• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

Pc niet optimaal

Status
Niet open voor verdere reacties.

kawarobot

Gewaardeerd
Lid geworden
11 feb 2010
Berichten
1.874
Waarderingsscore
4
Hallo,

sinds een paar dagen deze melding;
5346a9dcb7f2b-pc.PNG

Het word vervelend.
Wat moet eraf om dit te stoppen?

Groet Robert
 
Hallo,

Download
51a46ae42d560-malwarebytes_anti_malware.png
MalwareBytes Anti-Malware bij voorkeur naar het bureaublad.

  • Dubbelklik op mbam-setup-2.0.exe om de installatie van Malwarebytes Anti-Malware te starten.
  • Volg de verdere aanwijzingen, de volledige installatieprocedure kunt u nalezen op de volgende link - Malwarebytes Anti-Malware installeren.

  • Klik vervolgens op de knop Scan nu om een bedreigingsscan uit te voeren.
  • Er zal nu gecontroleerd worden op beschikbare updates, klik hier op "Nu bijwerken als er beschikbare updates zijn.
  • De scan wordt nu automatisch gestart,wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijgt u hier een overzicht van.
  • Wanneer er geen bedreigingen zijn gedetecteerd klikt u na de scan op Bekijk gedetailleerd logboek.
    • Klik vervolgens op de knop Acties toepassen, bij de melding dat uw computer opnieuw opgestart moet worden klikt u op Nee.
    • Klik vervolgens op de knop Bekijk gedetailleerd logboek en klik op de knop exporteer en kies de optie tekstbestand (*.txt).
    • Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog en klik vervolgens op de knop Opslaan.
    • Dit bestand zal standaard op uw bureaublad worden opgeslagen.
532aab157609a-MBAM-Scan.png




Plaats dit logje in je volgende antwoord.
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scandatum: 10-4-2014
Scantijd: 19:05:52
Logbestand: Mbam log 10-4.txt
Beheerder: Ja

Versie: 2.00.1.1004
Malwaredatabase: v2014.04.10.05
Rootkitdatabase: v2014.03.27.01
Licentie: Proef
Malwarebescherming: Ingeschakeld
Kwaadaardige Website Bescherming: Ingeschakeld
Chameleon: Uitgeschakeld

Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: Robert

Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten Gescand: 278995
Verstreken Tijd: 30 m, 4 s

Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Ingeschakeld
Shuriken: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld

Processen: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registersleutels: 0
(No malicious items detected)

Registerwaardes: 0
(No malicious items detected)

Registerdata: 0
(No malicious items detected)

Mappen: 0
(No malicious items detected)

Bestanden: 0
(No malicious items detected)

Fysieke Sectoren: 0
(No malicious items detected)


(end)
 
Hallo,

Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

Download
51a612a8b27e2-Zoek.png
Zoek.exe naar het bureaublad.
  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.

Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
  • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
    Code:
    firefoxlook;
    emptyclsid;
    torpigcheck;
    emptyfolderscheck;delete
    chromelook;
    standardsearch;
    filesrcm;
    autoclean;
    startupall;
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht.
 
Hallo abbs,

ik kom niet bij 'realtimebescherming' in Malwarebytes om de bescherming uit te zetten.
 
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Robert on vr 11-04-2014 at 9:45:58,75.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Robert\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11-4-2014 9:48:29 Zoek.exe System Restore Point Created Succesfully.

==== Torpig Check ======================

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll


==== Empty Folders Check ======================

C:\PROGRA~2\Freemake deleted successfully
C:\PROGRA~2\JLC's Software deleted successfully
C:\PROGRA~2\Magical Jelly Bean deleted successfully
C:\PROGRA~2\MpcStar deleted successfully
C:\PROGRA~2\Sony Mobile deleted successfully
C:\PROGRA~2\VideoLAN deleted successfully
C:\PROGRA~2\COMMON~1\DESIGNER deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\BitComet deleted successfully
C:\Program Files\Fighters deleted successfully
C:\Program Files\Google deleted successfully
C:\Program Files\McAfee deleted successfully
C:\Program Files\ReviverSoft deleted successfully
C:\PROGRA~3\Freemake deleted successfully
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully
C:\Users\Robert\AppData\Roaming\HpUpdate deleted successfully
C:\Users\Robert\AppData\Roaming\JLC's Software deleted successfully
C:\Users\Robert\AppData\Roaming\Nokia Ovi Suite deleted successfully
C:\Users\Robert\AppData\Roaming\Octoshape deleted successfully
C:\Users\Robert\AppData\Local\Downloaded Installations deleted successfully
C:\Users\Robert\AppData\Local\kpn deleted successfully
C:\Users\Robert\AppData\Local\ms-drivers deleted successfully
C:\Users\Robert\AppData\Local\Real deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\vsnpstd3.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\FixCamera.exe
C:\Windows\tsnpstd3.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Users\Robert\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.0.0 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.0.0 deleted successfully

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found
C:\Users\Robert\daemonprocess.txt deleted
C:\Users\Robert\.android deleted
C:\PROGRA~2\TorrentSearch deleted
C:\Users\Robert\AppData\Local\cache deleted
C:\Users\Robert\Downloads\avg_free_stb_all_2014_4335_cnet.exe deleted
C:\Users\Robert\Downloads\drivermax_7_25_cnet.exe deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 2813 MB
CPU Info: AMD Sempron(tm) M120
CPU Speed: 2092,9 MHz
Sound Card: Luidsprekers en koptelefoons (I |
Display Adapters: AMD M880G with ATI Mobility Radeon HD 4200 | AMD M880G with ATI Mobility Radeon HD 4200 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Algemeen PnP-beeldscherm |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) | Microsoft Virtual WiFi Miniport Adapter | Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter
CD / DVD Drives: 1x (F: | ) F: hp DVDRAM GT30L
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 218,9GB | D: 13,7GB | E: 99,2MB
Hard Disks - Free: C: 159,2GB | D: 2,3GB | E: 99,2MB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE | 01/25/10 | HPQOEM - 3
Time Zone: West-Europa (standaardtijd)
Motherboard *: Hewlett-Packard 363F
Country: Nederland
Language: NLD

==== System Specs (Software) ======================

Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated)
Default Browser: Google Chrome 33.0.1750.154
Internet Explorer Version: 11.0.9600.16659
Google Chrome version: 33.0.1750.154
Flash Player version: 12.0.0.77
Shockwave Player version: 11.6.5r635

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-04-11 06:44:31 470C1024972BFC1BD4F2E50AAEDB2DA4 377335061 ----a-w- C:\Windows\MEMORY.DMP
2014-04-08 13:47:15 FB0C8699B87F7140BB6201BE7B4B6778 827392 ----a-w- C:\Windows\vsnpstd3.exe
2014-04-08 13:47:14 F4D40E1893230F62D184B5030A4C4E4E 53248 ----a-w- C:\Windows\csnpstd3.dll
2014-04-08 13:47:14 AB844F126F342FC487534C58D8C18547 13023 ----a-w- C:\Windows\snpstd3.src
2014-04-08 13:47:14 6CD72592F71F43E596FD3FEC6D0C2066 270336 ----a-w- C:\Windows\tsnpstd3.exe
2014-04-08 13:47:14 257D0B93509616D6403D4919F9C65F08 15498 ----a-w- C:\Windows\snpstd3.ini
2014-04-08 12:19:12 6F9455F97D5D91FDEEC0F344E70A2D0E 20480 ----a-w- C:\Windows\FixCamera.exe
====== C:\Users\Robert\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-04-09 09:54:05 CCF19C82F6145E4A467F7CB9AF82026C 17073152 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-04-09 09:54:04 A45A13AAC7777C096A073FF1F4F5A0D5 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 09:53:49 76161B9D78A275F8F28DD67436013110 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll
2014-04-09 09:53:49 2E1D6624EE2C3F454CADF09DC59E78B0 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2014-04-09 09:53:48 1F76F7CB3C690ACB985C2FD419383B49 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 09:53:48 1E886E327F37F34CC7465F1605D1F3CD 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll
2014-04-09 09:53:47 A30AB03E7C837A17AC70E67E63B8E2F6 2048 ----a-w- C:\Windows\SysWOW64\user.exe
2014-04-09 09:53:47 9F3D88540DB73F5213D5044CB50006DF 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2014-04-08 13:47:14 AA4AC1FE8BA8890CF284BFE61B4735B4 172032 ----a-w- C:\Windows\SysWOW64\rsnpstd3.dll
2014-04-07 10:57:38 38E63F081E891F09DB801E319071D58C 477008 ----a-w- C:\Windows\SysWOW64\hmpalert.dll
====== C:\Windows\SysWOW64\drivers =====
2014-04-08 13:47:14 A37E84EB12C39D36EDDEB7966429E75F 10252544 ----a-w- C:\Windows\SysWOW64\drivers\snpstd3.sys
====== C:\Windows\Sysnative =====
2014-04-09 09:54:06 C3E3EFD320D0000BE6F9CDB00CD6086F 23134208 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-04-09 09:54:04 14257E59C8452DCC38B8D55DEDC6EE0D 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-04-09 09:53:49 D2A513EE880D71BDE7F0257F38B9D019 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll
2014-04-09 09:53:49 7434E01FBCA3CB86539C39412A31D5E1 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll
2014-04-09 09:53:49 2A107B611C91CD256466C58C0D776E9D 243712 ----a-w- C:\Windows\Sysnative\wow64.dll
2014-04-09 09:53:48 74959C718FF4594369645F35B7DF19C4 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll
2014-04-09 09:53:48 0F090A77E664CB0F70AB8D3B230B760C 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll
2014-04-08 13:47:15 3D258C8F14EE5E26D5762D8545B89326 306176 ----a-w- C:\Windows\Sysnative\vsnpstd3.dll
2014-04-07 10:57:38 977D30FE2E77C7E09F3424DF33724024 548424 ----a-w- C:\Windows\Sysnative\hmpalert.dll
====== C:\Windows\Sysnative\drivers =====
2014-04-09 09:53:55 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\Sysnative\drivers\storport.sys
2014-04-09 09:53:55 96BB922A0981BC7432C8CF52B5410FE6 274880 ----a-w- C:\Windows\Sysnative\drivers\msiscsi.sys
2014-04-09 09:53:54 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\Sysnative\drivers\Diskdump.sys
2014-04-09 09:53:46 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys
2014-04-08 13:47:15 3B7162AC2E64623EF35778A59674E3A9 10550656 ----a-w- C:\Windows\Sysnative\drivers\snpstd3.sys
2014-04-07 10:57:38 CF07C0A9D38A248D036DD9C47E4D0D6E 93144 ----a-w- C:\Windows\Sysnative\drivers\hmpalert.sys
2014-04-03 11:27:08 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-04-03 11:25:43 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-04-03 11:25:43 C49915271600CFC2305FAA4271D0002F 63192 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-04-03 11:25:43 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-03-20 13:21:48 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys
====== C:\Windows\Tasks ======
2014-04-04 09:58:46 8F747E4C8027D3C721EA5228860C2A17 3184 ----a-w- C:\Windows\Sysnative\Tasks\{25E2C059-991F-43DB-8295-483C882412FF}
2014-03-24 08:02:52 BF4205A0D103AF54B0926AF4163F3A9E 3344 ----a-w- C:\Windows\Sysnative\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4132884842-2695504495-3771251730-1000
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-03-20 13:21:23 -------- d-----w- C:\Program Files\Synaptics
======= C:\PROGRA~2 =====
2014-04-08 13:47:14 -------- d-----w- C:\PROGRA~2\COMMON~1\snpstd3
2014-04-07 10:57:38 -------- d-----w- C:\PROGRA~2\HitmanPro.Alert
2014-04-06 13:01:42 -------- d-----w- C:\PROGRA~2\EMET 4.1
======= C: =====
2014-04-10 17:19:31 50FE58A0D52F3B35B6FFF205E1DEE9D3 1154 ----a-w- C:\mbam 10-4.txt
2014-03-16 09:39:38 63EF77A27B77E4BAEAA5882A08F8849A 2238 ----a-w- C:\DelFix.txt
====== C:\Users\Robert\AppData\Roaming ======
2014-04-09 17:33:06 -------- d-----w- C:\Users\Robert\AppData\Roaming\driveridentifier
2014-04-02 10:11:01 9ECBAEC1B3703D30C2EFFA04DC546F44 46 ----a-w- C:\Users\Robert\AppData\Roaming\WB.CFG
2014-03-21 13:00:12 -------- d-----w- C:\Users\Robert\AppData\Roaming\AVG2014
2014-03-21 12:59:57 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2014
2014-03-21 12:59:38 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2014
2014-03-21 12:57:58 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2014
2014-03-21 12:54:00 -------- d-----w- C:\Users\Robert\AppData\Local\Avg2014
2014-03-15 07:47:09 -------- d-----w- C:\Users\Robert\AppData\Local\Skype
====== C:\Users\Robert ======
2014-04-08 13:47:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trust
2014-04-08 13:44:07 E831B1A07826B7C3FA2B18DC63C94CAA 10195176 ----a-w- C:\Users\Robert\Downloads\15082-03_05.exe
2014-04-08 13:25:10 55A0867E691D550D944B5FBAD27ECD56 3482112 ----a-w- C:\Users\Robert\Downloads\wzdu18.exe
2014-04-07 10:57:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-04-07 10:56:04 C0F3DDA847FFB13D746414284A3BE40B 1862480 ----a-w- C:\Users\Robert\Downloads\hmpalert.exe
2014-04-06 13:01:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2014-04-03 11:20:56 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Users\Robert\Downloads\mbam-setup-2.0.0.1000 (1).exe
2014-04-03 11:20:51 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Users\Robert\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-02 16:25:31 F445E1DE976645E47C81E2116061A007 593920 ----a-w- C:\Users\Robert\Downloads\Jaap_s Puch Calculator.exe
2014-04-01 18:10:58 238BC94DDC258DD3B339B204BF394F0D 1125464 ----a-w- C:\Users\Robert\Downloads\bittorrent [1].exe
2014-03-31 10:02:28 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-03-25 10:27:14 -------- d-----w- C:\ProgramData\Sony
2014-03-21 12:58:55 -------- d-----w- C:\ProgramData\AVG2014
2014-03-15 07:46:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

====== C: exe-files ==
2014-04-11 07:25:28 8FAE9109245E4B4FF42704ECFB86F1B6 8704216 ----a-w- C:\Program Files (x86)\Google\Update\Install\{904D19DC-F669-4CD9-A4F0-01A7B9AAEB4B}\34.0.1847.116_33.0.1750.154_chrome_updater.exe
2014-04-11 07:25:28 8FAE9109245E4B4FF42704ECFB86F1B6 8704216 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.116\34.0.1847.116_33.0.1750.154_chrome_updater.exe
2014-04-08 13:47:15 FB0C8699B87F7140BB6201BE7B4B6778 827392 ----a-w- C:\Windows\vsnpstd3.exe
2014-04-08 13:47:15 FB0C8699B87F7140BB6201BE7B4B6778 827392 ----a-w- C:\Program Files (x86)\Common Files\snpstd3\vsnpstd3.exe
2014-04-08 13:47:15 6CD72592F71F43E596FD3FEC6D0C2066 270336 ----a-w- C:\Program Files (x86)\Common Files\snpstd3\tsnpstd3.exe
2014-04-08 13:47:14 6CD72592F71F43E596FD3FEC6D0C2066 270336 ----a-w- C:\Windows\tsnpstd3.exe
2014-04-08 13:47:13 FBAB280D0CAC5E21C72F0A1A7B5B9608 455600 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\setup.exe
2014-04-08 13:44:07 E831B1A07826B7C3FA2B18DC63C94CAA 10195176 ----a-w- C:\Users\Robert\Downloads\15082-03_05.exe
2014-04-08 13:25:10 55A0867E691D550D944B5FBAD27ECD56 3482112 ----a-w- C:\Users\Robert\Downloads\wzdu18.exe
2014-04-08 12:19:12 6F9455F97D5D91FDEEC0F344E70A2D0E 20480 ----a-w- C:\Windows\FixCamera.exe
2014-04-07 10:57:38 2638395F6E61889D75C363A80A0E17F4 1876816 ----a-w- C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2014-04-07 10:56:04 C0F3DDA847FFB13D746414284A3BE40B 1862480 ----a-w- C:\Users\Robert\Downloads\hmpalert.exe
=== C: other files ==
2014-04-09 09:53:55 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-04-09 09:53:55 96BB922A0981BC7432C8CF52B5410FE6 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-04-09 09:53:54 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-04-09 09:53:46 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-04-08 13:47:15 3B7162AC2E64623EF35778A59674E3A9 10550656 ----a-w- C:\Windows\System32\drivers\snpstd3.sys
2014-04-08 13:47:15 3B7162AC2E64623EF35778A59674E3A9 10550656 ----a-w- C:\Program Files (x86)\Common Files\snpstd3\x64\snpstd3.sys
2014-04-08 13:47:14 A37E84EB12C39D36EDDEB7966429E75F 10252544 ----a-w- C:\Windows\SysWOW64\drivers\snpstd3.sys
2014-04-08 13:47:14 A37E84EB12C39D36EDDEB7966429E75F 10252544 ----a-w- C:\Program Files (x86)\Common Files\snpstd3\snpstd3.sys
2014-04-07 10:57:38 CF07C0A9D38A248D036DD9C47E4D0D6E 93144 ----a-w- C:\Windows\System32\drivers\hmpalert.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-4132884842-2695504495-3771251730-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE /EPT EPLTarget\P0000000000000000 /M Epson Stylus SX440"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"
"EMET 4.1 Agent"="C:\Program Files (x86)\EMET 4.1\EMET_agent.exe"
"FixCamera"="C:\Windows\FixCamera.exe"
"tsnpstd3"="C:\Windows\tsnpstd3.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE /EPT EPLTarget\P0000000000000000 /M Epson Stylus SX440"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="C:\Windows\vsnpstd3.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Registry Disabled ======================

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"AVG-Secure-Search-Update_1213b"="C:\\Users\\Robert\\AppData\\Roaming\\AVG 1213b Campaign\\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=04c3810265cc0043c93a5833cac041c0-11983c526691f190317d08944ca502ba934f483e /CMPID=1213b"
"Sony Ericsson PC Companion"="\"C:\\Program Files (x86)\\Sony Ericsson\\Sony Ericsson PC Companion\\PCCompanion.exe\" /Background"


==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Akamai NetSession Interface"
"hkey"="HKCU"
"command"="\"C:\\Users\\Robert\\AppData\\Local\\Akamai\\netsession_win.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EEventManager]
"command"="\"C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe\""
"hkey"="HKLM"
"item"="EEventManager"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FixCamera]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FixCamera"
"hkey"="HKLM"
"command"="C:\\Windows\\FixCamera.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelliPoint]
"command"="\"c:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\""
"hkey"="HKLM"
"item"="IntelliPoint"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KPN Assistent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KPN Assistent"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\KPN\\KPN Assistent\\KPN_Assistent.exe /auto"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaMServer]
"command"="C:\\Program Files (x86)\\Common Files\\Nokia\\MPlatform\\NokiaMServer /watchfiles startup"
"hkey"="HKLM"
"item"="NokiaMServer"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"
"hkey"="HKLM"
"item"="StartCCC"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh]
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"hkey"="HKLM"
"item"="SynTPEnh"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SysTrayApp]
"command"="C:\\Program Files\\IDT\\WDM\\sttray64.exe"
"hkey"="HKLM"
"item"="SysTrayApp"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"command"="\"C:\\Program Files (x86)\\Real\\RealPlayer\\Update\\realsched.exe\" -osboot"
"hkey"="HKLM"
"item"="TkBellExe"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ :C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05-02-2014 21:29]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05-02-2014 21:29]
C:\Windows\tasks\HPCeeScheduleForRobert.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07-10-2009 05:22]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\0" [c:\program files (x86)\internet explorer\iexplore.exe]
"C:\Windows\SysNative\tasks\4803" [wscript.exe C:\Users\Robert\AppData\Local\Temp\launchie.vbs //B]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Adobe online update program" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\Express Files Updater" [C:\Program Files (x86)\ExpressFiles\EFupdater.exe]
"C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HP online update program" [C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForRobert" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe]
"C:\Windows\SysNative\tasks\Launch HTC Sync Loader" [C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4132884842-2695504495-3771251730-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4132884842-2695504495-3771251730-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files (x86)\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\Sun Microsystems online update program" [C:\Program Files\Java\jre6\bin\jusched.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{58082D7E-CF62-4167-B57A-C396529A6529}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{5F769506-941E-44DD-895F-4F482AD3C644}" [F:\Elsawin 3.3 Install\Utilities\Acrobat Reader 5.05\ar505deu.exe]
"C:\Windows\SysNative\tasks\{82322215-6299-4676-A312-3B650ADA2DB6}" [F:\Elsawin 3.3 Install\Utilities\Acrobat Reader 5.05\ar505deu.exe]
"C:\Windows\SysNative\tasks\{B1E76EF1-444C-4F33-8879-10A1D537757A}" [F:\Elsawin 3.3 Install\Utilities\Acrobat Reader 5.05\ar505deu.exe]
"C:\Windows\SysNative\tasks\{B4B5A0DC-D510-4883-975F-0032C6F9DB84}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe]
"C:\Windows\SysNative\tasks\{DF0B0BE0-980A-4959-9B18-4695FC483B25}" [F:\Elsawin 3.3 Install\Utilities\Acrobat Reader 5.05\ar505deu.exe]

==== Folders in C:\PROGRA~3 0-6 Months Old ======================

2013-11-12 12:12:49 -------- d-----w- C:\PROGRA~3\Ashampoo
2014-03-21 12:58:55 -------- d-----w- C:\PROGRA~3\AVG2014
2014-03-25 10:27:14 -------- d-----w- C:\PROGRA~3\Sony

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [02-10-2013 12:02]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\jfwprd8z.default
- Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Undetermined - C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension
- Undetermined - C:\Program Files (x86)\Mozilla Firefox\extensions\{5ddeb737-082c-48fb-8c06-aa4b38d61e5f}
- Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
- Undetermined - C:\ProgramData\AVG Secure Search\FireFoxExt\14.1.0.10

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\extensions\{129b29a3-f554-444b-aa12-8ead59836cc8}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}

==== Firefox Plugins ======================

Profilepath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\jfwprd8z.default
ADC539F67D3198679F480974EE203678 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.210.11
3D3CAF586124C4E8102764C8B3063BB6 - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft Windows Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14-08-2013 15:24]

Google Docs - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
RealDownloader - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://symbaloo.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://symbaloo.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Video Player deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully

==== HijackThis Entries ======================

O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [EMET 4.1 Agent] "C:\Program Files (x86)\EMET 4.1\EMET_agent.exe"
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX440"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro.Alert Service (hmpalertsvc) - SurfRight B.V. - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IZ0H7U8 will be deleted at reboot
C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3DPXD2X will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=197 folders=23 16895939 bytes)

==== Empty Temp Folders ======================

C:\Users\AppData\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Robert\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Robert\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IZ0H7U8" not found
"C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3DPXD2X" not found

==== EOF on vr 11-04-2014 at 11:44:23,39 ======================
 
Hallo,


Download
adwcleaner.png
AdwCleaner by Xplode naar het bureaublad.
  • Sluit alle openstaande vensters.
  • Dubbelklik op AdwCleaner om hem te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
  • Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik vervolgens op Scan.
  • Klik vervolgens op Clean als er items zijn gevonden.
  • Klik bij Herstarten Noodzakelijk op OK

Nadat de PC opnieuw is opgestart, opent meestal een logfile.
Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[R1].txt
Post aansluitend de inhoud van dit log in je volgende bericht.
 
# AdwCleaner v3.023 - Report created 11/04/2014 at 18:59:11
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Robert - ROBERT-PC
# Running from : C:\Users\Robert\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v

[ File : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\jfwprd8z.default\prefs.js ]


-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [891 octets] - [11/04/2014 12:38:21]
AdwCleaner[S0].txt - [813 octets] - [11/04/2014 18:59:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [872 octets] ##########
 
Hallo,

Hoe gaat het hierna?
 
Ik heb dit weekend onverwacht een kennis over dus het word maandag/dinsdag eer ik weer
op het internet zit.
Sorry en ook een fijn weekend Robert
 
Ik heb dit weekend onverwacht een kennis over dus het word maandag/dinsdag eer ik weer
op het internet zit.
Sorry en ook een fijn weekend Robert

Geeft niet rustig aan hij loopt niet weg, fijn weekend.
 
Benikweer!
De
534bfd00de4e0-vuk.PNG
staat er nog steeds.
Niet zo frequent als voor het cleanen overigens.
Bij Marktplaats heb ik het nog niet waargenomen en daar zag ik de melding als eerste.
 
Laatst bewerkt door een moderator:
Haloo,

Dan gaan we verder spitten;

Download ZHPDiag naar het bureaublad.

Antivirussoftware uitschakelen
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met ZHPDiag.

ZHPDiag installeren
  • Dubbelklik op zhpdiag.exe om de installatie te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik meerdere keren op "Suivant" om het installatieproces te doorlopen.
  • Klik op "Installer" wanneer daar om gevraagd wordt en op "Terminer" wanneer de installatie voltooid is.

ZHPDiag uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
  • Dubbelklik op de snelkoppeling met de naam ZHPDiag
  • Het startvenster verschijnt, klik nu op "Configureren".
  • Als de taal niet als Nederlands is ingesteld klik rechts onderaan op het
    52c0016c69f81-huisje.png
    icoontje "Slectionner une langue" en kies "Nerlandais".
  • Klik daarna links onderaan op het
    52c001f7eec91-vergrootglas.png
    icoontje "Diagnosemogelijkheden".
  • Er wordt nu een scan van je systeem gemaakt wacht geduldig tot deze voltooid is.

Voeg het logbestand met de naam "ZHPDiag.txt" toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op het bureaublad.)
 
~ Verslag van ZHPDiag v2014.4.14.26 - Nicolas Coolman (14-4-2014)
~ Gelanceerd door Robert (14-4-2014 19:20:53)
~ Het adres van de website : http://nicolascoolman.webs.com
~ Gratis supportforum voor desinfectie : http://nicolascoolman.webs.com/apps/links/
~ Vertaald door de gebruiker
~ Staat van de versie :
~ Lijst wit : Ingeschakeld door het programma
~ Tot misbruik van bevoegdheden : OK
~ Gebruikersaccountbeheer (UAC) : Activate by user


---\\ Internet-browsers
MSIE: Internet Explorer v11.0.9600.16659
GCIE: Google Chrome v34.0.1847.116 (Defaut)

---\\ Windows productinformatie
~ Langage: Nerlandais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Software om het systeem te beveiligen
AVG 2014 v14.0.3882
Malwarebytes Anti-Malware versie 2.0.1.1004
Windows Defender W7

---\\ Systeem optimalisatie software
CCleaner v4.10 =>.Piriform Ltd

---\\ Delen van software PeerToPeer

---\\ Software die extra aandacht behoeft
Adobe Flash Player 12 Plugin

---\\ Informatie over het systeem
~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2812 MB (42% free)
System Restore: Activ (Enable)
System drive C: has 155 GB (70%) free of 219 GB

---\\ Verbinding met het systeem-modus
~ Computer Name: ROBERT-PC
~ User Name: Robert
~ All Users Names: Robert, HomeGroupUser$, Gast, Administrator,
~ Unselected Option: None
Logged in as Administrator

---\\ Omgevingsvariabelen
~ System Unit : C:\
~ %AppZHP% : C:\Users\Robert\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Robert\AppData\Roaming\
~ %Desktop% : C:\Users\Robert\Desktop\
~ %Favorites% : C:\Users\Robert\Favorites\
~ %LocalAppData% : C:\Users\Robert\AppData\Local\
~ %StartMenu% : C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Overzicht vaste en verwisselbare stations
C: Hard drive, Flash drive, Thumb drive (Free 155 Go of 219 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 14 Go)
E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
F: CD-ROM drive (Not Inserted)



---\\ Staat van het Windows Beveiligingscentrum
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Zoeken naar bepaalde algemene bestanden
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Verkenner.) (.25-2-2011 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14-7-2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.1-3-2014 - 4:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.20-11-2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.20-11-2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28-9-2013 - 2:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-7-2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-7-2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20-11-2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20-11-2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20-11-2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14-7-2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-7-2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-4-2011 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20-11-2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.24-1-2014 - 3:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14-7-2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20-11-2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-7-2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20-11-2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.20-11-2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Status van de verborgen bestanden (verborgen/totaal)
~ Mes images (My Pictures) : 3/250
~ Mes musiques (My Musics) : 1/456
~ Mes Videos (My Videos) : 2/18
~ Mes Favoris (My Favorites) : 1/130
~ Mes Documents (My Documents) : 2/113
~ Mon Bureau (My Desktop) : 2/7
~ Menu demarrer (Programs) : 1/36
~ Hidden Files: Scanned in 00mn 03s



---\\ Gestarte processen
[MD5.FB0C8699B87F7140BB6201BE7B4B6778] - (.No owner - CameraMonitor Application.) -- C:\Windows\vsnpstd3.exe [827392] [PID.1904]
[MD5.9D4A0ECBF734E2EECDD5B473A2D705FE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016] [PID.2144]
[MD5.A40824624D8667FE31333B0CEB936169] - (.Sony - Sony PC Companion.) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760] [PID.2156]
[MD5.1F6F818BA97D56E9C8100B9002EE2C20] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024] [PID.2616]
[MD5.6F9455F97D5D91FDEEC0F344E70A2D0E] - (.No owner - CameraFixer MFC Application.) -- C:\Windows\FixCamera.exe [20480] [PID.2668]
[MD5.41AD6110110A2E89957F831DCBFAF892] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6963512] [PID.2680]
[MD5.6CD72592F71F43E596FD3FEC6D0C2066] - (.No owner - tsnp2std Microsoft.) -- C:\Windows\tsnpstd3.exe [270336] [PID.2692]
[MD5.0F6D06A88A88007AAEE5F0EE1ECE42E4] - (...) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe [70880] [PID.2936]
[MD5.CC02FE4520CA886508069245D9A6962F] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222720] [PID.1644]
[MD5.2EBBBFC120593C683796092F2DDA0EFC] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.4916]
[MD5.775DDB699B40C42E1BD799CC0EBF3528] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8215552] [PID.6620]
[MD5.2638395F6E61889D75C363A80A0E17F4] - (.SurfRight B.V. - HitmanPro.Alert.) -- C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816] [PID.728]
[MD5.B33CF4DE909A5B30F526D82053A63C8E] - (.ABBYY - ABBYY network license server.) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048] [PID.1716]
[MD5.B747B6BB015E552F49C634BB19540F3D] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008] [PID.2104]
[MD5.C34411A244029F1C08687F7C752C4563] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2300]
[MD5.0E08BDD7326E657D59DB40BAD23D8169] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.2348]
[MD5.A8E7F3DB083EB0839DFC1C763CDD2594] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912] [PID.2636]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.1076]
[MD5.498EB62A160674E793FA40FD65390625] - (.No owner - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152] [PID.2236]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, start, zoeken, extensies (G0, G1, G2)
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Winkel v.0.2 (Activ)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activ)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activ)

---\\ Google Chrome extensie map

~ Google Lines Browser: 16 Legitimates Filtered in 00mn 05s



---\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3)
C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\jfwprd8z.default\prefs.js
~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, start, zoeken, URLSearchHook, Phishing (R0, R1, R3, R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://symbaloo.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 22 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, proxybeheer (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts-bestand omleiding (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Internet Explorer werkbalken (O3)
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION - Epson Easy Photo Print (TBL x64).) -- C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Andere Verwijzigingen gebruikers (O4)
O4 - GS\Program [Public]: Acrobat_com.lnk . (...) -- C:\Program Files (x86)\Adobe\Acrobat_com\Acrobat_com.exe
O4 - GS\Program [Public]: eBay.nl.lnk . (...) -- C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe =>Toolbar.eBay
O4 - GS\QuickLaunch [Robert]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Robert]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Robert]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Robert]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Robert]: Magnify.lnk . (.Microsoft Corporation - Microsoft Schermvergroting.) -- C:\Windows\system32\magnify.exe
O4 - GS\TaskBar [Robert]: OpenOffice.lnk . (.Apache Software Foundation - OpenOffice 4.0.1.) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
O4 - GS\Program [Robert]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Robert]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Robert]: zoek.exe - Snelkoppeling.lnk . (...) -- C:\Users\Robert\Downloads\zoek.exe
~ Global Startup: 63 Legitimates Filtered in 00mn 02s



---\\ Toepassingen gestart door register & bestand (O4)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [snpstd3] . (.No owner - CameraMonitor Application.) -- C:\Windows\vsnpstd3.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.exe =>.Epson Seiko Corporation
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Sony PC Companion] . (.Sony - Sony PC Companion.) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
O4 - HKLM\..\Wow6432Node\Run: [EMET 4.1 Agent] . (.Microsoft Corporation - EMET_Agent.) -- C:\Program Files (x86)\EMET 4.1\EMET_agent.exe
O4 - HKLM\..\Wow6432Node\Run: [FixCamera] . (.No owner - CameraFixer MFC Application.) -- C:\Windows\FixCamera.exe
O4 - HKLM\..\Wow6432Node\Run: [tsnpstd3] . (.No owner - tsnp2std Microsoft.) -- C:\Windows\tsnpstd3.exe
O4 - HKUS\S-1-5-21-4132884842-2695504495-3771251730-1000\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-4132884842-2695504495-3771251730-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-4132884842-2695504495-3771251730-1000\..\Run: [Sony PC Companion] . (.Sony - Sony PC Companion.) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
~ Application: Scanned in 00mn 00s



---\\ Domeinadres van de DNS (O17) wijzigen
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DB09955-C736-4B89-9653-83BA3AA82E7D}: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{997CCE71-458B-48E1-B67D-B54E451B6113}: DhcpNameServer = 62.140.138.237 62.140.140.250
O17 - HKLM\System\CCS\Services\Tcpip\..\{C89335D9-98C0-4432-8834-6DEC38FF5414}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DB09955-C736-4B89-9653-83BA3AA82E7D}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{7DB09955-C736-4B89-9653-83BA3AA82E7D}: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{997CCE71-458B-48E1-B67D-B54E451B6113}: DhcpNameServer = 62.140.138.237 62.140.140.250
O17 - HKLM\System\CS1\Services\Tcpip\..\{C89335D9-98C0-4432-8834-6DEC38FF5414}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{7DB09955-C736-4B89-9653-83BA3AA82E7D}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{7DB09955-C736-4B89-9653-83BA3AA82E7D}: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{997CCE71-458B-48E1-B67D-B54E451B6113}: DhcpNameServer = 62.140.138.237 62.140.140.250
O17 - HKLM\System\CS2\Services\Tcpip\..\{C89335D9-98C0-4432-8834-6DEC38FF5414}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{7DB09955-C736-4B89-9653-83BA3AA82E7D}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
~ Domain: Scanned in 00mn 00s



---\\ Aanvullend Protocol (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lijst van niet-Microsoft NT services die niet uitgeschakeld zijn (O23)
O23 - Service: HitmanPro.Alert Service (hmpalertsvc) . (.SurfRight B.V. - HitmanPro.Alert.) - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
~ Services: 13 Legitimates Filtered in 00mn 25s



---\\ Taken die zijn gepland in de automatische modus (O39)
[MD5.00000000000000000000000000000000] [APT] [4803] (...) -- C:\Users\Robert\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Express Files Updater] (...) -- C:\Program Files (x86)\ExpressFiles\EFupdater.exe (.not file.) [0] =>Adware.ExpressFiles
[MD5.00000000000000000000000000000000] [APT] [Sun Microsystems online update program] (...) -- C:\Program Files\Java\jre6\bin\jusched.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2B2A948E-AFA1-4DE2-96E0-48EEAA55DAEB}] (...) -- C:\Users\Robert\Documents\Sony_Ericsson_PC_Suite_6.007.00_Web_ES.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5F769506-941E-44DD-895F-4F482AD3C644}] (...) -- F:\Elsawin 3.3 Install\Utilities\Acrobat Reader 5.05\ar505deu.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{82322215-6299-4676-A312-3B650ADA2DB6}] (...) -- F:\Elsawin 3.3 Install\Utilities\Acrobat Reader 5.05\ar505deu.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B1E76EF1-444C-4F33-8879-10A1D537757A}] (...) -- F:\Elsawin 3.3 Install\Utilities\Acrobat Reader 5.05\ar505deu.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C1504D84-4C3A-4475-A1CC-91EC75C22DB7}] (...) -- G:\setup_vmc_lite.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C7846042-51F7-40C5-9334-A5D76D659B9B}] (...) -- C:\Users\Robert\Downloads\MotoGPScreensaver.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DF0B0BE0-980A-4959-9B18-4695FC483B25}] (...) -- F:\Elsawin 3.3 Install\Utilities\Acrobat Reader 5.05\ar505deu.exe (.not file.) [0]
~ Scheduled Task: 34 Legitimates Filtered in 00mn 06s



---\\ Genstalleerde software (O42)
O42 - Logiciel: Aangifte inkomstenbelasting 2009 - (.Belastingdienst.) [HKLM][64Bits] -- Aangifte inkomstenbelasting 2009
O42 - Logiciel: Aangifte inkomstenbelasting 2010 - (.Belastingdienst.) [HKLM][64Bits] -- Aangifte inkomstenbelasting 2010
O42 - Logiciel: Advanced File Optimizer - (.Systweak Software.) [HKLM][64Bits] -- Advanced File Optimizer_is1 =>PUP.AdvancedFileOptimizer
O42 - Logiciel: Akamai NetSession Interface - (...) [HKCU][64Bits] -- Akamai
O42 - Logiciel: Drivers For Free - (.Drivers For Free.) [HKLM][64Bits] -- {09764316-ABC4-4469-AD5B-D3EACE45EE3D}
O42 - Logiciel: Simple Port Forwarding - (.PcWinTech.com.) [HKLM][64Bits] -- Simple Port Forwarding
O42 - Logiciel: Tixati - (...) [HKLM][64Bits] -- tixati
O42 - Logiciel: Video Download Converter version 1.0.0.0 - (...) [HKLM][64Bits] -- VDC_is1 =>Adware.VideoDownloadConverter
~ Logic: 27 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\ChilliTorrent]
[HKCU\Software\Full Tilt Poker]
[HKCU\Software\IncrediMail]
[HKCU\Software\KPN]
[HKCU\Software\MLP]
[HKCU\Software\The Mask Productions]
[HKCU\Software\Zillions Development]
[HKCU\Software\idPlanner]
[HKLM\Software\Wow6432Node\Full Tilt Poker]
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\KPN]
[HKLM\Software\Wow6432Node\OkidO]
[HKLM\Software\Wow6432Node\VAGSoft]
~ Key Software: 422 Legitimates Filtered in 00mn 01s



---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 31-8-2011 - 16:56:21 - [16,205] ----D C:\Program Files (x86)\Belastingdienst
O43 - CFD: 18-11-2013 - 17:13:17 - [14,909] ----D C:\Program Files (x86)\ChilliTorrent
O43 - CFD: 11-7-2012 - 9:31:52 - [7,429] ----D C:\Program Files (x86)\Drivers For Free
O43 - CFD: 6-4-2014 - 15:08:54 - [17,316] ----D C:\Program Files (x86)\EMET 4.1
O43 - CFD: 29-6-2012 - 15:03:51 - [55,487] ----D C:\Program Files (x86)\KPN
O43 - CFD: 1-5-2010 - 13:31:33 - [8,113] ----D C:\Program Files (x86)\OxigenInstall
O43 - CFD: 27-4-2012 - 13:43:07 - [16,278] ----D C:\Program Files (x86)\Simple Port Forwarding
O43 - CFD: 12-7-2012 - 1:31:23 - [0,290] ----D C:\Program Files (x86)\SlimTV
O43 - CFD: 11-7-2012 - 9:58:00 - [0] ----D C:\ProgramData\Drivers For Free
O43 - CFD: 14-11-2011 - 18:19:21 - [27,999] ----D C:\ProgramData\MGS
O43 - CFD: 4-2-2014 - 21:19:19 - [0] ----D C:\Users\Robert\AppData\Roaming\Belastingdienst
O43 - CFD: 11-7-2012 - 9:57:21 - [0,003] ----D C:\Users\Robert\AppData\Roaming\Drivers For Free
O43 - CFD: 29-3-2010 - 19:16:27 - [21,867] ----D C:\Users\Robert\AppData\Roaming\Thinking Minds Budiling Bytes
O43 - CFD: 11-7-2012 - 9:57:38 - [0,004] ----D C:\Users\Robert\AppData\Local\Drivers_For_Free
O43 - CFD: 24-6-2011 - 14:49:34 - [0,030] ----D C:\Users\Robert\AppData\Local\FullTiltPoker
O43 - CFD: 10-1-2011 - 15:53:42 - [11,737] ----D C:\Users\Robert\AppData\Local\{9A51B9F7-E6AF-4C55-9C1E-E02A701F9C0C}
O43 - CFD: 27-4-2012 - 13:39:33 - [0,006] ----D C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Port Forwarding
~ Program Folder: 287 Legitimates Filtered in 00mn 44s



---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44)
O44 - LFC:[MD5.9B0D0E676AF68D3B9538DFB9148C1AA5] - 10-4-2014 - 10:41:02 ---A- . (...) -- C:\Windows\DPINST.LOG [242076]
O44 - LFC:[MD5.86BBFEA9FACDD2561679A60FA2171D65] - 10-4-2014 - 18:14:09 ---A- . (...) -- C:\Mbam log 10-4.txt [1158]
O44 - LFC:[MD5.50FE58A0D52F3B35B6FFF205E1DEE9D3] - 10-4-2014 - 18:19:32 ---A- . (...) -- C:\mbam 10-4.txt [1154]
O44 - LFC:[MD5.DC8F6AF96E1E2055B37D336FFF821910] - 11-4-2014 - 10:44:23 ---A- . (...) -- C:\zoek-results.log [40444]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 11-4-2014 - 8:45:25 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.39B397E902A1B51C20970F9DF88DED28] - 13-4-2014 - 11:16:19 ---A- . (...) -- C:\img2-001.raw [230424]
O44 - LFC:[MD5.83281EB1B1BB5D84FCC74CF74C0B93A2] - 3-4-2014 - 13:17:18 ---A- . (...) -- C:\Mbam scanlog.txt [16392]
O44 - LFC:[MD5.63EF77A27B77E4BAEAA5882A08F8849A] - 6-4-2014 - 11:12:21 ---A- . (...) -- C:\DelFix.txt [2238]
O44 - LFC:[MD5.6F9455F97D5D91FDEEC0F344E70A2D0E] - 8-4-2014 - 13:19:12 ---A- . (.No owner - CameraFixer MFC Application.) -- C:\Windows\FixCamera.exe [20480]
O44 - LFC:[MD5.257D0B93509616D6403D4919F9C65F08] - 8-4-2014 - 14:47:14 ---A- . (...) -- C:\Windows\snpstd3.ini [15498]
O44 - LFC:[MD5.AB844F126F342FC487534C58D8C18547] - 8-4-2014 - 14:47:14 ---A- . (...) -- C:\Windows\snpstd3.src [13023]
O44 - LFC:[MD5.F4D40E1893230F62D184B5030A4C4E4E] - 8-4-2014 - 14:47:14 ---A- . (.No owner - The utilities for device installation.) -- C:\Windows\csnpstd3.dll [53248]
O44 - LFC:[MD5.3D258C8F14EE5E26D5762D8545B89326] - 8-4-2014 - 14:47:15 ---A- . (...) -- C:\Windows\System32\vsnpstd3.dll [306176]
O44 - LFC:[MD5.FB0C8699B87F7140BB6201BE7B4B6778] - 8-4-2014 - 14:47:15 ---A- . (.No owner - CameraMonitor Application.) -- C:\Windows\vsnpstd3.exe [827392]
O44 - LFC:[MD5.9DB776924FFF4DBE2D874F8425031F59] - 8-4-2014 - 14:47:17 ---A- . (...) -- C:\Windows\win.ini [860]
O44 - LFC:[MD5.CF07C0A9D38A248D036DD9C47E4D0D6E] - 9-4-2014 - 20:34:01 ---A- . (.No owner - HitmanPro.Alert Support Driver.) -- C:\Windows\System32\Drivers\hmpalert.sys [93144]
~ Files: 46 Legitimates Filtered in 00mn 06s



---\\ Laatste bestanden die zijn gemaakt in Windows Prefetcher (O45)
O45 - LFCP:[MD5.EF6099E18435C24B26013A56C46F6927] - 14-4-2014 - 15:33:24 ---A- - C:\Windows\Prefetch\NACL64.EXE-14986499.pf
~ Prefetcher: 1 Legitimates Filtered in 00mn 00s



---\\ Opsomming van de registersleutel Hkey_local_machine\software\microsoft\shared (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\FixCamera [Key] . (.No owner - CameraFixer MFC Application.) -- C:\Windows\FixCamera.exe
O53 - SMSR:HKLM\...\startupreg\KPN Assistent [Key] . (.KPN - KPN Assistent.) -- C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe
~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 23 Legitimates Filtered in 00mn 00s



---\\ Overzicht van de drivers (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14-7-2009 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10-6-2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.CF07C0A9D38A248D036DD9C47E4D0D6E] - 9-4-2014 - 20:34:01 ---A- . (.No owner - HitmanPro.Alert Support Driver.) -- C:\Windows\System32\Drivers\hmpalert.sys [93144]
O58 - SDL:[MD5.B8B1B284362E1D8135112573395D5DA5] - 25-6-2010 - 15:08:10 ---A- . (.Windows (R) Win 7 DDK provider - RawPacket NDIS Protocol Driver.) -- C:\Windows\System32\Drivers\htcnprot.sys [36928]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14-7-2009 - 2:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.ED1722F43CE61409EF68340402D6267D] - 22-7-2009 - 2:33:32 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [487936]
~ Drivers: 23 Legitimates Filtered in 00mn 06s



---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61)
O61 - LFC: 11-4-2014 - 19:22:56 ---A- . (...) -- C:\Users\Robert\AppData\Local\Avg2014\log\avgdecider.log.1 [65540]
O61 - LFC: 11-4-2014 - 19:22:56 ---A- . (...) -- C:\Users\Robert\AppData\Local\Avg2014\log\avgui.log.1 [131195]
O61 - LFC: 11-4-2014 - 19:22:57 ---A- . (...) -- C:\Users\Robert\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\CdmAdapterVersion [13]
O61 - LFC: 11-4-2014 - 19:23:02 ---A- . (...) -- C:\Users\Robert\Downloads\adwcleaner.exe [1426178]
O61 - LFC: 11-4-2014 - 19:23:02 ---A- . (...) -- C:\Users\Robert\Downloads\zoek.exe [1285120]
O61 - LFC: 11-4-2014 - 19:23:02 -SHA- . (...) -- C:\Users\Robert\Downloads\Thumbs.db [1011712]
O61 - LFC: 12-4-2014 - 19:23:02 ---A- . (.Tim Kosse.) -- C:\Users\Robert\Downloads\FileZilla_3.8.0_win32-setup.exe [4968079]
O61 - LFC: 13-4-2014 - 19:23:02 ---A- . (...) -- C:\Users\Robert\Downloads\ETA Overbelastingsschakelaars 1-polig in de Conrad online shop (3).htm [158982]
O61 - LFC: 14-4-2014 - 19:22:56 ---A- . (...) -- C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [293156]
O61 - LFC: 14-4-2014 - 19:22:57 ---A- . (...) -- C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Local State [69342]
~ Files: 16 Legitimates Filtered in 00mn 06s



---\\ Lijst van cleaning tools (CLAB) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Overzicht met LEGACY services (LALS) (O64)
O64 - Services: CurCS - 9-4-2014 - C:\Windows\System32\drivers\hmpalert.sys (hmpalert) .(.No owner - HitmanPro.Alert Support Driver.) - LEGACY_HMPALERT
~ Legacy: 139 Legitimates Filtered in 00mn 00s



---\\ Bestandsassociaties mogelijk aangepast (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Startmenu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Zoek "infecties in internetbrowsers (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84)
[MD5.D0218DBAECAB80E82E84F86F44D13C7C] [SPRF][9-8-2013] (...) -- C:\Users\Robert\AppData\Roaming\wklnhst.dat [328]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Lijst van uitzonderingen in de firewall (FirewallRules) (O87)
O87 - FAEL: "{6FC33E95-9577-41FE-8667-235D15C12E1C}" | In - Public - P6 - TRUE | .(.KPN - KPN Assistent.) -- C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe
O87 - FAEL: "{8B5B3587-786D-45E6-ABDD-D81AD212C530}" | In - Public - P17 - TRUE | .(.KPN - KPN Assistent.) -- C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe
O87 - FAEL: "TCP Query User{96EF0219-B999-4FFC-A91D-54619935555A}C:\program files (x86)\chillitorrent\chillitorrent.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\chillitorrent\chillitorrent.exe
O87 - FAEL: "UDP Query User{5FB247A0-A25C-43D0-9FD1-D6FC40338497}C:\program files (x86)\chillitorrent\chillitorrent.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\chillitorrent\chillitorrent.exe
O87 - FAEL: "{E5995618-FB95-495E-AEF1-8244390F3969}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe (.not file.)
~ Firewall: 243 Legitimates Filtered in 00mn 01s



---\\ Overzicht van de productcodes van software (PUC) (O90)
O90 - PUC: "ADB2CB56828D6954994E8A97C9548CC4" . (.EMET 4.1.) -- C:\Windows\Installer\{65BC2BDA-D828-4596-99E4-A8799C45C84C}\_6FEFF9B68218417F98F549.exe
~ Update Products: 165 Legitimates Filtered in 00mn 00s



---\\ Microsoft Installer-bestanden (WIS) (NTFS) (O93)
[MD5.4ACC5B238F916C89C832A4CF98FD99BF] [WIS][29-6-2012] (.KPN - KPN Assistant Installation.) -- C:\Windows\Installer\26b394.msi [308224]
[MD5.6D110D01C62D64D79727204FD7E1E59B] [WIS][11-7-2012] (.Drivers For Free - Drivers For Free Client.) -- C:\Windows\Installer\3f5f03.msi [3487744]
~ WIS: 177 Legitimates Filtered in 00mn 20s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BitComet_RASAPI32 =>P2P.BitComet
HKLM\SOFTWARE\Microsoft\Tracing\BitComet_RASMANCS =>P2P.BitComet
HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\Signup Wizard_RASAPI32 =>PUP.JDIBackup
HKLM\SOFTWARE\Microsoft\Tracing\Signup Wizard_RASMANCS =>PUP.JDIBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Azureus_RASAPI32 =>P2P.Azureus
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Azureus_RASMANCS =>P2P.Azureus
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitAcceleratorDDLRinstaller_RASAPI32 =>PUP.BitAccelerator
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitAcceleratorDDLRinstaller_RASMANCS =>PUP.BitAccelerator
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitComet_RASAPI32 =>P2P.BitComet
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitComet_RASMANCS =>P2P.BitComet
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitComet_stats_RASAPI32 =>P2P.BitComet
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitComet_stats_RASMANCS =>P2P.BitComet
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitLord_RASAPI32 =>Adware.WhenUSave
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitLord_RASMANCS =>Adware.WhenUSave
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASAPI32 =>Adware.ExpressFiles
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASMANCS =>Adware.ExpressFiles
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FileCure_RASAPI32 =>PUP.FileCure
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FileCure_RASMANCS =>PUP.FileCure
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\funmoods_RASAPI32 =>PUP.Funmoods
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\funmoods_RASMANCS =>PUP.Funmoods
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed[1]_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed[1]_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarManager_A22A7357696681C5_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarManager_A22A7357696681C5_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MegaBrowse_RASAPI32 =>PUP.MegaBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MegaBrowse_RASMANCS =>PUP.MegaBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OptimizerPro1_RASAPI32 =>PUP.OptimizerPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OptimizerPro1_RASMANCS =>PUP.OptimizerPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\savings sidekick-bg_RASAPI32 =>Adware.GamePlayLabs
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\savings sidekick-bg_RASMANCS =>Adware.GamePlayLabs
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateglindorus_RASAPI32 =>PUP.Glindorus
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateglindorus_RASMANCS =>PUP.Glindorus
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateMegaBrowse_RASAPI32 =>PUP.MegaBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateMegaBrowse_RASMANCS =>PUP.MegaBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent-DukeN-NL_RASAPI32 =>P2P.Torrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent-DukeN-NL_RASMANCS =>P2P.Torrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.Torrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.Torrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_afterDownload_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_afterDownload_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Wajam_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Wajam_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-094C_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-094C_RASMANCS =>Adware.Yontoo
~ BTK: 770 Legitimates Filtered in 00mn 01s



---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt)
SS - | Demand 12-3-2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 23-2-2014 3782672 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
SS - | Auto 5-2-2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 5-2-2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 8-6-2011 633856 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 23-10-2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 4-2-2013 155824 | (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
SS - | Demand 14-7-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 14-5-2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
SR - | Auto 5-8-2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 24-9-2013 348008 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 21-2-2012 151648 | (EPSON_PM_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.exe
SR - | Auto 14-7-2009 27136 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SR - | Auto 9-4-2014 1876816 | (hmpalertsvc) . (.SurfRight B.V..) - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
SR - | Auto 4-3-2011 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 3-4-2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 3-4-2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 14-7-2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 14-7-2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 14-8-2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 6-7-2009 247152 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 10-7-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14-7-2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 11s



---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80)
Run by Robert at 14-4-2014 19:24:12
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80)
Written by ad13, http://ad13.geekstog
Run by Robert at 14-4-2014 19:24:14

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Extra scan (O88)
Database Version : 13044 - (14-4-2014)
Cls trouves (Keys found) : 5
Valeurs trouves (Values found) : 1
Dossiers trouvs (Folders found) : 0
Fichiers trouvs (Files found) : 0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced File Optimizer_is1] =>PUP.AdvancedFileOptimizer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VDC_is1] =>Adware.VideoDownloadConverter^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DF94592A3F56C0445A25B61841FC13D9] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VDC_is1] =>Adware.VideoDownloadConverter
~ Additionnel Scan: 339440 Items scanned in 00mn 29s



---\\ Samenvatting van detecties gevonden op uw werkstation
http://nicolascoolman.webs.com/apps/blog/show/26753274-adware-expressfiles =>Adware.ExpressFiles
http://nicolascoolman.webs.com/apps/blog/show/29640158-adware-videodownloadconverter =>Adware.VideoDownloadConverter
http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
http://nicolascoolman.webs.com/apps/blog/show/26630283-pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch
http://nicolascoolman.webs.com/apps/blog/show/33020731-pup-bitaccelerator =>PUP.BitAccelerator
http://nicolascoolman.webs.com/apps/blog/show/28493995-pup-filecure =>PUP.FileCure
http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods
http://nicolascoolman.webs.com/apps/blog/show/41917380-pup-megabrowse =>PUP.MegaBrowse
http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro =>PUP.OptimizerPro
http://nicolascoolman.webs.com/apps/blog/show/26820943-adware-gameplaylabs =>Adware.GamePlayLabs
http://nicolascoolman.webs.com/apps/blog/show/33429762-pup-glindorus =>PUP.Glindorus
http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam =>PUP.Wajam
http://nicolascoolman.webs.com/apps/blog/show/26811836-adware-yontoo =>Adware.Yontoo
http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ MSI: 15 link(s) detected in 00mn 00s



~ 1549 Legitimates filtered by white list
End of the scan (603 lines in 03mn 51s)(0)
 
Hallo,

Kopieer onderstaande code volledig:

Code:
Script ZHPFix
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uni nstall\Advanced File Optimizer_is1] =>PUP.AdvancedFileOptimizer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uni nstall\VDC_is1] =>Adware.VideoDownloadConverter^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Products\DF94592A3F56C0445A25B61841FC13D9] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\VDC_is1] =>Adware.VideoDownloadConverter
shortcutfix
emptytemp
emptyflash

Antivirussoftware uitschakelen
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met ZHPFix.

ZHPFix uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
  • Dubbelklik de snelkoppeling
    52c005670d732-ZHPFix.png
    ZHPFix op het bureaublad.
  • Druk op de knop "Import"
  • Druk daarna onderaan op de knop "Go".
  • Wacht nu geduldig af tot er een logje opent

Voeg het logbestand met de naam "ZPHFix[r1].txt" toe aan het volgende bericht.
 
Is dit een foutmelding?
Of gewoon de startknop?
534c1f1135f9a-wie_of_non.PNG


---------- Bericht toegevoegd op 19:50 ---------- Vorige bericht was op 19:47 ----------

Staat 'avertissement' bij en de enige frans die ik ken is de glazenwasser.
 
Hallo,

Je mag Oui indrukken.
 
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Robert at 14-4-2014 19:53:49
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Prullenbak geleegd (00mn 05s)
Reparatie van browser snelkoppelingen

========== Mappen ==========
Verwijderen tijdelijke Windows (43)
Verwijderd Flash Cookies (0)

========== Bestanden ==========
Verwijderen tijdelijke Windows (53) (6.387.997 octets)
Verwijderd Flash Cookies (0) (0 octets)


========== Samenvatting ==========
2 : Mappen
2 : Bestanden


End of clean in 00mn 07s

========== Pad naar bestand verslag ==========
C:\Users\Robert\AppData\Roaming\ZHP\ZHPFix[R1].txt - 14-4-2014 19:53:54 [689]
 
Hallo,

Hoe gaat het hierna?
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan