~ Verslag van ZHPDiag v2014.6.4.83 - Nicolas Coolman (4/06/2014) ~ Gelanceerd door gebruiker (4/06/2014 20:36:50) ~ Het adres van de website : http://nicolascoolman.fr ~ Vertaald door de gebruiker ~ Staat van de versie : Aktualisierte Version. ~ Lijst wit : Ingeschakeld door het programma ~ Tot misbruik van bevoegdheden : OK ~ Gebruikersaccountbeheer (UAC) : Activate by user ---\\ Internet-browsers MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 13.0.1 GCIE: Google Chrome v33.0.1750.146 (Defaut) ---\\ Windows productinformatie ~ Langage: Néerlandais Windows 7 Home Premium, 32-bit (Build 7600) Windows Server License Manager Script : OK Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Software om het systeem te beveiligen AVG 2014 v14.0.4592 Malwarebytes Anti-Malware versie 2.0.2.1012 Norton Internet Security v16.0.0.125 Windows Defender W7 (Deactivate) ---\\ Systeem optimalisatie software ---\\ Delen van software PeerToPeer Pando Media Booster v2.3.3.6 ---\\ Software die extra aandacht behoeft Adobe Flash Player 13 Plugin Adobe Reader X Java 7 Update 21 ---\\ Informatie over het systeem ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3070 MB (45% free) System Restore: Activé (Enable) System drive C: has 126 GB (27%) free of 453 GB ---\\ Verbinding met het systeem-modus ~ Computer Name: BRIYO ~ User Name: gebruiker ~ All Users Names: HomeGroupUser$, gebruiker, Gast, Administrator, ~ Unselected Option: None Logged in as Administrator ---\\ Omgevingsvariabelen ~ System Unit : C:\ ~ %AppZHP% : C:\Users\gebruiker\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\gebruiker\AppData\Roaming\ ~ %Desktop% : C:\Users\gebruiker\Desktop\ ~ %Favorites% : C:\Users\gebruiker\Favorites\ ~ %LocalAppData% : C:\Users\gebruiker\AppData\Local\ ~ %StartMenu% : C:\Users\gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Overzicht vaste en verwisselbare stations C: Hard drive, Flash drive, Thumb drive (Free 126 Go of 453 Go) D: CD-ROM drive (Not Inserted) ---\\ Staat van het Windows Beveiligingscentrum [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 42 Legitimates Filtered in 00mn 00s ---\\ Zoeken naar bepaalde algemene bestanden [MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Windows Verkenner.) (.26/02/2011 - 6:33:07.) -- C:\Windows\Explorer.exe [2614784] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14/07/2009 - 2:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.22/02/2013 - 4:38:00.) -- C:\Windows\System32\wininet.dll [1129472] [MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.28/10/2009 - 7:17:59.) -- C:\Windows\System32\Winlogon.exe [285696] [MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.14/07/2009 - 2:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024] [MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 3:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 2:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 0:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 0:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 3:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 0:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14/07/2009 - 0:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 0:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/05/2011 - 3:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392] [MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 0:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.A8F59428E9F361C7AC42A94AC1560BC9] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.12/04/2013 - 14:58:11.) -- C:\Windows\system32\Drivers\ntfs.sys [1210728] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14/07/2009 - 0:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 0:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 0:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 0:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240] [MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.6/09/2012 - 17:48:29.) -- C:\Windows\system32\Drivers\volsnap.sys [245616] ~ Generic Processes: Scanned in 00mn 00s ---\\ Status van de verborgen bestanden (verborgen/totaal) ~ Mes images (My Pictures) : 2/5 ~ Mes musiques (My Musics) : 282/427 ~ Mes Videos (My Videos) : 1/2 ~ Mes Favoris (My Favorites) : 1/23 ~ Mes Documents (My Documents) : 2/1923 ~ Mon Bureau (My Desktop) : 1/12449 ~ Menu demarrer (Programs) : 1/46 ~ Hidden Files: Scanned in 00mn 18s ---\\ Gestarte processen [MD5.1ABF80D4F4941ECEE600AEC768173523] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1430824] [PID.2600] [MD5.BEC03D0FD49473F4A829C85E2F450BA9] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6789664] [PID.2376] [MD5.225AE3D9743FEC8D3EF5FF4BA8E438A5] - (.NewTech Infosystems, Inc. - Packard Bell MyBackup.) -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [250624] [PID.3980] [MD5.598949D6DEBF60C01585B804BD8825B4] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432] [PID.3744] [MD5.7F15425D40DA2B82FA31E922422FC51E] - (.Suyin - Video Web Camera.) -- C:\Program Files\VideoWebCamera\VideoWebCamera.exe [1552497] [PID.3868] [MD5.B2994EC6452DBD04E57828EEFEDFB93C] - (.Realtek Semiconductor Corp. - Realtek HD Audio Data Rerouter.) -- C:\Users\gebruiker\AppData\Local\Temp\RtkBtMnt.exe [204800] [PID.2828] [MD5.20E044420B9A2263E990A2C2DF0983F3] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files\Launch Manager\LManager.exe [1157640] [PID.3212] [MD5.F92871A389230747AC6348C64D41AD57] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.2884] [MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.3840] [MD5.6B115CE521D96900373775ECAC975D59] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3524536] [PID.1960] [MD5.74E1E8B9E7BEAEBFC6DAFB4F16BF2F52] - (.Sony Corporation - Media Check Tool.) -- C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [739936] [PID.2352] [MD5.BAF535F843A3E790E04A7613811B55BC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.4052] [MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.3872] [MD5.48BE298F7FD1BEF4D8FBACB04D8D95C4] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576] [PID.1868] [MD5.0DA5B99D6966D22C1D5D9A619CA42F58] - (.No owner - AgentMon Application.) -- C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [391040] [PID.2336] [MD5.C8F0DCA0E032881B6C4422B502194629] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe [5181456] [PID.2796] [MD5.EE90A04DC33568E35D35300D7B2AC663] - (.Acer Incorporated - SMP Systray.) -- C:\Program Files\PACKARD BELL\SetupMyPC\SmpSys.exe [1160736] [PID.4000] [MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Users\gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [116648] [PID.2720] [MD5.70C305067B3D543870597C57F74D9EC3] - (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe [964024] [PID.2688] [MD5.8E689D83B243C229A683559FF98CF047] - (.No owner - KiesPDLR.) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432] [PID.2876] [MD5.395BCC9122E705F6586217E32CD01CC9] - (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [1837672] [PID.4128] [MD5.818DBC9026FDB4A519A4B74A30A7F485] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [38912] [PID.4144] [MD5.65F72C68DFE48591AFA2100FBEDB66B6] - (.Spotify Ltd - Spotify.) -- C:\Users\gebruiker\AppData\Roaming\Spotify\spotify.exe [6170168] [PID.4324] [MD5.3B6060D03FE2D982AC7F4C2CE1D4FD76] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632] [PID.4416] [MD5.EA65DE7F8A5EFBD7C96969FE8E971FA1] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [795936] [PID.4752] [MD5.C48ACB5EC85FABB168BA37B867116776] - (.No owner - MFManager.) -- C:\Program Files\Canon\ImageBrowser EX\MFManager.exe [69120] [PID.4928] [MD5.CCCDC7B64CFF96C977B0FADC24434628] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe [33322312] [PID.5044] [MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.5196] [MD5.87DAD1B96777477B0724B66C63D7F07F] - (.Acer Incorporated - ePowerTray.) -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe [698912] [PID.5312] [MD5.330F7201811A7236E4539CFBA11984D4] - (...) -- C:\Users\gebruiker\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [598072] [PID.5212] [MD5.026C4CA19FAE1F84894A99735B15AACA] - (.Google Inc. - Google Chrome.) -- C:\Users\gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe [859464] [PID.6072] [MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.6324] [MD5.09DCCADFD2EE9A303AE95E44AFC1870F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8023040] [PID.8016] ~ Processes Running: Scanned in 00mn 02s ---\\ Google Chrome, start, zoeken, extensies (G0, G1, G2) C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [adgifpgfcekfhpionnaoemjfblooeokj] QueenCOUpon v.1.4 (Désactivé) G2 - GCE: Preference [User Data\Default] [bglhlclfefhibpgbjfgclmbgffegekob] QueeenCoupoN v.1.4 (Désactivé) G2 - GCE: Preference [User Data\Default] [hhnjdplhmcnkiecampfdgfjilccfpfoe] Keep My Opt-Outs v.1.0.15 (Désactivé) G2 - GCE: Preference [User Data\Default] [hionenaeedkdbgcphbjmejconmllopla] saveiitkeeep. v.1.5 (Désactivé) =>PUP.SaveItKeep G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) ---\\ Google Chrome extensie map ~ Google Lines Browser: 19 Legitimates Filtered in 00mn 06s ---\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3) C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\a1pvwxbo.default\prefs.js M2 - MFEP: prefs.js [gebruiker - a1pvwxbo.default\https-everywhere@eff.org] [] HTTPS-Everywhere v3.4.5 (..) P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.1] - (...) -- C:\Users\gebruiker\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll (.not file.) P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (...) -- C:\Users\gebruiker\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll (.not file.) ~ Firefox Browser: 29 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, start, zoeken, URLSearchHook, Phishing (R0, R1, R3, R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.be ~ IE Browser: 12 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, proxybeheer (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts-bestand omleiding (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Internet Explorer werkbalken (O3) O3 - Toolbar: &Google - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar voor IE.) -- c:\program files\google\googletoolbar1.dll =>Toolbar.Google O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Orphan sleutel ~ Toolbar: Scanned in 00mn 00s ---\\ Toepassingen gestart door register & bestand (O4) O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Program Files\Realtek\Audio\HDA\Skytel.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [Acer ePower Management] . (.Acer Incorporated - ePowerTrayLauncher.) -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe O4 - HKLM\..\Run: [BackupManagerTray] . (.NewTech Infosystems, Inc. - Packard Bell MyBackup.) -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll =>.NVIDIA Corporation O4 - HKLM\..\Run: [PDVD8LanguageShortcut] . (.No owner - Language Application.) -- C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe O4 - HKLM\..\Run: [RemoteControl8] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe O4 - HKLM\..\Run: [VideoWebCamera] . (.Suyin - Video Web Camera.) -- C:\Program Files\VideoWebCamera\VideoWebCamera.exe O4 - HKLM\..\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files\Launch Manager\LManager.exe O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe O4 - HKLM\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Run: [PMBVolumeWatcher] . (.Sony Corporation - Media Check Tool.) -- C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [AgentMonitor] . (.No owner - AgentMon Application.) -- C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehTray.exe =>.Microsoft Corporation O4 - HKCU\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.) O4 - HKCU\..\Run: [SmpcSys] . (.Acer Incorporated - SMP Systray.) -- C:\Program Files\PACKARD BELL\SetupMyPC\SmpSys.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (.not file.) O4 - HKCU\..\Run: [KiesPDLR] . (.No owner - KiesPDLR.) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [HP Photosmart 6520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\gebruiker\AppData\Roaming\Spotify\Spotify.exe O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-1937608926-1708186935-3658638872-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehTray.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-1937608926-1708186935-3658638872-1000\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.) O4 - HKUS\S-1-5-21-1937608926-1708186935-3658638872-1000\..\Run: [SmpcSys] . (.Acer Incorporated - SMP Systray.) -- C:\Program Files\PACKARD BELL\SetupMyPC\SmpSys.exe O4 - HKUS\S-1-5-21-1937608926-1708186935-3658638872-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-21-1937608926-1708186935-3658638872-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe O4 - HKUS\S-1-5-21-1937608926-1708186935-3658638872-1000\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe O4 - HKUS\S-1-5-21-1937608926-1708186935-3658638872-1000\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (.not file.) O4 - HKUS\S-1-5-21-1937608926-1708186935-3658638872-1000\..\Run: [KiesPDLR] . (.No owner - KiesPDLR.) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKUS\S-1-5-21-1937608926-1708186935-3658638872-1000\..\Run: [HP Photosmart 6520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co O4 - HKUS\S-1-5-21-1937608926-1708186935-3658638872-1000\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\gebruiker\AppData\Roaming\Spotify\Spotify.exe O4 - HKUS\S-1-5-21-1937608926-1708186935-3658638872-1000\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ~ Application: Scanned in 00mn 00s ---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9) O9 - Extra button: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ ActiveX-objecten (Downloaded Program Files) (O16) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ((no name)) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} ((no name)) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Domeinadres van de DNS (O17) wijzigen O17 - HKLM\System\CCS\Services\Tcpip\..\{3CBA1D0B-ED5F-442A-9DEB-5B0220792688}: DhcpNameServer = 195.130.130.3 195.130.131.3 O17 - HKLM\System\CCS\Services\Tcpip\..\{417F078B-7CB9-4F8F-AD1D-5A4F861AE29B}: DhcpNameServer = 195.130.130.3 195.130.131.3 O17 - HKLM\System\CS1\Services\Tcpip\..\{3CBA1D0B-ED5F-442A-9DEB-5B0220792688}: DhcpNameServer = 195.130.130.3 195.130.131.3 O17 - HKLM\System\CS1\Services\Tcpip\..\{417F078B-7CB9-4F8F-AD1D-5A4F861AE29B}: DhcpNameServer = 195.130.130.3 195.130.131.3 O17 - HKLM\System\CS2\Services\Tcpip\..\{3CBA1D0B-ED5F-442A-9DEB-5B0220792688}: DhcpNameServer = 195.130.130.3 195.130.131.3 O17 - HKLM\System\CS2\Services\Tcpip\..\{417F078B-7CB9-4F8F-AD1D-5A4F861AE29B}: DhcpNameServer = 195.130.130.3 195.130.131.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.3 195.130.131.3 ~ Domain: Scanned in 00mn 00s ---\\ Aanvullend Protocol (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML-viewer.) -- C:\Windows\System32\mshtml.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Lijst van niet-Microsoft NT services die niet uitgeschakeld zijn (O23) O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) . (...) - c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (.not file.) ~ Services: 16 Legitimates Filtered in 00mn 05s ---\\ Opsommen van Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Windows\Web\Wallpaper\packard bell\wallpaper\wallpaper galactic_1900x1440.jpg O24 - Desktop General: WallPaper - .(...) - C:\Windows\Web\Wallpaper\packard bell\wallpaper\wallpaper galactic_1900x1440.jpg ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Taken die zijn gepland in de automatische modus (O39) [MD5.00000000000000000000000000000000] [APT] [Packard Bell Customer Registration Reminder - gebruiker] (...) -- C:\Program Files\Packard Bell\Packard Bell Customer Registration\PBCReg.exe (.not file.) [0] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [940] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1937608926-1708186935-3658638872-1000Core [1030] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1937608926-1708186935-3658638872-1000UA [1082] ~ Scheduled Task: 16 Legitimates Filtered in 00mn 07s ---\\ Piloot aan het begin van het systeem (O41) O41 - Driver: (DritekPortIO) . (. - .) - C:\Program Files\Launch Manager\DPortIO.sys (.not file.) ~ Drivers: 75 Legitimates Filtered in 00mn 00s ---\\ Geïnstalleerde software (O42) O42 - Logiciel: WinPump - (...) [HKCU] -- WinPump ~ Logic: 18 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Flowmix] [HKCU\Software\KnightOnline] [HKCU\Software\Pando Networks] [HKCU\Software\WatchGuard] [HKCU\Software\foxtab] [HKLM\Software\Flowmix] [HKLM\Software\KnightOnline] [HKLM\Software\Pando Networks] [HKLM\Software\SoftAssi] ~ Key Software: 313 Legitimates Filtered in 00mn 00s ---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43) O43 - CFD: 11/12/2010 - 21:48:35 - [] ----D C:\Program Files\LimeWire O43 - CFD: 11/12/2010 - 21:56:00 - [] ----D C:\Program Files\Pando Networks O43 - CFD: 10/03/2014 - 20:38:51 - [] ----D C:\Program Files\Toggle Downloader O43 - CFD: 16/10/2012 - 18:47:07 - [] ----D C:\Users\gebruiker\AppData\Roaming\StreamTorrent O43 - CFD: 20/11/2012 - 22:17:34 - [] ----D C:\Users\gebruiker\AppData\Roaming\WatchGuard O43 - CFD: 30/12/2013 - 16:14:00 - [] ----D C:\Users\gebruiker\AppData\Roaming\WinPump O43 - CFD: 26/08/2013 - 14:18:03 - [] R---D C:\Users\gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Muziek - Snelkoppeling O43 - CFD: 13/01/2013 - 15:31:39 - [] ----D C:\Users\gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SAB O43 - CFD: 1/04/2014 - 19:37:27 - [] ----D C:\Users\gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toggle Downloader ~ Program Folder: 231 Legitimates Filtered in 00mn 01s ---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44) O44 - LFC:[MD5.9264BE010ED835329570EFF640C6A1B0] - 29/05/2014 - 18:46:49 ---A- . (...) -- C:\zoek-results2014-05-29-174649.log [51588] O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 29/05/2014 - 19:59:10 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064] O44 - LFC:[MD5.2ADFF23AC89397CBBA7BBF37640DBC90] - 29/05/2014 - 20:28:54 ---A- . (...) -- C:\folders.txt [172] O44 - LFC:[MD5.13EC1BAB7CE47BFC525BF57596D40B94] - 29/05/2014 - 20:32:23 ---A- . (...) -- C:\zoek-results.log [25298] O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 4/06/2014 - 18:27:05 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576] ~ Files: 18 Legitimates Filtered in 00mn 05s ---\\ Laatste bestanden die zijn gemaakt in Windows Prefetcher (O45) O45 - LFCP:[MD5.D20FEFFA8FBEBD6350BE66D0349013BB] - 4/06/2014 - 18:36:29 ---A- - C:\Windows\Prefetch\0214D_AVG-SECURE-SEARCH-UPDAT-A5667C16.pf =>Toolbar.AVGSearch O45 - LFCP:[MD5.CB5B758A162843D8AF7345B24CBAB182] - 4/06/2014 - 18:36:08 ---A- - C:\Windows\Prefetch\AVG-SECURE-SEARCH-UPDATE.EXE-EFE8BE69.pf =>Toolbar.AVGSearch O45 - LFCP:[MD5.C17D3B8F2867ED0E453C44DD78B624B0] - 4/06/2014 - 18:36:53 ---A- - C:\Windows\Prefetch\AVG-SECURE-SEARCH-UPDATE_0214-137ED1F2.pf =>Toolbar.AVGSearch O45 - LFCP:[MD5.5AB60A6EF2B0598437A00C43777E77D3] - 4/06/2014 - 18:36:46 ---A- - C:\Windows\Prefetch\AVG-SECURE-SEARCH-UPDATE_0214-78CBB266.pf =>Toolbar.AVGSearch ~ Prefetcher: 4 Legitimates Filtered in 00mn 00s ---\\ Activiteiten en functies bij het opstarten van Windows Verkenner (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Opsomming van de registersleutel Hkey_local_machine\software\microsoft\shared (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Pando Media Booster [Key] . (.No owner - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe ~ SMSR Keys: 6 Legitimates Filtered in 00mn 00s ---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Overzicht van de drivers (SDL) (O58) O58 - SDL:14/07/2009 - 2:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712] O58 - SDL:13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624] O58 - SDL:16/11/2012 - 21:19:33 ---A- . (...) -- C:\Windows\System32\Drivers\PnkBstrK.sys [22328] O58 - SDL:6/02/2013 - 7:42:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [83864] O58 - SDL:6/02/2013 - 7:42:08 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [181784] O58 - SDL:14/07/2009 - 2:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072] O58 - SDL:13/06/2012 - 1:42:16 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [26112] O58 - SDL:13/12/2012 - 12:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056] O58 - SDL:13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] ~ Drivers: 96 Legitimates Filtered in 00mn 06s ---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61) O61 - LFC: 29/05/2014 - 20:38:24 ---A- . (...) -- C:\Users\gebruiker\Desktop\zoek.exe [1285120] O61 - LFC: 4/06/2014 - 20:38:24 ---A- . (...) -- C:\Users\gebruiker\Downloads\adwcleaner_3.211.exe [1327971] ~ 39 Fichiers temporaires (Temporary files) ~ 20 Fichiers cookies (Cookies files) ~ Files: 7 Legitimates Filtered in 00mn 21s ---\\ Lijst van cleaning tools (CLAB) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Startmenu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Zoek "infecties in internetbrowsers (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {D56905EB-7F3C-458F-B7A2-022E4D9B8063} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {D981AED6-9C62-4CE6-AA5B-1E369E24ABEC} - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84) [MD5.A719B9EE6116B496F4000C0B1311EA13] [SPRF][21/09/2012] (...) -- C:\Users\gebruiker\AppData\Roaming\PnkBstrK.sys [22328] [MD5.352E8561E633B17ED22012366721FFDC] [SPRF][29/05/2014] (...) -- C:\Users\gebruiker\Desktop\zoek.exe [1285120] ~ Files: 7 Legitimates Filtered in 00mn 00s ---\\ Microsoft Installer-bestanden (WIS) (NTFS) (O93) [MD5.7B3BDCB48EE96F8C26E601D6E91142F6] [WIS][30/09/2009] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\105bba.msi [1101824] =>Toolbar.Google ~ WIS: 1 Legitimates Filtered in 00mn 04s ---\\ Search Tracing Registry Key (O100) HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_0214d_RASAPI32 =>Toolbar.AVGSearch HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_0214d_RASMANCS =>Toolbar.AVGSearch HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_RASAPI32 =>Toolbar.AVGSearch HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_RASMANCS =>Toolbar.AVGSearch HKLM\SOFTWARE\Microsoft\Tracing\dosearches_1010-76be0055_RASAPI32 =>PUP.DoSearches HKLM\SOFTWARE\Microsoft\Tracing\dosearches_1010-76be0055_RASMANCS =>PUP.DoSearches HKLM\SOFTWARE\Microsoft\Tracing\glindorus_2709-e3c075a1_RASAPI32 =>PUP.Glindorus HKLM\SOFTWARE\Microsoft\Tracing\glindorus_2709-e3c075a1_RASMANCS =>PUP.Glindorus HKLM\SOFTWARE\Microsoft\Tracing\glindorus_Setup_RASAPI32 =>PUP.Glindorus HKLM\SOFTWARE\Microsoft\Tracing\glindorus_Setup_RASMANCS =>PUP.Glindorus HKLM\SOFTWARE\Microsoft\Tracing\lollipop_11281919_RASAPI32 =>Adware.Lollipop HKLM\SOFTWARE\Microsoft\Tracing\lollipop_11281919_RASMANCS =>Adware.Lollipop HKLM\SOFTWARE\Microsoft\Tracing\lollipop_12161927_RASAPI32 =>Adware.Lollipop HKLM\SOFTWARE\Microsoft\Tracing\lollipop_12161927_RASMANCS =>Adware.Lollipop HKLM\SOFTWARE\Microsoft\Tracing\LyricsSay-15-codedownloader_RASAPI32 =>Adware.AddLyrics HKLM\SOFTWARE\Microsoft\Tracing\LyricsSay-15-codedownloader_RASMANCS =>Adware.AddLyrics HKLM\SOFTWARE\Microsoft\Tracing\utilBatBrowse_RASAPI32 =>PUP.BatBrowse HKLM\SOFTWARE\Microsoft\Tracing\utilBatBrowse_RASMANCS =>PUP.BatBrowse HKLM\SOFTWARE\Microsoft\Tracing\uTorrent-3-3-0-29126_RASAPI32 =>P2P.µTorrent HKLM\SOFTWARE\Microsoft\Tracing\uTorrent-3-3-0-29126_RASMANCS =>P2P.µTorrent HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent ~ BTK: 429 Legitimates Filtered in 00mn 00s ---\\ Search CLSID Registry Key (O101) [HKCR\CLSID\{442E3CEB-D71B-11DA-8750-001185653D78}] (Google Toolbar User Broker) =>Toolbar.Google [HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google [HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] (Google Toolbar Notifier BHO) =>Toolbar.Google ~ BCK: 7529 Legitimates Filtered in 00mn 14s ---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt) SS - | Demand 29/08/2013 72704 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe SS - | Disabled 11/09/2007 124832 | (AdobeActiveFileMonitor6.0) . (...) - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 13/05/2014 3644432 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgidsagent.exe SS - | Auto 14/07/2009 20992 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\system32\svchost.exe SS - | Demand 20/03/2009 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe SS - | Demand 30/09/2009 138168 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Auto 14/07/2009 20992 | C:\Windows\system32\XAudio32.dll (HsfXAudioService) . (.Conexant Systems, Inc..) - C:\Windows\system32\svchost.exe SS - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe SS - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe SS - | Demand 19/06/2012 113120 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 10/07/1658 0 | (MSSQL$SQLEXPRESS) . (...) - c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe SS - | Disabled 10/07/1658 0 | (MSSQLServerADHelper100) . (...) - c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.exe SS - | Disabled 18/02/2008 877864 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe SS - | Demand 28/04/2008 529704 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Disabled 10/07/1658 0 | (SQLAgent$SQLEXPRESS) . (...) - c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.exe SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 3/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 7/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 13/05/2014 292424 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgwdsvc.exe SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 4/06/2009 582944 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe SR - | Auto 26/08/2009 690720 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe SR - | Demand 2/11/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 10/03/2009 44800 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe SR - | Auto 3/06/2009 211488 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\system32\IoctlSvc.exe SR - | Auto 27/11/2012 479840 | (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe SR - | Auto 23/09/2012 66872 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe SR - | Auto 29/03/2013 82824 | (VTechUSBSocketService) . (.VTech.) - C:\Program Files\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 16s ---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by gebruiker at 4/06/2014 20:40:09 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver 1 ntkrnlpa!IofCallDriver[0x83258718] >> \Device\Harddisk0\DR0[0x8710D610] kernel: MBR read successfully user & kernel MBR OK ~ MBR: 13 Legitimates Filtered in 00mn 02s ---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80) Written by ad13, http://ad13.geekstog Run by gebruiker at 4/06/2014 20:40:11 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Extra scan (O88) Database Version : 13026 - (4/06/2014) Clés trouvées (Keys found) : 7 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 1 Fichiers trouvés (Files found) : 4 [HKLM\Software\Google\Chrome\Extensions\hionenaeedkdbgcphbjmejconmllopla] =>PUP.SaveItKeep^ [HKLM\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard [HKLM\Software\Classes\Installer\Features\4301AEBD288588A40833184CFEC0AF92] =>Adware.iWinArcade [HKLM\Software\Classes\Installer\Products\4301AEBD288588A40833184CFEC0AF92] =>Adware.iWinArcade [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4301AEBD288588A40833184CFEC0AF92] =>Adware.iWinArcade [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\80F08842F9EA1BE4BA4922DA74CDB698] =>Adware.iWinArcade [HKLM\Software\GamersFirst\OpenCandy] =>Adware.OpenCandy [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^ C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hionenaeedkdbgcphbjmejconmllopla =>PUP.SaveItKeep^ C:\Windows\Installer\105bba.msi =>Toolbar.Google^ [HKCR\CLSID\{442E3CEB-D71B-11DA-8750-001185653D78}] (Google Toolbar User Broker) =>Toolbar.Google^ [HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^ [HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] (Google Toolbar Notifier BHO) =>Toolbar.Google^ ~ Additionnel Scan: 435051 Items scanned in 00mn 36s ---\\ Additional information about modules ~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Extensions (G2) ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ AMI: 2 Legitimates Filtered in 00mn 00s ---\\ Samenvatting van detecties gevonden op uw werkstation http://nicolascoolman.fr/pup-dosearches =>PUP.DoSearches http://nicolascoolman.fr/33429762-pup-glindorus =>PUP.Glindorus http://nicolascoolman.fr/adware-lollipop =>Adware.Lollipop http://nicolascoolman.fr/adware-addlyrics =>Adware.AddLyrics http://nicolascoolman.fr/34726799-pup-batbrowse =>PUP.BatBrowse http://nicolascoolman.fr/adware-iwinarcade =>Adware.iWinArcade http://nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy ~ MSI: 7 link(s) detected in 00mn 00s ~ 908 Legitimates filtered by white list End of the scan (617 lines in 03mn 58s)(0)