~ Report of ZHPDiag v2013.11.17.37 - Nicolas Coolman (17-11-2013) ~ Launched by Beheerder (17-11-2013 18:52:57) ~ Web site address : http://nicolascoolman.webs.com ~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/ ~ Translated by ~ Version State : ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Activate by user ---\\ Internet browsers MSIE: Internet Explorer v11.0.9600.16428 MFIE: Mozilla Firefox 5.0 GCIE: Google Chrome v31.0.1650.57 (Defaut) GCIE: Google Chrome Frame v31.0.1650.57 (Defaut) ---\\ Windows product information ~ Langage: Anglais Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System protection software AVG 2013 v13.0.3426 Malwarebytes Anti-Malware versie 1.75.0.1300 McAfee Security Scan Plus v3.8.130.10 SUPERAntiSpyware v5.6.1010 Windows Defender W7 ---\\ System optimization software CCleaner v3.18 =>Piriform Ltd ---\\ Sharing software PeerToPeer ---\\ Surveillance software Adobe Flash Player 11 Plugin Adobe Reader X ---\\ Information on the system ~ Processor: AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 5878 MB (73% free) System Restore: Activé (Enable) System drive C: has 20 GB (27%) free of 73 GB ---\\ Connection to the system mode ~ Computer Name: BEHEERDER-PC ~ User Name: Beheerder ~ All Users Names: HomeGroupUser$, Gast, Beheerder, Administrator, ~ Unselected Option: None Logged in as Administrator ---\\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Beheerder\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Beheerder\AppData\Roaming\ ~ %Desktop% : C:\Users\Beheerder\Desktop\ ~ %Favorites% : C:\Users\Beheerder\Favorites\ ~ %LocalAppData% : C:\Users\Beheerder\AppData\Local\ ~ %StartMenu% : C:\Users\Beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 20 Go of 73 Go) D: CD-ROM drive (Not Inserted) E: Hard drive, Flash drive, Thumb drive (Free 113 Go of 160 Go) F: Floppy drive, Flash card reader, USB Key (Free 13 Go of 30 Go) ---\\ State of the Windows Security Center [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Search Generic System Files [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Verkenner.) (.25-2-2011 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14-7-2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.E6CB36B85BE59095337427E853A5B65A] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.17-11-2013 - 15:08:36.) -- C:\Windows\System32\wininet.dll [2332160] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.20-11-2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.20-11-2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28-9-2013 - 2:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-7-2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-7-2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20-11-2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20-11-2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20-11-2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14-7-2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-7-2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-4-2011 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20-11-2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.12-4-2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14-7-2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20-11-2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20-11-2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-7-2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20-11-2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.20-11-2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 2/3 ~ Mes musiques (My Musics) : 1/618 ~ Mes Videos (My Videos) : 1/3 ~ Mes Favoris (My Favorites) : 1/448 ~ Mes Documents (My Documents) : 1/158 ~ Mon Bureau (My Desktop) : 1/11 ~ Menu demarrer (Programs) : 1/22 ~ Hidden Files: Scanned in 00mn 00s ---\\ Process running [MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.2536] [MD5.824512C3EAE3462388B8861986907E28] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8227328] [PID.6128] [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.2060] [MD5.51782A3D230D0337853B43D0810D0193] - (.AVG Technologies CZ, s.r.o. - AVG Firewall Service.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080] [PID.2156] [MD5.4DB93F4DB7077801D2D82013506AC1D0] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312] [PID.2184] [MD5.48939D9F350AEF9370F03A1E49A49BE2] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136] [PID.2268] [MD5.D17F9E527F01770BD04A9223BC40EC22] - (.Hewlett-Packard Company - HP Quick Synchronization Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [227384] [PID.2308] [MD5.7D10E0F2F603A3CE65F0B9750F7ABDB2] - (.Hewlett-Packard Company - hpHotkeyMonitor Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [1698360] [PID.2360] [MD5.CF7B0E597C1F34E528285495721DEEE9] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe [237960] [PID.2660] [MD5.C5678CCEB3E9E03639C0A0E67B132E92] - (...) -- C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [671744] [PID.2736] [MD5.C34411A244029F1C08687F7C752C4563] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2744] [MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2088] [MD5.F67C21CC4195F6AFC447418FE163E156] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [5087584] [PID.3108] [MD5.A53D484A51C500C2E7CF48A1C1381835] - (...) -- C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [1541120] [PID.3264] [MD5.0955C23C041451FB4E7099D6B2CF1C06] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [988216] [PID.4704] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Winkel v.0.2 (Activé) G2 - GCE: Preference [User Data\Default] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé) ~ Google Browser: 13 Legitimates Filtered in 00mn 00s ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) C:\Users\Beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\h0o3moe3.default\prefs.js M3 - MFPP: Plugins - [Beheerder] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\bolcom-nl.xml M3 - MFPP: Plugins - [Beheerder] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\marktplaats-nl.xml M3 - MFPP: Plugins - [Beheerder] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\vandale-nl.xml M3 - MFPP: Plugins - [Beheerder] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-nl.xml ~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl ~ IE Browser: 15 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 23 ---\\ Internet Explorer toolbars (O3) O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Orphan key O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{B23569DF-AA6A-4D98-9F7F-C97D89E01DCD} Orphan key ~ Toolbar: Scanned in 00mn 00s ---\\ Other User Links (O4) O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\Desktop [Public]: HP Support Assistant.lnk . (.Hewlett-Packard Company - HP Support Assistant.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe =>.Hewlett-Packard Co O4 - GS\Desktop [Public]: Internet Manager.lnk . (...) -- C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Internet Manager.exe O4 - GS\Desktop [Public]: Internetbrowser selecteren.lnk . (.Microsoft Corporation - Internetbrowser selecteren.) -- C:\Windows\System32\browserchoice.exe O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files\McAfee Security Scan\3.8.130\McUICnt.exe O4 - GS\Desktop [Public]: Spotnet.lnk . (...) -- C:\Program Files (x86)\Spotnet\Spotnet.exe O4 - GS\Desktop [Public]: SUPERAntiSpyware Professional.lnk . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - GS\Desktop [Public]: Total Commander 64 bit.lnk . (.Ghisler Software GmbH - Total Commander.) -- C:\totalcmd\TOTALCMD64.exe O4 - GS\Program [Public]: IDT HD Audio.lnk . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\idtcpl64.cpl O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [Beheerder]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [Beheerder]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Beheerder]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar [Beheerder]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Program [Beheerder]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SystemTools [Beheerder]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [Beheerder]: Afbeeldingen - Snelkoppeling.lnk . (...) -- C:\Users\Beheerder\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms O4 - GS\Desktop [Beheerder]: Driver Genius Professional Edition.lnk . (...) -- C:\Program Files (x86)\Driver-Soft\DriverGenius\DriverGenius.exe (.not file.) O4 - GS\Desktop [Beheerder]: IDT HD Audio.lnk . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\idtcpl64.cpl O4 - GS\Desktop [Beheerder]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [Beheerder]: Internetbrowser selecteren.lnk . (.Microsoft Corporation - Internetbrowser selecteren.) -- C:\Windows\System32\browserchoice.exe O4 - GS\Desktop [Beheerder]: NieuwVolume (E) - Snelkoppeling.lnk . (...) -- E:\ O4 - GS\Desktop [Beheerder]: Your Unin-staller!.lnk . (.URSoft,Inc - Your Uninstaller! - New way to uninstall pr.) -- C:\Program Files (x86)\Your Uninstaller! 7\urmain.exe ~ Global Startup: 80 Legitimates Filtered in 00mn 00s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-3116998117-3608917340-3632595343-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe ~ Application: Scanned in 00mn 00s ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: &Verzenden naar OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.) O9 - Extra button: &Gekoppelde notities van OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.) ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ ActiveX Objects (Downloaded Program Files) (O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{85732B8F-B3A8-4887-9FBA-86225726F06E}: NameServer = 84.241.226.140 84.241.226.9 O17 - HKLM\System\CCS\Services\Tcpip\..\{ECD4D68A-C4D8-4832-A0B3-B599C9F9D4EB}: NameServer = 84.241.226.9 84.241.226.140 O17 - HKLM\System\CCS\Services\Tcpip\..\{0072216A-EDDD-4003-9650-B02B4C5CE2AF}: DhcpNameServer = 62.179.104.196 213.46.228.196 O17 - HKLM\System\CS1\Services\Tcpip\..\{85732B8F-B3A8-4887-9FBA-86225726F06E}: NameServer = 84.241.226.140 84.241.226.9 O17 - HKLM\System\CS1\Services\Tcpip\..\{ECD4D68A-C4D8-4832-A0B3-B599C9F9D4EB}: NameServer = 84.241.226.9 84.241.226.140 O17 - HKLM\System\CS1\Services\Tcpip\..\{0072216A-EDDD-4003-9650-B02B4C5CE2AF}: DhcpNameServer = 62.179.104.196 213.46.228.196 O17 - HKLM\System\CS2\Services\Tcpip\..\{85732B8F-B3A8-4887-9FBA-86225726F06E}: NameServer = 84.241.226.140 84.241.226.9 O17 - HKLM\System\CS2\Services\Tcpip\..\{ECD4D68A-C4D8-4832-A0B3-B599C9F9D4EB}: NameServer = 84.241.226.9 84.241.226.140 O17 - HKLM\System\CS2\Services\Tcpip\..\{0072216A-EDDD-4003-9650-B02B4C5CE2AF}: DhcpNameServer = 62.179.104.196 213.46.228.196 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.104.196 213.46.228.196 ~ Domain: Scanned in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe O23 - Service: Internet Manager. OUC (Internet Manager. RunOuc) . (...) - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) . (.TuneUp Software - TuneUp Utilities Service.) - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe ~ Services: 20 Legitimates Filtered in 00mn 04s ---\\ Software installed (O42) O42 - Logiciel: Club-Lounge-Radio Toolbar - (.Club-Lounge-Radio.) [HKLM][64Bits] -- Club-Lounge-Radio Toolbar O42 - Logiciel: Spotnet - (.Spotnet.) [HKLM][64Bits] -- {12947715-B6F0-4597-816F-5E13FB647921}_is1 ~ Logic: 76 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\5fedd8ab23ce842] [HKCU\Software\Claro LTD] =>PUP.ClaroSearch [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\IGearSettings] [HKCU\Software\YahooPartnerToolbar] [HKLM\Software\Wow6432Node\5fedd8ab23ce842] [HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon [HKLM\Software\Wow6432Node\Claro LTD] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Club-Lounge-Radio] [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr [HKLM\Software\Wow6432Node\T-Mobile_H] ~ Key Software: 166 Legitimates Filtered in 00mn 00s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 17-11-2013 - 13:37:57 - [7,738] ----D C:\Program Files (x86)\Club-Lounge-Radio O43 - CFD: 25-10-2013 - 20:57:21 - [26,467] ----D C:\Program Files (x86)\Spotnet O43 - CFD: 25-10-2013 - 19:08:13 - [102,340] ----D C:\Program Files (x86)\T-Mobile O43 - CFD: 31-8-2013 - 13:00:37 - [21,298] ----D C:\ProgramData\Internet Manager O43 - CFD: 26-10-2013 - 11:17:39 - [485,714] ----D C:\ProgramData\Spotnet O43 - CFD: 31-8-2013 - 11:47:19 - [0,009] ----D C:\Users\Beheerder\AppData\Roaming\Internet Manager O43 - CFD: 24-7-2011 - 14:25:23 - [0,004] ----D C:\Users\Beheerder\AppData\Roaming\T-Mobile O43 - CFD: 31-8-2013 - 13:01:32 - [21,088] ----D C:\Users\Beheerder\AppData\Roaming\T-Mobile Internet Manager O43 - CFD: 25-10-2013 - 21:02:13 - [0,001] ----D C:\Users\Beheerder\AppData\Local\Spotnet ~ 1 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 145 Legitimates Filtered in 00mn 05s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.3755F4B391D61925A825770BB7419CC5] - 16-11-2013 - 20:28:12 ---A- . (...) -- C:\zoek-results.log [34430] O44 - LFC:[MD5.4E8F2BB3A5A87E75C35533723B50E685] - 17-11-2013 - 12:15:13 ---A- . (...) -- C:\Windows\SysNative\user_gensett.xml [385] O44 - LFC:[MD5.4E8F2BB3A5A87E75C35533723B50E685] - 17-11-2013 - 12:15:13 ---A- . (...) -- C:\Windows\System32\user_gensett.xml [385] O44 - LFC:[MD5.AB933727A511B8287DBB655C33152E9B] - 17-11-2013 - 13:46:33 ---A- . (...) -- C:\bdlog.txt [3035] O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 17-11-2013 - 15:08:35 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [16284] O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 17-11-2013 - 15:08:35 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284] O44 - LFC:[MD5.198E5896D01334A57CE2F8AA13978ECF] - 17-11-2013 - 15:12:56 ---A- . (...) -- C:\Windows\IE11_main.log [10942] ~ Files: 175 Legitimates Filtered in 00mn 07s ---\\ Last files created in Windows Prefetcher (O45) O45 - LFCP:[MD5.451424B1BD17531A4EFD8E4129CDB51C] - 17-11-2013 - 18:43:10 ---A- - C:\Windows\Prefetch\LIVEUPD.EXE-19BC10FD.pf O45 - LFCP:[MD5.5B8F0DB4E9B419FE39146BF505859806] - 17-11-2013 - 18:43:10 ---A- - C:\Windows\Prefetch\RUNLIVEUPD.EXE-DC494666.pf O45 - LFCP:[MD5.E3FEDFBB46A8DC29B7DA3DC6BED24626] - 17-11-2013 - 18:51:37 ---A- - C:\Windows\Prefetch\TOTALCMD64.EXE-3B68AEE5.pf ~ Prefetcher: 70 Legitimates Filtered in 00mn 00s ---\\ Operations and functions at Windows Explorer startup (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Safe Boot Control (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.) ~ CSB: 15 Legitimates Filtered in 00mn 00s ---\\ MountPoints2 Shell Key (MPKS) (O51) O51 - MPSK:{31e4463c-1220-11e3-831c-ac8112407ca4}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) O51 - MPSK:{31e44657-1220-11e3-831c-ac8112407ca4}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) O51 - MPSK:{4498ffff-e75c-11e0-aeb2-ac8112407ca4}\AutoRun\command. (...) -- G:\LaunchU3.exe (.not file.) O51 - MPSK:{87f57cdf-5a9a-11e2-9926-ac8112407ca4}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) O51 - MPSK:{87f57ce1-5a9a-11e2-9926-ac8112407ca4}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) O51 - MPSK:{87f57ce3-5a9a-11e2-9926-ac8112407ca4}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) O51 - MPSK:{87f57ce7-5a9a-11e2-9926-ac8112407ca4}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) O51 - MPSK:{87f57cf7-5a9a-11e2-9926-643150869edb}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) O51 - MPSK:{87f57cf9-5a9a-11e2-9926-643150869edb}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) O51 - MPSK:{9f6df993-b5ed-11e0-9250-f6cb6ca6124d}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) O51 - MPSK:{9f6df997-b5ed-11e0-9250-f6cb6ca6124d}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.) O51 - MPSK:{a0654bb1-b6d1-11e0-bf87-806e6f6e6963}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) O51 - MPSK:{a0654bca-b6d1-11e0-bf87-ac8112407ca4}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) O51 - MPSK:{ca1ddb98-b60c-11e0-a90f-806e6f6e6963}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) O51 - MPSK:{f12c5f07-22b6-11e3-a2c5-ac8112407ca4}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14-7-2009 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] ~ Drivers: 16 Legitimates Filtered in 00mn 36s ---\\ Last modified or created user files (O61) O61 - LFC: 15-11-2013 - 18:54:25 ---A- . (...) -- C:\Users\Beheerder\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk [2054] O61 - LFC: 17-11-2013 - 18:54:15 ---A- . (...) -- C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4] O61 - LFC: 17-11-2013 - 18:54:20 ---A- . (...) -- C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Local State [99822] O61 - LFC: 17-11-2013 - 18:54:25 ---A- . (...) -- C:\Users\Beheerder\AppData\Roaming\hpqLog\casllogs_QLBController.xml [1030] O61 - LFC: 17-11-2013 - 18:54:26 ---A- . (...) -- C:\Users\Beheerder\AppData\Roaming\ZHP\HOSTS.txt [864] =>.Nicolas Coolman O61 - LFC: 17-11-2013 - 18:54:26 ---A- . (...) -- C:\Users\Beheerder\AppData\Roaming\ZHP\Log.txt [19321] =>.Nicolas Coolman O61 - LFC: 17-11-2013 - 18:54:26 ---A- . (...) -- C:\Users\Beheerder\AppData\Roaming\ZHP\TestsZHPDiag.txt [2961] =>.Nicolas Coolman ~ 8 Fichiers temporaires (Temporary files) ~ Files: 471 Legitimates Filtered in 00mn 16s ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman O63 - Logiciel: RSIT - (.random/random.) ~ ADS: Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: prefs.js [Beheerder - h0o3moe3.default] user_pref("avg.install.currLocale", "nl"); O69 - SBI: prefs.js [Beheerder - h0o3moe3.default] user_pref("avg.install.date", "1383150262000"); O69 - SBI: prefs.js [Beheerder - h0o3moe3.default] user_pref("avg.install.disableDNSSearch", false); O69 - SBI: prefs.js [Beheerder - h0o3moe3.default] user_pref("avg.install.disableHPGuard", false); O69 - SBI: prefs.js [Beheerder - h0o3moe3.default] user_pref("avg.install.disableKeywordSearch", false); O69 - SBI: prefs.js [Beheerder - h0o3moe3.default] user_pref("avg.install.disableSPGuard", false); O69 - SBI: prefs.js [Beheerder - h0o3moe3.default] user_pref("avg.install.finished", "17.0.1.12"); O69 - SBI: prefs.js [Beheerder - h0o3moe3.default] user_pref("avg.install.guardKUCount", 0); O69 - SBI: prefs.js [Beheerder - h0o3moe3.default] user_pref("avg.install.guardSPCount", 0); O69 - SBI: prefs.js [Beheerder - h0o3moe3.default] user_pref("avg.install.guid", "{01233fc5-fc38-4fe3-9af8-eebfcd0f845f}"); O69 - SBI: prefs.js [Beheerder - h0o3moe3.default] user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\17.0.1.12"); =>Toolbar.AVGSearch O69 - SBI: prefs.js [Beheerder - h0o3moe3.default] user_pref("avg.install.laststatreq", "1383150269000"); O69 - SBI: prefs.js [Beheerder - h0o3moe3.default] user_pref("avg.install.lastUpdaterReq", "1383150269000"); O69 - SBI: prefs.js [Beheerder - h0o3moe3.default] user_pref("avg.install.overlayVersion", "635162436249291250"); O69 - SBI: prefs.js [Beheerder - h0o3moe3.default] user_pref("avg.install.userHPSettings", "about:home"); O69 - SBI: prefs.js [Beheerder - h0o3moe3.default] user_pref("avg.install.userKUSettings", "KWURL NOT REGISTERED"); O69 - SBI: prefs.js [Beheerder - h0o3moe3.default] user_pref("avg.install.userSPSettings", ""); O69 - SBI: prefs.js [Beheerder - h0o3moe3.default] user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); =>PUP.Babylon O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Crack & Keygen Files (CKF) (O82) C:\Program Files\SUPERAntiSpyware\CORE\keygen.exe C:\test\SUPERAntiSpyware Professional 561012 Final\Password-Protected-AntiSpyware Pro 5.6.1012\CORE\keygen.exe C:\Program Files\SUPERAntiSpyware\CORE\keygen.exe C:\test\SUPERAntiSpyware Professional 561012 Final\Password-Protected-AntiSpyware Pro 5.6.1012\CORE\keygen.exe ~ Files: Scanned in 00mn 08s ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.8DE5CBDA66B59A8D6B8DDFD5D2C1DC89] [SPRF][17-11-2013] (...) -- C:\ProgramData\1384685636.bdinstall.bin [121599] [MD5.456E9C7493EDD59D85EFAC4669F3B6EC] [SPRF][17-11-2013] (...) -- C:\ProgramData\1384685697.bdinstall.bin [21594] [MD5.EE1442811DF476D4F3A3FE07F5362461] [SPRF][17-11-2013] (...) -- C:\ProgramData\1384685975.bdinstall.bin [201952] [MD5.3D08266B9CAF39918AA2868CC3974CE0] [SPRF][17-11-2013] (...) -- C:\ProgramData\1384692361.bdinstall.bin [112816] [MD5.879F28648392925A8EC35A863955F516] [SPRF][11-4-2012] (...) -- C:\Users\Beheerder\AppData\Local\Temp\setup.exe [262521368] [MD5.8C0B8E21AA01A0B4A090D02C9B0CBFCE] [SPRF][27-6-2012] (...) -- C:\Users\Beheerder\AppData\LocalLow\dt.dat [33758] [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][17-11-2013] (...) -- C:\Users\Beheerder\AppData\LocalLow\prvlcl.dat [0] ~ Files: 7 Legitimates Filtered in 00mn 04s ---\\ Random Export Key (REK) (O91) [HKCU\Software\5fedd8ab23ce842]:version="2.5.986.67" [HKLM\Software\Wow6432Node\5fedd8ab23ce842]:version="2.5.986.67" ~ Export Key Software: Scanned in 00mn 00s ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 11-7-2012 140672 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE64.exe SR - | Auto 10-5-2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 30-10-2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 1-3-2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\AESTSr64.exe SR - | Auto 27-3-2009 16896 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe SR - | Auto 8-4-2010 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 4-9-2013 1432080 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe SR - | Auto 4-7-2013 4939312 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe SR - | Auto 23-7-2013 283136 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe SS - | Auto 3-7-2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 3-7-2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 21-8-2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Disabled 26-10-2013 109352 | (HitmanProScheduler) . (.SurfRight B.V..) - C:\Program Files\HitmanPro\hmpsched.exe SS - | Disabled 21-6-2011 85560 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co SR - | Auto 5-7-2011 227384 | (HPDrvMntSvc.exe) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe SR - | Auto 6-7-2011 1698360 | (hpHotkeyMonitor) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe SR - | Demand 5-7-2011 988216 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe SR - | Auto 13-5-2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe SR - | Auto 14-3-2011 346976 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe SS - | Auto 5-2-2013 671744 | (Internet Manager. RunOuc) . (...) - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe SR - | Auto 4-3-2011 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe SR - | Auto 4-4-2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe SS - | Auto 4-4-2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe SS - | Demand 6-9-2013 288776 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe SS - | Disabled 1-3-2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SR - | Auto 7-9-2010 271360 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe SR - | Auto 1-10-2013 5087584 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe SR - | Auto 11-10-2013 2409272 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe SR - | Auto 14-7-2009 27136 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\Windows\System32\svchost.exe SS - | Demand 14-7-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 10-7-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14-7-2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 12s ---\\ Search Master Boot Record Infection (MBR)(O80) Run by Beheerder at 17-11-2013 18:55:00 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Beheerder at 17-11-2013 18:55:02 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 12996 - (17-11-2013) Clés trouvées (Keys found) : 75 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 5 [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon [HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask [HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon [HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}] =>Toolbar.TuneUp [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon [HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing [HKLM\Software\Classes\AVG Secure Search.BrowserWndAPI] =>Toolbar.AVGSearch [HKLM\Software\Classes\AVG Secure Search.PugiObj] =>Toolbar.AVGSearch [HKLM\Software\Classes\AVG Secure Search.PugiObj.1] =>Toolbar.AVGSearch [HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch [HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch [HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch [HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo [HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon [HKLM\Software\Classes\Prod.cap] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing [HKLM\Software\Classes\Installer\Features\F092B960893592640A90584BCB4B1B9B] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Installer\Features\F092B960893592640A90584BCB4B1B9B] =>PUP.ClaroSearch [HKLM\Software\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}] =>PUP.ClaroSearch [HKLM\Software\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}] =>PUP.ClaroSearch [HKLM\Software\Classes\esrv.claroESrvc.1] =>PUP.ClaroSearch [HKLM\Software\Classes\esrv.claroESrvc] =>PUP.ClaroSearch [HKLM\Software\Classes\AVG Secure Search.BrowserWndAPI.1] =>Toolbar.AVGSearch [HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector [HKLM\Software\Classes\Toolbar.CT1447612] =>Toolbar.Conduit [HKLM\Software\Classes\wajam.WajamBHO] =>PUP.Wajam [HKLM\Software\Classes\wajam.WajamBHO.1] =>PUP.Wajam [HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\Toolbar.CT1447612] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\wajam.WajamBHO] =>PUP.Wajam [HKLM\Software\Wow6432Node\Classes\wajam.WajamBHO.1] =>PUP.Wajam [HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Classes\claro.claroappCore] =>PUP.ClaroSearch^ [HKLM\Software\Classes\claro.claroappCore.1] =>PUP.ClaroSearch^ [HKLM\Software\Classes\claro.clarodskBnd] =>PUP.ClaroSearch^ [HKLM\Software\Classes\claro.clarodskBnd.1] =>PUP.ClaroSearch^ [HKLM\Software\Classes\claro.claroHlpr] =>PUP.ClaroSearch^ [HKLM\Software\Classes\claro.claroHlpr.1] =>PUP.ClaroSearch^ [HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^ [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^ [HKCU\Software\Claro LTD] =>PUP.ClaroSearch^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ [HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon^ [HKLM\Software\Wow6432Node\Claro LTD] =>PUP.ClaroSearch^ [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^ ~ Additionnel Scan: 234903 Items scanned in 00mn 17s ---\\ Summary of the detections found on your workstation ~ http://nicolascoolman.webs.com/apps/blog/show/27563212-pup-clarosearch =>PUP.ClaroSearch ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector ~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam =>PUP.Wajam ~ MSI: 9 link(s) detected in 00mn 17s ~ 1783 Legitimates filtered by white list End of the scan (643 lines in 02mn 22s)(4)