hijack-logje

pas · 3 december 2013

Beste,

Is m'n 2e post vandaag, ditmaal voor m'n laptop. Kan je dit logje 's bekijken aub?

Thanks!

Pascal

Logfile of random's system information tool 1.09 (written by random/random)

Run by Pascal at 2013-12-03 18:17:36

WIN_7 Service Pack 1

System drive C: has 153 GB (64%) free of 238 GB

Total RAM: 3692 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:23:31, on 3/12/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16736)

Boot mode: Normal

Running processes:

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files (x86)\AVG\AVG2014\avgui.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\AVG Nation toolbar\vprot.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files\trend micro\Pascal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Nation toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Nation toolbar\17.0.1.12\AVG Nation toolbar_toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AVG Nation toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Nation toolbar\17.0.1.12\AVG Nation toolbar_toolbar.dll

O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM

O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Nation toolbar\vprot.exe"

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')

O4 - HKUS\S-1-5-21-2457209422-596169401-3258411151-1000\..\Run: [Facebook Update] "C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver (User '?')

O4 - S-1-5-21-2457209422-596169401-3258411151-1000 Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User '?')

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')

O4 - Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Toshiba Places Icon Utility.lnk = ?

O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm

O8 - Extra context menu item: Toevoegen aan TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater17.0.12 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11955 bytes

======Listing Processes======

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\AmiUpdXp.job

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2457209422-596169401-3258411151-1000Core.job

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2457209422-596169401-3258411151-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FF49FE8-B332-4CB9-B102-FB6951629E55}]

Virtual Storage Mount Notification - C:\Windows\system32\CbFsMntNtf3.dll [2011-01-17 188696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 77576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FF49FE8-B332-4CB9-B102-FB6951629E55}]

Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-01-17 155416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

AVG Nation toolbar - C:\Program Files (x86)\AVG Nation toolbar\17.0.1.12\AVG Nation toolbar_toolbar.dll [2013-10-24 3352392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Nation toolbar - C:\Program Files (x86)\AVG Nation toolbar\17.0.1.12\AVG Nation toolbar_toolbar.dll [2013-10-24 3352392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2011-03-03 597928]

"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2010-12-14 38304]

"Toshiba TEMPRO"=C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2011-02-10 1546720]

"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2010-09-28 566184]

"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-08-13 570680]

"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2010-10-28 915320]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-10 11580520]

"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2010-11-03 2181224]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-09-30 2387752]

"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2010-02-05 709976]

"SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-10-19 238080]

"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]

"Toshiba Registration"=C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [2011-08-22 150992]

"Cm106Sound"=C:\Windows\syswow64\RunDll32.exe [2009-07-14 44544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"=C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-23 138096]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"NBAgent"=c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-06-29 1409424]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-06-28 336384]

"SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2010-11-09 532480]

"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2010-03-04 423936]

"KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2010-08-15 34160]

"TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-11-02 2475384]

"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2010-07-01 1295224]

"AVG_UI"=C:\Program Files (x86)\AVG\AVG2014\avgui.exe [2013-11-07 4956176]

"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-12-19 41208]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

"vProt"=C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2013-10-24 2403144]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE

Toshiba Places Icon Utility.lnk - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe

C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

TRDCReminder.lnk - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll [2011-01-17 188696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]

Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll [2011-01-17 188696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2013-11-28 08:50:41 ----D---- C:\Program Files (x86)\MSECache

2013-11-22 18:33:14 ----D---- C:\Users\Pascal\AppData\Roaming\ExpressFiles

2013-11-22 18:33:13 ----D---- C:\Program Files (x86)\ExpressFiles

2013-11-14 22:46:25 ----A---- C:\Windows\SYSWOW64\ieui.dll

2013-11-14 22:46:25 ----A---- C:\Windows\system32\ieui.dll

2013-11-14 22:46:23 ----A---- C:\Windows\SYSWOW64\iesetup.dll

2013-11-14 22:46:23 ----A---- C:\Windows\SYSWOW64\iernonce.dll

2013-11-14 22:46:23 ----A---- C:\Windows\system32\iesetup.dll

2013-11-14 22:46:23 ----A---- C:\Windows\system32\iernonce.dll

2013-11-14 22:46:22 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe

2013-11-14 22:46:22 ----A---- C:\Windows\SYSWOW64\iesysprep.dll

2013-11-14 22:46:22 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe

2013-11-14 22:46:22 ----A---- C:\Windows\system32\iesysprep.dll

2013-11-14 22:46:22 ----A---- C:\Windows\system32\ie4uinit.exe

2013-11-14 22:46:21 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2013-11-14 22:46:20 ----A---- C:\Windows\system32\iertutil.dll

2013-11-14 22:46:19 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2013-11-14 22:46:19 ----A---- C:\Windows\system32\msfeeds.dll

2013-11-14 22:46:18 ----A---- C:\Windows\system32\jscript.dll

2013-11-14 22:46:17 ----A---- C:\Windows\SYSWOW64\jscript.dll

2013-11-14 22:46:16 ----A---- C:\Windows\system32\jscript9.dll

2013-11-14 22:46:15 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2013-11-14 22:46:14 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2013-11-14 22:46:13 ----A---- C:\Windows\system32\urlmon.dll

2013-11-14 22:46:11 ----A---- C:\Windows\SYSWOW64\wininet.dll

2013-11-14 22:46:11 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2013-11-14 22:46:11 ----A---- C:\Windows\system32\jsproxy.dll

2013-11-14 22:46:10 ----A---- C:\Windows\system32\wininet.dll

2013-11-14 22:46:07 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2013-11-14 22:46:05 ----A---- C:\Windows\system32\ieframe.dll

2013-11-14 22:46:03 ----A---- C:\Windows\system32\mshtml.dll

2013-11-14 22:45:58 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2013-11-14 15:33:10 ----A---- C:\Windows\system32\crypt32.dll

2013-11-14 15:33:09 ----A---- C:\Windows\SYSWOW64\crypt32.dll

2013-11-14 15:32:59 ----A---- C:\Windows\system32\drivers\afd.sys

2013-11-14 15:32:47 ----A---- C:\Windows\SYSWOW64\authui.dll

2013-11-14 15:32:47 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll

2013-11-14 15:32:47 ----A---- C:\Windows\system32\credui.dll

2013-11-14 15:32:47 ----A---- C:\Windows\system32\authui.dll

2013-11-14 15:32:46 ----A---- C:\Windows\SYSWOW64\SmartcardCredentialProvider.dll

2013-11-14 15:32:46 ----A---- C:\Windows\SYSWOW64\credui.dll

2013-11-14 15:32:33 ----A---- C:\Windows\system32\IKEEXT.DLL

2013-11-14 15:32:33 ----A---- C:\Windows\system32\FWPUCLNT.DLL

2013-11-14 15:32:32 ----A---- C:\Windows\SYSWOW64\nshwfp.dll

2013-11-14 15:32:32 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL

2013-11-14 15:32:32 ----A---- C:\Windows\system32\nshwfp.dll

2013-11-14 15:32:31 ----A---- C:\Windows\SYSWOW64\gdi32.dll

2013-11-14 15:32:31 ----A---- C:\Windows\system32\gdi32.dll

2013-11-14 15:32:28 ----A---- C:\Windows\system32\schannel.dll

2013-11-14 15:32:27 ----A---- C:\Windows\SYSWOW64\sspicli.dll

2013-11-14 15:32:27 ----A---- C:\Windows\SYSWOW64\secur32.dll

2013-11-14 15:32:27 ----A---- C:\Windows\SYSWOW64\schannel.dll

2013-11-14 15:32:27 ----A---- C:\Windows\system32\sspicli.dll

2013-11-14 15:32:27 ----A---- C:\Windows\system32\lsass.exe

2013-11-14 15:32:27 ----A---- C:\Windows\system32\lsasrv.dll

2013-11-14 15:32:27 ----A---- C:\Windows\system32\drivers\ksecpkg.sys

2013-11-14 15:32:27 ----A---- C:\Windows\system32\drivers\ksecdd.sys

2013-11-14 15:32:27 ----A---- C:\Windows\system32\drivers\cng.sys

2013-11-14 15:32:26 ----A---- C:\Windows\SYSWOW64\ncrypt.dll

2013-11-14 15:32:26 ----A---- C:\Windows\system32\sspisrv.dll

2013-11-14 15:32:26 ----A---- C:\Windows\system32\secur32.dll

2013-11-14 15:32:26 ----A---- C:\Windows\system32\ncrypt.dll

2013-11-05 21:55:48 ----A---- C:\Windows\system32\drivers\avgdiska.sys

2013-11-04 21:52:42 ----A---- C:\Windows\system32\drivers\avgidsdrivera.sys

2013-10-31 23:00:18 ----A---- C:\Windows\system32\drivers\avgldx64.sys

2013-10-31 22:49:46 ----A---- C:\Windows\system32\drivers\avgloga.sys

2013-10-30 17:01:16 ----D---- C:\Users\Pascal\AppData\Roaming\AVG2014

2013-10-30 16:53:50 ----D---- C:\ProgramData\AVG2014

2013-10-26 10:00:45 ----D---- C:\Users\Pascal\AppData\Roaming\Windows Live Writer

2013-10-24 22:25:58 ----A---- C:\Windows\system32\drivers\avgidsha.sys

2013-10-24 14:19:12 ----D---- C:\ProgramData\AVG Security Toolbar

2013-10-24 14:18:52 ----A---- C:\Windows\system32\drivers\avgtpx64.sys

2013-10-24 14:18:47 ----D---- C:\ProgramData\AVG Nation toolbar

2013-10-24 14:18:43 ----D---- C:\Program Files (x86)\AVG Nation toolbar

2013-10-22 17:47:35 ----SHD---- C:\$RECYCLE.BIN

2013-10-22 16:37:00 ----D---- C:\ProgramData\HitmanPro

2013-10-22 15:57:51 ----D---- C:\Windows\Temp

2013-10-22 15:57:51 ----A---- C:\Windows\zoek-delete.exe

2013-10-21 18:24:42 ----D---- C:\Program Files (x86)\HiJackThis

2013-10-21 17:25:02 ----D---- C:\Program Files (x86)\trend micro

2013-10-21 17:24:32 ----D---- C:\rsit

2013-10-17 18:25:45 ----D---- C:\Program Files\CCleaner

2013-10-17 18:22:16 ----A---- C:\DelFix.txt

2013-10-17 07:53:39 ----D---- C:\Program Files\trend micro

2013-10-10 06:23:02 ----A---- C:\Windows\SYSWOW64\comctl32.dll

2013-10-10 06:23:02 ----A---- C:\Windows\system32\comctl32.dll

2013-10-10 06:22:59 ----A---- C:\Windows\SYSWOW64\lpk.dll

2013-10-10 06:22:59 ----A---- C:\Windows\SYSWOW64\fontsub.dll

2013-10-10 06:22:59 ----A---- C:\Windows\SYSWOW64\dciman32.dll

2013-10-10 06:22:59 ----A---- C:\Windows\SYSWOW64\atmlib.dll

2013-10-10 06:22:59 ----A---- C:\Windows\SYSWOW64\atmfd.dll

2013-10-10 06:22:59 ----A---- C:\Windows\system32\lpk.dll

2013-10-10 06:22:59 ----A---- C:\Windows\system32\fontsub.dll

2013-10-10 06:22:59 ----A---- C:\Windows\system32\dciman32.dll

2013-10-10 06:22:59 ----A---- C:\Windows\system32\atmlib.dll

2013-10-10 06:22:59 ----A---- C:\Windows\system32\atmfd.dll

2013-10-10 06:22:58 ----A---- C:\Windows\system32\drivers\Wdf01000.sys

2013-10-10 06:22:57 ----A---- C:\Windows\system32\drivers\usbvideo.sys

2013-10-10 06:22:57 ----A---- C:\Windows\system32\drivers\usbcir.sys

2013-10-10 06:22:57 ----A---- C:\Windows\system32\drivers\USBAUDIO.sys

2013-10-10 06:22:55 ----A---- C:\Windows\SYSWOW64\mswsock.dll

2013-10-10 06:22:55 ----A---- C:\Windows\system32\mswsock.dll

2013-10-10 06:22:55 ----A---- C:\Windows\system32\drivers\tcpip.sys

2013-10-10 06:22:53 ----A---- C:\Windows\SYSWOW64\WebClnt.dll

2013-10-10 06:22:53 ----A---- C:\Windows\SYSWOW64\davclnt.dll

2013-10-10 06:22:53 ----A---- C:\Windows\system32\WebClnt.dll

2013-10-10 06:22:53 ----A---- C:\Windows\system32\drivers\mrxdav.sys

2013-10-10 06:22:53 ----A---- C:\Windows\system32\davclnt.dll

2013-10-10 06:22:52 ----A---- C:\Windows\system32\drivers\hidparse.sys

2013-10-10 06:22:52 ----A---- C:\Windows\system32\drivers\hidclass.sys

2013-10-10 06:22:50 ----A---- C:\Windows\system32\win32k.sys

2013-10-10 06:22:44 ----A---- C:\Windows\system32\ntoskrnl.exe

2013-10-10 06:22:39 ----A---- C:\Windows\system32\advapi32.dll

2013-10-10 06:22:38 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe

2013-10-10 06:22:37 ----A---- C:\Windows\system32\tdh.dll

2013-10-10 06:22:36 ----A---- C:\Windows\SYSWOW64\tdh.dll

2013-10-10 06:22:36 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe

2013-10-10 06:22:35 ----A---- C:\Windows\SYSWOW64\ntdll.dll

2013-10-10 06:22:35 ----A---- C:\Windows\SYSWOW64\advapi32.dll

2013-10-10 06:22:35 ----A---- C:\Windows\system32\wow64.dll

2013-10-10 06:22:35 ----A---- C:\Windows\system32\ntdll.dll

2013-10-10 06:22:34 ----A---- C:\Windows\SYSWOW64\wow32.dll

2013-10-10 06:22:34 ----A---- C:\Windows\SYSWOW64\user.exe

2013-10-10 06:22:34 ----A---- C:\Windows\SYSWOW64\setup16.exe

2013-10-10 06:22:34 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll

2013-10-10 06:22:34 ----A---- C:\Windows\SYSWOW64\instnm.exe

2013-10-10 06:22:25 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll

2013-10-10 06:22:25 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-10 06:22:24 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys

2013-10-10 06:22:23 ----A---- C:\Windows\system32\scavengeui.dll

2013-10-01 00:52:08 ----A---- C:\Windows\system32\drivers\avgmfx64.sys

2013-09-12 08:10:56 ----A---- C:\Windows\system32\drivers\ataport.sys

2013-09-12 08:10:34 ----A---- C:\Windows\system32\KernelBase.dll

2013-09-12 08:10:33 ----A---- C:\Windows\SYSWOW64\KernelBase.dll

2013-09-12 08:10:33 ----A---- C:\Windows\SYSWOW64\kernel32.dll

2013-09-12 08:10:33 ----A---- C:\Windows\system32\winsrv.dll

2013-09-12 08:10:33 ----A---- C:\Windows\system32\smss.exe

2013-09-12 08:10:33 ----A---- C:\Windows\system32\kernel32.dll

2013-09-12 08:10:33 ----A---- C:\Windows\system32\csrsrv.dll

2013-09-12 08:10:33 ----A---- C:\Windows\system32\conhost.exe

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-12 08:10:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-09-12 08:10:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll

2013-09-12 08:10:30 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-09-12 08:10:30 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-12 08:10:30 ----A---- C:\Windows\SYSWOW64\apisetschema.dll

2013-09-12 08:10:30 ----A---- C:\Windows\system32\apisetschema.dll

2013-09-12 08:10:17 ----A---- C:\Windows\system32\shell32.dll

2013-09-12 08:10:16 ----A---- C:\Windows\SYSWOW64\shell32.dll

2013-09-12 08:10:15 ----A---- C:\Windows\SYSWOW64\shdocvw.dll

2013-09-12 08:10:15 ----A---- C:\Windows\system32\shdocvw.dll

2013-09-10 00:43:02 ----A---- C:\Windows\system32\drivers\avgrkx64.sys

======List of files/folders modified in the last 3 months======

2013-12-03 18:11:07 ----D---- C:\Windows\system32\config

2013-12-03 18:09:40 ----SHD---- C:\Windows\Installer

2013-12-03 18:08:58 ----D---- C:\ProgramData\MFAData

2013-12-02 18:05:57 ----D---- C:\Windows

2013-12-01 16:25:45 ----D---- C:\Users\Pascal\AppData\Roaming\Audacity

2013-12-01 12:29:30 ----RD---- C:\Program Files (x86)

2013-12-01 12:29:22 ----D---- C:\Windows\system32\Tasks

2013-12-01 00:42:16 ----SHD---- C:\System Volume Information

2013-11-28 21:19:05 ----D---- C:\Windows\Panther

2013-11-28 21:19:05 ----D---- C:\Windows\Logs

2013-11-28 21:19:05 ----D---- C:\Windows\debug

2013-11-28 08:52:42 ----SD---- C:\Users\Pascal\AppData\Roaming\Microsoft

2013-11-28 08:51:49 ----D---- C:\Program Files (x86)\Microsoft Office

2013-11-27 16:03:44 ----D---- C:\Windows\system32\catroot

2013-11-26 17:49:22 ----D---- C:\ProgramData\AVG2013

2013-11-26 17:49:22 ----D---- C:\Program Files (x86)\AVG

2013-11-26 17:47:11 ----D---- C:\Windows\system32\drivers

2013-11-24 19:36:44 ----D---- C:\Windows\system32\catroot2

2013-11-22 18:33:34 ----D---- C:\Windows\Tasks

2013-11-15 16:13:19 ----D---- C:\Windows\winsxs

2013-11-15 16:10:32 ----D---- C:\Program Files (x86)\Internet Explorer

2013-11-15 16:10:31 ----D---- C:\Windows\SysWOW64

2013-11-15 16:10:30 ----D---- C:\Windows\System32

2013-11-15 16:10:28 ----D---- C:\Program Files\Internet Explorer

2013-11-15 16:10:23 ----D---- C:\Windows\SYSWOW64\nl-NL

2013-11-15 16:10:23 ----D---- C:\Windows\system32\nl-NL

2013-11-14 22:44:40 ----D---- C:\Windows\system32\MRT

2013-11-14 22:39:52 ----A---- C:\Windows\system32\MRT.exe

2013-11-09 17:15:11 ----D---- C:\Users\Pascal\AppData\Roaming\Skype

2013-11-03 13:15:54 ----D---- C:\Windows\system32\NDF

2013-11-02 12:14:17 ----D---- C:\Windows\inf

2013-10-30 16:53:50 ----HD---- C:\ProgramData

2013-10-25 18:58:45 ----D---- C:\Windows\SYSWOW64\drivers

2013-10-24 14:18:46 ----D---- C:\Program Files (x86)\Common Files

2013-10-21 18:53:28 ----RD---- C:\Program Files

2013-10-18 15:33:55 ----D---- C:\Windows\rescache

2013-10-17 18:27:16 ----D---- C:\Windows\Minidump

2013-10-17 11:30:00 ----D---- C:\Windows\Prefetch

2013-10-16 20:08:35 ----A---- C:\Windows\system32\PerfStringBackup.INI

2013-10-12 13:58:41 ----D---- C:\Windows\Microsoft.NET

2013-10-12 13:57:51 ----RSD---- C:\Windows\assembly

2013-10-11 19:01:45 ----D---- C:\Program Files\Microsoft Silverlight

2013-10-11 19:01:43 ----D---- C:\Program Files (x86)\Microsoft Silverlight

2013-10-11 18:58:42 ----D---- C:\Windows\AppPatch

2013-10-11 18:58:37 ----D---- C:\Windows\system32\DriverStore

2013-10-08 20:16:51 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2013-10-08 14:56:51 ----SD---- C:\ProgramData\Microsoft

2013-10-08 14:56:50 ----D---- C:\Program Files\Common Files\Microsoft Shared

2013-10-08 14:56:04 ----D---- C:\Users\Pascal\AppData\Roaming\SoftGrid Client

2013-09-20 21:57:00 ----D---- C:\ProgramData\Skype

2013-09-20 21:56:55 ----RD---- C:\Program Files (x86)\Skype

2013-09-12 23:13:04 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2010-08-14 75904]

R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2010-08-14 38016]

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2013-10-24 194872]

R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2013-10-31 294712]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2013-10-01 123704]

R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2013-09-10 31544]

R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2010-03-22 46192]

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]

R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]

R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2013-11-05 150808]

R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2013-11-04 240920]

R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2013-10-31 212280]

R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2013-08-01 251192]

R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2013-10-24 46368]

R1 cbfs3;cbfs3; \??\C:\Windows\system32\drivers\cbfs3.sys [2011-01-17 323472]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-06-28 9371136]

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-06-28 309760]

R3 CeKbFilter;CeKbFilter; C:\Windows\system32\DRIVERS\CeKbFilter.sys [2012-05-10 20592]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-10 2544232]

R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-10-19 406632]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\Windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-23 1142376]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-09-30 1393712]

R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]

S3 athr;Stuurprogramma Atheros Extensible draadloze LAN-apparaat; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-09-12 57856]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-07-20 247400]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 USBMULCD;Aureon 7.1 USB Interface; C:\Windows\system32\drivers\CM10664.sys [2010-08-12 1310720]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-06-28 204288]

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]

R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-09-24 348008]

R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]

R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]

R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-04 1809920]

R2 NAUpdate;@c:\Program Files (x86)\Nero\Update\NASvc.exe,-200; c:\Program Files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]

R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2010-10-20 138656]

R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2010-09-28 489384]

R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [2013-10-24 1733448]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]

R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-07-25 162672]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08 257416]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-09-12 1512448]

S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-26 1255736]

-----------------EOF-----------------

juisterr · 3 december 2013

Download Zoek.zip naar het bureaublad.

Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
Dubbelklik vervolgens op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Kopieer nu onderstaande code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
```
emptyclsid;
emptyfolderscheck;delete
firefoxlook; 
Chromelook;  
autoclean; 
iedefaults; 
filesrcm;
```
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post het geopende logje in het volgende bericht als bijlage.

pas · 3 december 2013

Heb ondertussen effe rondgekeken op de site. Heb ook al malwarebytes geinstalleerd en laten lopen hier. Hierbij logje van zoek:

Zoek.exe Version 4.0.0.5 Updated 30-November-2013

Tool run by Pascal on di 03/12/2013 at 20:08:19,03.

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Pascal\Desktop\zoek\zoek.exe [script inserted]

==== Older Logs ======================

C:\zoek-results2013-10-21-173102.log 33789 bytes

C:\zoek-results2013-10-21-181719.log 17057 bytes

C:\zoek-results2013-10-21-185730.log 3962 bytes

C:\zoek-results2013-10-21-193241.log 4104 bytes

C:\zoek-results2013-10-22-105334.log 576 bytes

C:\zoek-results2013-10-22-142851.log 115068 bytes

C:\zoek-results2013-10-22-150437.log 115632 bytes

==== Empty Folders Check ======================

C:\Users\Pascal\AppData\Roaming\Windows Live Writer deleted successfully

C:\Users\Gast\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2457209422-596169401-3258411151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

HKEY_USERS\S-1-5-21-2457209422-596169401-3258411151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

HKEY_USERS\S-1-5-21-2457209422-596169401-3258411151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.0.12 deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater17.0.12 deleted successfully

==== Deleting Files \ Folders ======================

C:\PROGRA~2\ExpressFiles deleted

C:\Users\Pascal\AppData\Roaming\ExpressFiles deleted

C:\ProgramData\7rgjwwq.fvv deleted

C:\ProgramData\7rgjwwq.bxx deleted

C:\ProgramData\AVG Security Toolbar deleted

C:\ProgramData\AVG Nation toolbar deleted

C:\Users\Gast\AppData\Local\AVG Nation toolbar deleted

C:\Users\Pascal\AppData\Local\SwvUpdater deleted

C:\Users\Gast\AppData\LocalLow\AVG Nation toolbar deleted

C:\Users\Pascal\AppData\LocalLow\AVG Nation toolbar deleted

C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Nation toolbar deleted

C:\windows\SysNative\Tasks\Express FilesUpdate deleted

C:\Users\Pascal\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com deleted

"C:\PROGRA~2\AVG Nation toolbar\vprot.exe" deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\17.0.12\avgdttbx.dll" deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll" deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll" deleted

"C:\PROGRA~2\AVG Nation toolbar" not deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search" not deleted

"C:\Users\Pascal\AppData\Local\AVG Nation toolbar" deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" not deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" not deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" not deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\17.0.12" not deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\17.0.12" not deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\17.0.12" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Pascal\AppData\Local\Temp ====

2013-12-01 11:29:11 A55B82103A202C20717F45C201EC4553 936960 ----a-w- C:\Users\Pascal\AppData\Local\Temp\htmlayout.dll

====== Java Cache =====

2013-11-17 11:14:48 DE9F090A52862C99F27E1AE1C0A29296 25104 ----a-w- C:\Users\Pascal\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\5fe476ba-1f04dda1-0.91.0.0-

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

2013-12-03 18:37:18 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

2013-11-14 14:32:59 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys

2013-11-14 14:32:27 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys

2013-11-14 14:32:27 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys

2013-11-14 14:32:27 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys

2013-11-05 20:55:48 27CA53E91543B800E16129BCEC3247AD 150808 ----a-w- C:\Windows\Sysnative\drivers\avgdiska.sys

2013-11-04 20:52:42 57250DDDE2523115D0927DBBA745F9FA 240920 ----a-w- C:\Windows\Sysnative\drivers\avgidsdrivera.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C:\PROGRA~2 =====

2013-11-28 07:50:41 -------- d-----w- C:\PROGRA~2\MSECache

======= C: =====

====== C:\Users\Pascal\AppData\Roaming ======

2013-12-03 18:36:33 -------- d-----w- C:\Users\Pascal\AppData\Local\Programs

2013-11-26 16:49:05 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2013

2013-11-26 16:48:45 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2013

====== C:\Users\Pascal ======

2013-12-03 18:36:09 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Pascal\Desktop\mbam-setup-1.75.0.1300.exe

2013-12-03 17:16:19 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Pascal\Desktop\RSITx64.exe

====== C: exe-files ==

2013-12-03 18:36:09 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Documents and Settings\Pascal\Desktop\mbam-setup-1.75.0.1300.exe

2013-12-03 17:16:19 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Documents and Settings\Pascal\Desktop\RSITx64.exe

=== C: other files ==

2013-11-27 07:33:15 CCC3E985CC60C721115A5D883A9864D1 1986231 ----a-w- C:\Documents and Settings\Pascal\Desktop\jingles radio 19\oude 19jingles\Kerstjingles 2013 R19.zip

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"speedanalysis02@SpeedAnalysis.com"="C:\Users\Pascal\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com" []

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"speedanalysis02@SpeedAnalysis.com"="C:\Users\Pascal\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com" []

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="https://www.google.be/"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="https://www.google.be/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2457209422-596169401-3258411151-1000\Software\mozilla\Firefox\Extensions\speedanalysis02@SpeedAnalysis.com deleted successfully

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\speedanalysis02@SpeedAnalysis.com deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Pascal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Pascal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Pascal\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\AVG Nation toolbar" not found

"C:\PROGRA~2\COMMON~1\AVG Secure Search" not found

==== EOF on di 03/12/2013 at 20:42:11,61 ======================

juisterr · 3 december 2013

Keurig gedaan, hoe gaat het nu?

pas · 3 december 2013

M'n yahoo opent ie effekes, en daarna is het weer 'cannot display the page'. Hij raadt aan om de pagina te venieuwen. Dit staat op de balk bovenaan, als zijnde de pagina: httpss://view.atdmt.com/PPB/iview/427677176/direct;wi.300;hi.250/01?click=http://ads.yahoo.com/clk?3,eJytj10LgjAUhn9NdyJuOlRGF8eWsWiStJS6W66yZuiFKfbrk-jjD.TwXLzncODwIpdq5Wtd-N4Ra6J836PIwwflhkF40pZDKQ2Qg0LkEMci10jBsu.WZ-gTbCJ40VUyhQ-ZBP6OHGYALG7wfPPelC4y8B.uTbT9.oHzKAsAc0PuhkffK6YvQlbVnhV4JbNrkotWyLgSAyoF2.WrnD.2MjYJFkgsUrL79ZhaVtm2zcSFCY5HD0d7UGVd20V9G8cnZuNX-Q==,

juisterr · 3 december 2013

Download zhpdiag.exe vanaf deze website: http://en.kioskea.net/download/download-23176-zhpdiag

XP gebruikers: dubbelklik zhpdiag.exe om het te installeren.
Voor Windows Vista en hoger: rechtsklik zhpdiag.exe en kies voor "Uitvoeren als administrator".
Klik meerdere keren op "Suivant" om het installatieproces te doorlopen.
Klik op "Installer" wanneer daar om gevraagd wordt en op "Terminer" wanneer de installatie voltooid is.
Er zijn nu 2 pictogrammen op je bureaublad verschenen: ZHPDiag en ZHPFix.
Dubbelklik nu op de snelkoppeling met de naam ZHPDiag
Het startvenster verschijnt, klik nu op "Configureren".
Als de taal niet als Nederlands is ingesteld klik rechts onderaan op het icoontje met het huisje "Sélectionner une langue" en kies "Néerlandais".
Klik daarna links onderaan op het middelste icoontje(een vergrootglas en een + symbool) "Diagnosemogelijkheden".
Er wordt nu een scan van je systeem gemaakt wacht geduldig tot deze voltooid is.
Na afloop staat er een tekstbestand met de naam ZHPDiag.txt op je bureaublad, post deze als bijlage[/color] in je volgende bericht.

3 december 2013 aangepast door juisterr

pas · 3 december 2013

Merci voor de hulp; hier is't logje:

~ Verslag van ZHPDiag v2013.12.3.6 - Nicolas Coolman (3/12/2013)

~ Gelanceerd door Pascal (3/12/2013 22:31:25)

~ Het adres van de website : Home - Malicius Software Information

~ Gratis supportforum voor desinfectie : Links - Malicius Software Information

~ Vertaald door de gebruiker

~ Staat van de versie :

~ Lijst wit : Ingeschakeld door het programma

~ Tot misbruik van bevoegdheden : OK

~ Gebruikersaccountbeheer (UAC) : Activate by user

---\\ Internet-browsers

MSIE: Internet Explorer v10.0.9200.16736 (Defaut)

---\\ Windows productinformatie

~ Langage: Néerlandais

Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : KO

Windows Automatic Updates : OK

Windows Activation Technologies : OK

---\\ Software om het systeem te beveiligen

AVG 2013 v13.0.3426

Malwarebytes Anti-Malware versie 1.75.0.1300

Windows Defender W7

---\\ Systeem optimalisatie software

CCleaner v4.06 =>Piriform Ltd

---\\ Delen van software PeerToPeer

---\\ Software die extra aandacht behoeft

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.3 - Nederlands

---\\ Informatie over het systeem

~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 3691 MB (55% free)

System Restore: Activé (Enable)

System drive C: has 149 GB (64%) free of 233 GB

---\\ Verbinding met het systeem-modus

~ Computer Name: PASCAL-TOSH

~ User Name: Pascal

~ All Users Names: Pascal, Gast, Administrator,

~ Unselected Option: None

Logged in as Administrator

---\\ Omgevingsvariabelen

~ System Unit : C:\

~ %AppZHP% : C:\Users\Pascal\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\Pascal\AppData\Roaming\

~ %Desktop% : C:\Users\Pascal\Desktop\

~ %Favorites% : C:\Users\Pascal\Favorites\

~ %LocalAppData% : C:\Users\Pascal\AppData\Local\

~ %StartMenu% : C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\\ Overzicht vaste en verwisselbare stations

C: Hard drive, Flash drive, Thumb drive (Free 149 Go of 233 Go)

D: Hard drive, Flash drive, Thumb drive (Free 225 Go of 232 Go)

E: CD-ROM drive (Free 0 Go of 0 Go)

---\\ Staat van het Windows Beveiligingscentrum

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

~ Security Center: 46 Legitimates Filtered in 00mn 00s

---\\ Zoeken naar bepaalde algemene bestanden

[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Verkenner.) (.25/02/2011 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808]

[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14/07/2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024]

[MD5.9706C99DAEBE3FEAC811B239617E98C4] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.12/10/2013 - 9:45:20.) -- C:\Windows\System32\wininet.dll [2241536]

[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.21/11/2010 - 4:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]

[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.21/11/2010 - 4:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]

[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 2:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]

[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]

[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]

[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 4:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]

[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 4:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]

[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 4:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]

[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14/07/2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]

[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]

[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]

[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 4:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]

[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]

[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14/07/2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]

[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 4:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]

[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]

[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 4:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]

[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.21/11/2010 - 4:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]

~ Generic Processes: Scanned in 00mn 00s

---\\ Status van de verborgen bestanden (verborgen/totaal)

~ Mes images (My Pictures) : 1/2070

~ Mes musiques (My Musics) : 245/1345

~ Mes Favoris (My Favorites) : 1/47

~ Mes Documents (My Documents) : 1/264

~ Mon Bureau (My Desktop) : 12/8226

~ Menu demarrer (Programs) : 1/24

~ Hidden Files: Scanned in 00mn 15s

---\\ Gestarte processen

[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.3216]

[MD5.1FAA54E9FFEA6FD3E0CEAD951CDDFEF6] - (.TOSHIBA CORPORATION - KeNotify MFC Application.) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160] [PID.3788]

[MD5.643F7A81B4FC27845886AB9650AD2C61] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176] [PID.3920]

[MD5.3CB07566302BCEEB898DE270A0BEC175] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352] [PID.3956]

[MD5.97A1AFD42B8016D132C7BF38C955C6E1] - (.TOSHIBA CORPORATION - ConfigFree Task Tray Menu.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [304560] [PID.3840]

[MD5.8A07221789D46B2EA7DFCA2BC807572A] - (.TOSHIBA CORPORATION - ConfigFree Switch Manager Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe [62848] [PID.4992]

[MD5.D7D5768B8A697FCBAEE2CFE137070F02] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770736] [PID.3108]

[MD5.DC01B5913305D514041A48D44E4326ED] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8277504] [PID.6076]

[MD5.F89B2DACE0FBE54CF65D12B7081C19C3] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544] [PID.1748]

[MD5.B747B6BB015E552F49C634BB19540F3D] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008] [PID.1768]

[MD5.DABFBE88774A3C1A8CEA198348E02740] - (.Realsil Microelectronics Inc. - Realtek Card Reader Icon Tool..) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1809920] [PID.1880]

[MD5.CAB0EEAF5295FC96DDD3E19DCE27E131] - (.TOSHIBA CORPORATION - ConfigFree Service Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [46448] [PID.4612]

[MD5.13AA2130F2A104DD775EAD0F0EE5417B] - (.Nero AG - NeroUpdate.) -- c:\Program Files (x86)\Nero\Update\NASvc.exe [598312] [PID.4648]

~ Processes Running: Scanned in 00mn 01s

---\\ Internet Explorer, proxybeheer (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

---\\ Hosts-bestand omleiding (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 21

---\\ Internet Explorer werkbalken (O3)

O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Orphan sleutel

~ Toolbar: Scanned in 00mn 00s

---\\ Andere Verwijzigingen gebruikers (O4)

O4 - GS\Desktop [Public]: Express Files.lnk . (...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles

O4 - GS\QuickLaunch [Pascal]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\TaskBar [Pascal]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\Program [Pascal]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\SystemTools [Pascal]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\Desktop [Pascal]: Express Files.lnk . (...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles

O4 - GS\Desktop [Pascal]: Free YouTube to MP3 Converter.lnk . (.DVDVideoSoft Ltd. - FreeYouTubeToMP3Converter.) -- C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe

O4 - GS\Desktop [Pascal]: Music - Snelkoppeling.lnk . (...) -- C:\Users\Pascal\Music

O4 - GS\Desktop [Pascal]: Numark Cue.lnk . (.Atomix Productions - VirtualDJ.) -- C:\Program Files (x86)\Numark Cue\cue.exe

O4 - GS\QuickLaunch [Gast]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\TaskBar [Gast]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\Program [Gast]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\SystemTools [Gast]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

~ Global Startup: 89 Legitimates Filtered in 00mn 09s

---\\ Toepassingen gestart door register & bestand (O4)

O4 - GS\Startup [Public]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office 2000 component.) -- C:\Program Files (x86)\Microsoft Office\Office\OSA9.exe

O4 - GS\Startup [Public]: Toshiba Places Icon Utility.lnk . (.Toshiba - Toshiba Places Icon Utility.) -- C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe

O4 - GS\Startup [Pascal]: TRDCReminder.lnk . (.TOSHIBA Europe - TOSHIBA Recovery Reminder.) -- C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe

O4 - GS\Startup [Gast]: TRDCReminder.lnk . (.TOSHIBA Europe - TOSHIBA Recovery Reminder.) -- C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe

O4 - HKLM\..\Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe (.not file.)

O4 - HKLM\..\Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (.not file.)

O4 - HKLM\..\Run: [Toshiba TEMPRO] . (.Toshiba Europe GmbH - Toshiba TEMPRO.) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe =>.Toshiba Corporation

O4 - HKLM\..\Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.exe (.not file.)

O4 - HKLM\..\Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe (.not file.)

O4 - HKLM\..\Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe (.not file.)

O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio configuratie.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)

O4 - HKLM\..\Run: [TosSENotify] . (.TOSHIBA Corporation - No Comment.) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

O4 - HKLM\..\Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (.not file.)

O4 - HKLM\..\Run: [TosVolRegulator] . (.TOSHIBA Corporation - Toshiba Volume Regulator.) -- C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe =>.Toshiba Corporation

O4 - HKLM\..\Run: [Toshiba Registration] . (.Toshiba Europe GmbH - Toshiba Notebook Registration Reminder.) -- C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe

O4 - HKLM\..\Run: [Cm106Sound] . (.C-Media Corporation - CmiCnfg DLL.) -- C:\Windows\Syswow64\cm106.dll

O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe

O4 - HKLM\..\Wow6432Node\Run: [NBAgent] . (.Nero AG - Nero BackItUp.) -- c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe

O4 - HKLM\..\Wow6432Node\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc

O4 - HKLM\..\Wow6432Node\Run: [sVPWUTIL] . (.TOSHIBA - SVPWUTIL Application.) -- C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe

O4 - HKLM\..\Wow6432Node\Run: [HWSetup] . (.TOSHIBA Electronics, Inc. - HWSetup.) -- C:\Program Files\TOSHIBA\Utilities\HWSetup.exe

O4 - HKLM\..\Wow6432Node\Run: [KeNotify] . (.TOSHIBA CORPORATION - KeNotify MFC Application.) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

O4 - HKLM\..\Wow6432Node\Run: [TWebCamera] . (.TOSHIBA CORPORATION. - No Comment.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

O4 - HKLM\..\Wow6432Node\Run: [ToshibaServiceStation] . (.TOSHIBA Corporation - TOSHIBA Service Station.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe =>.Toshiba Corporation

O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe

O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe

O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated

O4 - HKLM\..\Wow6432Node\Run: [vProt] C:\Program Files (x86)\AVG Nation toolbar\vprot.exe (.not file.)

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-21-2457209422-596169401-3258411151-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe

~ Application: Scanned in 00mn 00s

---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9)

O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 [64Bits] - {97F922BD-8563-4184-87EE-8C4ACA438823} . (...) -- C:\Program Files\TOSHIBA\BulletinBoard\images\pin.ico

~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Domeinadres van de DNS (O17) wijzigen

O17 - HKLM\System\CCS\Services\Tcpip\..\{3AFE18BF-77A8-4EEA-BC37-BF6A1E22218E}: DhcpNameServer = 195.130.131.2 195.130.130.130

O17 - HKLM\System\CCS\Services\Tcpip\..\{3AFE18BF-77A8-4EEA-BC37-BF6A1E22218E}: DhcpDomain = telenet.be

O17 - HKLM\System\CCS\Services\Tcpip\..\{D8D577BE-0880-4F38-AD6E-FC9C549BE3DE}: DhcpDomain = SWDLWDS.com

O17 - HKLM\System\CS1\Services\Tcpip\..\{3AFE18BF-77A8-4EEA-BC37-BF6A1E22218E}: DhcpNameServer = 195.130.131.2 195.130.130.130

O17 - HKLM\System\CS1\Services\Tcpip\..\{3AFE18BF-77A8-4EEA-BC37-BF6A1E22218E}: DhcpDomain = telenet.be

O17 - HKLM\System\CS1\Services\Tcpip\..\{D8D577BE-0880-4F38-AD6E-FC9C549BE3DE}: DhcpDomain = SWDLWDS.com

O17 - HKLM\System\CS2\Services\Tcpip\..\{3AFE18BF-77A8-4EEA-BC37-BF6A1E22218E}: DhcpNameServer = 195.130.131.2 195.130.130.130

O17 - HKLM\System\CS2\Services\Tcpip\..\{3AFE18BF-77A8-4EEA-BC37-BF6A1E22218E}: DhcpDomain = telenet.be

O17 - HKLM\System\CS2\Services\Tcpip\..\{D8D577BE-0880-4F38-AD6E-FC9C549BE3DE}: DhcpDomain = SWDLWDS.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.2 195.130.130.130

~ Domain: Scanned in 00mn 00s

---\\ Aanvullend Protocol (O18)

O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --

O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s

---\\ ShellServiceObjectDelayLoad (SSODL/SSO) (O21) autorun registratiekantoor toonsoort

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} . (.EldoS Corporation - CbFs Mount Notifier.) -- C:\Windows\system32\CbFsMntNtf3.dll

~ SSODL: 2 Legitimates Filtered in 00mn 00s

---\\ Registersleutel autorun SharedTaskScheduler (STS) (O22)

O22 - SharedTaskScheduler: (no name) [64Bits] - {5FF49FE8-B332-4CB9-B102-FB6951629E55} . (.EldoS Corporation - CbFs Mount Notifier.) -- C:\Windows\SysWOW64\CbFsMntNtf3.dll

~ STS/SSO: Scanned in 00mn 00s

---\\ Taken die zijn gepland in de automatische modus (O39)

[MD5.BA0BE06A85BC51578D6EAB893C0A9F64] [APT] [{1EAF6B71-CA0C-409A-B64E-6D3C352C5F32}] (...) -- C:\Program Files (x86)\USB Audio\unins000.exe [661258]

~ Scheduled Task: 9 Legitimates Filtered in 00mn 07s

---\\ Geïnstalleerde software (O42)

O42 - Logiciel: ExpressFiles - (.Express Files.) [HKCU][64Bits] -- ExpressFiles =>Adware.ExpressFiles

O42 - Logiciel: Manillen The Game - (...) [HKLM][64Bits] -- Manillen

O42 - Logiciel: Ver 1.2.0 - (.Oscar.) [HKLM][64Bits] -- USB Audio_is1

~ Logic: 28 Legitimates Filtered in 00mn 01s

---\\ HKCU & HKLM Software Keys

[HKCU\Software\5e2da8ae56fbd44] =>Hijacker.Eazel

[HKCU\Software\8.1]

[HKCU\Software\Cue]

[HKCU\Software\FileScout] =>PUP.FileScout

[HKCU\Software\IGearSettings]

[HKCU\Software\radio42]

[HKLM\Software\Tarma Installer] =>PUP.Tarma

[HKLM\Software\Wow6432Node\Cue]

[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles

~ Key Software: 266 Legitimates Filtered in 00mn 01s

---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43)

O43 - CFD: 16/03/2013 - 13:20:14 - [2,406] ----D C:\Program Files (x86)\USB Audio

O43 - CFD: 25/07/2013 - 16:53:39 - [46,030] ----D C:\Users\Pascal\AppData\Local\Shareaza

O43 - CFD: 27/11/2012 - 13:25:18 - [0,003] ----D C:\Users\Pascal\AppData\Local\ZaraRadio

O43 - CFD: 21/06/2012 - 14:48:04 - [0] ----D C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Manillen The Game

~ Program Folder: 144 Legitimates Filtered in 00mn 14s

---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44)

O44 - LFC:[MD5.02940D6C7722E91342A32CFF5C60F4E4] - 3/12/2013 - 20:08:13 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]

O44 - LFC:[MD5.2B674F48C1130238DF96D5845799B609] - 3/12/2013 - 20:10:46 ---A- . (...) -- C:\zoek-results2013-10-22-150437.log [115632]

O44 - LFC:[MD5.14E0F7C91CADBC8FCFE3163D97581FDA] - 3/12/2013 - 20:42:11 ---A- . (...) -- C:\zoek-results.log [10025]

O44 - LFC:[MD5.BEA69B748E478F3F9ACC96A719CEE994] - 3/12/2013 - 20:48:39 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [25120]

O44 - LFC:[MD5.BEA69B748E478F3F9ACC96A719CEE994] - 3/12/2013 - 20:48:39 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [25120]

O44 - LFC:[MD5.BEA69B748E478F3F9ACC96A719CEE994] - 3/12/2013 - 20:48:39 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [25120]

O44 - LFC:[MD5.BEA69B748E478F3F9ACC96A719CEE994] - 3/12/2013 - 20:48:39 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [25120]

~ Files: 13 Legitimates Filtered in 00mn 15s

---\\ Laatste bestanden die zijn gemaakt in Windows Prefetcher (O45)

O45 - LFCP:[MD5.0184904BB63E79651899ECB4D7F23189] - 28/11/2013 - 13:38:24 ---A- - C:\Windows\Prefetch\CUE.EXE-8050DCB1.pf

O45 - LFCP:[MD5.73C80AC34FE324E42EF1391E3D53EC59] - 28/11/2013 - 9:54:41 ---A- - C:\Windows\Prefetch\KWIKMEDIA.EXE-8DEFA947.pf

~ Prefetcher: 106 Legitimates Filtered in 00mn 00s

---\\ Controle van veilige Boot (CSB) (O49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)

~ CSB: 15 Legitimates Filtered in 00mn 00s

---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1

~ MWPS: 17 Legitimates Filtered in 00mn 00s

---\\ Opsomming van de registersleutel PoliciesExplorer (CÖKVI) (O56)

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

---\\ Overzicht van de drivers (SDL) (O58)

O58 - SDL:[MD5.957EC5620FB055E9DF2250D6FA4188E1] - 12/08/2010 - 17:24:30 ---A- . (.C-Media Electronics Inc - C-Media Audio WDM Driver.) -- C:\Windows\System32\Drivers\CM10664.sys [1310720]

O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]

O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]

O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 2:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]

~ Drivers: 17 Legitimates Filtered in 00mn 28s

---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61)

O61 - LFC: 1/12/2013 - 22:34:28 ---A- . (...) -- C:\Users\Pascal\AppData\Local\Avg2014\log\avgcfg.log.1 [65630]

O61 - LFC: 2/12/2013 - 22:34:28 ---A- . (...) -- C:\Users\Pascal\AppData\Local\Avg2014\log\avgcore.log.1 [131265]

O61 - LFC: 2/12/2013 - 22:34:28 ---A- . (...) -- C:\Users\Pascal\AppData\Local\Avg2014\log\avgdecider.log.1 [65655]

O61 - LFC: 2/12/2013 - 22:34:28 ---A- . (...) -- C:\Users\Pascal\AppData\Local\Avg2014\log\krnlapi.log.1 [1024199]

O61 - LFC: 3/12/2013 - 22:34:28 ---A- . (...) -- C:\Users\Pascal\AppData\Local\Avg2014\log\commonpriv.log.1 [65995]

O61 - LFC: 3/12/2013 - 22:34:43 ---A- . (...) -- C:\Users\Pascal\AppData\Roaming\ZHP\Log.txt [17397] =>.Nicolas Coolman

O61 - LFC: 3/12/2013 - 22:34:43 ---A- . (...) -- C:\Users\Pascal\AppData\Roaming\ZHP\TestsZHPDiag.txt [2884] =>.Nicolas Coolman

O61 - LFC: 30/11/2013 - 22:34:28 ---A- . (...) -- C:\Users\Pascal\AppData\Local\Avg2014\log\avgui.log.1 [131211]

~ 2 Fichiers temporaires (Temporary files)

~ Files: 101 Legitimates Filtered in 00mn 51s

---\\ Lijst van cleaning tools (CLAB) (O63)

O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

O63 - Logiciel: RSIT - (.random/random.)

~ ADS: Scanned in 00mn 00s

---\\ Startmenu Internet (SMI) (O68)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

---\\ Zoek "infecties in internetbrowsers (SBI) (O69)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - Bing

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - Google

~ Keys: Scanned in 00mn 00s

---\\ Geeft een opsomming van de dienst begin door Svchost (SSS) (O83)

O83 - Search Svchost Services: winmgmt (winmgmt) . (...) -- C:\PROGRA~3\4rjlf7t7t.pzz [0]

~ Services: 32 Legitimates Filtered in 00mn 00s

---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84)

[MD5.1FFB2EBE1F95C5E5AEC1512EA686049C] [sPRF][11/08/2012] (...) -- C:\Users\Pascal\AppData\LocalLow\dt.dat [27520]

[MD5.662C39FC1E27131551D557862CEC47F0] [sPRF][3/12/2013] (...) -- C:\Users\Pascal\Desktop\RSITx64.exe [935175]

~ Files: 4 Legitimates Filtered in 00mn 00s

---\\ Lijst van uitzonderingen in de firewall (FirewallRules) (O87)

O87 - FAEL: "{EF61FD20-B728-46F7-93E1-BF44FE32F47D}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles

O87 - FAEL: "{666B668A-CC9C-47F3-9FE6-31CD20BCC012}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles

O87 - FAEL: "{0CE6DABD-9EB1-4B74-8BF8-A25B4DD6D83A}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles

O87 - FAEL: "{D4523C71-C95A-4427-9C41-28EDAD34CC16}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles

~ Firewall: 185 Legitimates Filtered in 00mn 02s

---\\ Uitvoer van willekeurige registersleutels (O91)

[HKCU\Software\5e2da8ae56fbd44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel

[HKCU\Software\5e2da8ae56fbd44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52" =>Hijacker.Eazel

[HKCU\Software\5e2da8ae56fbd44] =>PUP.Babylon^

~ Export Key Software: Scanned in 00mn 00s

---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt)

SS - | Demand 8/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

SS - | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SS - | Demand 10/02/2011 112080 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe =>.Toshiba Corporation

SS - | Demand 5/02/2010 137560 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 28/06/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe

SR - | Auto 11/11/2013 3478544 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

SR - | Auto 24/09/2013 348008 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

SR - | Auto 28/01/2010 249200 | (cfWiMAXService) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

SR - | Auto 10/03/2009 46448 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

SR - | Auto 4/08/2010 1809920 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

SR - | Auto 29/03/2011 598312 | (NAUpdate) . (.Nero AG.) - c:\Program Files (x86)\Nero\Update\NASvc.exe

SR - | Demand 1/07/2010 51576 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation

SR - | Auto 20/10/2010 138656 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe

SR - | Auto 28/09/2010 489384 | (TosCoSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 25s

---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80)

Run by Pascal at 3/12/2013 22:37:47

~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s

---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80)

Written by ad13, PC Helpforum - Gratis hulp bij computer problemen

Run by Pascal at 3/12/2013 22:37:49

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s

---\\ Extra scan (O88)

Database Version : 13007 - (3/12/2013)

Clés trouvées (Keys found) : 36

Valeurs trouvées (Values found) : 2

Dossiers trouvés (Folders found) : 0

Fichiers trouvés (Files found) : 4

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles] =>Adware.ExpressFiles^

[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch

[HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch

[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch

[HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch

[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch

[HKLM\Software\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch

[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO

[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch

[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits

[HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits

[HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}] =>PUP.Software.Updater

[HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch

[HKLM\Software\Wow6432Node\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch

[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch

[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch

[HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit

[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch

[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch

[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch

[HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.AVGSearch

[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch

[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch

[HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch

[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch

[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong

[HKLM\Software\Tarma Installer] =>PUP.Tarma

[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon

[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}] =>Toolbar.Conduit

[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit

[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit

[HKCU\Software\FileScout] =>PUP.FileScout^

[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles^

[HKCU\Software\5e2da8ae56fbd44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^

[HKCU\Software\5e2da8ae56fbd44] =>PUP.Babylon^^

~ Additionnel Scan: 220053 Items scanned in 00mn 52s

---\\ Samenvatting van detecties gevonden op uw werkstation

~ Adware.ExpressFiles - Malicius Software Information =>Adware.ExpressFiles

~ Hijacker.Eazel - Malicius Software Information =>Hijacker.Eazel

~ PUP.FileScout - Malicius Software Information =>PUP.FileScout

~ PUP.Tarma - Malicius Software Information =>PUP.Tarma

~ PUP.Babylon - Malicius Software Information =>PUP.Babylon

~ PUP.ToparcadeHits - Malicius Software Information =>PUP.ToparcadeHits

~ PUP.Software.Updater - Malicius Software Information =>PUP.Software.Updater

~ Toolbar.Conduit - Malicius Software Information =>Toolbar.Conduit

~ Adware.PriceGong - Malicius Software Information =>Adware.PriceGong

~ MSI: 9 link(s) detected in 00mn 53s

~ 1221 Legitimates filtered by white list

End of the scan (520 lines in 07mn 18s)(0)

juisterr · 4 december 2013

Start ZHPFix opnieuw.

Kopieer de tekst in het code-veld volledig:

Script ZHPFix 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles] =>Adware.ExpressFiles^
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}] =>PUP.Software.Updater
[HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit
[HKCU\Software\FileScout] =>PUP.FileScout^
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles^
[HKCU\Software\5e2da8ae56fbd44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\5e2da8ae56fbd44] =>PUP.Babylon^^
shortcutfix
emptytemp
emptyflash
emptyjava

Dubbelklik de snelkoppeling: ZHPFix

Druk op de button "Import"

Druk daarna onderaan op de knop "Go".

De fix zal beginnen post het resultaat ZPHFix[r2].txt

pas · 4 december 2013

Rapport de ZHPFix 2013.12.1.2 par Nicolas Coolman, Update du 01/12/2013

Fichier d'export Registre :

Run by Pascal at 4/12/2013 19:14:13

High Elevated Privileges : OK

Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Prullenbak geleegd (00mn 01s)

Reparatie van browser snelkoppelingen

========== Registersleutels ==========

VERWIJDERD: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles

VERWIJDERD:* HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

VERWIJDERD: HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

VERWIJDERD:* HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

VERWIJDERD: HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

VERWIJDERD: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}

VERWIJDERD: HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

VERWIJDERD:* HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

VERWIJDERD:* HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

VERWIJDERD: HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

VERWIJDERD: HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

VERWIJDERD:* HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

VERWIJDERD: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

VERWIJDERD:* HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

VERWIJDERD: HKLM\Software\Classes\AppID\ScriptHelper.EXE

VERWIJDERD: HKLM\Software\Classes\ScriptHelper.ScriptHelperApi

VERWIJDERD: HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1

VERWIJDERD: HKLM\Software\Classes\ViProtocol.ViProtocolOLE

VERWIJDERD: HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1

VERWIJDERD: HKCU\Software\AppDataLow\Software\PriceGong

VERWIJDERD:* HKLM\Software\Tarma Installer

VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32

VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS

VERWIJDERD: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}

VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32

VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS

VERWIJDERD: HKCU\Software\FileScout

VERWIJDERD: HKLM\Software\Wow6432Node\ExpressFiles

VERWIJDERD: HKCU\Software\5e2da8ae56fbd44

========== Mappen ==========

Verwijderen tijdelijke Windows (5)

Verwijderd Flash Cookies (0)

========== Bestanden ==========

Verwijderen tijdelijke Windows (10) (586.069 octets)

Verwijderd Flash Cookies (0) (0 octets)

========== Andere ==========

NIET-VERDRAG emptyjava

========== Samenvatting ==========

32 : Registersleutels

2 : Mappen

2 : Bestanden

1 : Andere

End of clean in 00mn 12s

========== Pad naar bestand verslag ==========

C:\Users\Pascal\AppData\Roaming\ZHP\ZHPFix[R1].txt - 4/12/2013 19:14:15 [3440]

juisterr · 5 december 2013

Mooi, en hoe gaat het nu?

Inloggen

hijack-logje

Aanbevolen berichten

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Belangrijke informatie