~ Verslag van ZHPDiag v2015.1.18.7 - Nicolas Coolman  (18-1-2015)
~ Gelanceerd door dannywintjens (20-1-2015 2:38:15)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Het adres van de webforum : http://forum.nicolascoolman.fr
~ Vertaald door de gebruiker
~ Staat van de versie : Bijgewerkte versie.
~  Lijst wit : Ingeschakeld door het programma
~ Tot misbruik van bevoegdheden : OK
~ Gebruikersaccountbeheer (UAC) : Activate by user


---\\ Internet-browsers
MSIE: Internet Explorer v11.0.9600.17501
MFIE: Mozilla Firefox 34.0.5
GCIE: Google Chrome v39.0.2171.99 (Defaut)
OBIE: Safari v5.34.57.2

---\\ Windows productinformatie
~ Langage: Néerlandais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Software om het systeem te beveiligen
Avast Premier v10.0.2208
Malwarebytes Anti-Malware versie 2.0.4.1028
Windows Defender W7 (Activate)

---\\ Systeem optimalisatie software
CCleaner v4.12

---\\ Delen van software PeerToPeer

---\\ Software die extra aandacht behoeft
Adobe Flash Player 16 NPAPI
Adobe Reader XI
Java 7 Update 67 (64-bit)

---\\ Informatie over het systeem
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 32707 MB (76% free)
System Restore: Activé (Enable)
System drive C: has 120 GB (16%) free of 742 GB

---\\ Verbinding met het systeem-modus
~ Computer Name: WINTJENS
~ User Name: dannywintjens
~ All Users Names: UpdatusUser, HomeGroupUser$, Gast, dannywintjens, Administrator, 
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Omgevingsvariabelen
~ System Unit : C:\
~ %AppZHP% : C:\Users\dannywintjens\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\dannywintjens\AppData\Roaming\
~ %Desktop% : C:\Users\dannywintjens\Desktop\
~ %Favorites% : C:\Users\dannywintjens\Favorites\
~ %LocalAppData% : C:\Users\dannywintjens\AppData\Local\
~ %StartMenu% : C:\Users\dannywintjens\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Overzicht vaste en verwisselbare stations
C: Hard drive, Flash drive, Thumb drive (Free 120 Go of 742 Go)



---\\ Staat van het Windows Beveiligingscentrum
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Zoeken naar bepaalde algemene bestanden
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Verkenner.) (.25-2-2011 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14-7-2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.4AF089160FE082E5EA5C4AA72782DCA2] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.24-12-2014 - 0:21:51.) -- C:\Windows\System32\wininet.dll [2358272]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.17-7-2014 - 3:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.21-11-2010 - 4:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.9-7-2014 - 2:18:24.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-7-2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-7-2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21-11-2010 - 4:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21-11-2010 - 4:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21-11-2010 - 4:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14-7-2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-7-2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-4-2011 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21-11-2010 - 4:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.24-1-2014 - 3:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14-7-2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21-11-2010 - 4:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21-11-2010 - 4:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-7-2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.24-12-2014 - 0:18:22.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.21-11-2010 - 4:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Status van de verborgen bestanden (verborgen/totaal)
~ Mes images (My Pictures) : 1/6
~ Mes musiques (My Musics) : 1/244
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 1/5203
~ Mon Bureau (My Desktop) : 1/1074
~ Menu demarrer (Programs) : 1/87
~ Hidden Files:  Scanned in 00mn 04s



---\\ Gestarte processen
[MD5.45709E6E02CEB12DE8A808B4CC68D080] - (.IObit - Performance Monitor.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe   [1744160] [PID.3896]
[MD5.B3F4ECEB90D6F303C675ED042B654906] - (.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\TeamViewer.exe   [16362768] [PID.3948]
[MD5.5EB1ED0E3F320AF5FA3E1DB5ED5C930C] - (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe   [110160] [PID.4080]
[MD5.C2B4612B7597493CDDD6752A515680F7] - (.No owner - Razer Comms.) -- C:\Program Files (x86)\Razer\Comms\RazerComms.exe   [2834240] [PID.3336]
[MD5.DF9F3A9F8631775710D8EDBF0A749244] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   [30872168] [PID.3364]
[MD5.171EE629238C7AF83A60AFE9E49989CA] - (.IObit - Advanced SystemCare 8.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe   [2425632] [PID.3400]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [3854640] [PID.984]
[MD5.2CA0461A5730F6FC3F90FA3833C645C9] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe   [856904] [PID.4512]
[MD5.FCEBCBF04FAA74B24FE2E78109848A0B] - (.Razer, Inc. - RazerIngameEngine.) -- C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe   [214232] [PID.6316]
[MD5.995B607EA524AE24A41DE46AC9C6C0BE] - (.Razer, Inc. - Razer Chromium Render Process.) -- C:\Users\dannywintjens\AppData\Local\razer\InGameEngine\cache\RazerComms\RzCefRenderProcess.exe   [217304] [PID.6808]
[MD5.F6384BB98DF747281BC6727FE345E42C] - (.Siber Systems Inc. - rf-chrome-nm-host.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe   [3215936] [PID.6880]
[MD5.8272ED9C557C12561D372A495B5F394E] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\dannywintjens\AppData\Roaming\Dropbox\bin\Dropbox.exe   [39206888] [PID.6000]
[MD5.D30D46398CEC7276672330DA4C4297F2] - (.Vivox Inc. - No Comment.) -- C:\Program Files\Replex\SLVoice.exe   [2393584] [PID.7052]
[MD5.8F95DD4F48C3E27ADF2ABF9EA8A710FD] - (...) -- C:\Program Files\Replex\prebuilt_plugin\SLPlugin.exe   [183296] [PID.1180]
[MD5.3C13F26A4766752314A5413038BD86B4] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe   [7229752] [PID.7716]
[MD5.58F52FBF326EC6E98564F6A8F1AB604F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8155648] [PID.8400]
[MD5.2F442BAA7A739EDFB8CBF6BFBE8F5388] - (.IObit - Advanced SystemCare Service.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe   [815392] [PID.380]
[MD5.BEA8D0FA8805CC2E6BB49728166699C7] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe   [50344] [PID.1640]
[MD5.4D30C9AA6BF04AF4223A68B771B0B7CE] - (.IObit - IObit Malware Fighter Service.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe   [344896] [PID.1944]
[MD5.D58C10AFF2B5C09D615623A4DAC0E330] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe   [109048] [PID.1996]
[MD5.1F79342D9EB530A48742F651E570983A] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe   [1390176] [PID.1552]
[MD5.E4938E0A376CF0B9D989EE5C0A146891] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe   [1767520] [PID.2040]
[MD5.71FF75BAE3D6E362BE3AD07E26C2D00A] - (.No owner - GameScannerService.) -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe   [186048] [PID.1480]
[MD5.C0C121B537DA3AD87481C0502CACE462] - (.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe   [5426448] [PID.2292]
[MD5.8F5F41E58D6DBF740F2F0B18B6EAF0E4] - (.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\tv_w32.exe   [229136] [PID.3204]
[MD5.6CEC93D12DF657D9E931DD741D0C64F4] - (.IObit - IObit Malware Fighter.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe   [1802048] [PID.4768]
[MD5.5F82D8188B370B0CF185D4AE2B9B4A0E] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe   [969016] [PID.7852]
[MD5.0BB29DE40C9D9529793DCDB59A43CF5B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe   [1871160] [PID.7700]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, start, zoeken, extensies (G0, G1, G2)
C:\Users\dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Google Chrome extensie map
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3)
C:\Users\dannywintjens\AppData\Roaming\Mozilla\Firefox\Profiles\c3sqde0w.default\prefs.js
M2 - MFEP: RegExtension {B64D9B05-48E1-4CEB-BF58-E0643994E900} . (...) -- C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ (.not file.)
M2 - MFEP: RegExtension {22119944-ED35-4ab1-910B-E619EA06A115} . (...) -- 
M0 - MFSP: prefs.js [dannywintjens - c3sqde0w.default] http://www.trovi.com  =>Hijacker.TroviCom
M2 - MFEP: prefs.js [dannywintjens - c3sqde0w.default\iobitascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v2.0 (..)
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, proxybeheer (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;www.facebook.com;www.youtube.com;www.youtube.be;www.youtube.nl;<local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = server2.privateconnection.net:3128
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts-bestand omleiding (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File:  Scanned in 00mn 00s



---\\ Internet Explorer werkbalken (O3)
O3 - Toolbar: avast! WebRep - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) --  (.not file.)
O3 - Toolbar: &RoboForm Toolbar - [HKLM]{724d43a0-0d85-11d4-9908-00400523e39a} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{724D43A0-0D85-11D4-9908-00400523E39A} Orphan sleutel
~ Toolbar:  Scanned in 00mn 00s



---\\ Toepassingen gestart door register &amp; bestand (O4)
O4 - HKLM\..\Run: [Apple_KbdMgr] . (.Apple Inc. - Boot Camp Manager.) -- C:\Program Files\Boot Camp\Bootcamp.exe 
O4 - HKCU\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe 
O4 - HKCU\..\Run: [Razer Comms] . (.No owner - Razer Comms.) -- C:\Program Files (x86)\Razer\Comms\RazerComms.exe 
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Advanced SystemCare 8] . (.IObit - Advanced SystemCare 8.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe 
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe 
O4 - HKLM\..\Wow6432Node\Run: [IObit Malware Fighter] . (.IObit - IObit Malware Fighter.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe 
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe 
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 8] . (.IObit - Advanced SystemCare 8.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe 
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 8] . (.IObit - Advanced SystemCare 8.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2480803176-3389462879-1122066420-1000\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe 
O4 - HKUS\S-1-5-21-2480803176-3389462879-1122066420-1000\..\Run: [Razer Comms] . (.No owner - Razer Comms.) -- C:\Program Files (x86)\Razer\Comms\RazerComms.exe 
O4 - HKUS\S-1-5-21-2480803176-3389462879-1122066420-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2480803176-3389462879-1122066420-1000\..\Run: [Advanced SystemCare 8] . (.IObit - Advanced SystemCare 8.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe 
~ Application:  Scanned in 00mn 00s



---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9)
O9 - Extra button: Formulieren Invullen [64Bits] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Formulieren opslaan [64Bits] - {320AF880-6646-11D3-ABEE-C5DBF3571F49} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: RoboForm Werkbalk [64Bits] - {724d43aa-0d85-11d4-9908-00400523e39a} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Domeinadres van de DNS (O17) wijzigen
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AF69B70-585C-4A7B-B547-BEB216802FF9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FBE6190-E279-4BD0-8B89-23BAC10B924A}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4AF69B70-585C-4A7B-B547-BEB216802FF9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5FBE6190-E279-4BD0-8B89-23BAC10B924A}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{4AF69B70-585C-4A7B-B547-BEB216802FF9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5FBE6190-E279-4BD0-8B89-23BAC10B924A}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Aanvullend Protocol (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- 
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Lijst van niet-Microsoft NT services die niet uitgeschakeld zijn (O23)
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) . (.No owner - Provides support for switching between OS X.) - C:\Windows\system32\AppleOSSMgr.exe
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) . (.No owner - GameScannerService.) - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
~ Services: 12 Legitimates Filtered in 00mn 13s



---\\ Geeft een opsomming van de BootExecute (BEX) gegevens (O34)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s



---\\ Taken die zijn gepland in de automatische modus (O39)
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [940]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1052]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1056]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 03s



---\\ Piloot aan het begin van het systeem (O41)
O41 - Driver:  (HWiNFO32) . (.REALiX(tm) - HWiNFO AMD64 Kernel Driver.) - C:\Windows\sysWOW64\drivers\HWiNFO64A.sys
~ Drivers: 84 Legitimates Filtered in 00mn 00s



---\\ Geïnstalleerde software (O42)
O42 - Logiciel: AC3D 7.2.17 - (.Inivis.) [HKLM][64Bits] -- AC3D 7.2.17_is1
O42 - Logiciel: Car Mechanic Simulator 2014 - (.Релиз от R.G. Steamgames.) [HKLM][64Bits] -- Car Mechanic Simulator 2014_is1
O42 - Logiciel: Fire Chief - (...) [HKLM][64Bits] -- {3D9E0F32-83ED-4D59-B27F-EEA19744A51E}
O42 - Logiciel: Free WMV To MP4 Converter - (.convertaudiofree.) [HKLM][64Bits] -- {5B8DDC16-42A2-4870-A843-BD0EFE909A6B}
O42 - Logiciel: Hamburg Demolition Addon version 1.0 - (...) [HKLM][64Bits] -- Hamburg Demolition Addon_is1
O42 - Logiciel: Professional Farmer 2014 - (...) [HKLM][64Bits] -- Professional Farmer 2014_is1
O42 - Logiciel: Replex (64 bit) (remove only) - (...) [HKLM][64Bits] -- Replex (64 bit)
O42 - Logiciel: Skyscraper 2.0 Alpha 8 - (.Ryan Thoryk.) [HKLM][64Bits] -- Skyscraper
~ Logic: 55 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\4kdownload.com]
[HKCU\Software\Network]
[HKCU\Software\OB]
[HKCU\Software\Spacial]
[HKCU\Software\VIS-Games]
[HKCU\Software\black_ninja]
[HKLM\Software\Wow6432Node\ETS2MP]
[HKLM\Software\Wow6432Node\Zip Enhancer]
[HKLM\Software\Wow6432Node\convertaudiofree]
[HKLM\Software\Wow6432Node\sixteen tons entertainment]
~ Key Software: 525 Legitimates Filtered in 00mn 00s



---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 14-1-2015 - 22:11:23 - [] ----D C:\Program Files (x86)\AC3D 7.2.17
O43 - CFD: 20-10-2014 - 2:09:06 - [] ----D C:\Program Files (x86)\Car Mechanic Simulator 2014
O43 - CFD: 24-9-2014 - 22:13:29 - [] ----D C:\Program Files (x86)\convertaudiofree
O43 - CFD: 30-7-2014 - 0:16:13 - [] ----D C:\Program Files (x86)\sixteen tons entertainment
O43 - CFD: 16-11-2014 - 19:57:42 - [] ----D C:\Program Files (x86)\Skyscraper
O43 - CFD: 27-9-2013 - 11:40:39 - [] ----D C:\Program Files (x86)\Train.Simulator.2014.Steam.Edition.Cracked-3DM
O43 - CFD: 20-3-2014 - 18:29:31 - [] ----D C:\Program Files (x86)\UIG Entertainment
O43 - CFD: 11-10-2014 - 4:12:19 - [] ----D C:\Program Files (x86)\Watch Dogs
O43 - CFD: 14-1-2015 - 23:01:48 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 19-1-2015 - 20:02:29 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 14-1-2015 - 23:19:03 - [] --H-D C:\ProgramData\{033B4844-E9C3-45D2-88D9-34DDF3F91100}
O43 - CFD: 14-1-2015 - 22:30:33 - [] --H-D C:\ProgramData\{05C334F7-C2A4-418A-9BC8-1542AE38D62B}
O43 - CFD: 14-1-2015 - 22:30:32 - [] --H-D C:\ProgramData\{0CC85DFF-E70A-4AB0-968A-F1F98F4D0C67}
O43 - CFD: 14-1-2015 - 22:30:32 - [] --H-D C:\ProgramData\{219191E6-6846-4329-889D-7956C487D9A6}
O43 - CFD: 14-1-2015 - 23:19:03 - [] --H-D C:\ProgramData\{4682E4CB-7209-4099-8AA1-580ABCCCE731}
O43 - CFD: 14-1-2015 - 22:30:31 - [] --H-D C:\ProgramData\{57B31BE2-3175-4425-9722-D2AC5F68C7BD}
O43 - CFD: 14-1-2015 - 22:30:33 - [] --H-D C:\ProgramData\{5EE4F9B1-7274-48A2-9C25-C287604C3058}
O43 - CFD: 14-1-2015 - 22:30:32 - [] --H-D C:\ProgramData\{662EAAEC-9E9A-4C69-A658-884E51E909BB}
O43 - CFD: 14-1-2015 - 23:11:37 - [] --H-D C:\ProgramData\{95684022-A736-4575-ABB0-5B7388BB873D}
O43 - CFD: 14-1-2015 - 22:30:32 - [] --H-D C:\ProgramData\{9F570B21-E27A-40BE-A508-292899A7D042}
O43 - CFD: 14-1-2015 - 22:30:31 - [] --H-D C:\ProgramData\{AF79C86B-2321-4D47-A168-2A24BA2B6A73}
O43 - CFD: 14-1-2015 - 22:30:31 - [] --H-D C:\ProgramData\{BED8681D-E6A2-4463-8EEA-09588F09C890}
O43 - CFD: 14-1-2015 - 22:37:18 - [] --H-D C:\ProgramData\{C6A355F5-168B-4EEC-AB7C-75594F783EDB}
O43 - CFD: 14-1-2015 - 23:19:03 - [] --H-D C:\ProgramData\{D2030082-F62A-402A-9456-8009276FD896}
O43 - CFD: 14-1-2015 - 22:30:30 - [] --H-D C:\ProgramData\{EB21323D-3F46-4EF0-B849-B096B7705C69}
O43 - CFD: 3-9-2014 - 16:46:03 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3D 7.2.17
O43 - CFD: 12-6-2014 - 13:50:46 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour-afdrukservices
O43 - CFD: 20-10-2014 - 11:42:50 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coop-Land
O43 - CFD: 17-1-2015 - 22:19:49 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crusader No Remorse
O43 - CFD: 1-9-2014 - 18:26:01 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\De Sims 4
O43 - CFD: 13-1-2015 - 22:25:14 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
O43 - CFD: 24-9-2014 - 22:13:37 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free WMV To MP4 Converter
O43 - CFD: 10-12-2014 - 13:30:39 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
O43 - CFD: 20-10-2014 - 2:09:06 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Steamgames
O43 - CFD: 15-1-2015 - 21:20:44 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Replex (64 bit) Viewer
O43 - CFD: 5-2-2014 - 0:25:27 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
O43 - CFD: 30-7-2014 - 0:16:13 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sixteen tons entertainment
O43 - CFD: 16-11-2014 - 19:04:59 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skyscraper
O43 - CFD: 12-4-2011 - 14:10:48 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 20-3-2014 - 18:30:34 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UIG Entertainment
O43 - CFD: 19-10-2014 - 1:44:47 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
O43 - CFD: 20-3-2014 - 18:18:27 - [] ----D C:\Users\dannywintjens\AppData\Roaming\Baumaschinen Simulator 2011
O43 - CFD: 24-9-2014 - 22:13:05 - [] ----D C:\Users\dannywintjens\AppData\Roaming\convertaudiofree
O43 - CFD: 20-3-2014 - 18:43:37 - [] ----D C:\Users\dannywintjens\AppData\Roaming\Landwirt2014
O43 - CFD: 29-11-2014 - 22:22:16 - [] ----D C:\Users\dannywintjens\AppData\Roaming\ProductData
O43 - CFD: 16-11-2014 - 19:55:09 - [] ----D C:\Users\dannywintjens\AppData\Roaming\Skyscraper
O43 - CFD: 14-2-2014 - 23:40:33 - [] ----D C:\Users\dannywintjens\AppData\Local\http_be.yahoo.com_0
O43 - CFD: 14-2-2014 - 23:41:50 - [] ----D C:\Users\dannywintjens\AppData\Local\http_ca.yahoo.com_0
O43 - CFD: 5-12-2014 - 18:20:29 - [] ----D C:\Users\dannywintjens\AppData\Local\http_us.yhs4.search.yahoo.com_0
O43 - CFD: 22-12-2014 - 2:55:33 - [] ----D C:\Users\dannywintjens\AppData\Local\noptixclient
O43 - CFD: 20-1-2015 - 0:15:15 - [] ----D C:\Users\dannywintjens\AppData\Local\Replex64
O43 - CFD: 18-9-2014 - 14:31:55 - [] ----D C:\Users\dannywintjens\AppData\Local\SLCacheViewer
O43 - CFD: 17-1-2015 - 22:19:49 - [] ----D C:\Users\dannywintjens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Road Construction Simulator
O43 - CFD: 16-11-2014 - 19:04:33 - [0] ----D C:\Users\dannywintjens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skyscraper
~ Program Folder: 385 Legitimates Filtered in 00mn 00s



---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44)
O44 - LFC:[MD5.6B420B15C5CF3A82D54B9A966A6E6E33] - 13-1-2015 - 22:28:35 ---A- . (...) -- C:\Windows\System32\nvinfo.pb   [27983]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18-1-2015 - 20:28:42 --HA- . (...) -- C:\asc_rdflag   [0]
O44 - LFC:[MD5.EB3A7BEAB44B1C3C1164BA3B88EEA0DA] - 18-1-2015 - 20:31:57 ---A- . (...) -- C:\zoek-results2015-01-18-193157.log   [71463]
O44 - LFC:[MD5.F177316DA4A8203CBC078E02AFE9585B] - 19-1-2015 - 13:02:32 ---A- . (...) -- C:\zoek-results2015-01-19-120232.log   [1067]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 19-1-2015 - 14:09:11 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]
O44 - LFC:[MD5.261547BEBE729B00632AE9597B52560E] - 19-1-2015 - 19:59:48 ---A- . (...) -- C:\zoek-results.log   [9822]
O44 - LFC:[MD5.C82B461322BCF268C148F57A6E59F07D] - 19-1-2015 - 5:15:53 ---A- . (...) -- C:\zoek-results2015-01-19-041553.log   [15915]
~ Files: 49 Legitimates Filtered in 00mn 01s



---\\ Controle van veilige Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s



---\\ Registersleutel Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{2cd445fe-7dd2-11e3-b7e6-806e6f6e6963}\AutoRun\command. (...) -- D:\autorun.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Opsomming van de registersleutel Hkey_local_machine\software\microsoft\shared (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent  [Key] . (.BitTorrent Inc. - µTorrent.) -- c:\users\dannywintjens\appdata\roaming\utorrent\utorrent.exe  =>P2P.BitTorrent
~ SMSR Keys: 12 Legitimates Filtered in 00mn 00s



---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Opsomming van de registersleutel PoliciesExplorer (CÖKVI) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Overzicht van de drivers (SDL) (O58)
O58 - SDL:2-6-2013 - 3:56:58 ---A- . (.Wondershare - Wondershare Virtual Audio Device.) -- C:\Windows\System32\Drivers\Apowersoft_AudioDevice.sys   [31920]
O58 - SDL:21-11-2014 - 13:52:33 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys   [29208]  =>.ALWIL Software
O58 - SDL:21-11-2014 - 13:52:33 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [65776]  =>.ALWIL Software
O58 - SDL:21-11-2014 - 13:52:33 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [267632]  =>.ALWIL Software
O58 - SDL:14-7-2009 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
O58 - SDL:10-6-2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [31232]
O58 - SDL:14-7-2009 - 2:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [24656]
O58 - SDL:5-11-2014 - 14:16:32 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0).) -- C:\Windows\System32\Drivers\tap0901.sys   [27136]
O58 - SDL:28-7-2014 - 13:52:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys   [54784]
O58 - SDL:7-5-2013 - 13:27:12 ---A- . (...) -- C:\Windows\System32\ambakdrv.sys   [30648]
O58 - SDL:7-5-2013 - 13:27:12 ---A- . (...) -- C:\Windows\System32\ammntdrv.sys   [151480]
O58 - SDL:6-2-2013 - 14:52:48 ---A- . (...) -- C:\Windows\System32\amwrtdrv.sys   [17848]
O58 - SDL:30-12-2014 - 10:17:12 ---A- . (.REALiX(tm) - HWiNFO AMD64 Kernel Driver.) -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS   [26528]
~ Drivers: 95 Legitimates Filtered in 00mn 00s



---\\ Lijst van cleaning tools (CLAB) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
O63 - Logiciel: RSIT - (.random/random.)
~ ADS:  Scanned in 00mn 00s



---\\ Overzicht met LEGACY services (LALS) (O64)
O64 - Services: CurCS - 21-11-2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 100 Legitimates Filtered in 00mn 00s



---\\ Bestandsassociaties mogelijk aangepast (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Startmenu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files (x86)\Safari\Safari.exe
~ Keys:  Scanned in 00mn 00s



---\\ Zoek "infecties in internetbrowsers (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
~ Keys:  Scanned in 00mn 00s



---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84)
[MD5.B321AD1B4206AD40CF429C300DF51BD5] [SPRF][24-2-2014] (...) -- C:\Users\dannywintjens\AppData\Roaming\poclbm120327GeForce GTX 680MXgv1w256l4.bin   [232838]
[MD5.376AED4E0DB4AB0D28D26D4FF389341D] [SPRF][5-1-2015] (...) -- C:\Users\dannywintjens\Desktop\LSLEditor.exe   [847872]
[MD5.8045ABB21A3BDD66A48E1ED5C0F0EF6A] [SPRF][18-1-2015] (...) -- C:\Users\dannywintjens\Desktop\RSITx64.exe   [1222144]
[MD5.F05299C77EE482369770DFB0A03B1548] [SPRF][3-11-2002] (.Addict Arts - VIV Editor.) -- C:\Users\dannywintjens\Desktop\VIVEdit.exe   [176128]
[MD5.92ABBC6E52E32F8F66684F90BF4A25CE] [SPRF][18-1-2015] (...) -- C:\Users\dannywintjens\Desktop\zoek.exe   [1295360]
[MD5.75CC542749CC1F30E5B8FB048721FC0B] [SPRF][30-8-2012] (...) -- C:\Program Files (x86)\update-walking-dead.bat   [81]
[MD5.B6070C8C36E44DAC093E075CA6FDE40C] [SPRF][17-12-2013] (...) -- C:\Program Files (x86)\update-walkingdead2.bat   [224]
[MD5.165CF1DED42920891572B655D61DAC99] [SPRF][23-5-2014] (...) -- C:\Program Files (x86)\update-watchdogs.bat   [224]
~ Files: 11 Legitimates Filtered in 00mn 00s



---\\ Lijst van uitzonderingen in de firewall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{0AADE4A0-620E-43FC-B677-C5AF06D30F04}C:\users\dannywintjens\appdata\roaming\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\dannywintjens\appdata\roaming\utorrent\utorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{DF8A4040-E9EC-4460-8C4D-890FE2256170}C:\users\dannywintjens\appdata\roaming\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\dannywintjens\appdata\roaming\utorrent\utorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{DD7A5FCE-8B78-4328-8941-C77A1FF3F11A}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\dannywintjens\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{E9C10F66-F64C-4B9C-8B8C-ACBE9FAF9BB8}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\dannywintjens\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 01s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{320AF880-6646-11D3-ABEE-C5DBF3571F49}] (SavePass)  =>PUP.CrossRider
~ BCK: 6336 Legitimates Filtered in 00mn 06s



---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt)
SS - | Demand 12-9-2014 64704 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Disabled 16-1-2015 267440 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 7-10-2014 60744 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Demand 30-8-2011 462184 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Demand 19-3-2013 98304 |  (FirebirdGuardianDefaultInstance) . (.Firebird Project.) - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
SS - | Demand 19-3-2013 3784704 |  (FirebirdServerDefaultInstance) . (.Firebird Project.) - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
SS - | Demand 11-8-2014 1432400 |  (FLEXnet Licensing Service 64) . (.Flexera Software, Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SS - | Demand 17-1-2014 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17-1-2014 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 1-9-2014 3885056 |  (HideMyIpSRV) . (.Hide My IP.) - C:\Program Files (x86)\Hide My IP 6\HideMyIpSRV.exe
SS - | Demand 15-10-2014 643880 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 2-1-2013 277784 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Demand 5-9-2014 11646768 |  (NIHardwareService) . (.Native Instruments GmbH.) - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
SS - | Demand 1-12-2014 38200 |  (OpenVPNService) . (.The OpenVPN Project.) - C:\Program Files\OpenVPN\bin\openvpnserv.exe
SS - | Demand 9-1-2015 1903472 |  (Origin Client Service) . (.Electronic Arts.) - C:\Program Files (x86)\Origin\OriginClientService.exe
SS - | Auto 11-12-2014 315496 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 10-7-1658 0 |  (Steam Client Service) . (...) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 2-1-2013 363800 |  (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 10-2-2013 12288 |  (Virtual Router) . (.Chris Pietschmann (http://pietschsoft.com).) - C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
SR - | Auto 4-11-2014 815392 |  (AdvancedSystemCareService8) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
SR - | Auto 16-1-2013 226144 |  (AppleOSSMgr) . (...) - C:\Windows\system32\AppleOSSMgr.exe
SR - | Auto 16-1-2013 94560 |  (AppleTimeSrv) . (.Apple Inc..) - C:\Windows\system32\AppleTimeSrv.exe
SR - | Auto 20-3-2014 50344 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 1-4-2014 109048 |  (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 30-9-2014 344896 |  (IMFservice) . (.IObit.) - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
SR - | Auto 21-11-2014 1871160 |  (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 21-11-2014 969016 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 13-12-2014 935240 |  (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 9-12-2014 186048 |  (Razer Game Scanner Service) . (...) - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
SR - | Auto 15-12-2014 5426448 |  (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
SR - | Auto 14-7-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10-7-1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 14-7-2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 07s



---\\ Extra scan (O88)
Database Version : 13008 - (18-1-2015)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 1

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]   =>P2P.BitTorrent^
[HKCR\CLSID\{320AF880-6646-11D3-ABEE-C5DBF3571F49}] (SavePass)   =>PUP.CrossRider^
~ Additionnel Scan: 1294271 Items scanned in 02mn 53s



---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/  =>.Internet Explorer, proxybeheer (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/  =>.Internet Explorer werkbalken (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/  =>.Toepassingen gestart door register &amp; bestand (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/  =>.Registersleutel Shell MountPoints2 (MPSK) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Samenvatting van detecties gevonden op uw werkstation
http://nicolascoolman.fr/hijacker-trovicom  =>Hijacker.TroviCom
http://nicolascoolman.fr/pup-crossrider  =>PUP.CrossRider
~ MSI: 2 link(s) detected in 00mn 00s



~ 1208 Legitimates filtered by white list
End of the scan (558 lines in 03mn 43s)(0)