Mededeling

Collapse
No announcement yet.

virus rvzr a-akamaihd

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • virus rvzr a-akamaihd

    Goedemiddag.
    Ik heb een erg vervelend virus op mijn computer. (vista) Wanneer ik pagina's bezoek, komt er voortdurend een andere site tevoorschijn genaamd rvzr a-akamaihd enz. AMB al gedraaid en Superantispyware maar zonder succes. Is er iemand in de gelegenheid om mij even te helpen hiermee?

    Vriendelijke groet Tini

  • #2
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 10.40.2
    Run by Sander at 14:55:30 on 2013-11-20
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.31.1043.18.2047.792 [GMT 1:00]
    .
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Users\Sander\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\SearchProtocolHost.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.nl/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=74&bd=Presario&pf=desktop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=74&bd=Presario&pf=desktop
    BHO: Adobe PDF Reader Help bij koppelingen: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] c:\hp\kbd\KbdStub.EXE
    mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [CCUTRAYICON] FactoryMode
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
    mRun: [Reader Application Helper] c:\program files\sony\readerdesktop\apphelper\ReaderAppHelper.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
    StartupFolder: c:\users\sander\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\sander\appdata\roaming\dropbox\bin\Dropbox.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    TCP: NameServer = 213.46.228.196 62.179.104.196
    TCP: Interfaces\{FFF5943F-F9D6-48B4-A7A3-DA7305ABAFB4} : DHCPNameServer = 213.46.228.196 62.179.104.196
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.1.2\ViProtocol.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-9-2 145720]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-9-2 223032]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-8-20 102200]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-8 27448]
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
    R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-9-25 120632]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-9-2 209208]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22840]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-9-2 176952]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-4 37664]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-7 119024]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-4 217088]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-10-3 3538480]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-25 301152]
    R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000]
    R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\common files\avg secure search\vtoolbarupdater\17.1.2\ToolbarUpdater.exe [2013-11-11 1734680]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2012-2-23 83984]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-11-20 40776]
    S2 BrowserProtect;BrowserProtect;c:\programdata\browserprotect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.exe --> c:\programdata\browserprotect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [?]
    S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
    S3 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
    .
    =============== Created Last 30 ================
    .
    2013-11-20 13:48:08 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-11-20 10:56:25 7772552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ab8d193e-4e08-472f-8b52-0a075092ba40}\mpengine.dll
    2013-11-18 18:17:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-11-18 18:17:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2013-11-18 12:11:51 7796464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-11-16 10:48:56 -------- d-----w- c:\programdata\WinterSoft
    2013-11-16 10:48:50 -------- d-----w- c:\program files\Sk-Enhancer
    2013-11-16 10:48:44 -------- d-----w- c:\programdata\YoutubeAdblocker
    2013-11-16 10:48:43 -------- d-----w- c:\program files\YoutubeAdblocker
    2013-11-16 10:48:36 -------- d-----w- c:\programdata\Surf aand keeP
    2013-11-16 10:48:35 -------- d-----w- c:\program files\Surf aand keeP
    2013-11-16 10:48:29 -------- d-----w- c:\programdata\87f3ae21440ee2a2
    2013-11-16 10:48:04 -------- d-----w- c:\programdata\InstallMate
    .
    ==================== Find3M ====================
    .
    2013-11-11 12:44:25 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-10-04 12:01:51 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-10-04 12:01:45 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-10-04 12:01:45 790440 ----a-w- c:\windows\system32\deployJava1.dll
    2013-09-25 18:57:14 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
    2013-09-10 20:11:44 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
    2013-09-08 20:12:16 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2013-09-02 08:39:32 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2013-09-02 08:28:06 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2013-09-02 08:28:04 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2013-09-02 08:28:00 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
    .
    ============= FINISH: 14:57:56,27 ===============

    Comment


    • #3
      Malwarebytes Anti-Malware 1.75.0.1300
      www.malwarebytes.org

      Databaseversie: v2013.11.20.07

      Windows Vista x86 NTFS
      Internet Explorer 7.0.6000.16982
      Sander :: SANDER_RUK_BUNK [administrator]

      20-11-2013 14:48:37
      mbam-log-2013-11-20 (14-48-37).txt

      Scan type: Snelle scan
      Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
      Uitgeschakelde scan opties: P2P
      Objecten gescand: 221949
      Verstreken tijd: 14 minuut/minuten, 49 seconde(n)

      Geheugenprocessen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Geheugenmodulen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registersleutels gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerwaarden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerdata gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Mappen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Bestanden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      (einde)
      Last edited by tini; 20-11-13, 14:14.

      Comment


      • #4
        het GMer log lukt niet. Tijdens het scannen stopt het ermee. Blijft hangen bij: Program Files Sidebar\sidebar.exe (716) C:\Windows\system32\kernel32.dll

        Comment


        • #5
          Download Zoek.zip naar het bureaublad.
          1. Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
          2. Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

          • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
          • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
          • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
          • Kopieer nu onderstaande code en plak die in het grote invulvenster:
          • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
            Code:
            torpigcheck;
            emptyclsid;
            emptyfolderscheck;delete
            firefoxlook; 
            Chromelook;  
            autoclean; 
            iedefaults; 
            filesrcm;
          • Klik nu op de knop "Run script".
          • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
          • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
          • Post het geopende logje in het volgende bericht als bijlage.

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            Bedankt voor je hulp.
            Het lukt helaas niet om de resultaten als bijlage hier te plaatsen. Wanneer ik gekopieerd heb en het hier wil plakken gebeurt er niets.

            Comment


            • #7
              zoek-results.txt

              toch gelukt!

              Comment


              • #8
                Een bijlage plakken kan ook niet, je kan de inhoud kopiëren en plakken of het hele bestand toevoegen als bijlage.

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  Ik zag het al!
                  Hoop dat het nu goed is.

                  Groet Tini

                  Comment


                  • #10
                    Uhh nee, wat heb je precies gedaan.?

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      O wacht ik zie het al, je bijlage dan.

                      Wil je onderstaande doen aub.


                      Download zhpdiag.exe vanaf deze website: http://en.kioskea.net/download/download-23176-zhpdiag
                      • KLIK HIER voor een vergroting!
                        (Klik bovenstaande afbeelding aan voor een vergroting!)
                      1. XP gebruikers: dubbelklik zhpdiag.exe om het te installeren.
                        Voor Windows Vista en hoger: rechtsklik zhpdiag.exe en kies voor "Uitvoeren als administrator".
                      2. Klik meerdere keren op "Suivant" om het installatieproces te doorlopen.
                      3. Klik op "Installer" wanneer daar om gevraagd wordt en op "Terminer" wanneer de installatie voltooid is.
                      4. Er zijn nu 2 pictogrammen op je bureaublad verschenen: ZHPDiag en ZHPFix.
                      5. Dubbelklik nu op de snelkoppeling met de naam ZHPDiag
                      6. Het startvenster verschijnt, klik nu op "Configureren".
                      7. Als de taal niet als Nederlands is ingesteld klik rechts onderaan op het icoontje met het huisje "Sélectionner une langue" en kies "Néerlandais".
                      8. Klik daarna links onderaan op het middelste icoontje(een vergrootglas en een + symbool) "Diagnosemogelijkheden".
                      9. Er wordt nu een scan van je systeem gemaakt wacht geduldig tot deze voltooid is.
                      10. Na afloop staat er een tekstbestand met de naam ZHPDiag.txt op je bureaublad, post deze in je volgende bericht.

                      Windows 10 opstarten in Veilige Modus

                      Comment


                      • #12
                        ~ Verslag van ZHPDiag v2013.11.22.46 - Nicolas Coolman (22-11-2013)
                        ~ Gelanceerd door Sander (22-11-2013 18:51:05)
                        ~ Het adres van de website : http://nicolascoolman.webs.com
                        ~ Gratis supportforum voor desinfectie : http://nicolascoolman.webs.com/apps/links/
                        ~ Vertaald door de gebruiker
                        ~ Staat van de versie :
                        ~ Lijst wit : Ingeschakeld door het programma
                        ~ Tot misbruik van bevoegdheden : OK
                        ~ Gebruikersaccountbeheer (UAC) : Activate by user


                        ---\\ Internet-browsers
                        MSIE: Internet Explorer v7.0.6000.16982
                        GCIE: Google Chrome v31.0.1650.57 (Defaut)

                        ---\\ Windows productinformatie
                        ~ Langage: Néerlandais
                        Windows Vista Home Premium Edition, 32-bit (Build 6000)
                        Windows Server License Manager Script : OK
                        Windows Automatic Updates : OK

                        ---\\ Software om het systeem te beveiligen
                        AVG 2014 v14.0.3629
                        Malwarebytes Anti-Malware versie 1.75.0.1300
                        Microsoft Security Client v4.0.1526.0
                        SUPERAntiSpyware v5.6.1018

                        ---\\ Systeem optimalisatie software
                        CCleaner v4.01 =>Piriform Ltd

                        ---\\ Delen van software PeerToPeer
                        Pando Media Booster v2.6.0.8
                        µTorrent v3.2.0 =>P2P.µTorrent

                        ---\\ Software die extra aandacht behoeft
                        Adobe Flash Player 11 Plugin
                        Adobe Reader 8.1.0 - Nederlands
                        Java 7 Update 40

                        ---\\ Informatie over het systeem
                        ~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
                        ~ Operating System: 32 Bits
                        Boot mode: Normal (Normal boot)
                        Total RAM: 2046 MB (35% free)
                        System Restore: Activé (Enable)
                        System drive C: has 289 GB (63%) free of 458 GB

                        ---\\ Verbinding met het systeem-modus
                        ~ Computer Name: SANDER_RUK_BUNK
                        ~ User Name: Sander
                        ~ All Users Names: Sander, IUSR_NMPR, Gast, Administrator,
                        ~ Unselected Option: None
                        Logged in as Administrator

                        ---\\ Omgevingsvariabelen
                        ~ System Unit : C:\
                        ~ %AppZHP% : C:\Users\Sander\AppData\Roaming\ZHP\
                        ~ %AppData% : C:\Users\Sander\AppData\Roaming\
                        ~ %Desktop% : C:\Users\Sander\Desktop\
                        ~ %Favorites% : C:\Users\Sander\Favorites\
                        ~ %LocalAppData% : C:\Users\Sander\AppData\Local\
                        ~ %StartMenu% : C:\Users\Sander\AppData\Roaming\Microsoft\Windows\Start Menu\
                        ~ %Windir% : C:\WINDOWS\
                        ~ %System% : C:\WINDOWS\System32\

                        ---\\ Overzicht vaste en verwisselbare stations
                        C: Hard drive, Flash drive, Thumb drive (Free 289 Go of 458 Go)
                        D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 7 Go)
                        E: CD-ROM drive (Not Inserted)
                        F: Floppy drive, Flash card reader, USB Key (Not Inserted)
                        G: Floppy drive, Flash card reader, USB Key (Not Inserted)
                        H: Floppy drive, Flash card reader, USB Key (Not Inserted)
                        I: Floppy drive, Flash card reader, USB Key (Not Inserted)



                        ---\\ Staat van het Windows Beveiligingscentrum
                        ~ Security Center: 46 Legitimates Filtered in 00mn 00s



                        ---\\ Zoeken naar bepaalde algemene bestanden
                        [MD5.37440D09DEAE0B672A04DCCF7ABF06BE] - (.Microsoft Corporation - Windows Verkenner.) (.2-7-2012 - 18:26:53.) -- C:\WINDOWS\Explorer.exe [2923520]
                        [MD5.D4385B03E8CCCEE6F0EE249F827C1F3E] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.2-11-2006 - 10:45:57.) -- C:\WINDOWS\System32\Wininit.exe [95744]
                        [MD5.C7A318E74FEF945EBFF855C1513CD96C] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.2-7-2012 - 18:57:51.) -- C:\WINDOWS\System32\wininet.dll [832512]
                        [MD5.9F75392B9128A91ABAFB044EA350BAAD] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.2-11-2006 - 10:45:57.) -- C:\WINDOWS\System32\Winlogon.exe [308224]
                        [MD5.5D24CAF8EFD924A875698FF28384DB8B] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2-11-2006 - 9:58:43.) -- C:\WINDOWS\system32\Drivers\AFD.sys [270336]
                        [MD5.B35CFCEF838382AB6490B321C87EDF17] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2-7-2012 - 18:27:33.) -- C:\WINDOWS\system32\Drivers\atapi.sys [21560]
                        [MD5.6C3A437FC873C6F6A4FC620B6888CB86] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2-11-2006 - 9:30:50.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [70144]
                        [MD5.8D1866E61AF096AE8B582454F5E4D303] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2-11-2006 - 9:51:44.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [67072]
                        [MD5.A7179DE59AE269AB70345527894CCD7C] - (.Microsoft Corporation - DFS Client MUP Surrogate Driver.) (.2-11-2006 - 9:31:04.) -- C:\WINDOWS\system32\Drivers\DfsC.sys [74752]
                        [MD5.0DB613A7E427B5663563677796FD5258] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11-9-2007 - 23:39:32.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [53760]
                        [MD5.1C9EE072BAA3ABB460B91D7EE9152660] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.2-7-2012 - 18:18:25.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54784]
                        [MD5.10077C35845101548037DF04FD1A420B] - (.Microsoft Corporation - IP Network Address Translator.) (.2-11-2006 - 9:58:09.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [99840]
                        [MD5.8AF705CE1BB907932157FAB821170F27] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2-7-2012 - 18:46:27.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [102400]
                        [MD5.E3A168912E7EEFC3BD3B814720D68B41] - (.Microsoft Corporation - MBT Transport driver.) (.2-11-2006 - 9:57:20.) -- C:\WINDOWS\system32\Drivers\netBT.sys [184320]
                        [MD5.37430AA7A66D7A63407ADC2C0D05E9F6] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.2-7-2012 - 18:40:46.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [1060920]
                        [MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.2-11-2006 - 9:51:30.) -- C:\WINDOWS\system32\Drivers\Parport.sys [79360]
                        [MD5.68B0019FEE429EC49D29017AF937E482] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11-9-2007 - 23:28:28.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [74752]
                        [MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2-11-2006 - 10:03:00.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [242688]
                        [MD5.AC0D90738ADB51A6FD12FF00874A2162] - (.Microsoft Corporation - SMB Transport driver.) (.2-11-2006 - 9:57:10.) -- C:\WINDOWS\system32\Drivers\smb.sys [66048]
                        [MD5.AB4FDE8AF4A0270A46A001C08CBCE1C2] - (.Microsoft Corporation - TDI Translation Driver.) (.2-11-2006 - 9:57:35.) -- C:\WINDOWS\system32\Drivers\tdx.sys [68096]
                        [MD5.80DC0C9BCB579ED9815001A4D37CBFD5] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.2-7-2012 - 18:27:31.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [211000]
                        ~ Generic Processes: Scanned in 00mn 00s



                        ---\\ Status van de verborgen bestanden (verborgen/totaal)
                        ~ Mes images (My Pictures) : 1/3
                        ~ Mes musiques (My Musics) : 1/3
                        ~ Mes Videos (My Videos) : 1/2
                        ~ Mes Favoris (My Favorites) : 1/27
                        ~ Mes Documents (My Documents) : 1/31
                        ~ Mon Bureau (My Desktop) : 1/15306
                        ~ Menu demarrer (Programs) : 1/27
                        ~ Hidden Files: Scanned in 00mn 15s



                        ---\\ Gestarte processen
                        [MD5.9A4322EE420D6FACD4D4B1FF6CB856B1] - (.Hewlett-Packard Company - hpsysdrv.) -- C:\hp\support\hpsysdrv.exe [65536] [PID.3916]
                        [MD5.B1361669BDC6ED612C35B7C67ADA2240] - (.OsdMaestro - OsdMaestro main program.) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784] [PID.3996]
                        [MD5.A659F31AC25418738351E5BDF4C85780] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\WINDOWS\RtHDVCpl.exe [4669440] [PID.4004]
                        [MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.1656]
                        [MD5.38392CC7CDCA0C2C247B0B279EC2FCE3] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe [4908592] [PID.504]
                        [MD5.689C6EA7A17B3AE0F2A0151465EF311E] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Windows\system32\jusched.exe [132760] [PID.436]
                        [MD5.8F9B9F6623F888AF8A9FD922985FECE0] - (.Sony Corporation - Reader Application Helper.) -- C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400] [PID.2216]
                        [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.436]
                        [MD5.BC121F6E4432CBB79129201C191674AD] - (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.exe [5717272] [PID.528]
                        [MD5.4B9949208944C50B1A16FD1F05ED0A04] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [299008] [PID.2532]
                        [MD5.2E0953919779A44BF9DFB7B07C58535A] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe [125440] [PID.1092]
                        [MD5.EB46B8E56C1B6C73C4251EED5F0E6DD6] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Sander\AppData\Roaming\Dropbox\bin\Dropbox.exe [27370808] [PID.2832]
                        [MD5.693E4C15CEE5D6487D7913A2701B5E40] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.3504]
                        [MD5.A9950F1C63BA70151803C6F24CEE23F3] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [299008] [PID.6092]
                        [MD5.7CAC10A1C258DFCB5ADE563BAE6D2F15] - (.Hewlett-Packard Company - KBD EXE.) -- C:\hp\kbd\kbd.exe [67128] [PID.4972]
                        [MD5.FF81090B6EF1A42A19DF226632711D25] - (.Microsoft Corporation - Windows Update Automatic Updates.) -- C:\Windows\system32\wuauclt.exe [41472] [PID.5396]
                        [MD5.BB7245420097B251D1271F5B6F0C9F02] - (.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe [802136] [PID.4696] =>P2P.BitTorrent
                        [MD5.636D97B3BAF854511FF3F4093E895FED] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [863184] [PID.3960]
                        [MD5.06BC146E6C2E881A7235A142BA877B82] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8262144] [PID.1664]
                        [MD5.05CB3DA78A4BBD9B799A5957F9D101CC] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [68608] [PID.3844]
                        [MD5.24516BF4E12A46CB67302E2CDCB8CDDF] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [11552] [PID.996]
                        [MD5.C4232FADFA9691B85DDA0A7B636C5F6D] - (.AMD - AMD External Events Service Module.) -- C:\Windows\system32\atiesrxx.exe [217088] [PID.1120]
                        [MD5.A1DCD30534835CB67733AD00175125A6] - (.Microsoft Corporation - Microsoft Software Licensing Service.) -- C:\Windows\system32\SLsvc.exe [2605568] [PID.1336]
                        [MD5.1A89003CE7A4333C9630BB717F59C419] - (.AMD - AMD External Events Client Module.) -- C:\Windows\system32\atieclxx.exe [453632] [PID.1460]
                        [MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648] [PID.1296]
                        [MD5.CF7B0E597C1F34E528285495721DEEE9] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe [237960] [PID.2224]
                        [MD5.44C85670246E4183650EF0E664346DDC] - (.SUPERAntiSpyware.com - Core Service.) -- C:\Program Files\SUPERAntiSpyware\SASCORE.exe [119024] [PID.2284]
                        [MD5.332AEB8F6F9595C8886A7AA7A62322DC] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480] [PID.2324]
                        [MD5.07646F5F37F18F1F978CE3B0378EF1C9] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152] [PID.2336]
                        [MD5.A0B584C33F55545D56F9E71FB4E203AC] - (.No owner - DQLWinSe Application.) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896] [PID.2412]
                        [MD5.F34B35F6F74E28A460749DA11D1117F8] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe [79136] [PID.2540]
                        [MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.2584]
                        [MD5.0CA67D54C4BEACA886293441F5722683] - (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe [895024] [PID.2180]
                        [MD5.57AFA3E42844BA35B763E4F4DD73A2EC] - (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe [669232] [PID.2844]
                        [MD5.2EE572A077AC7D6203B48EF97E42A116] - (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Service.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe [728624] [PID.4056]
                        [MD5.17D85A816D56026E2E81F63229087992] - (.AVG Technologies CZ, s.r.o. - AVG Scanning Core Module - Server Part.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe [588336] [PID.3752]
                        [MD5.E48B80F6614D4BEFA7768B960FFEF514] - (.Hewlett-Packard - HP Health Check Service.) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [61440] [PID.5712]
                        [MD5.C9BE08664611DDAF98E2331E9288B00B] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [46104] [PID.5368]
                        [MD5.34E388A395FEDBA1D0511ED39BBF4074] - (.Microsoft Corporation - Installatieprogramma voor Windows-modules.) -- C:\Windows\servicing\TrustedInstaller.exe [27136] [PID.472]
                        ~ Processes Running: Scanned in 00mn 04s



                        ---\\ Google Chrome, start, zoeken, extensies (G0, G1, G2)
                        C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Preferences
                        G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Winkel v.0.2 (Activé)
                        G2 - GCE: Preference [User Data\Default] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
                        ~ Google Browser: 13 Legitimates Filtered in 00mn 00s



                        ---\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3)
                        C:\Users\Sander\AppData\Roaming\Mozilla\Firefox\Profiles\uhimnetv.default\prefs.js (.not file.)
                        C:\Users\Sander\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\prefs.js
                        M3 - MFPP: Plugins - [Sander] -- C:\Program Files\Mozilla FireFox\searchplugins\bolcom-nl.xml
                        M3 - MFPP: Plugins - [Sander] -- C:\Program Files\Mozilla FireFox\searchplugins\marktplaats-nl.xml
                        M3 - MFPP: Plugins - [Sander] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-nl.xml
                        P2 - FPN: [HKLM] [@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin] - (...) -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\npsitesafety.dll (.not file.) =>Toolbar.AVGSearch
                        ~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s



                        ---\\ Internet Explorer, start, zoeken, URLSearchHook, Phishing (R0, R1, R3, R4)
                        R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
                        ~ IE Browser: 8 Legitimates Filtered in 00mn 00s



                        ---\\ Internet Explorer, proxybeheer (R5)
                        R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
                        R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
                        R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
                        R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
                        R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
                        ~ Proxy management: Scanned in 00mn 00s



                        ---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's
                        F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
                        F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
                        F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
                        ~ Keys: Scanned in 00mn 00s



                        ---\\ Hosts-bestand omleiding (O1)
                        ~ Le fichier hosts est sain (The hosts file is clean).
                        ~ Hosts File: Scanned in 00mn 00s
                        ~ Nombre de lignes (Lines number): 20



                        ---\\ Internet Explorer werkbalken (O3)
                        O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Orphan sleutel
                        ~ Toolbar: Scanned in 00mn 00s



                        ---\\ Andere Verwijzigingen gebruikers (O4)
                        O4 - GS\Desktop [Public]: Aangifte inkomstenbelasting 2011.lnk . (.Belastingdienst - Aangifte inkomstenbelasting 2011.) -- C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2011\ib2011.exe
                        O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
                        O4 - GS\Desktop [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
                        O4 - GS\Desktop [Public]: Reader for PC.lnk . (.Sony Corporation - Reader for PC.) -- C:\Program Files\Sony\ReaderDesktop\Reader.exe
                        O4 - GS\Desktop [Public]: SUPERAntiSpyware Free Edition.lnk . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                        O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
                        O4 - GS\Program [Public]: eBay.nl.lnk . (...) -- C:\Program Files\Online Services\eBay\WizLink.exe =>Toolbar.eBay
                        O4 - GS\QuickLaunch [Sander]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
                        O4 - GS\QuickLaunch [Sander]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
                        O4 - GS\QuickLaunch [Sander]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
                        O4 - GS\Program [Sander]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
                        O4 - GS\SystemTools [Sander]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
                        O4 - GS\Desktop [Sander]: Aangifte inkomstenbelasting 2012.lnk . (.Belastingdienst - Aangifte inkomstenbelasting 2012.) -- C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2012\ib2012.exe
                        O4 - GS\Desktop [Sander]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Sander\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
                        O4 - GS\Desktop [Sander]: Mijn tegoed en verbruik -Mijn tegoed en verbruik - My Vodafone.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
                        ~ Global Startup: 75 Legitimates Filtered in 00mn 02s



                        ---\\ Toepassingen gestart door register &amp; bestand (O4)
                        O4 - GS\Startup [Sander]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Sander\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
                        O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
                        O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\hp\support\hpsysdrv.exe
                        O4 - HKLM\..\Run: [KBD] . (...) -- C:\HP\KBD\KbdStub.exe
                        O4 - HKLM\..\Run: [OsdMaestro] . (.OsdMaestro - OsdMaestro main program.) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
                        O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\WINDOWS\RtHDVCpl.exe =>.Realtek Semiconductor Corp
                        O4 - HKLM\..\Run: [CCUTRAYICON] Orphan sleutel
                        O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
                        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                        O4 - HKLM\..\Run: [SunJavaUpdateReg] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Windows\system32\jureg.exe
                        O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
                        O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
                        O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
                        O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe
                        O4 - HKLM\..\Run: [Reader Application Helper] . (.Sony Corporation - Reader Application Helper.) -- C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
                        O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
                        O4 - HKLM\..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe (.not file.)
                        O4 - HKLM\..\RunOnce: [Launcher] . (.soft thinks - Launcher.) -- C:\WINDOWS\SMINST\launcher.exe
                        O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\sidebar.exe
                        O4 - HKCU\..\Run: [WindowsWelcomeCenter] Orphan sleutel
                        O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Toepassing voor configuratie van Windows Me.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
                        O4 - HKCU\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                        O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
                        O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
                        O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Orphan sleutel
                        O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
                        O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Orphan sleutel
                        O4 - HKUS\S-1-5-21-2012606317-3493631527-116812167-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\sidebar.exe
                        O4 - HKUS\S-1-5-21-2012606317-3493631527-116812167-1001\..\Run: [WindowsWelcomeCenter] Orphan sleutel
                        O4 - HKUS\S-1-5-21-2012606317-3493631527-116812167-1001\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Toepassing voor configuratie van Windows Me.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
                        O4 - HKUS\S-1-5-21-2012606317-3493631527-116812167-1001\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                        O4 - HKUS\S-1-5-21-2012606317-3493631527-116812167-1001\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
                        ~ Application: Scanned in 00mn 00s



                        ---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9)
                        O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
                        ~ IE Extra Buttons: Scanned in 00mn 00s



                        ---\\ Domeinadres van de DNS (O17) wijzigen
                        O17 - HKLM\System\CCS\Services\Tcpip\..\{FFF5943F-F9D6-48B4-A7A3-DA7305ABAFB4}: DhcpNameServer = 213.46.228.196 62.179.104.196
                        O17 - HKLM\System\CS1\Services\Tcpip\..\{FFF5943F-F9D6-48B4-A7A3-DA7305ABAFB4}: DhcpNameServer = 213.46.228.196 62.179.104.196
                        O17 - HKLM\System\CS2\Services\Tcpip\..\{FFF5943F-F9D6-48B4-A7A3-DA7305ABAFB4}: DhcpNameServer = 213.46.228.196 62.179.104.196
                        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.228.196 62.179.104.196
                        ~ Domain: Scanned in 00mn 00s



                        ---\\ Aanvullend Protocol (O18)
                        O18 - Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} . (...) -- C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll =>Toolbar.AVGSearch
                        O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32-extensies voor Win32.) -- C:\Windows\system32\urlmon.dll
                        ~ Protocole Additionnel: Scanned in 00mn 00s



                        ---\\ Registersleutel autorun SharedTaskScheduler (STS) (O22)
                        O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browserbibliotheek met gebruikersinte.) -- C:\WINDOWS\System32\browseui.dll
                        ~ STS/SSO: Scanned in 00mn 00s



                        ---\\ Lijst van niet-Microsoft NT services die niet uitgeschakeld zijn (O23)
                        O23 - Service: DQLWinService (DQLWinService) . (.No owner - DQLWinSe Application.) - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
                        O23 - Service: Skype C2C Service (Skype C2C Service) . (.Skype Technologies S.A. - Skype C2C Service.) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
                        ~ Services: 10 Legitimates Filtered in 00mn 04s



                        ---\\ Geïnstalleerde software (O42)
                        O42 - Logiciel: Aangifte inkomstenbelasting 2011 - (.Belastingdienst.) [HKLM] -- Aangifte inkomstenbelasting 2011
                        O42 - Logiciel: Aangifte inkomstenbelasting 2012 - (.Belastingdienst.) [HKLM] -- Aangifte inkomstenbelasting 2012
                        ~ Logic: 85 Legitimates Filtered in 00mn 00s



                        ---\\ HKCU & HKLM Software Keys
                        [HKCU\Software\DM]
                        [HKCU\Software\Pando Networks]
                        [HKCU\Software\Reimage] =>Rogue.ReimageRepair
                        [HKLM\Software\Pando Networks]
                        [HKLM\Software\Reimage] =>Rogue.ReimageRepair
                        ~ Key Software: 142 Legitimates Filtered in 00mn 00s



                        ---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43)
                        O43 - CFD: 3-3-2013 - 13:08:44 - [16,635] ----D C:\Program Files\Belastingdienst
                        O43 - CFD: 9-7-2012 - 10:47:21 - [7,186] ----D C:\Program Files\Pando Networks
                        O43 - CFD: 20-11-2013 - 20:39:03 - [0] ----D C:\ProgramData\CDB
                        O43 - CFD: 11-5-2013 - 14:10:11 - [0] ----D C:\ProgramData\䈨õ㻘õ0
                        O43 - CFD: 13-5-2013 - 12:23:56 - [0] ----D C:\ProgramData\䈨ģ㻘ģ0
                        O43 - CFD: 11-5-2013 - 17:32:23 - [0] ----D C:\ProgramData\䈨Ų㻘Ų0
                        O43 - CFD: 31-5-2013 - 15:50:22 - [0] ----D C:\Users\Sander\AppData\Roaming\Belastingdienst
                        ~ Program Folder: 169 Legitimates Filtered in 00mn 23s



                        ---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44)
                        O44 - LFC:[MD5.11F91B14F3DABD94A1F98FED8996D4CB] - 20-11-2013 - 20:40:49 ---A- . (...) -- C:\WINDOWS\Reimage.ini [162] =>Rogue.ReimageRepair
                        O44 - LFC:[MD5.02940D6C7722E91342A32CFF5C60F4E4] - 21-11-2013 - 18:42:29 ---A- . (...) -- C:\WINDOWS\zoek-delete.exe [24064]
                        O44 - LFC:[MD5.F470468610D0616AF45D6024D782E7CE] - 21-11-2013 - 19:13:58 ---A- . (...) -- C:\zoek-results.log [24445]
                        ~ Files: 14 Legitimates Filtered in 00mn 08s



                        ---\\ Laatste bestanden die zijn gemaakt in Windows Prefetcher (O45)
                        O45 - LFCP:[MD5.7ACB01A76ED2E12DBC221D37E067CC72] - 21-11-2013 - 18:42:31 ---A- - C:\WINDOWS\Prefetch\PEVZ.EXE-D4924192.pf
                        O45 - LFCP:[MD5.1C7D9BCEACE63521B427819A54968F4C] - 21-11-2013 - 18:42:34 ---A- - C:\WINDOWS\Prefetch\WGET.EXE-D94FAF88.pf
                        O45 - LFCP:[MD5.1C52A01ECE5DE13445314173C6C51F42] - 21-11-2013 - 18:42:38 ---A- - C:\WINDOWS\Prefetch\ZOEK.EXE-59B7FFC1.pf
                        O45 - LFCP:[MD5.41269C0760077CFE115813E8DEF8B02A] - 21-11-2013 - 18:51:48 ---A- - C:\WINDOWS\Prefetch\SWXCACLS.EXE-2CF0AADD.pf
                        O45 - LFCP:[MD5.962D3FBF8D00F0053F78163521682A1C] - 21-11-2013 - 18:55:30 ---A- - C:\WINDOWS\Prefetch\SORT.EXE-CDAF7663.pf
                        O45 - LFCP:[MD5.E43756D350BFDBA740CAB0E193CD62F4] - 21-11-2013 - 18:55:32 ---A- - C:\WINDOWS\Prefetch\PEVZ.EXE-296AB44E.pf
                        O45 - LFCP:[MD5.A9C9D4586C477060B5EBBECC7278EDA7] - 21-11-2013 - 18:56:38 ---A- - C:\WINDOWS\Prefetch\MORE.COM-9B8170C3.pf
                        O45 - LFCP:[MD5.67242DAD022BCC8277F30A6597E2223E] - 21-11-2013 - 18:56:45 ---A- - C:\WINDOWS\Prefetch\XCOPY.EXE-8E0707F2.pf
                        O45 - LFCP:[MD5.3FAE629780C598EF5FA2D5F6371E45AD] - 21-11-2013 - 18:57:17 ---A- - C:\WINDOWS\Prefetch\FIND.EXE-162DFE58.pf
                        O45 - LFCP:[MD5.CADE4FAD70B0EA98AC8A1DAB5D6A065C] - 21-11-2013 - 18:57:29 ---A- - C:\WINDOWS\Prefetch\REMOVE.EXE-64785CE3.pf
                        O45 - LFCP:[MD5.58E30FC58A26C89E1F66E2CAAE44C273] - 21-11-2013 - 19:09:38 ---A- - C:\WINDOWS\Prefetch\WLRMDR.EXE-DDA57653.pf
                        O45 - LFCP:[MD5.3E859F9BEAC65392B45D2A8C832E97AF] - 21-11-2013 - 19:14:02 ---A- - C:\WINDOWS\Prefetch\REMIND.EXE-058BA002.pf
                        ~ Prefetcher: 102 Legitimates Filtered in 00mn 02s



                        ---\\ Activiteiten en functies bij het opstarten van Windows Verkenner (O46)
                        O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
                        ~ ShellExecuteHooks: Scanned in 00mn 00s



                        ---\\ Controle van veilige Boot (CSB) (O49)
                        O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\WINDOWS\System32\Drivers\hitmanpro37.sys (.not file.)
                        O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\WINDOWS\System32\Drivers\hitmanpro37.sys (.not file.)
                        ~ CSB: 15 Legitimates Filtered in 00mn 00s



                        ---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55)
                        O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
                        ~ MWPS: 17 Legitimates Filtered in 00mn 00s



                        ---\\ Overzicht van de drivers (SDL) (O58)
                        O58 - SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] - 2-11-2006 - 10:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\WINDOWS\System32\Drivers\elxstor.sys [316520]
                        O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2-11-2006 - 8:09:42 ---A- . (...) -- C:\WINDOWS\System32\ANSI.SYS [9029]
                        ~ Drivers: 17 Legitimates Filtered in 00mn 01s



                        ---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61)
                        O61 - LFC: 20-11-2013 - 18:52:50 ---A- . (...) -- C:\Users\Sander\AppData\Local\Avg2014\log\avgcore.log.1 [131443]
                        O61 - LFC: 20-11-2013 - 18:52:50 ---A- . (...) -- C:\Users\Sander\AppData\Local\Avg2014\log\avgdecider.log.2 [65583]
                        O61 - LFC: 20-11-2013 - 18:52:50 ---A- . (...) -- C:\Users\Sander\AppData\Local\Avg2014\log\avgui.log.1 [131133]
                        O61 - LFC: 20-11-2013 - 18:53:19 ---A- . (...) -- C:\Users\Sander\defogger_reenable [0]
                        O61 - LFC: 20-11-2013 - 18:53:28 ---A- . (...) -- C:\Users\Sander\Downloads\adwcleaner (1).exe [1085542]
                        O61 - LFC: 20-11-2013 - 18:53:30 ---A- . (...) -- C:\Users\Sander\Downloads\adwcleaner.exe [1085542]
                        O61 - LFC: 20-11-2013 - 18:53:40 ---A- . (...) -- C:\Users\Sander\Downloads\Defogger (1).exe [50477]
                        O61 - LFC: 20-11-2013 - 18:53:40 ---A- . (...) -- C:\Users\Sander\Downloads\Defogger.exe [50477]
                        O61 - LFC: 20-11-2013 - 18:55:59 ---A- . (...) -- C:\Users\Sander\Downloads\f6xiw68v.exe [377856]
                        O61 - LFC: 20-11-2013 - 18:56:25 ---A- . (.Reimage®.) -- C:\Users\Sander\Downloads\ReimageRepair.exe [767752] =>Rogue.ReimageRepair
                        O61 - LFC: 20-11-2013 - 18:58:05 ---A- . (...) -- C:\Users\Sander\Downloads\ujz40puh.exe [377856]
                        O61 - LFC: 20-11-2013 - 18:58:08 ---A- . (...) -- C:\Users\Sander\Downloads\wuwdd63i.exe [377856]
                        O61 - LFC: 20-11-2013 - 18:58:08 ---A- . (...) -- C:\Users\Sander\Downloads\wvq124w1.exe [377856]
                        O61 - LFC: 20-11-2013 - 18:58:10 ---A- . (...) -- C:\Users\Sander\Downloads\yet_another_cleaner.exe [903832]
                        O61 - LFC: 21-11-2013 - 18:58:11 ---A- . (...) -- C:\Users\Sander\Downloads\zoek (1).rar [4182609]
                        O61 - LFC: 21-11-2013 - 18:58:11 ---A- . (...) -- C:\Users\Sander\Downloads\zoek (1).zip [4044244]
                        O61 - LFC: 21-11-2013 - 18:58:11 ---A- . (...) -- C:\Users\Sander\Downloads\zoek-results (1).txt [24445]
                        O61 - LFC: 21-11-2013 - 18:58:11 ---A- . (...) -- C:\Users\Sander\Downloads\zoek-results.txt [24445]
                        O61 - LFC: 21-11-2013 - 18:58:11 ---A- . (...) -- C:\Users\Sander\Downloads\zoek.rar [4182609]
                        O61 - LFC: 21-11-2013 - 18:58:11 ---A- . (...) -- C:\Users\Sander\Downloads\zoek.zip [4044244]
                        O61 - LFC: 22-11-2013 - 18:52:50 ---A- . (...) -- C:\Users\Sander\AppData\Local\Avg2014\log\avgdecider.log.1 [65583]
                        O61 - LFC: 22-11-2013 - 18:52:53 ---A- . (...) -- C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [266033]
                        O61 - LFC: 22-11-2013 - 18:53:04 ---A- . (...) -- C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Local State [46837]
                        O61 - LFC: 22-11-2013 - 18:53:19 ---A- . (...) -- C:\Users\Sander\AppData\Roaming\ZHP\Log.txt [16997] =>.Nicolas Coolman
                        O61 - LFC: 22-11-2013 - 18:53:19 ---A- . (...) -- C:\Users\Sander\AppData\Roaming\ZHP\TestsZHPDiag.txt [2835] =>.Nicolas Coolman
                        ~ 103 Fichiers temporaires (Temporary files)
                        ~ Files: 579 Legitimates Filtered in 05mn 26s



                        ---\\ Lijst van cleaning tools (CLAB) (O63)
                        O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
                        ~ ADS: Scanned in 00mn 00s



                        ---\\ Bestandsassociaties mogelijk aangepast (O67)
                        O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
                        ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



                        ---\\ Startmenu Internet (SMI) (O68)
                        O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files\google\chrome\application\chrome.exe
                        O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
                        ~ Keys: Scanned in 00mn 00s



                        ---\\ Zoek "infecties in internetbrowsers (SBI) (O69)
                        O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
                        O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
                        ~ Keys: Scanned in 00mn 00s



                        ---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84)
                        [MD5.0A528D0B7CA583BEED5CE0B1BF7D885B] [SPRF][4-7-2012] (...) -- C:\Users\Sander\AppData\Local\d3d8caps.dat [552]
                        [MD5.306AED3CCBF2EFB5A2E9E75C316005B1] [SPRF][18-11-2013] (...) -- C:\Users\Sander\AppData\Local\d3d9caps.dat [1356]
                        [MD5.1FFB2EBE1F95C5E5AEC1512EA686049C] [SPRF][21-8-2012] (...) -- C:\Users\Sander\AppData\LocalLow\dt.dat [27520]
                        [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][8-7-2012] (...) -- C:\Users\Sander\AppData\Roaming\wklnhst.dat [0]
                        [MD5.BA39D5DEF71D5193ADE6BFB24672A487] [SPRF][23-8-2012] (...) -- C:\Users\Sander\Desktop\vlc-2.0.3-win32.exe [22617148]
                        ~ Files: 5 Legitimates Filtered in 00mn 00s



                        ---\\ Microsoft Installer-bestanden (WIS) (NTFS) (O93)
                        [MD5.33A86C97F550D794871AF14C1375B0B3] [WIS][16-7-2012] (.Husdawg, LLC - System Requirements Lab CYRI.) -- C:\Windows\Installer\282030e.msi [30720]
                        ~ WIS: 79 Legitimates Filtered in 00mn 05s



                        ---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt)
                        SR - | Auto 7-5-2013 119024 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
                        SS - | Demand 11-9-2006 188416 | (AlertService) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
                        SR - | Auto 4-7-2012 217088 | (AMD External Events Utility) . (.AMD.) - C:\WINDOWS\System32\atiesrxx.exe
                        SR - | Auto 3-10-2013 3538480 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgidsagent.exe
                        SR - | Auto 25-9-2013 301152 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
                        SR - | Auto 3-9-2006 208896 | (DQLWinService) . (...) - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
                        SS - | Auto 21-1-2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
                        SS - | Demand 21-1-2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
                        SR - | Auto 24-5-2007 61440 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
                        SS - | Demand 22-10-2004 73728 | (IDriverT) . (.Macrovision Corporation.) - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                        SS - | Auto 10-5-2006 29696 | (IntelDHSvcConf) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
                        SS - | Demand 11-9-2006 75264 | (ISSM) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
                        SR - | Auto 25-7-2007 79136 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
                        SS - | Demand 31-8-2006 26624 | (M1 Server) . (...) - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
                        SS - | Demand 11-9-2006 167936 | (MCLServiceATL) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
                        SR - | Auto 26-3-2012 11552 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
                        SS - | Demand 11-9-2006 544256 | (Remote UI Service) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
                        SS - | Demand 11-5-2007 887544 | (RoxMediaDB9) . (.Sonic Solutions.) - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
                        SR - | Auto 2-10-2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
                        SS - | Demand 23-5-2013 73728 | (Sony SCSI Helper Service) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
                        SS - | Demand 3-5-2007 74656 | (stllssvr) . (.MicroVision Development, Inc..) - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
                        SS - | Auto 2-11-2006 22016 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
                        SR - | Auto 2-11-2006 22016 | C:\WINDOWS\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
                        ~ Services: Scanned in 00mn 07s



                        ---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80)
                        Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
                        ~ MBR: 1 Legitimates Filtered in 00mn 02s



                        ---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80)
                        Written by ad13, http://ad13.geekstog
                        Run by Sander at 22-11-2013 18:59:21

                        ********* Dump file Name *********
                        C:\PhysicalDisk0_MBR.bin
                        ~ MBR: Scanned in 00mn 04s



                        ---\\ Extra scan (O88)
                        Database Version : 12996 - (22-11-2013)
                        Clés trouvées (Keys found) : 28
                        Valeurs trouvées (Values found) : 3
                        Dossiers trouvés (Folders found) : 0
                        Fichiers trouvés (Files found) : 2

                        [HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
                        [HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
                        [HKLM\Software\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
                        [HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
                        [HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch
                        [HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
                        [HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
                        [HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
                        [HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch
                        [HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
                        [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit
                        [HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
                        [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
                        [HKLM\Software\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
                        [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
                        [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
                        [HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.AVGSearch
                        [HKLM\Software\Classes\S] =>Toolbar.Agent
                        [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch
                        [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch
                        [HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch
                        [HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch
                        [HKCU\Software\DM] =>PUP.BearShare
                        [HKCU\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard
                        [HKLM\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard
                        [HKCU\Software\Reimage] =>Rogue.ReimageRepair
                        [HKLM\Software\Reimage] =>Rogue.ReimageRepair
                        [HKLM\Software\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}] =>Toolbar.AVGSearch
                        C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent^
                        C:\WINDOWS\Reimage.ini =>Rogue.ReimageRepair
                        ~ Additionnel Scan: 233909 Items scanned in 00mn 26s



                        ---\\ Samenvatting van detecties gevonden op uw werkstation
                        ~ http://nicolascoolman.webs.com/apps/...-reimagerepair =>Rogue.ReimageRepair
                        ~ http://nicolascoolman.webs.com/apps/...-toparcadehits =>PUP.ToparcadeHits
                        ~ http://nicolascoolman.webs.com/apps/...oolbar-conduit =>Toolbar.Conduit
                        ~ http://nicolascoolman.webs.com/apps/...-pup-bearshare =>PUP.BearShare
                        ~ MSI: 4 link(s) detected in 00mn 26s



                        ~ 1678 Legitimates filtered by white list
                        End of the scan (559 lines in 08mn 42s)(0)

                        Comment


                        • #13
                          Start ZHPFix opnieuw.

                          Kopieer de tekst in het code-veld volledig:

                          Code:
                          Script ZHPFix 
                          R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
                          O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Orphan sleutel
                          O4 - HKLM\..\Run: [CCUTRAYICON] Orphan sleutel 
                          O4 - HKLM\..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe (.not file.) 
                          O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Orphan sleutel 
                          O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Orphan sleutel 
                          [HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
                          [HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
                          [HKLM\Software\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
                          [HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
                          [HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch
                          [HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
                          [HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
                          [HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
                          [HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch
                          [HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
                          [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit
                          [HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
                          [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
                          [HKLM\Software\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
                          [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
                          [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
                          [HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.AVGSearch
                          [HKLM\Software\Classes\S] =>Toolbar.Agent
                          [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch
                          [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch
                          [HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch
                          [HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch
                          [HKCU\Software\DM] =>PUP.BearShare
                          [HKCU\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard
                          [HKLM\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard
                          [HKCU\Software\Reimage] =>Rogue.ReimageRepair
                          [HKLM\Software\Reimage] =>Rogue.ReimageRepair
                          [HKLM\Software\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}] =>Toolbar.AVGSearch
                          C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent^
                          C:\WINDOWS\Reimage.ini =>Rogue.ReimageRepair
                          shortcutfix
                          emptytemp
                          emptyflash
                          emptyjava
                          Dubbelklik de snelkoppeling: ZHPFix
                          Druk op de button "Import"
                          Druk daarna onderaan op de knop "Go".
                          De fix zal beginnen post het resultaat ZPHFix[r2].txt

                          Windows 10 opstarten in Veilige Modus

                          Comment


                          • #14
                            Bedankt voor je hulp, ik ben er erg blij mee! Ik ben nu op mijn werk, dus kan even niets doen. Kan het zijn dat het virus al van mijn computer af is? Gisteravond had ik nl nergens last van. Zag geen reclame meer voorbij komen en werd ook niet ook niet meer uitgenodigd om te gaan pokeren....

                            Comment


                            • #15
                              Rapport de ZHPFix 2013.11.19.7 par Nicolas Coolman, Update du 19/11/2013
                              Fichier d'export Registre :
                              Run by Sander at 23-11-2013 16:20:23
                              High Elevated Privileges : OK
                              Windows Vista Home Premium Edition, 32-bit (Build 6000)

                              Prullenbak geleegd (Geannuleerd door gebruiker)
                              Reparatie van browser snelkoppelingen

                              ========== Procesgeheugen ==========
                              HIERMEE VERWIJDERT U Reboot: Memory Process: C:\Program Files\uTorrent\uTorrent.exe

                              ========== Registersleutels ==========
                              HIERMEE VERWIJDERT U: [HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
                              HIERMEE VERWIJDERT U: HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
                              HIERMEE VERWIJDERT U: HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
                              HIERMEE VERWIJDERT U: HKLM\Software\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
                              HIERMEE VERWIJDERT U: HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
                              HIERMEE VERWIJDERT U: HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
                              HIERMEE VERWIJDERT U: HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
                              HIERMEE VERWIJDERT U: HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
                              HIERMEE VERWIJDERT U: HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
                              HIERMEE VERWIJDERT U: HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
                              HIERMEE VERWIJDERT U: HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
                              HIERMEE VERWIJDERT U: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
                              HIERMEE VERWIJDERT U: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
                              HIERMEE VERWIJDERT U: HKLM\Software\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
                              HIERMEE VERWIJDERT U: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
                              HIERMEE VERWIJDERT U: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
                              HIERMEE VERWIJDERT U: HKLM\Software\Classes\AppID\ScriptHelper.EXE
                              HIERMEE VERWIJDERT U: HKLM\Software\Classes\S
                              HIERMEE VERWIJDERT U: HKLM\Software\Classes\ScriptHelper.ScriptHelperApi
                              HIERMEE VERWIJDERT U: HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1
                              HIERMEE VERWIJDERT U: HKLM\Software\Classes\ViProtocol.ViProtocolOLE
                              HIERMEE VERWIJDERT U: HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1
                              HIERMEE VERWIJDERT U: HKCU\Software\DM
                              HIERMEE VERWIJDERT U: HKCU\Software\AVG SafeGuard toolbar
                              HIERMEE VERWIJDERT U: HKLM\Software\AVG SafeGuard toolbar
                              HIERMEE VERWIJDERT U: HKCU\Software\Reimage
                              HIERMEE VERWIJDERT U: HKLM\Software\Reimage
                              HIERMEE VERWIJDERT U: HKLM\Software\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

                              ========== De registerwaarden ==========
                              HIERMEE VERWIJDERT U: URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
                              HIERMEE VERWIJDERT U: Toolbar: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
                              HIERMEE VERWIJDERT U RunValue: CCUTRAYICON
                              HIERMEE VERWIJDERT U RunValue: vProt
                              HIERMEE VERWIJDERT U RunValue: WindowsWelcomeCenter

                              ========== Mappen ==========
                              Verwijderen tijdelijke Windows (145)
                              Hiermee verwijdert u Flash Cookies (1)

                              ========== Bestanden ==========
                              HIERMEE VERWIJDERT U: C:\WINDOWS\Reimage.ini
                              Verwijderen tijdelijke Windows (114) (1.073.217 octets)
                              Hiermee verwijdert u Flash Cookies (0) (0 octets)

                              ========== Andere ==========
                              NIET-VERDRAG emptyjava


                              ========== Samenvatting ==========
                              1 : Procesgeheugen
                              28 : Registersleutels
                              5 : De registerwaarden
                              2 : Mappen
                              3 : Bestanden
                              1 : Andere


                              End of clean in 00mn 05s

                              ========== Pad naar bestand verslag ==========
                              C:\Users\Sander\AppData\Roaming\ZHP\ZHPFix[R1].txt - 23-11-2013 16:20:26 [3757]

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X