~ Verslag van ZHPDiag v2014.8.13.118 - Nicolas Coolman (13/08/2014) ~ Gelanceerd door Daan (14/08/2014 21:12:35) ~ Het adres van de website : http://nicolascoolman.fr ~ Het adres van de webforum : http://forum.nicolascoolman.fr ~ Vertaald door de gebruiker ~ Staat van de versie : Neue Version verfügbar ~ Lijst wit : Ingeschakeld door het programma ~ Tot misbruik van bevoegdheden : OK ~ Gebruikersaccountbeheer (UAC) : Activate by user ---\\ Internet-browsers MSIE: Internet Explorer v11.0.9600.17107 GCIE: Google Chrome v35.0.1916.153 (Defaut) ---\\ Windows productinformatie ~ Langage: Néerlandais Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Software om het systeem te beveiligen Malwarebytes Anti-Malware versie 2.00.0.1000 Microsoft Security Client NL-NL Language Pack v2.1.1116.0 Windows Defender W7 (Deactivate) ---\\ Systeem optimalisatie software CCleaner v3.25 ---\\ Delen van software PeerToPeer Vuze v4.7 =>P2P.Azureus ---\\ Software die extra aandacht behoeft Adobe Flash Player 10 Plugin Java 7 Update 51 ---\\ Informatie over het systeem ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4006 MB (64% free) System Restore: Activé (Enable) System drive C: has 25 GB (10%) free of 238 GB ---\\ Verbinding met het systeem-modus ~ Computer Name: LAPTOP_DAAN ~ User Name: Daan ~ All Users Names: UpdatusUser, HomeGroupUser$, Gast, Daan, Administrator, ~ Unselected Option: None Logged in as Administrator ---\\ Omgevingsvariabelen ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Daan\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Daan\AppData\Roaming\ ~ %Desktop% : C:\Users\Daan\Desktop\ ~ %Favorites% : C:\Users\Daan\Favorites\ ~ %LocalAppData% : C:\Users\Daan\AppData\Local\ ~ %StartMenu% : C:\Users\Daan\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Overzicht vaste en verwisselbare stations C: Hard drive, Flash drive, Thumb drive (Free 25 Go of 238 Go) D: Hard drive, Flash drive, Thumb drive (Free 275 Go of 333 Go) E: CD-ROM drive (Not Inserted) F: Floppy drive, Flash card reader, USB Key (Free 7 Go of 15 Go) ---\\ Staat van het Windows Beveiligingscentrum [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Zoeken naar bepaalde algemene bestanden [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Verkenner.) (.25/02/2011 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14/07/2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.6/03/2014 - 7:22:40.) -- C:\Windows\System32\wininet.dll [2260480] [MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.4/03/2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.20/11/2010 - 14:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 2:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14/07/2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.24/01/2014 - 3:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14/07/2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.20/11/2010 - 14:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Status van de verborgen bestanden (verborgen/totaal) ~ Mes images (My Pictures) : 1/903 ~ Mes musiques (My Musics) : 1/8 ~ Mes Videos (My Videos) : 1/2 ~ Mes Favoris (My Favorites) : 1/23 ~ Mes Documents (My Documents) : 1/2194 ~ Mon Bureau (My Desktop) : 18/2699 ~ Menu demarrer (Programs) : 1/49 ~ Hidden Files: Scanned in 00mn 03s ---\\ Gestarte processen [MD5.DE3B04D5AF8A1578F5430697546EB157] - (.ASUSTeK Computer Inc. - LiveUpdate.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1545856] [PID.1716] [MD5.5BB1F77C8AF725A15EC9366498D275BB] - (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992] [PID.2432] [MD5.EA5B870671079786F335AC7C10846C4F] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [295584] [PID.4136] [MD5.37DEB76A2CF005841C4E45DE2B94D84F] - (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe [3058304] [PID.4236] [MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.4592] [MD5.2A3FB4C98F139038E23330D2439DB8A4] - (.Facebook Inc. - Facebook Installer.) -- C:\Users\Daan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.4608] [MD5.FD22B00049F775E952371E9C3DAC631B] - (.No owner - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536] [PID.4168] [MD5.7EE22E13DEC8A6D18F4643C1EA34B0F0] - (.Virage Logic Corporation / Sonic Focus - ASUS_MATray.exe.) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400] [PID.1340] [MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] - (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016] [PID.3336] [MD5.79A3B950988F8D2B81906D0C0473158B] - (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624] [PID.3332] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4360] [MD5.9B46AE3384898660CF2CB070CC7CC424] - (.Synaptics Incorporated - Scrybe Executable.) -- C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe [4999976] [PID.4516] [MD5.CCCDC7B64CFF96C977B0FADC24434628] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Daan\AppData\Roaming\Dropbox\bin\Dropbox.exe [33322312] [PID.4524] [MD5.E249DF87543D30A854DBE92C1D7BF730] - (.Synopsys-Sonic Focus - ASUS Sonic Focus.) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocus.exe [2424832] [PID.4204] [MD5.EE0F9706AA378A99ABD902419693FEB9] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [7430968] [PID.4072] [MD5.DC2E338E63159454B71659D82515A04E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8091648] [PID.4452] [MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536] [PID.1816] [MD5.7910158929571214A959D5A6D16DD9C0] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896] [PID.1856] [MD5.B60E9769655DDEE8368E3ABB6668E076] - (.Synaptics, Inc. - Scrybe Update Manager..) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264] [PID.2184] [MD5.4AF66EB893BB586B40E9D143E6B5CFC5] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [378472] [PID.2232] [MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176] [PID.2812] [MD5.397D14958D6C9C2B365469A857B2AC4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe [230792] [PID.3624] [MD5.00572C26C6DCF99362068FB7283B7126] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2009704] [PID.3268] [MD5.2CFC417EED3BF5DDA255CB7EF7E09D45] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912] [PID.1588] [MD5.47DF4BC3D1561B6DAFA0862735FA1493] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.2668] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, start, zoeken, extensies (G0, G1, G2) C:\Users\Daan\AppData\Local\Google\Chrome\User Data\Default\Preferences ---\\ Google Chrome extensie map ~ Google Lines Browser: 1 Legitimates Filtered in 00mn 19s ---\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3) C:\Users\Daan\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js C:\Users\Daan\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, proxybeheer (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts-bestand omleiding (O1) ~ Le fichier hôte est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ---\\ Internet Explorer werkbalken (O3) O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Andere Verwijzigingen gebruikers (O4) O4 - GS\Desktop [Public]: Vuze.lnk . (.Vuze Inc. - No Comment.) -- C:\Program Files (x86)\Vuze\Azureus.exe =>P2P.Azureus O4 - GS\Program [Public]: Vuze.lnk . (.Vuze Inc. - No Comment.) -- C:\Program Files (x86)\Vuze\Azureus.exe =>P2P.Azureus O4 - GS\QuickLaunch [Daan]: Vuze.lnk . (.Vuze Inc. - No Comment.) -- C:\Program Files (x86)\Vuze\Azureus.exe =>P2P.Azureus ~ Global Startup: 3 Legitimates Filtered in 00mn 01s ---\\ Toepassingen gestart door register & bestand (O4) O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd (.not file.) O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe O4 - HKLM\..\Run: [IntelPAN] . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Framework.) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.) O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated O4 - HKCU\..\Run: [AdobeBridge] Orphan sleutel O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Daan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\Daan\AppData\Roaming\Spotify\Spotify.exe O4 - HKCU\..\Run: [Raptr] . (.Raptr, Inc - Raptr Desktop App.) -- C:\Program Files (x86)\Raptr\raptrstub.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Daan\AppData\Local\Google\Update\GoogleUpdate.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Daan\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (.not file.) =>P2P.BitTorrent O4 - HKLM\..\Wow6432Node\Run: [Wireless Console 3] . (.No owner - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Wow6432Node\Run: [SonicMasterTray] . (.Virage Logic Corporation / Sonic Focus - ASUS_MATray.exe.) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe O4 - HKLM\..\Wow6432Node\Run: [Nuance PDF Reader-reminder] . (.Nuance Communications, Inc. - Ereg.) -- C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe O4 - HKLM\..\Wow6432Node\Run: [HControlUser] . (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Wow6432Node\Run: [ATKMEDIA] . (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Wow6432Node\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files (x86)\ASUS\APRP\APRP.exe O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\RunOnce: [Malwarebytes Anti-Malware (cleanup)] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (.not file.) O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (.not file.) O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-2547576824-2822473822-575604738-1000\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (.not file.) O4 - HKUS\S-1-5-21-2547576824-2822473822-575604738-1000\..\Run: [ISUSPM] . (.Acresso Corporation - Acresso Software Manager.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe O4 - HKUS\S-1-5-21-2547576824-2822473822-575604738-1000\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation ~ Application: Scanned in 00mn 00s ---\\ Site in vertrouwde Zone d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains\www] http.samsungsetup.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Domeinadres van de DNS (O17) wijzigen O17 - HKLM\System\CCS\Services\Tcpip\..\{4A8E1C35-573E-45DC-8EBC-63A720773F5E}: DhcpNameServer = 134.58.126.3 134.58.127.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{4A8E1C35-573E-45DC-8EBC-63A720773F5E}: DhcpDomain = kotnet.org O17 - HKLM\System\CS1\Services\Tcpip\..\{4A8E1C35-573E-45DC-8EBC-63A720773F5E}: DhcpNameServer = 134.58.126.3 134.58.127.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{4A8E1C35-573E-45DC-8EBC-63A720773F5E}: DhcpDomain = kotnet.org O17 - HKLM\System\CS2\Services\Tcpip\..\{4A8E1C35-573E-45DC-8EBC-63A720773F5E}: DhcpNameServer = 134.58.126.3 134.58.127.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{4A8E1C35-573E-45DC-8EBC-63A720773F5E}: DhcpDomain = kotnet.org ~ Domain: Scanned in 00mn 00s ---\\ Aanvullend Protocol (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ AppInit_DLLs waarde en subsleutels Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Taken die zijn gepland in de automatische modus (O39) [MD5.00000000000000000000000000000000] [APT] [{1E51CDA4-BB6A-42E8-B8F7-577844F8101E}] (...) -- C:\Users\Daan\Desktop\Photoshop.exe (.not file.) [0] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [940] O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2547576824-2822473822-575604738-1001Core [902] O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2547576824-2822473822-575604738-1001UA [924] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1048] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1052] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2547576824-2822473822-575604738-1001Core [1010] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2547576824-2822473822-575604738-1001UA [1062] ~ Scheduled Task: 25 Legitimates Filtered in 00mn 03s ---\\ Geïnstalleerde software (O42) O42 - Logiciel: ATLAS.ti - (.ATLAS.ti Scientific Software Development GmbH.) [HKLM][64Bits] -- {56DFC92C-71EF-4947-978A-E88C9D38FA68} O42 - Logiciel: Unibet - (...) [HKLM][64Bits] -- unibetpoker (Poker) ~ Logic: 28 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\IncrediMail] [HKCU\Software\MGS] [HKLM\Software\Wow6432Node\IncrediMail] ~ Key Software: 268 Legitimates Filtered in 00mn 00s ---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43) O43 - CFD: 9/03/2013 - 16:53:47 - [] ----D C:\Program Files (x86)\PokerStars.BE O43 - CFD: 21/01/2014 - 21:51:14 - [] ----D C:\ProgramData\MGS O43 - CFD: 21/03/2013 - 16:25:19 - [] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} O43 - CFD: 24/01/2014 - 12:40:59 - [] ----D C:\Users\Daan\AppData\Roaming\cef-cache O43 - CFD: 2/05/2014 - 13:25:31 - [] ----D C:\Users\Daan\AppData\Roaming\library_dir O43 - CFD: 9/03/2013 - 16:53:51 - [] ----D C:\Users\Daan\AppData\Local\PokerStars.BE O43 - CFD: 18/01/2014 - 0:30:46 - [] ----D C:\Users\Daan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup O43 - CFD: 9/03/2013 - 16:53:32 - [] ----D C:\Users\Daan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.BE O43 - CFD: 21/10/2013 - 11:37:04 - [] ----D C:\Users\Daan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TestGen ~ Program Folder: 184 Legitimates Filtered in 00mn 00s ---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44) O44 - LFC:[MD5.42E66961116C313D9C2FE96283E1259A] - 13/08/2014 - 11:12:51 ---A- . (...) -- C:\zoek-results2014-08-13-101251.log [42281] O44 - LFC:[MD5.5982B55CE3004654E92F2F03A7D425E5] - 14/08/2014 - 11:12:03 ---A- . (...) -- C:\zoek-results2014-08-14-101203.log [16521] O44 - LFC:[MD5.9D51CC4386A67F3FE57A6F4635222783] - 14/08/2014 - 11:32:06 ---A- . (...) -- C:\zoek-results2014-08-14-103206.log [16398] O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 14/08/2014 - 13:35:50 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064] O44 - LFC:[MD5.6BCAF46E2B7FA9ACE92B4D39F3037C5C] - 14/08/2014 - 13:47:54 ---A- . (...) -- C:\Windows\System32\acovcnt.exe [45056] O44 - LFC:[MD5.E2AA06E8E5CF27769BA619CA6A63C51D] - 14/08/2014 - 13:48:07 ---A- . (...) -- C:\zoek-results.log [13236] ~ Files: 20 Legitimates Filtered in 00mn 00s ---\\ Laatste bestanden die zijn gemaakt in Windows Prefetcher (O45) O45 - LFCP:[MD5.F5A3C0D08C51CC81D7506859225055DB] - 16/07/2014 - 21:18:02 ---A- - C:\Windows\Prefetch\AZUREUS.EXE-997C5496.pf =>P2P.Azureus O45 - LFCP:[MD5.59EC7F777E8DC65FA633272D6975BD9E] - 13/07/2014 - 16:29:52 ---A- - C:\Windows\Prefetch\SYSTEMKSERVICE.EXE-917C6536.pf =>PUP.SystemK O45 - LFCP:[MD5.319CCA4640C91E5E24022CA21184FAF8] - 8/08/2014 - 20:46:59 ---A- - C:\Windows\Prefetch\SYSTEMKU.EXE-AEF1560A.pf =>PUP.SystemK ~ Prefetcher: 3 Legitimates Filtered in 00mn 00s ---\\ Registersleutel Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{e7ead503-96d6-11e1-9bf7-14dae9c3b795}\AutoRun\command. (...) -- F:\Start-JEKA.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Opsomming van de registersleutel PoliciesExplorer (CÖKVI) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Overzicht van de drivers (SDL) (O58) O58 - SDL:14/07/2009 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:18/01/2010 - 21:37:58 ---A- . (.ELAN Microelectronic Corp. - ETD Control Center.) -- C:\Windows\System32\Drivers\ETD.sys [128512] O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:20/07/2009 - 10:29:40 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [15416] O58 - SDL:14/07/2009 - 2:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] O58 - SDL:7/06/2011 - 13:44:16 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40128] O58 - SDL:17/04/2010 - 0:07:28 ---A- . (...) -- C:\Windows\System32\Drivers\TurboB.sys [13832] ~ Drivers: 67 Legitimates Filtered in 00mn 01s ---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61) O61 - LFC: 13/08/2014 - 21:13:23 ---A- . (...) -- C:\Users\Daan\Desktop\zoek.exe [1288704] O61 - LFC: 9/08/2014 - 21:13:23 ---A- . (...) -- C:\Users\Daan\Desktop\RSITx64.exe [1222144] ~ 22 Fichiers temporaires (Temporary files) ~ 46 Fichiers cookies (Cookies files) ~ Files: 7 Legitimates Filtered in 00mn 04s ---\\ Lijst van cleaning tools (CLAB) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman O63 - Logiciel: RSIT - (.random/random.) ~ ADS: Scanned in 00mn 00s ---\\ Startmenu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Zoek "infecties in internetbrowsers (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84) [MD5.90E1D86D979B92738A47D7072CB22DA8] [SPRF][7/07/2010] (...) -- C:\ProgramData\FullRemove.exe [131472] [MD5.8045ABB21A3BDD66A48E1ED5C0F0EF6A] [SPRF][9/08/2014] (...) -- C:\Users\Daan\Desktop\RSITx64.exe [1222144] [MD5.C1D2EBEBC40491FD3C7E757A5AF27EAD] [SPRF][13/08/2014] (...) -- C:\Users\Daan\Desktop\zoek.exe [1288704] ~ Files: 6 Legitimates Filtered in 00mn 03s ---\\ Lijst van uitzonderingen in de firewall (FirewallRules) (O87) O87 - FAEL: "{54D3D580-813D-49D4-A640-D47DB92495FF}" | In - Private - P6 - TRUE | .(.Vuze Inc. - No Comment.) -- C:\Program Files (x86)\Vuze\Azureus.exe =>P2P.Azureus O87 - FAEL: "{1EBC07A7-AF94-48FC-BF92-7308F6CBE667}" | In - Private - P17 - TRUE | .(.Vuze Inc. - No Comment.) -- C:\Program Files (x86)\Vuze\Azureus.exe =>P2P.Azureus O87 - FAEL: "{A1242FE0-EDE3-4F3E-BD6E-7D8D7F20E40F}" | In - Public - P6 - TRUE | .(.Vuze Inc. - No Comment.) -- C:\Program Files (x86)\Vuze\Azureus.exe =>P2P.Azureus O87 - FAEL: "{5F56377D-6E6D-4700-B8ED-8D7B58B42842}" | In - Public - P17 - TRUE | .(.Vuze Inc. - No Comment.) -- C:\Program Files (x86)\Vuze\Azureus.exe =>P2P.Azureus ~ Firewall: 4 Legitimates Filtered in 00mn 01s ---\\ Search Tracing Registry Key (O100) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Azureus_RASAPI32 =>P2P.Azureus HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Azureus_RASMANCS =>P2P.Azureus HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent-7_RASAPI32 =>P2P.BitTorrent HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent-7_RASMANCS =>P2P.BitTorrent HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExtensionUpdaterService_RASAPI32 =>Adware.Incredibar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExtensionUpdaterService_RASMANCS =>Adware.Incredibar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TornTV_RASAPI32 =>Hijacker.TornTV HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TornTV_RASMANCS =>Hijacker.TornTV HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Vuze_Installer_RASAPI32 =>P2P.Azureus HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Vuze_Installer_RASMANCS =>P2P.Azureus HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-2680_RASAPI32 =>Adware.Yontoo HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-2680_RASMANCS =>Adware.Yontoo ~ BTK: 230 Legitimates Filtered in 00mn 00s ---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt) SS - | Demand 13/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 11/12/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 11/12/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 9/05/2011 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 2/05/2011 340240 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 4/03/2011 379520 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe SR - | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe SR - | Auto 15/12/2009 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe SR - | Auto 2/05/2011 1517328 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe SR - | Auto 5/03/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe SR - | Auto 5/03/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe SR - | Auto 27/01/2013 22056 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe SR - | Auto 11/05/2011 1007208 | (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe SR - | Auto 10/05/2011 2009704 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe SR - | Auto 2/05/2011 844560 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe SR - | Auto 27/05/2011 1300264 | (ScrybeUpdater) . (.Synaptics, Inc..) - C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe SR - | Auto 11/05/2011 378472 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 8/10/2012 2365792 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe SR - | Auto 17/04/2010 134928 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 05s ---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80) Run by Daan at 14/08/2014 21:14:33 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80) Written by ad13, http://ad13.geekstog Run by Daan at 14/08/2014 21:14:35 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Extra scan (O88) Database Version : 13026 - (13/08/2014) Clés trouvées (Keys found) : 78 Valeurs trouvées (Values found) : 4 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}] =>Toolbar.TuneUp [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836] =>PUP.SweetIM^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BitTorrent =>P2P.BitTorrent^ ~ Additionnel Scan: 325283 Items scanned in 00mn 14s ---\\ Additional information about modules ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, proxybeheer (R5) ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer werkbalken (O3) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Toepassingen gestart door register & bestand (O4) ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Registersleutel Shell MountPoints2 (MPKS) (O51) ~ AMI: 4 Legitimates Filtered in 00mn 00s ---\\ Samenvatting van detecties gevonden op uw werkstation http://nicolascoolman.fr/pup-systemk =>PUP.SystemK http://nicolascoolman.fr/adware-incredibar =>Adware.Incredibar http://nicolascoolman.fr/hijacker-torntv =>Hijacker.TornTV http://nicolascoolman.fr/adware-yontoo =>Adware.Yontoo http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM ~ MSI: 5 link(s) detected in 00mn 00s ~ 786 Legitimates filtered by white list End of the scan (588 lines in 02mn 15s)(0)