in as Administrator

---\\ Omgevingsvariabelen
~ System Unit : C:\
~ %AppZHP% : C:\Users\Sander\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Sander\AppData\Roaming\
~ %Desktop% : C:\Users\Sander\Desktop\
~ %Favorites% : C:\Users\Sander\Favorites\
~ %LocalAppData% : C:\Users\Sander\AppData\Local\
~ %StartMenu% : C:\Users\Sander\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\System32\

---\\ Overzicht vaste en verwisselbare stations
C: Hard drive, Flash drive, Thumb drive (Free 289 Go of 458 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 7 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)

---\\ Staat van het Windows Beveiligingscentrum
~ Security Center: 46 Legitimates Filtered in 00mn 00s

---\\ Zoeken naar bepaalde algemene bestanden
[MD5.37440D09DEAE0B672A04DCCF7ABF06BE] - (.Microsoft Corporation - Windows Verkenner.) (.2-7-2012 - 18:26:53.) -- C:\WINDOWS\Explorer.exe [2923520]
[MD5.D4385B03E8CCCEE6F0EE249F827C1F3E] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.2-11-2006 - 10:45:57.) -- C:\WINDOWS\System32\Wininit.exe [95744]
[MD5.C7A318E74FEF945EBFF855C1513CD96C] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.2-7-2012 - 18:57:51.) -- C:\WINDOWS\System32\wininet.dll [832512]
[MD5.9F75392B9128A91ABAFB044EA350BAAD] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.2-11-2006 - 10:45:57.) -- C:\WINDOWS\System32\Winlogon.exe [308224]
[MD5.5D24CAF8EFD924A875698FF28384DB8B] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2-11-2006 - 9:58:43.) -- C:\WINDOWS\system32\Drivers\AFD.sys [270336]
[MD5.B35CFCEF838382AB6490B321C87EDF17] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2-7-2012 - 18:27:33.) -- C:\WINDOWS\system32\Drivers\atapi.sys [21560]
[MD5.6C3A437FC873C6F6A4FC620B6888CB86] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2-11-2006 - 9:30:50.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [70144]
[MD5.8D1866E61AF096AE8B582454F5E4D303] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2-11-2006 - 9:51:44.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [67072]
[MD5.A7179DE59AE269AB70345527894CCD7C] - (.Microsoft Corporation - DFS Client MUP Surrogate Driver.) (.2-11-2006 - 9:31:04.) -- C:\WINDOWS\system32\Drivers\DfsC.sys [74752]
[MD5.0DB613A7E427B5663563677796FD5258] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11-9-2007 - 23:39:32.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [53760]
[MD5.1C9EE072BAA3ABB460B91D7EE9152660] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.2-7-2012 - 18:18:25.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54784]
[MD5.10077C35845101548037DF04FD1A420B] - (.Microsoft Corporation - IP Network Address Translator.) (.2-11-2006 - 9:58:09.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [99840]
[MD5.8AF705CE1BB907932157FAB821170F27] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2-7-2012 - 18:46:27.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [102400]
[MD5.E3A168912E7EEFC3BD3B814720D68B41] - (.Microsoft Corporation - MBT Transport driver.) (.2-11-2006 - 9:57:20.) -- C:\WINDOWS\system32\Drivers\netBT.sys [184320]
[MD5.37430AA7A66D7A63407ADC2C0D05E9F6] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.2-7-2012 - 18:40:46.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [1060920]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.2-11-2006 - 9:51:30.) -- C:\WINDOWS\system32\Drivers\Parport.sys [79360]
[MD5.68B0019FEE429EC49D29017AF937E482] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11-9-2007 - 23:28:28.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [74752]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2-11-2006 - 10:03:00.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [242688]
[MD5.AC0D90738ADB51A6FD12FF00874A2162] - (.Microsoft Corporation - SMB Transport driver.) (.2-11-2006 - 9:57:10.) -- C:\WINDOWS\system32\Drivers\smb.sys [66048]
[MD5.AB4FDE8AF4A0270A46A001C08CBCE1C2] - (.Microsoft Corporation - TDI Translation Driver.) (.2-11-2006 - 9:57:35.) -- C:\WINDOWS\system32\Drivers\tdx.sys [68096]
[MD5.80DC0C9BCB579ED9815001A4D37CBFD5] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.2-7-2012 - 18:27:31.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [211000]
~ Generic Processes: Scanned in 00mn 00s

---\\ Status van de verborgen bestanden (verborgen/totaal)
~ Mes images (My Pictures) : 1/3
~ Mes musiques (My Musics) : 1/3
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/27
~ Mes Documents (My Documents) : 1/31
~ Mon Bureau (My Desktop) : 1/15306
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 15s

---\\ Gestarte processen
[MD5.9A4322EE420D6FACD4D4B1FF6CB856B1] - (.Hewlett-Packard Company - hpsysdrv.) -- C:\hp\support\hpsysdrv.exe [65536] [PID.3916]
[MD5.B1361669BDC6ED612C35B7C67ADA2240] - (.OsdMaestro - OsdMaestro main program.) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784] [PID.3996]
[MD5.A659F31AC25418738351E5BDF4C85780] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\WINDOWS\RtHDVCpl.exe [4669440] [PID.4004]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.1656]
[MD5.38392CC7CDCA0C2C247B0B279EC2FCE3] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe [4908592] [PID.504]
[MD5.689C6EA7A17B3AE0F2A0151465EF311E] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Windows\system32\jusched.exe [132760] [PID.436]
[MD5.8F9B9F6623F888AF8A9FD922985FECE0] - (.Sony Corporation - Reader Application Helper.) -- C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400] [PID.2216]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.436]
[MD5.BC121F6E4432CBB79129201C191674AD] - (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.exe [5717272] [PID.528]
[MD5.4B9949208944C50B1A16FD1F05ED0A04] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [299008] [PID.2532]
[MD5.2E0953919779A44BF9DFB7B07C58535A] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe [125440] [PID.1092]
[MD5.EB46B8E56C1B6C73C4251EED5F0E6DD6] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Sander\AppData\Roaming\Dropbox\bin\Dropbox.exe [27370808] [PID.2832]
[MD5.693E4C15CEE5D6487D7913A2701B5E40] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.3504]
[MD5.A9950F1C63BA70151803C6F24CEE23F3] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [299008] [PID.6092]
[MD5.7CAC10A1C258DFCB5ADE563BAE6D2F15] - (.Hewlett-Packard Company - KBD EXE.) -- C:\hp\kbd\kbd.exe [67128] [PID.4972]
[MD5.FF81090B6EF1A42A19DF226632711D25] - (.Microsoft Corporation - Windows Update Automatic Updates.) -- C:\Windows\system32\wuauclt.exe [41472] [PID.5396]
[MD5.BB7245420097B251D1271F5B6F0C9F02] - (.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe [802136] [PID.4696] =>P2P.BitTorrent
[MD5.636D97B3BAF854511FF3F4093E895FED] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [863184] [PID.3960]
[MD5.06BC146E6C2E881A7235A142BA877B82] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8262144] [PID.1664]
[MD5.05CB3DA78A4BBD9B799A5957F9D101CC] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [68608] [PID.3844]
[MD5.24516BF4E12A46CB67302E2CDCB8CDDF] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [11552] [PID.996]
[MD5.C4232FADFA9691B85DDA0A7B636C5F6D] - (.AMD - AMD External Events Service Module.) -- C:\Windows\system32\atiesrxx.exe [217088] [PID.1120]
[MD5.A1DCD30534835CB67733AD00175125A6] - (.Microsoft Corporation - Microsoft Software Licensing Service.) -- C:\Windows\system32\SLsvc.exe [2605568] [PID.1336]
[MD5.1A89003CE7A4333C9630BB717F59C419] - (.AMD - AMD External Events Client Module.) -- C:\Windows\system32\atieclxx.exe [453632] [PID.1460]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648] [PID.1296]
[MD5.CF7B0E597C1F34E528285495721DEEE9] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe [237960] [PID.2224]
[MD5.44C85670246E4183650EF0E664346DDC] - (.SUPERAntiSpyware.com - Core Service.) -- C:\Program Files\SUPERAntiSpyware\SASCORE.exe [119024] [PID.2284]
[MD5.332AEB8F6F9595C8886A7AA7A62322DC] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480] [PID.2324]
[MD5.07646F5F37F18F1F978CE3B0378EF1C9] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152] [PID.2336]
[MD5.A0B584C33F55545D56F9E71FB4E203AC] - (.No owner - DQLWinSe Application.) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896] [PID.2412]
[MD5.F34B35F6F74E28A460749DA11D1117F8] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe [79136] [PID.2540]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.2584]
[MD5.0CA67D54C4BEACA886293441F5722683] - (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe [895024] [PID.2180]
[MD5.57AFA3E42844BA35B763E4F4DD73A2EC] - (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe [669232] [PID.2844]
[MD5.2EE572A077AC7D6203B48EF97E42A116] - (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Service.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe [728624] [PID.4056]
[MD5.17D85A816D56026E2E81F63229087992] - (.AVG Technologies CZ, s.r.o. - AVG Scanning Core Module - Server Part.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe [588336] [PID.3752]
[MD5.E48B80F6614D4BEFA7768B960FFEF514] - (.Hewlett-Packard - HP Health Check Service.) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [61440] [PID.5712]
[MD5.C9BE08664611DDAF98E2331E9288B00B] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [46104] [PID.5368]
[MD5.34E388A395FEDBA1D0511ED39BBF4074] - (.Microsoft Corporation - Installatieprogramma voor Windows-modules.) -- C:\Windows\servicing\TrustedInstaller.exe [27136] [PID.472]
~ Processes Running: Scanned in 00mn 04s

---\\ Google Chrome, start, zoeken, extensies (G0, G1, G2)
C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Winkel v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
~ Google Browser: 13 Legitimates Filtered in 00mn 00s

---\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3)
C:\Users\Sander\AppData\Roaming\Mozilla\Firefox\Profiles\uhimnetv.default\prefs.js (.not file.)
C:\Users\Sander\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\prefs.js
M3 - MFPP: Plugins - [Sander] -- C:\Program Files\Mozilla FireFox\searchplugins\bolcom-nl.xml
M3 - MFPP: Plugins - [Sander] -- C:\Program Files\Mozilla FireFox\searchplugins\marktplaats-nl.xml
M3 - MFPP: Plugins - [Sander] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-nl.xml
P2 - FPN: [HKLM] [@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin] - (...) -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\npsitesafety.dll (.not file.) =>Toolbar.AVGSearch
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, start, zoeken, URLSearchHook, Phishing (R0, R1, R3, R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
~ IE Browser: 8 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, proxybeheer (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s

---\\ Hosts-bestand omleiding (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20

---\\ Internet Explorer werkbalken (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Orphan sleutel
~ Toolbar: Scanned in 00mn 00s

---\\ Andere Verwijzigingen gebruikers (O4)
O4 - GS\Desktop [Public]: Aangifte inkomstenbelasting 2011.lnk . (.Belastingdienst - Aangifte inkomstenbelasting 2011.) -- C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2011\ib2011.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Public]: Reader for PC.lnk . (.Sony Corporation - Reader for PC.) -- C:\Program Files\Sony\ReaderDesktop\Reader.exe
O4 - GS\Desktop [Public]: SUPERAntiSpyware Free Edition.lnk . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Public]: eBay.nl.lnk . (...) -- C:\Program Files\Online Services\eBay\WizLink.exe =>Toolbar.eBay
O4 - GS\QuickLaunch [Sander]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Sander]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Sander]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Sander]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Sander]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Sander]: Aangifte inkomstenbelasting 2012.lnk . (.Belastingdienst - Aangifte inkomstenbelasting 2012.) -- C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2012\ib2012.exe
O4 - GS\Desktop [Sander]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Sander\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - GS\Desktop [Sander]: Mijn tegoed en verbruik -Mijn tegoed en verbruik - My Vodafone.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
~ Global Startup: 75 Legitimates Filtered in 00mn 02s

---\\ Toepassingen gestart door register & bestand (O4)
O4 - GS\Startup [Sander]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Sander\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] . (...) -- C:\HP\KBD\KbdStub.exe
O4 - HKLM\..\Run: [OsdMaestro] . (.OsdMaestro - OsdMaestro main program.) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\WINDOWS\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [CCUTRAYICON] Orphan sleutel
O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Windows\system32\jureg.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe
O4 - HKLM\..\Run: [Reader Application Helper] . (.Sony Corporation - Reader Application Helper.) -- C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe (.not file.)
O4 - HKLM\..\RunOnce: [Launcher] . (.soft thinks - Launcher.) -- C:\WINDOWS\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] Orphan sleutel
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Toepassing voor configuratie van Windows Me.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Orphan sleutel
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Orphan sleutel
O4 - HKUS\S-1-5-21-2012606317-3493631527-116812167-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2012606317-3493631527-116812167-1001\..\Run: [WindowsWelcomeCenter] Orphan sleutel
O4 - HKUS\S-1-5-21-2012606317-3493631527-116812167-1001\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Toepassing voor configuratie van Windows Me.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2012606317-3493631527-116812167-1001\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-2012606317-3493631527-116812167-1001\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
~ Application: Scanned in 00mn 00s

---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Domeinadres van de DNS (O17) wijzigen
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFF5943F-F9D6-48B4-A7A3-DA7305ABAFB4}: DhcpNameServer = 213.46.228.196 62.179.104.196
O17 - HKLM\System\CS1\Services\Tcpip\..\{FFF5943F-F9D6-48B4-A7A3-DA7305ABAFB4}: DhcpNameServer = 213.46.228.196 62.179.104.196
O17 - HKLM\System\CS2\Services\Tcpip\..\{FFF5943F-F9D6-48B4-A7A3-DA7305ABAFB4}: DhcpNameServer = 213.46.228.196 62.179.104.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.228.196 62.179.104.196
~ Domain: Scanned in 00mn 00s

---\\ Aanvullend Protocol (O18)
O18 - Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} . (...) -- C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll =>Toolbar.AVGSearch
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32-extensies voor Win32.) -- C:\Windows\system32\urlmon.dll
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Registersleutel autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browserbibliotheek met gebruikersinte.) -- C:\WINDOWS\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s

---\\ Lijst van niet-Microsoft NT services die niet uitgeschakeld zijn (O23)
O23 - Service: DQLWinService (DQLWinService) . (.No owner - DQLWinSe Application.) - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Skype C2C Service (Skype C2C Service) . (.Skype Technologies S.A. - Skype C2C Service.) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
~ Services: 10 Legitimates Filtered in 00mn 04s

---\\ Geïnstalleerde software (O42)
O42 - Logiciel: Aangifte inkomstenbelasting 2011 - (.Belastingdienst.) [HKLM] -- Aangifte inkomstenbelasting 2011
O42 - Logiciel: Aangifte inkomstenbelasting 2012 - (.Belastingdienst.) [HKLM] -- Aangifte inkomstenbelasting 2012
~ Logic: 85 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\DM]
[HKCU\Software\Pando Networks]
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Pando Networks]
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
~ Key Software: 142 Legitimates Filtered in 00mn 00s

---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 3-3-2013 - 13:08:44 - [16,635] ----D C:\Program Files\Belastingdienst
O43 - CFD: 9-7-2012 - 10:47:21 - [7,186] ----D C:\Program Files\Pando Networks
O43 - CFD: 20-11-2013 - 20:39:03 - [0] ----D C:\ProgramData\CDB
O43 - CFD: 11-5-2013 - 14:10:11 - [0] ----D C:\ProgramData\䈨õ㻘õ0
O43 - CFD: 13-5-2013 - 12:23:56 - [0] ----D C:\ProgramData\䈨ģ㻘ģ0
O43 - CFD: 11-5-2013 - 17:32:23 - [0] ----D C:\ProgramData\䈨Ų㻘Ų0
O43 - CFD: 31-5-2013 - 15:50:22 - [0] ----D C:\Users\Sander\AppData\Roaming\Belastingdienst
~ Program Folder: 169 Legitimates Filtered in 00mn 23s

---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44)
O44 - LFC:[MD5.11F91B14F3DABD94A1F98FED8996D4CB] - 20-11-2013 - 20:40:49 ---A- . (...) -- C:\WINDOWS\Reimage.ini [162] =>Rogue.ReimageRepair
O44 - LFC:[MD5.02940D6C7722E91342A32CFF5C60F4E4] - 21-11-2013 - 18:42:29 ---A- . (...) -- C:\WINDOWS\zoek-delete.exe [24064]
O44 - LFC:[MD5.F470468610D0616AF45D6024D782E7CE] - 21-11-2013 - 19:13:58 ---A- . (...) -- C:\zoek-results.log [24445]
~ Files: 14 Legitimates Filtered in 00mn 08s

---\\ Laatste bestanden die zijn gemaakt in Windows Prefetcher (O45)
O45 - LFCP:[MD5.7ACB01A76ED2E12DBC221D37E067CC72] - 21-11-2013 - 18:42:31 ---A- - C:\WINDOWS\Prefetch\PEVZ.EXE-D4924192.pf
O45 - LFCP:[MD5.1C7D9BCEACE63521B427819A54968F4C] - 21-11-2013 - 18:42:34 ---A- - C:\WINDOWS\Prefetch\WGET.EXE-D94FAF88.pf
O45 - LFCP:[MD5.1C52A01ECE5DE13445314173C6C51F42] - 21-11-2013 - 18:42:38 ---A- - C:\WINDOWS\Prefetch\ZOEK.EXE-59B7FFC1.pf
O45 - LFCP:[MD5.41269C0760077CFE115813E8DEF8B02A] - 21-11-2013 - 18:51:48 ---A- - C:\WINDOWS\Prefetch\SWXCACLS.EXE-2CF0AADD.pf
O45 - LFCP:[MD5.962D3FBF8D00F0053F78163521682A1C] - 21-11-2013 - 18:55:30 ---A- - C:\WINDOWS\Prefetch\SORT.EXE-CDAF7663.pf
O45 - LFCP:[MD5.E43756D350BFDBA740CAB0E193CD62F4] - 21-11-2013 - 18:55:32 ---A- - C:\WINDOWS\Prefetch\PEVZ.EXE-296AB44E.pf
O45 - LFCP:[MD5.A9C9D4586C477060B5EBBECC7278EDA7] - 21-11-2013 - 18:56:38 ---A- - C:\WINDOWS\Prefetch\MORE.COM-9B8170C3.pf
O45 - LFCP:[MD5.67242DAD022BCC8277F30A6597E2223E] - 21-11-2013 - 18:56:45 ---A- - C:\WINDOWS\Prefetch\XCOPY.EXE-8E0707F2.pf
O45 - LFCP:[MD5.3FAE629780C598EF5FA2D5F6371E45AD] - 21-11-2013 - 18:57:17 ---A- - C:\WINDOWS\Prefetch\FIND.EXE-162DFE58.pf
O45 - LFCP:[MD5.CADE4FAD70B0EA98AC8A1DAB5D6A065C] - 21-11-2013 - 18:57:29 ---A- - C:\WINDOWS\Prefetch\REMOVE.EXE-64785CE3.pf
O45 - LFCP:[MD5.58E30FC58A26C89E1F66E2CAAE44C273] - 21-11-2013 - 19:09:38 ---A- - C:\WINDOWS\Prefetch\WLRMDR.EXE-DDA57653.pf
O45 - LFCP:[MD5.3E859F9BEAC65392B45D2A8C832E97AF] - 21-11-2013 - 19:14:02 ---A- - C:\WINDOWS\Prefetch\REMIND.EXE-058BA002.pf
~ Prefetcher: 102 Legitimates Filtered in 00mn 02s

---\\ Activiteiten en functies bij het opstarten van Windows Verkenner (O46)
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Controle van veilige Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\WINDOWS\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\WINDOWS\System32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s

---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s

---\\ Overzicht van de drivers (SDL) (O58)
O58 - SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] - 2-11-2006 - 10:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\WINDOWS\System32\Drivers\elxstor.sys [316520]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2-11-2006 - 8:09:42 ---A- . (...) -- C:\WINDOWS\System32\ANSI.SYS [9029]
~ Drivers: 17 Legitimates Filtered in 00mn 01s

---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61)
O61 - LFC: 20-11-2013 - 18:52:50 ---A- . (...) -- C:\Users\Sander\AppData\Local\Avg2014\log\avgcore.log.1 [131443]
O61 - LFC: 20-11-2013 - 18:52:50 ---A- . (...) -- C:\Users\Sander\AppData\Local\Avg2014\log\avgdecider.log.2 [65583]
O61 - LFC: 20-11-2013 - 18:52:50 ---A- . (...) -- C:\Users\Sander\AppData\Local\Avg2014\log\avgui.log.1 [131133]
O61 - LFC: 20-11-2013 - 18:53:19 ---A- . (...) -- C:\Users\Sander\defogger_reenable [0]
O61 - LFC: 20-11-2013 - 18:53:28 ---A- . (...) -- C:\Users\Sander\Downloads\adwcleaner (1).exe [1085542]
O61 - LFC: 20-11-2013 - 18:53:30 ---A- . (...) -- C:\Users\Sander\Downloads\adwcleaner.exe [1085542]
O61 - LFC: 20-11-2013 - 18:53:40 ---A- . (...) -- C:\Users\Sander\Downloads\Defogger (1).exe [50477]
O61 - LFC: 20-11-2013 - 18:53:40 ---A- . (...) -- C:\Users\Sander\Downloads\Defogger.exe [50477]
O61 - LFC: 20-11-2013 - 18:55:59 ---A- . (...) -- C:\Users\Sander\Downloads\f6xiw68v.exe [377856]
O61 - LFC: 20-11-2013 - 18:56:25 ---A- . (.Reimage®.) -- C:\Users\Sander\Downloads\ReimageRepair.exe [767752] =>Rogue.ReimageRepair
O61 - LFC: 20-11-2013 - 18:58:05 ---A- . (...) -- C:\Users\Sander\Downloads\ujz40puh.exe [377856]
O61 - LFC: 20-11-2013 - 18:58:08 ---A- . (...) -- C:\Users\Sander\Downloads\wuwdd63i.exe [377856]
O61 - LFC: 20-11-2013 - 18:58:08 ---A- . (...) -- C:\Users\Sander\Downloads\wvq124w1.exe [377856]
O61 - LFC: 20-11-2013 - 18:58:10 ---A- . (...) -- C:\Users\Sander\Downloads\yet_another_cleaner.exe [903832]
O61 - LFC: 21-11-2013 - 18:58:11 ---A- . (...) -- C:\Users\Sander\Downloads\zoek (1).rar [4182609]
O61 - LFC: 21-11-2013 - 18:58:11 ---A- . (...) -- C:\Users\Sander\Downloads\zoek (1).zip [4044244]
O61 - LFC: 21-11-2013 - 18:58:11 ---A- . (...) -- C:\Users\Sander\Downloads\zoek-results (1).txt [24445]
O61 - LFC: 21-11-2013 - 18:58:11 ---A- . (...) -- C:\Users\Sander\Downloads\zoek-results.txt [24445]
O61 - LFC: 21-11-2013 - 18:58:11 ---A- . (...) -- C:\Users\Sander\Downloads\zoek.rar [4182609]
O61 - LFC: 21-11-2013 - 18:58:11 ---A- . (...) -- C:\Users\Sander\Downloads\zoek.zip [4044244]
O61 - LFC: 22-11-2013 - 18:52:50 ---A- . (...) -- C:\Users\Sander\AppData\Local\Avg2014\log\avgdecider.log.1 [65583]
O61 - LFC: 22-11-2013 - 18:52:53 ---A- . (...) -- C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [266033]
O61 - LFC: 22-11-2013 - 18:53:04 ---A- . (...) -- C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Local State [46837]
O61 - LFC: 22-11-2013 - 18:53:19 ---A- . (...) -- C:\Users\Sander\AppData\Roaming\ZHP\Log.txt [16997] =>.Nicolas Coolman
O61 - LFC: 22-11-2013 - 18:53:19 ---A- . (...) -- C:\Users\Sander\AppData\Roaming\ZHP\TestsZHPDiag.txt [2835] =>.Nicolas Coolman
~ 103 Fichiers temporaires (Temporary files)
~ Files: 579 Legitimates Filtered in 05mn 26s

---\\ Lijst van cleaning tools (CLAB) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Bestandsassociaties mogelijk aangepast (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Startmenu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files\google\chrome\application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Zoek "infecties in internetbrowsers (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s

---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84)
[MD5.0A528D0B7CA583BEED5CE0B1BF7D885B] [SPRF][4-7-2012] (...) -- C:\Users\Sander\AppData\Local\d3d8caps.dat [552]
[MD5.306AED3CCBF2EFB5A2E9E75C316005B1] [SPRF][18-11-2013] (...) -- C:\Users\Sander\AppData\Local\d3d9caps.dat [1356]
[MD5.1FFB2EBE1F95C5E5AEC1512EA686049C] [SPRF][21-8-2012] (...) -- C:\Users\Sander\AppData\LocalLow\dt.dat [27520]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][8-7-2012] (...) -- C:\Users\Sander\AppData\Roaming\wklnhst.dat [0]
[MD5.BA39D5DEF71D5193ADE6BFB24672A487] [SPRF][23-8-2012] (...) -- C:\Users\Sander\Desktop\vlc-2.0.3-win32.exe [22617148]
~ Files: 5 Legitimates Filtered in 00mn 00s

---\\ Microsoft Installer-bestanden (WIS) (NTFS) (O93)
[MD5.33A86C97F550D794871AF14C1375B0B3] [WIS][16-7-2012] (.Husdawg, LLC - System Requirements Lab CYRI.) -- C:\Windows\Installer\282030e.msi [30720]
~ WIS: 79 Legitimates Filtered in 00mn 05s

---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt)
SR - | Auto 7-5-2013 119024 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SS - | Demand 11-9-2006 188416 | (AlertService) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
SR - | Auto 4-7-2012 217088 | (AMD External Events Utility) . (.AMD.) - C:\WINDOWS\System32\atiesrxx.exe
SR - | Auto 3-10-2013 3538480 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgidsagent.exe
SR - | Auto 25-9-2013 301152 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 3-9-2006 208896 | (DQLWinService) . (...) - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
SS - | Auto 21-1-2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 21-1-2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 24-5-2007 61440 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SS - | Demand 22-10-2004 73728 | (IDriverT) . (.Macrovision Corporation.) - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Auto 10-5-2006 29696 | (IntelDHSvcConf) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
SS - | Demand 11-9-2006 75264 | (ISSM) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
SR - | Auto 25-7-2007 79136 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 31-8-2006 26624 | (M1 Server) . (...) - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
SS - | Demand 11-9-2006 167936 | (MCLServiceATL) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
SR - | Auto 26-3-2012 11552 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SS - | Demand 11-9-2006 544256 | (Remote UI Service) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
SS - | Demand 11-5-2007 887544 | (RoxMediaDB9) . (.Sonic Solutions.) - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
SR - | Auto 2-10-2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Demand 23-5-2013 73728 | (Sony SCSI Helper Service) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
SS - | Demand 3-5-2007 74656 | (stllssvr) . (.MicroVision Development, Inc..) - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
SS - | Auto 2-11-2006 22016 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 2-11-2006 22016 | C:\WINDOWS\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
~ Services: Scanned in 00mn 07s

---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s

---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80)
Written by ad13, http://ad13.geekstog
Run by Sander at 22-11-2013 18:59:21

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s

---\\ Extra scan (O88)
Database Version : 12996 - (22-11-2013)
Clés trouvées (Keys found) : 28
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\S] =>Toolbar.Agent
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch
[HKCU\Software\DM] =>PUP.BearShare
[HKCU\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard
[HKLM\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}] =>Toolbar.AVGSearch
C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent^
C:\WINDOWS\Reimage.ini =>Rogue.ReimageRepair
~ Additionnel Scan: 233909 Items scanned in 00mn 26s

---\\ Samenvatting van detecties gevonden op uw werkstation
~ http://nicolascoolman.webs.com/apps/...-reimagerepair =>Rogue.ReimageRepair
~ http://nicolascoolman.webs.com/apps/...-toparcadehits =>PUP.ToparcadeHits
~ http://nicolascoolman.webs.com/apps/...oolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/...-pup-bearshare =>PUP.BearShare
~ MSI: 4 link(s) detected in 00mn 26s

~ 1678 Legitimates filtered by white list
End of the scan (559 lines in 08mn 42s)(0)

**Juisterr** · 22-11-13, 20:09

Start ZHPFix opnieuw.

Kopieer de tekst in het code-veld volledig:

Code:

Script ZHPFix 
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Orphan sleutel
O4 - HKLM\..\Run: [CCUTRAYICON] Orphan sleutel 
O4 - HKLM\..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe (.not file.) 
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Orphan sleutel 
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Orphan sleutel 
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\S] =>Toolbar.Agent
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch
[HKCU\Software\DM] =>PUP.BearShare
[HKCU\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard
[HKLM\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}] =>Toolbar.AVGSearch
C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent^
C:\WINDOWS\Reimage.ini =>Rogue.ReimageRepair
shortcutfix
emptytemp
emptyflash
emptyjava

Dubbelklik de snelkoppeling: ZHPFix
Druk op de button "Import"
Druk daarna onderaan op de knop "Go".
De fix zal beginnen post het resultaat ZPHFix[r2].txt

**tini** · 23-11-13, 09:07

Bedankt voor je hulp, ik ben er erg blij mee! Ik ben nu op mijn werk, dus kan even niets doen. Kan het zijn dat het virus al van mijn computer af is? Gisteravond had ik nl nergens last van. Zag geen reclame meer voorbij komen en werd ook niet ook niet meer uitgenodigd om te gaan pokeren....

**tini** · 23-11-13, 15:21

Rapport de ZHPFix 2013.11.19.7 par Nicolas Coolman, Update du 19/11/2013
Fichier d'export Registre :
Run by Sander at 23-11-2013 16:20:23
High Elevated Privileges : OK
Windows Vista Home Premium Edition, 32-bit (Build 6000)

Prullenbak geleegd (Geannuleerd door gebruiker)
Reparatie van browser snelkoppelingen

========== Procesgeheugen ==========
HIERMEE VERWIJDERT U Reboot: Memory Process: C:\Program Files\uTorrent\uTorrent.exe

========== Registersleutels ==========
HIERMEE VERWIJDERT U: [HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
HIERMEE VERWIJDERT U: HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
HIERMEE VERWIJDERT U: HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
HIERMEE VERWIJDERT U: HKLM\Software\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
HIERMEE VERWIJDERT U: HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
HIERMEE VERWIJDERT U: HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
HIERMEE VERWIJDERT U: HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
HIERMEE VERWIJDERT U: HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
HIERMEE VERWIJDERT U: HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
HIERMEE VERWIJDERT U: HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
HIERMEE VERWIJDERT U: HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
HIERMEE VERWIJDERT U: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
HIERMEE VERWIJDERT U: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
HIERMEE VERWIJDERT U: HKLM\Software\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
HIERMEE VERWIJDERT U: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
HIERMEE VERWIJDERT U: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
HIERMEE VERWIJDERT U: HKLM\Software\Classes\AppID\ScriptHelper.EXE
HIERMEE VERWIJDERT U: HKLM\Software\Classes\S
HIERMEE VERWIJDERT U: HKLM\Software\Classes\ScriptHelper.ScriptHelperApi
HIERMEE VERWIJDERT U: HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1
HIERMEE VERWIJDERT U: HKLM\Software\Classes\ViProtocol.ViProtocolOLE
HIERMEE VERWIJDERT U: HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1
HIERMEE VERWIJDERT U: HKCU\Software\DM
HIERMEE VERWIJDERT U: HKCU\Software\AVG SafeGuard toolbar
HIERMEE VERWIJDERT U: HKLM\Software\AVG SafeGuard toolbar
HIERMEE VERWIJDERT U: HKCU\Software\Reimage
HIERMEE VERWIJDERT U: HKLM\Software\Reimage
HIERMEE VERWIJDERT U: HKLM\Software\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

========== De registerwaarden ==========
HIERMEE VERWIJDERT U: URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HIERMEE VERWIJDERT U: Toolbar: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
HIERMEE VERWIJDERT U RunValue: CCUTRAYICON
HIERMEE VERWIJDERT U RunValue: vProt
HIERMEE VERWIJDERT U RunValue: WindowsWelcomeCenter

========== Mappen ==========
Verwijderen tijdelijke Windows (145)
Hiermee verwijdert u Flash Cookies (1)

========== Bestanden ==========
HIERMEE VERWIJDERT U: C:\WINDOWS\Reimage.ini
Verwijderen tijdelijke Windows (114) (1.073.217 octets)
Hiermee verwijdert u Flash Cookies (0) (0 octets)

========== Andere ==========
NIET-VERDRAG emptyjava

========== Samenvatting ==========
1 : Procesgeheugen
28 : Registersleutels
5 : De registerwaarden
2 : Mappen
3 : Bestanden
1 : Andere

End of clean in 00mn 05s

========== Pad naar bestand verslag ==========
C:\Users\Sander\AppData\Roaming\ZHP\ZHPFix[R1].txt - 23-11-2013 16:20:26 [3757]

Mededeling

virus rvzr a-akamaihd

virus rvzr a-akamaihd

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment