Redirect Virus

Hoi allemaal,

Ik heb sinds enkele weken een redirect virus op mijn laptop. Chrome is praktisch onbruikbaar, elke keer kom je op een andere spamsite terecht en niks werkt. Ik ben echt al weken aan het zoeken voor een oplossing maar kom er niet uit. Programma's als Ad Aware, Adw Cleaner, CC cleaner, Malwarebytes Anti Adware, TDSS, Spybot search and destroy, Unhack me, Norton zijn er al overheen geweest. Ook heb ik steeds last van SalePlus Ad extensie op Chrome die ik blijf verwijderen maar elke minuut terugkomt (Registry Key is ook al verwijderd). Hitman pro heb ik al een trialversie van gehad in het verleden dus kan ik nu niet meer gebruiken. Hopelijk kan iemand me helpen.

Alvast dank!

Hieronder een HijackThis log voor de kenners die misschien nog iets verdachts zien?

Hey Jocob,

Indien nodig ben ik bereid te helpen met behulp van teamviewer.
Indien geïnteresseerd ben ik aanwezig in de Helpmij chat voor het wisselen van de Teamviewer details.

Hoor het graag,

Ik ben tot 17:00 aanwezig.

Download ZHPCleaner naar het bureaublad.

ZHPCleaner uitvoeren

• Sluit alle openstaande vensters.
• Dubbelklik op ZHPCleaner.exe om de tool te starten.
• Windows Vista, 7 en 8 gebruikers dienen de tool als administrator uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
• Klik vervolgens op de knop Scannen.
• Wanneer de scan gereed is Klik je vervolgens op de knop Repareren.
• Plaats dit logbestand als bijlage in het volgende bericht.

---

Download RSIT van de onderstaande locaties en sla deze op het bureablad op.

• RSIT 32 bit (RSIT.exe)
• RSIT 64 bit (RSITx64.exe)

Hier staat een beschrijving hoe u kunt kijken of u een 32 of 64 bit versie van Windows heeft.

RSIT Uitvoeren
Wanneer je problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in je bericht.

• Dubbelklik op RSIT.exe om de tool te starten.
• Windows Vista, 7 en 8 gebruikers dienen de tool als administrator uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
• Vervolgens wordt de Disclaimer of warranty getoond, klik vervolgens op Continue
• Als u RSIT de eerste keer uitvoert zal HijackThis gedownload worden als deze niet aanwezig is, sta dit vervolgens toe door op I accept te klikken.
• Wanneer de tool gereed is worden er twee kladblok bestanden geopend genaamd Log.txt en Info.txt geopend.
• Voeg beide logbestanden als bijlage toe aan je volgende bericht.

---

Download Security Check op je bureaublad via hier of hier

Start Security Check
Volg de Instructies in het scherm
Aan het eind verschijnt een log ( checkup.txt )
Plaats de inhoud ervan als bijlage in je volgende antwoord.


Graag zie ik alle gevraagde logs in je volgende reactie:

• ZHPCleaner
• RSIT (info + log.txt)
• Security Check

Schijf tijdelijk uitbouwen en in een ander systeem plaatsen. Op dat systeem een volledige scan uitvoeren met je Anti-Virus, Super Anti-Spyware en Malware Bytes Anti-Malware. Daarna de schijf terugplaatsen in het systeem en de programma's die in de vorige stap iets hebben gevonden nogmaals een scan laten uitvoeren.

Dank voor de reacties.
RSIT en ZHPCleaner geven een foutmelding over een niet geldige win32 toepassing.

Security check log:
Results of screen317's Security Check version 1.00
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
HijackThis 1.99.1
CCleaner
JavaFX 2.1.1
Java(TM) 6 Update 24
Java(TM) 7 Update 5
Java(TM) SE Development Kit 7
Java version 32-bit out of Date!
Adobe Flash Player 16.0.0.305 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 19.0 Firefox out of Date!
Google Chrome (41.0.2272.101)
Google Chrome (41.0.2272.118)
Google Chrome (GoogleUpdate.dll..)
Google Chrome (Plugins...)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Gebruik Patch My PC
Klik op Perform ... updates
Klik op Recheck software
Rechtsklik in het programma => Copy All text
Plak deze in je volgende post

---

Wil je ZHPCleaner en RSIT in veilige modus met netwerkondersteuning uitvoeren en alsnog de logs plaatsen?

Hieronder Patchmypc.

ZHP en RSIT ga ik nu doen.

PATCH MY PC 3.0.2.3 | Definitions: 04.14.15 | Started At 15-4-2015 9:00:42
Operating System: Microsoft® Windows Vista™ Home Premium x86


This update requires iexplore to be closed. Please close iexplore and update process will begin.


This update requires Chrome to be closed. Please close Chrome and update process will begin.

Verifying Adobe Air Download URL And Size
Successfully Verified Adobe Air Download URL And Size
Downloading Adobe Air (16,9 MB)
Adobe Air Downloaded Successfully
Installing Adobe Air Please Wait
Install Complete Exit Code 0

Verifying Adobe Flash Plugin Download URL And Size
Successfully Verified Adobe Flash Plugin Download URL And Size
Downloading Adobe Flash Plugin (17,34 MB)
Adobe Flash Plugin Downloaded Successfully
Installing Adobe Flash Plugin Please Wait
Install Complete Exit Code 0

Verifying Adobe Flash AX Download URL And Size
Successfully Verified Adobe Flash AX Download URL And Size
Downloading Adobe Flash AX (16,78 MB)
Adobe Flash AX Downloaded Successfully
Installing Adobe Flash AX Please Wait
Install Complete Exit Code 0

Verifying Adobe Reader Download URL And Size
Successfully Verified Adobe Reader Download URL And Size
Downloading Adobe Reader (72,34 MB)
Adobe Reader Downloaded Successfully
Installing Adobe Reader Please Wait
Install Complete Exit Code 0

Verifying Google Chrome Download URL And Size
Successfully Verified Google Chrome Download URL And Size
Downloading Google Chrome (41,25 MB)
Google Chrome Downloaded Successfully
Installing Google Chrome Please Wait
Install Complete Exit Code 0

Verifying Firefox Download URL And Size
Successfully Verified Firefox Download URL And Size
Downloading Firefox (38,97 MB)
Firefox Downloaded Successfully
Installing Firefox Please Wait
Install Complete Exit Code 0

Verifying Audacity Download URL And Size
Successfully Verified Audacity Download URL And Size
Downloading Audacity (23,09 MB)
Audacity Downloaded Successfully
Installing Audacity Please Wait
Install Complete Exit Code 0

Verifying iTunes Download URL And Size
Successfully Verified iTunes Download URL And Size
Downloading iTunes (104,16 MB)
iTunes Downloaded Successfully
Installing iTunes Please Wait
Install Complete Exit Code 0

Verifying VLC Player Download URL And Size
Successfully Verified VLC Player Download URL And Size
Downloading VLC Player (27,19 MB)
VLC Player Downloaded Successfully
Installing VLC Player Please Wait
Install Complete Exit Code 0

Verifying WinRAR Download URL And Size
Successfully Verified WinRAR Download URL And Size
Downloading WinRAR (1,68 MB)
WinRAR Downloaded Successfully
Installing WinRAR Please Wait
Install Complete Exit Code 0

Verifying Foxit Reader Download URL And Size
Successfully Verified Foxit Reader Download URL And Size
Downloading Foxit Reader (36,81 MB)
Foxit Reader Downloaded Successfully
Installing Foxit Reader Please Wait
Install Complete Exit Code 1

Verifying Skype Download URL And Size
Successfully Verified Skype Download URL And Size
Downloading Skype (43,65 MB)
Download Failed
Verifying Vuze Download URL And Size
Successfully Verified Vuze Download URL And Size
Downloading Vuze (10,2 MB)
Vuze Downloaded Successfully
Installing Vuze Please Wait
Install Complete Exit Code 0

Verifying Google Earth Download URL And Size
Successfully Verified Google Earth Download URL And Size
Downloading Google Earth (34,51 MB)
Google Earth Downloaded Successfully
Installing Google Earth Please Wait
Install Complete Exit Code 1639


PATCH MY PC UPDATE COMPLETE 15-4-2015 17:23:26

RSIT lukt nog steeds niet in veilige modus.
ZHP is nu bezig maar heb bij de vorige keer alwel kunnen repareren maar was het rapport niet zichtbaar. Nog niet zeker of het nu lukt.

Probeer ook onderstaande uit te voeren:

Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS - Infospyware.



DDS is een diagnosetool en maakt gebruik van scripts.

Schakel je beveiligings software uit voordat je DDS uitvoert!
(hier of hier) kan je lezen hoe je dat doet.

Dubbelklik op DDS om de tool te starten.

Er worden nu automatisch twee log bestanden op het bureablad opgeslagen.

• DDS.txt
• Attach.txt (Plaats deze alleen indien hierom wordt gevraagd!)

Post beide logs in het volgende bericht als bijlage.

Ik zie dat ik ZHP bestand wel in kladblok kan openen.Bekijk bijlage attach.txtBekijk bijlage dds.txtBekijk bijlage ZHPCleaner.txt
Hier de bijlagen van ZHP en de nieuwe 2.

Dank. So far so good. Dan proberen we wat anders.

Start Zoek.exe met onderstaand script.


Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.

• Dubbelklik op Zoek.exe om de tool te starten.
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
• 
  Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
  
  Code:

  standardsearch;
  process;
  startupall;
  torpigcheck;
  skipfix-iedefaults;
  firefoxlook;
  chromelook;
  installedprogs;
  services-list;
  filescrm;

• Klik nu op de knop "Run script".
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
• Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

• Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kan je tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)

Mijn methode ook al eens geprobeerd? De tips van Dorado zijn prima, maar blijkbaar heb je een ietwat beter virus in huis gehaald.

Dank steeds voor jullie antwoorden!
@RogerS ik snapte niet helemaal wat je met schijf uitbouwen bedoelde, ben geen expert helaas;-), wellicht kun je het even toelichten?


De bijlage zoek.exe werkte niet. Hieronder geplakt:



Zoek.exe v5.0.0.0 Updated 08-April-2015
Tool run by Jelco on wo 15-04-2015 at 22:54:47,95.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Jelco\Documents\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

==== Torpig Check ======================

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} ntshrui.dll

2011-05-18 19:55:01 d-----w- C:\PROGRA~2\1230
2010-12-14 15:02:12 3957 ----a-w- 102FE46DFD36AA6F02B03B14CB6CAA64 C:\PROGRA~2\1230\{33040468-096D-4B52-AC03-FC3062849031}.swf

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 17 ActiveX
Adobe Flash Player 17 NPAPI
Adobe Reader XI (11.0.10)
Apple Application Support (32-bit)
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 2
Audacity 2.1.0
Bonjour
BS.Player FREE
CCleaner
Click to Disc
Click to Disc Editor
Compatibiliteitspakket voor het 2007 Microsoft Office system
D3DX10
Definition Update for Microsoft Office 2010 (KB2965299) 32-Bit Edition
Dropbox
EVEREST Corporate Edition v5.30
EViews 8
Foxit Reader
Free YouTube to MP3 Converter version 3.12.50.1122
Google Chrome
Google Desktop
Google Earth
Google Update Helper
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 2540 series Basissoftware van het apparaat
HP Deskjet 2540 series Help
HP Update
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 24
Java(TM) 7 Update 5
Java(TM) SE Development Kit 7
JavaFX 2.1.1
Junk Mail filter update
Me&My VAIO
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 Language Pack SP1 - nld
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1 (Nederlands)
Microsoft .NET Framework 4.5.1 (NLD)
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (Dutch)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD
Microsoft Works
MKVToolNix 5.6.0
Mozilla Firefox 37.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Music Transfer
Norton Security Scan
OGA Notifier 2.0.0048.0
OpenMG Secure Module 5.4.00
Primo
Productverbeteringsonderzoek voor HP Deskjet 2540 series
Realtek High Definition Audio Driver
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)
Segoe UI
Setting Utility Series
SkypeT 7.2
Software Info for Me&My VAIO
Sony Home Network Library
Sony Picture Utility
Sony Video Shared Library
Spotnet
SubtitleCreator
Synaptics Pointing Device Driver
Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - NLD
TeamViewer 10
TrueCrypt
UnHackMe 7.71 release
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
VAIO Content Folder Setting
VAIO Content Folder Watcher
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Settings
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Energiebeheer
VAIO Entertainment Platform
VAIO Event Service
VAIO Launcher
VAIO Marketing Tools
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story
VAIO Movie Story 1.5 Upgrade
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO Ondersteuning voor Weergave
VAIO Original Function Setting
VAIO Smart Network
VAIO Update
VAIO Wallpaper Contents
VLC media player
VU5x86
Vuze
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 5.21 (32-bit)

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Jelco\Documents\Downloads\zoek.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

==== Services(whitelist) ======================
Powered by E Dev

R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe
S2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files\common files\adobe\arm\1.0\armsvc.exe
S2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
S2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
S2 - [gupdate] - Google Updateservice (gupdate) - c:\program files\google\update\googleupdate.exe
S2 - [NSUService] - NSUService - c:\program files\sony\network utility\nsuservice.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files\skype\updater\updater.exe
S2 - [slsvc] - Software Licensing - c:\windows\system32\slsvc.exe
S2 - [TeamViewer] - TeamViewer 10 - c:\program files\teamviewer\teamviewer_service.exe
S2 - [uCamMonitor] - CamMonitor - c:\program files\arcsoft\magic-i visual effects 2\ucammonitor.exe
S2 - [VAIO Event Service] - VAIO Event Service - c:\program files\sony\vaio event service\vesmgr.exe
S2 - [VAIO Power Management] - VAIO Power Management - c:\program files\sony\vaio power management\spmservice.exe
S2 - [VcmIAlzMgr] - VAIO Content Metadata Intelligent Analyzing Manager - c:\program files\sony\vcm intelligent analyzing manager\vcmialzmgr.exe
S2 - [VzCdbSvc] - VAIO Entertainment Database Service - c:\program files\common files\sony shared\vaio entertainment platform\vzcdb\vzcdbsvc.exe
S2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
S2 - [WMPNetworkSvc] - Windows Media Player Network Sharing-service - c:\program files\windows media player\wmpnetwk.exe
S2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
S3 - [ACDaemon] - ArcSoft Connect Daemon - c:\program files\common files\arcsoft\connection service\bin\acservice.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway-service - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [DFSR] - DFS Replication - c:\windows\system32\dfsr.exe
S3 - [ehRecvr] - Windows Media Center Receiver-service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler-service - c:\windows\ehome\ehsched.exe
S3 - [GoogleDesktopManager-051210-111108] - Google Desktop Manager 5.9.1005.12335 - c:\program files\google\google desktop search\googledesktop.exe
S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files\google\update\googleupdate.exe
S3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe
S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files\microsoft office\office14\groove.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [NisSrv] - Microsoft Network Inspection - c:\program files\microsoft security client\nissrv.exe
S3 - [ose] - Office Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [PACSPTISVR] - PACSPTISVR - c:\program files\common files\sony shared\avlib\pacsptisvr.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [SOHCImp] - VAIO Media plus Content Importer - c:\program files\common files\sony shared\sohlib\sohcimp.exe
S3 - [SOHDBSvr] - VAIO Media plus Database Manager - c:\program files\common files\sony shared\sohlib\sohdbsvr.exe
S3 - [SOHDms] - VAIO Media plus Digital Media Server - c:\program files\common files\sony shared\sohlib\sohdms.exe
S3 - [SOHDs] - VAIO Media plus Device Searcher - c:\program files\common files\sony shared\sohlib\sohds.exe
S3 - [SOHPlMgr] - VAIO Media plus Playlist Manager - c:\program files\common files\sony shared\sohlib\sohplmgr.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [VAIO Entertainment TV Device Arbitration Service] - VAIO Entertainment TV Device Arbitration Service - c:\program files\common files\sony shared\vaio entertainment platform\vzhardwareresourcemanager\vzhardwareresourcemanager\vzhardwareresourcemanager.exe
S3 - [VcmXmlIfHelper] - VAIO Content Metadata XML Interface - c:\program files\common files\sony shared\vcmxml\vcmxmlifhelper.exe
S3 - [Vcsw] - VAIO Entertainment UPnP Client Adapter - c:\program files\common files\sony shared\vaio entertainment platform\vcsw\vcsw.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S3 - [WPFFontCache_v0400] - Windows Presentation Foundation-lettertypecache 4.0.0.0 - c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe
S4 - [aspnet_state] - ASP.NET-statusservice - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [wlcrasvc] - Windows Live Mesh remote connections service - c:\program files\windows live\mesh\wlcrasvc.exe

==== System Specs ======================

Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002)
Memory (RAM): 2939 MB
CPU Info: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
CPU Speed: 2042,8 MHz
Sound Card: Not detected
Display Adapters: | RDP Encoder Mirror Driver
Monitors: 1x;
Screen Resolution: 800 X 600 - 32 bit
Network: Network Present
Network Adapters: Atheros AR928X Wireless Network Adapter | Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
CD / DVD Drives: 3x (F: | G: | H: | ) F: Optiarc DVD RW AD-7590S | G: MagicISOVirtual DVD-ROM | H: MagicISOVirtual DVD-ROM
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 223,1GB
Hard Disks - Free: C: 51,8GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 05/09/08 | Sony - 20081203
Time Zone: West-Europa (standaardtijd)
Motherboard *: Sony Corporation VAIO
Country: Nederland
Language: NLD

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 42.0.2311.90
Internet Explorer Version: 9.0.8112.16421
Mozilla Firefox version: 37.0.1 (x86 en-US)
Google Chrome version: 42.0.2311.90
Adobe Reader version: 11.0.10.32
Sun Java version: 1.7.0_05 (32-bit)
Flash Player version: 17.0.0.169

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-04-14 10:22:33 81051BCC2CF1BEDF378224B0A93E2877 2 --shatr- C:\Windows\winstart.bat
2015-04-13 16:30:51 9D47397D58EA49F48E359F50E8DF6F8B 11 ----a-r- C:\Windows\amunres.lsl
2015-03-31 20:00:47 78C59C8A2C9137BD717A5C53DA6AD2D2 45 ---h--r- C:\Windows\krm_user.dat
====== C:\Users\Jelco\AppData\Local\Temp ====
2015-04-15 01:49:35 EB3F8534322D883F4A61274210551662 43008 ----a-w- C:\Users\Jelco\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkf_nqk.dll
====== Java Cache =====
====== C:\Windows\system32 =====
2015-04-15 01:25:56 BFC1892FFA0E8D3351EF59D6E3F39A2F 1249280 ----a-w- C:\Windows\System32\msxml3.dll
2015-04-15 01:06:40 1359F3CD7DF4D105C6C70CCE671F8520 297984 ----a-w- C:\Windows\System32\gdi32.dll
2015-04-15 01:06:15 5D9311526801643000D7032A83B18B12 244152 ----a-w- C:\Windows\System32\clfs.sys
2015-04-15 01:06:15 2FF4B8BA9805BABA5E8FB923AF44F480 57344 ----a-w- C:\Windows\System32\clfsw32.dll
2015-04-15 01:05:25 E33CD56F2F344658C6000821611BBBD7 1205168 ----a-w- C:\Windows\System32\ntdll.dll
2015-04-15 01:05:22 377602E869DA9C05AC67CA3A5019A051 3604920 ----a-w- C:\Windows\System32\ntkrnlpa.exe
2015-04-15 01:05:21 952EA6E27E3A16F02F85C10BB7F4752A 3552184 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-04-14 22:07:11 C1BC2B2E0AA56E9C28299273C86A73E4 421376 ----a-w- C:\Windows\System32\vbscript.dll
2015-04-14 22:07:11 9B1B09743E49F4E2364C34203F843844 11776 ----a-w- C:\Windows\System32\mshta.exe
2015-04-14 22:07:11 686DFDA82EE2DBE1F58A48C9E3093996 41472 ----a-w- C:\Windows\System32\msfeedsbs.dll
2015-04-14 22:07:11 67DB0E50E830E45BA24AA7B1B2143B93 1139200 ----a-w- C:\Windows\System32\urlmon.dll
2015-04-14 22:07:10 E6DE7F4A4BF8CD9E5C4F9466981892EC 142848 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-04-14 22:07:10 E38129C89502D27580368D9762B6AFC6 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2015-04-14 22:07:10 B4AAF0FD9C32478889639DE464B21DA0 65024 ----a-w- C:\Windows\System32\jsproxy.dll
2015-04-14 22:07:10 052A629983DD1A2116629293D02B1B58 1803264 ----a-w- C:\Windows\System32\iertutil.dll
2015-04-14 22:07:09 E8DFFB36F1120DC1DB7C0BCBCF1640AD 231936 ----a-w- C:\Windows\System32\url.dll
2015-04-14 22:07:08 B76F31C79764D2D8835CBEC935D49DB7 1427968 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-04-14 22:07:07 F73E3C29743621D9AAF09503E523E175 367104 ----a-w- C:\Windows\System32\html.iec
2015-04-14 22:07:07 95D3A97897CE0386358FA6F65D8F343D 717824 ----a-w- C:\Windows\System32\jscript.dll
2015-04-14 22:07:07 5E2BFFFBAA061C1660F8255B2E3BD25C 73216 ----a-w- C:\Windows\System32\mshtmled.dll
2015-04-14 22:07:07 19B481D70FBC176AE5D3E91347B0128F 1129472 ----a-w- C:\Windows\System32\wininet.dll
2015-04-14 22:07:07 02D9B399770C9C971F3B3344017106BA 10752 ----a-w- C:\Windows\System32\msfeedssync.exe
2015-04-14 22:07:06 88965158C3620A7AA0B177599C6504AC 353792 ----a-w- C:\Windows\System32\dxtmsft.dll
2015-04-14 22:07:06 6B5500DE200DC9C51A3F6A9377D14789 607744 ----a-w- C:\Windows\System32\msfeeds.dll
2015-04-14 22:07:04 5FCA6B58D90B6D17327B48216451266D 1810944 ----a-w- C:\Windows\System32\jscript9.dll
2015-04-14 22:07:03 A4C519E68C75A9657B884990326CA1C8 223232 ----a-w- C:\Windows\System32\dxtrans.dll
2015-04-14 22:07:03 16BAD3B8ABC01EC9D34E912162CA4A53 176640 ----a-w- C:\Windows\System32\ieui.dll
2015-04-14 22:07:02 59717C2C872AAEA7519B0124409B4578 9747968 ----a-w- C:\Windows\System32\ieframe.dll
2015-04-14 22:07:00 1035970885DD6ABA0EBCB3C02006A8E9 12377600 ----a-w- C:\Windows\System32\mshtml.dll
====== C:\Windows\system32\drivers =====
2015-04-14 10:22:41 6DDCF3F801EC15FE698F6A215CF30A1F 35816 ----a-w- C:\Windows\System32\drivers\Partizan.sys
2015-04-14 10:22:17 AFF2B26B9E0764439CAA3880A8A0466C 12800 ----a-w- C:\Windows\System32\drivers\UnHackMeDrv.sys
====== C:\Windows\Tasks ======
2015-04-14 10:22:20 4A65CA85D7E42B54BB25C870FC93A748 3320 ----a-w- C:\Windows\system32\Tasks\UnHackMe Task Scheduler
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-04-15 07:39:49 -------- d-----w- C:\Program Files\iPod
2015-04-15 07:30:36 -------- d-----w- C:\Program Files\Bonjour
2015-04-15 07:20:27 -------- d-----w- C:\Program Files\Common Files\Adobe
2015-04-14 20:44:59 -------- d-----w- C:\Program Files\trend micro
2015-04-14 14:39:38 -------- d-----w- C:\Program Files\TeamViewer
2015-04-14 10:21:44 -------- d-----w- C:\Program Files\UnHackMe
2015-03-31 19:59:25 -------- d-----w- C:\Program Files\EViews 8
2015-03-27 12:53:48 -------- d-----w- C:\Program Files\Common Files\Skype
======= C: =====
2015-04-15 15:23:26 A688468498BF3F9839C4F102AA37C7A8 3530 ----a-w- C:\PC_VAN_JELCO.rtf
====== C:\Users\Jelco\AppData\Roaming ======
2015-04-14 21:16:15 B4ACAA98968FA1CA24DBC5247DBAA604 20 ----a-w- C:\Users\Jelco\AppData\Roaming\appdataFr3.bin
2015-04-14 20:42:36 -------- d-----w- C:\Users\Jelco\AppData\Roaming\ZHP
2015-04-14 14:39:50 -------- d-----w- C:\Users\Jelco\AppData\Roaming\TeamViewer
2015-03-31 21:51:27 -------- d-----w- C:\Users\Jelco\AppData\Local\Apps
2015-03-31 21:51:26 -------- d-----w- C:\Users\Jelco\AppData\Local\Deployment
2015-03-31 20:00:48 -------- d-----w- C:\Users\Jelco\AppData\Roaming\IHS EViews
2015-03-27 12:54:45 -------- d-----w- C:\Users\Jelco\AppData\Local\Skype
2015-03-18 22:14:27 -------- d-----w- C:\Users\Jelco\AppData\Roaming\LavasoftStatistics
====== C:\Users\Jelco ======
2015-04-15 15:34:55 782B7A715D14570535E54AA740464C82 1707008 ----a-w- C:\Users\Jelco\ZHPCleaner.exe
2015-04-15 07:42:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-15 07:39:46 -------- d-----w- C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-04-14 10:22:17 -------- d-----w- C:\Users\Public\Documents\regruninfo
2015-04-14 10:22:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2015-04-14 10:21:23 7223700112D3DF3FD619D84D3C94C242 16760400 ----a-w- C:\Users\Jelco\Documents\unhackme_setup.exe
2015-04-08 20:47:24 -------- d-----w- C:\ProgramData\nkdjmkgkbjaojdhjkomieckngpaldlfm
2015-04-08 20:45:52 -------- d-----w- C:\ProgramData\{7c61819a-a64a-7a8d-7c61-1819aa64066a}
2015-03-31 20:01:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EViews 8
2015-03-31 20:00:48 -------- d-----w- C:\ProgramData\IHS EViews
2015-03-27 12:53:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-03-23 17:07:40 -------- d-----w- C:\Users\Jelco\sollicitaties

====== C: exe-files ==
2015-04-15 15:36:45 782B7A715D14570535E54AA740464C82 1707008 ----a-w- C:\Users\Jelco\Documents\Downloads\ZHPCleaner (1).exe
2015-04-15 15:34:55 782B7A715D14570535E54AA740464C82 1707008 ----a-w- C:\Users\Jelco\ZHPCleaner.exe
2015-04-15 09:49:02 0A2CBA6BF5052F9C4DFEEF2DBF2794F6 343992 ----a-w- C:\Users\Jelco\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2QGXH2W\SymInstallStub[1].exe
2015-04-15 07:22:36 3F41E4BC551B4C913BAD2F4340D79B60 41815632 ----atw- C:\Program Files\Google\Update\Install\{50471541-B822-46A7-801B-B56DDFE081A2}\chrome_installer.exe
2015-04-15 07:22:34 3F41E4BC551B4C913BAD2F4340D79B60 41815632 ----atw- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\42.0.2311.90\chrome_installer.exe
2015-04-15 07:17:05 C581EE6EED7BC92A0826C366155DBE1A 59392 ----a-w- C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe
2015-04-15 07:17:05 A2A21CBB4761FC455D5509591C34CA80 96768 ----a-w- C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
2015-04-15 07:17:05 5B80D671D6257ED14705639ECC339E55 54432 ----a-w- C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\airappinstaller.exe
2015-04-15 07:17:05 5B80D671D6257ED14705639ECC339E55 54432 ----a-w- C:\Program Files\Adobe\Flash Player\AddIns\airappinstaller\airappinstaller.exe
2015-04-15 07:17:04 8E36C30AA3A112A756424A7E70FC27E6 130208 ----a-w- C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
2015-04-15 07:00:13 30F3E9624D57D7F4EADDE91E090D2D6D 550432 ----a-w- C:\Users\Jelco\Documents\Downloads\PatchMyPC.exe
2015-04-15 01:05:22 377602E869DA9C05AC67CA3A5019A051 3604920 ----a-w- C:\Windows\System32\ntkrnlpa.exe
2015-04-15 01:05:21 952EA6E27E3A16F02F85C10BB7F4752A 3552184 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-04-14 22:07:11 9B1B09743E49F4E2364C34203F843844 11776 ----a-w- C:\Windows\System32\mshta.exe
2015-04-14 22:07:10 E94A11970972ABA14D754D8852280107 22528 ----a-w- C:\Program Files\Internet Explorer\ExtExport.exe
2015-04-14 22:07:10 E6DE7F4A4BF8CD9E5C4F9466981892EC 142848 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-04-14 22:07:10 AE4AAEF8DA38DF4099BC4784FA86A69E 223232 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2015-04-14 22:07:07 02D9B399770C9C971F3B3344017106BA 10752 ----a-w- C:\Windows\System32\msfeedssync.exe
2015-04-14 22:07:05 F6A99C1FA53F6CBA2306EAFAEE4DC7C9 757968 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2015-04-14 22:07:05 AF4ACDF8B2884C66AB3B7AD5FF87E8C7 470016 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2015-04-14 20:45:01 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Jelco.exe
2015-04-14 20:44:16 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Jelco\Documents\Downloads\RSIT.exe
2015-04-14 20:42:36 18F4DA3AA3A4464B5738BDEC1E4EC836 1708032 ----a-w- C:\Users\Jelco\AppData\Roaming\ZHP\ZHPCleaner.exe
2015-04-14 20:42:04 18F4DA3AA3A4464B5738BDEC1E4EC836 1708032 ----a-w- C:\Users\Jelco\Documents\Downloads\ZHPCleaner.exe
2015-04-14 14:39:42 CA5BC82B31EAF5F46879509AD45C6FD9 468864 ----a-w- C:\Program Files\TeamViewer\uninstall.exe
2015-04-14 14:39:42 4444BF3FDF36F1A91AACE8245A98AB58 229136 ----a-w- C:\Program Files\TeamViewer\tv_w32.exe
2015-04-14 14:39:42 3A06DEB43AAC8726FE3ADF056A7C0187 263952 ----a-w- C:\Program Files\TeamViewer\tv_x64.exe
2015-04-14 14:39:41 E98CED53B8E912D19D9F229B0D299F30 5448464 ----a-w- C:\Program Files\TeamViewer\TeamViewer_Service.exe
2015-04-14 14:39:40 3EBDEC6754C5484986B9B8859ED9CD86 5437712 ----a-w- C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
2015-04-14 14:39:39 AA943520A2E45BD5DBC0439B0528DD6D 17653008 ----a-w- C:\Program Files\TeamViewer\TeamViewer.exe
2015-04-14 14:38:03 9F393F5F4633750517A2471B572FEBD1 7968744 ----a-w- C:\Users\Jelco\Documents\Downloads\TeamViewer_Setup_nl.exe
2015-04-14 10:42:53 9C5DAAED3B3C06DBC95228CC407B8B70 4197016 ----a-w- C:\Users\Jelco\Documents\Downloads\tdsskiller (1).exe
2015-04-14 10:22:16 991F20F21B8C44CB1CD1F9887DE299F4 81680 ----a-w- C:\Program Files\UnHackMe\unhackmeschedule.exe
2015-04-14 10:22:07 CCD66BD628629B91BCE05767FA9A64D2 3118352 ----a-w- C:\Program Files\UnHackMe\RegRunInfo.exe
2015-04-14 10:22:01 5AD1DAF04B19B3FCB063E398845F13BC 65296 ----a-w- C:\Program Files\UnHackMe\regrunck.exe
2015-04-14 10:21:58 DD9FA33830AA47F1E943673336CC62BB 10347320 ----a-w- C:\Program Files\UnHackMe\reanimator.exe
2015-04-14 10:21:56 75FC9FD3ABA9AEE7A09901CA7D358E25 592656 ----a-w- C:\Program Files\UnHackMe\hackmon.exe
2015-04-14 10:21:55 3149A9DE208D6AE8B09E84564C05B160 1321744 ----a-w- C:\Program Files\UnHackMe\GWebUpdate.exe
2015-04-14 10:21:53 9C5DAAED3B3C06DBC95228CC407B8B70 4197016 ----a-w- C:\Users\Jelco\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U1EKZ63\tdsskiller (1).exe
2015-04-14 10:21:45 7960EDC8023A207E0112A75AE136BCAC 2128656 ----a-w- C:\Program Files\UnHackMe\Unhackme.exe
2015-04-14 10:21:44 580B06B7F381C7EB2573E9FB2C35391C 718497 ----a-w- C:\Program Files\UnHackMe\unins000.exe
2015-04-14 10:21:23 7223700112D3DF3FD619D84D3C94C242 16760400 ----a-w- C:\Users\Jelco\Documents\unhackme_setup.exe
2015-04-13 16:41:32 9866F32F94E0450453A0094F4AB81555 5344528 ----a-w- C:\Users\Jelco\Documents\Downloads\ccsetup504.exe
2015-04-13 16:38:55 7873B8294E75160D32CB07A83AD73857 728960 ----a-w- C:\Users\Jelco\Documents\Downloads\SpyHunter-installer (1).exe
2015-04-08 21:40:44 0415AB744E0BE99287ABAFE434365346 1931088 ----a-w- C:\Users\Jelco\Documents\Downloads\FixTDSS (1).exe
2015-04-08 21:25:58 0415AB744E0BE99287ABAFE434365346 1931088 ----a-w- C:\Users\Jelco\Documents\Downloads\FixTDSS.exe
2015-04-08 21:20:03 EF65B69EDA22962698904A48B30498BE 779704 ----a-w- C:\Users\Jelco\Documents\Downloads\Setup (3).exe
2015-04-08 21:19:58 EF65B69EDA22962698904A48B30498BE 779704 ----a-w- C:\Users\Jelco\Documents\Downloads\Setup (2).exe
2015-04-08 21:19:45 EF65B69EDA22962698904A48B30498BE 779704 ----a-w- C:\Users\Jelco\Documents\Downloads\Setup (1).exe
2015-04-08 21:19:35 EF65B69EDA22962698904A48B30498BE 779704 ----a-w- C:\Users\Jelco\Documents\Downloads\Setup.exe
=== C: other files ==
2015-04-15 18:21:21 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Jelco\Documents\Downloads\dds.com
2015-04-15 01:06:15 5D9311526801643000D7032A83B18B12 244152 ----a-w- C:\Windows\System32\clfs.sys
2015-04-14 10:22:41 9D5D1D578942771909848F93E699E560 439610 ----a-w- C:\Users\Jelco\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q86F7KMT\dbs[1].zip
2015-04-14 10:22:41 9D5D1D578942771909848F93E699E560 439610 ----a-w- C:\Program Files\UnHackMe\dbs.zip
2015-04-14 10:22:41 6DDCF3F801EC15FE698F6A215CF30A1F 35816 ----a-w- C:\Windows\System32\drivers\Partizan.sys
2015-04-14 10:22:33 81051BCC2CF1BEDF378224B0A93E2877 2 --shatr- C:\Windows\winstart.bat
2015-04-14 10:22:17 AFF2B26B9E0764439CAA3880A8A0466C 12800 ----a-w- C:\Windows\System32\drivers\UnHackMeDrv.sys
2015-04-14 10:22:16 AFF2B26B9E0764439CAA3880A8A0466C 12800 ----a-w- C:\Program Files\UnHackMe\UnHackMeDrv.sys
2015-04-14 10:20:47 AE372FEE25133CDF60B6EE153D28D6C8 16735931 ----a-w- C:\Users\Jelco\Documents\unhackme.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-21-3436792749-3367318415-4003938104-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="C:\Program Files\Sony\Network Utility\LANUtil.exe"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe"
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup"
"Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="C:\Program Files\Sony\Network Utility\LANUtil.exe"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HTC Sync Loader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HTC Sync Loader"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HTC\\HTC Sync 3.0\\htcUPCTLoader.exe\" -startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Mobile Connectivity Suite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Mobile Connectivity Suite"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HTC\\HTC Sync\\Application Launcher\\Application Launcher.exe\" /startoptions"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Web Companion]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Web Companion"
"hkey"="HKCU"
"command"="C:\\Program Files\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Windows Defender"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Windows Defender\\MSASCui.exe -hide"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MagicDisc.lnk"
"backup"="C:\\Windows\\pss\\MagicDisc.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\MAGICD~1\\MAGICD~1.EXE "
"item"="MagicDisc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MobileGo Service.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MobileGo Service.lnk"
"backup"="C:\\Windows\\pss\\MobileGo Service.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\WONDER~1\\MobileGo\\MOBILE~1.EXE "
"item"="MobileGo Service"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Jelco^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GmoteServer.lnk]
"path"="C:\\Users\\Jelco\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\GmoteServer.lnk"
"backup"="C:\\Windows\\pss\\GmoteServer.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\GMOTES~1\\GMOTES~1.EXE "
"item"="GmoteServer"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WinDefend]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"WebEQ XP"="\"C:\\Program Files\\Blaze Audio\\WebEQ Trial\\WebEQ.exe\""
"Registry Reviver"="C:\\Program Files\\Reviversoft\\Registry Reviver\\RegistryReviver.exe"
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"DAEMON Tools Lite"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"ISBMgr.exe"="\"C:\\Program Files\\Sony\\ISB Utility\\ISBMgr.exe\""
"MarketingTools"="C:\\Program Files\\Sony\\Marketing Tools\\MarketingTools.exe"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""


==== Startup Folders ======================

2015-04-10 16:52:45 1037 ----a-w- C:\Users\Jelco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [15-04-2015 09:18]
C:\Windows\tasks\GoogleUpdateTaskMachineCore1cfe3d6eee58740.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [16-10-2014 17:42]
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cfe3d6f26efc20.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [16-10-2014 17:42]
C:\Windows\tasks\Norton Security Scan for Jelco.job --ah----- C:\PROGRA1\NORTON2\Engine\4101.29\Nss.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\0" [c:\program files\internet explorer\iexplore.exe]
"C:\Windows\system32\tasks\4674" [wscript.exe C:\Users\Jelco\AppData\Local\Temp\launchie.vbs //B]
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore1cfe3d6eee58740" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA1cfe3d6f26efc20" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\HPCustParticipation HP Deskjet 2540 series" ["C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe"]
"C:\Windows\system32\tasks\Launch HTC Sync Loader" [C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe]
"C:\Windows\system32\tasks\Norton Security Scan for Jelco" [C:\PROGRA~1\NORTON~2\Engine\410~1.29\Nss.exe]
"C:\Windows\system32\tasks\Start Registry Reviver" [C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe]
"C:\Windows\system32\tasks\UnHackMe Task Scheduler" [C:\Program Files\UnHackMe\hackmon.exe]
"C:\Windows\system32\tasks\User_Feed_Synchronization-{83C77532-DD37-4C00-BB81-9A04D4BE17B9}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
"C:\Windows\system32\tasks\SONY\Me&My VAIO\Me&My VAIO" [C:\Program Files\Sony\Me&My VAIO\QLGuide.exe]

==== Folders in C:\PROGRA~2 0-6 Months Old ======================

2015-03-31 20:00:48 -------- d-----w- C:\PROGRA~2\IHS EViews
2015-04-01 17:34:57 -------- d-----w- C:\PROGRA~2\Malwarebytes
2015-04-08 20:45:52 -------- d-----w- C:\PROGRA~2\{7c61819a-a64a-7a8d-7c61-1819aa64066a}
2015-04-08 20:47:24 -------- d-----w- C:\PROGRA~2\nkdjmkgkbjaojdhjkomieckngpaldlfm
2015-04-15 07:39:46 -------- d-----w- C:\PROGRA~2\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\uczrmd51.default
user_pref("browser.startup.homepage", "about:blank");
user_pref("browser.newtab.url", "about:blank");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [24-08-2009 10:22]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{B64D9B05-48E1-4CEB-BF58-E0643994E900}"="C:\Program Files\Common Files\DVDVideoSoft\plugins\ff" [11-12-2014 20:47]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\0
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}

ProfilePath: C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\uczrmd51.default
- Undetermined - %ProfilePath%\extensions\staged
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- DVDVideoSoft YouTube MP3 and Video Download - %AppDir%\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\uczrmd51.default
E971E06DDE68684CB3957C5D0E133CB0 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
46A59E6F7F7C1679AC7C4655E055326D - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
2F4781F84C92E8C4B1586E47A78E8A61 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.50.255
18C6A57B569F088C2BD7B828A211AC06 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U5
C2D756C95D5AE3D030E7D394B9C771B9 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
0A1FF0B674E2F268799442A434A63BB3 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
DFCAB29E8FD38F95650CC1E203E8D318 - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System


==== Chromium Look ======================

Google Chrome Version: 42.0.2311.90 (Possible outdated, latest Stable version: 41.0.2272.118) [z-db]


Bookmark Manager - Jelco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Google Wallet - Jelco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search/?q=%s"
"Default"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{85A60A59-D3D8-468F-B598-FB4393789EF4}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{85A60A59-D3D8-468F-B598-FB4393789EF4} Google Url="https://www.google.nl/search?q={searchTerms}"

==== HijackThis Entries ======================

O1 - Hosts: ::1 localhost
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Jelco\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on wo 15-04-2015 at 23:02:37,84 ======================

Start Zoek.exe met onderstaand script.


Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.

• Dubbelklik op Zoek.exe om de tool te starten.
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
• 
  Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
  
  Code:

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-];r
  "MarketingTools"=-;r
  C:\Windows\system32\tasks\Start Registry Reviver;fs
  C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe;f
  skipfix-iedefaults;
  iedefaults;
  firefoxlook;
  FFdefaults;
  chromelook;
  CHRdefaults;
  autoclean;
  resetIEproxy;
  emptyclsid;
  emptyalltemp;

• Klik nu op de knop "Run script".
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
• Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

• Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kan je tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)

De schijf uit de laptop halen en aan een andere computer koppelen bedoelde ik te zeggen. Heeft als voordeel dat malware niet aktief kan zijn op het systeem en het verwijderen ervan een stuk gemakkelijker gaat. Methode werkt in 99,9% van de gevallen.

Sorry RogerS ik zou niet weten hoe ik de schijf eruit moet halen.

Hieronder het nieuwe zoek.exe logje:

Zoek.exe v5.0.0.0 Updated 08-April-2015
Tool run by Jelco on vr 17-04-2015 at 13:32:42,24.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jelco\Documents\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-04-15-210237.log 52143 bytes

==== Empty Folders Check ======================

C:\Program Files\Android deleted successfully
C:\PROGRA~2\Roxio deleted successfully
C:\PROGRA~2\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted successfully
C:\Users\Jelco\AppData\Roaming\DAEMON Tools Pro deleted successfully
C:\Users\Jelco\AppData\Roaming\Vso deleted successfully
C:\Users\Jelco\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Jelco\AppData\Roaming\Wondershare deleted successfully
C:\Users\Jelco\AppData\Local\Downloaded Installations deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3436792749-3367318415-4003938104-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{704DC913-8E48-432D-89F1-03A7638543D1} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js:

Added to C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\uczrmd51.default\prefs.js:
user_pref("browser.startup.homepage", "about:blank");
user_pref("browser.newtab.url", "about:blank");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");

Added to C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\uczrmd51.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\0

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_17-04-2015_1354_.backup

ProfilePath: C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\uczrmd51.default

user.js not found
---- Lines babylon modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\
---- Lines extensions.513651f80182f removed from prefs.js ----
user_pref("extensions.513651f80182f.epoch", "1375884104");
user_pref("extensions.513651f80182f.url", "http://getsync.info/sync2/?ext=btos&pid=357&country=NL&regd=130305201344&lsd=130806140146&ver=7&ind=6819924
---- Lines extensions.514b8f0b37915 removed from prefs.js ----
user_pref("extensions.514b8f0b37915.epoch", "1375884104");
user_pref("extensions.514b8f0b37915.url", "http://getjpinet.info/sync2/?ext=btos&pid=357&country=NL&regd=130321225155&lsd=130806140146&ver=7&ind=13419
---- FireFox user.js and prefs.js backups ----

prefs_17-04-2015_1354_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"MarketingTools"=-

==== Batch Command(s) Run By Tool======================


De Winsock-catalogus is opnieuw ingesteld.
De computer dient opnieuw te worden opgestart om het opnieuw instellen te voltooien.


==== Deleting Files \ Folders ======================

C:\Program Files\Android not found
C:\PROGRA~2\{32364CEA-7855-4A3C-B674-53D8E9B97936} not found
"C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe" not found
C:\Users\Jelco\AppData\Roaming\calibre deleted
C:\Windows\system32\tasks\Start Registry Reviver deleted
C:\PROGRA~2\nkdjmkgkbjaojdhjkomieckngpaldlfm deleted
C:\PROGRA~2\{7c61819a-a64a-7a8d-7c61-1819aa64066a} deleted
C:\PROGRA~2\1230 deleted
C:\Program Files\Common Files\DVDVideoSoft\bin deleted
C:\user.js deleted
C:\found.000 deleted
C:\found.001 deleted
C:\Users\Jelco\AppData\Roaming\appdataFr3.bin deleted
C:\Users\Jelco\AppData\Roaming\pcouffin.log deleted
C:\Users\Jelco\~WRL0003.tmp deleted
C:\Users\Jelco\~WRL0005.tmp deleted
C:\Users\Jelco\~WRL1406.tmp deleted
C:\Users\Jelco\~WRL2216.tmp deleted
C:\Users\Jelco\~WRL2406.tmp deleted
C:\Users\Jelco\~WRL2448.tmp deleted
C:\Users\Jelco\AppData\Local\avgchrome deleted
C:\Windows\system32\LavasoftTcpService.dll deleted
C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\uczrmd51.default\extensions\staged deleted
C:\Users\Jelco\ZHPCleaner.exe deleted
"C:\Users\Jelco\AppData\Local\{4892A711-5BC7-4C7F-852F-EDDD21F264C4}" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\0
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\uczrmd51.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [24-08-2009 10:22]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{B64D9B05-48E1-4CEB-BF58-E0643994E900}"="C:\Program Files\Common Files\DVDVideoSoft\plugins\ff" [11-12-2014 20:47]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\0
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}

ProfilePath: C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\uczrmd51.default
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- DVDVideoSoft YouTube MP3 and Video Download - %AppDir%\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Jelco\AppData\Roaming\Mozilla\Firefox\Profiles\uczrmd51.default
E971E06DDE68684CB3957C5D0E133CB0 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
46A59E6F7F7C1679AC7C4655E055326D - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
2F4781F84C92E8C4B1586E47A78E8A61 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.50.255
18C6A57B569F088C2BD7B828A211AC06 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U5
C2D756C95D5AE3D030E7D394B9C771B9 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
0A1FF0B674E2F268799442A434A63BB3 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
DFCAB29E8FD38F95650CC1E203E8D318 - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System


==== Chromium Look ======================

Google Chrome Version: 42.0.2311.90 (Possible outdated, latest Stable version: 41.0.2272.118) [z-db]


Bookmark Manager - Jelco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Google Wallet - Jelco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search/?q=%s"
"Default"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{85A60A59-D3D8-468F-B598-FB4393789EF4}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{85A60A59-D3D8-468F-B598-FB4393789EF4} Google Url="https://www.google.nl/search?q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Jelco\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Jelco\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\Jelco\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Jelco\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Jelco\AppData\Local\Google\Chrome\User Data\Default\Web Data copy was reset successfully
C:\Users\Jelco\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Jelco\AppData\Local\Google\Chrome\User Data\Default\Web Data.temp was reset successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Web Companion deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jelco\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Jelco\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jelco\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jelco\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Jelco\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=206 folders=52 29131592 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jelco\AppData\Local\Temp will be emptied at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Jelco\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Jelco\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on vr 17-04-2015 at 14:03:28,24 ======================

Hallo,

Je heb een Torpig infectie

Maar dorado zou dat hoop ik wel gezien hebben.

Ook een idee hoe ik daar vanaf kom abbs?

jocob zei:

Ook een idee hoe ik daar vanaf kom abbs?

Klik om te vergroten...

Ja zeker, maar hier mogen geen logjes worden behandeld dacht ik: http://www.helpmij.nl/forum/showthr...ware-en-dergelijke-stap-voor-stap-handleiding
Dus hier moet ik mij aan houden.

Alles uit je linkje is al geprobeerd abbs, zonder resultaat.