~ Verslag van ZHPDiag v2015.1.18.7 - Nicolas Coolman (18-1-2015) ~ Gelanceerd door KristiAnne (20-1-2015 18:47:30) ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ Het adres van de webforum : http://forum.nicolascoolman.fr ~ Vertaald door de gebruiker ~ Staat van de versie : Bijgewerkte versie. ~ Lijst wit : Ingeschakeld door het programma ~ Tot misbruik van bevoegdheden : OK ~ Gebruikersaccountbeheer (UAC) : Deactivate by user ---\\ Internet-browsers MSIE: Internet Explorer v11.0.9600.17501 MFIE: Mozilla Firefox 35.0 (Defaut) ---\\ Windows productinformatie ~ Langage: Néerlandais Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK Software Protection Service (Protection logicielle) : KO Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Software om het systeem te beveiligen Avast Free Antivirus v10.0.2208 Malwarebytes Anti-Malware versie 2.0.4.1028 Windows Defender W7 (Activate) ---\\ Systeem optimalisatie software CCleaner v4.19 ---\\ Delen van software PeerToPeer ---\\ Software die extra aandacht behoeft Adobe Flash Player 15 Plugin ---\\ Informatie over het systeem ~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4095.2 MB (49% free) System Restore: Activé (Enable) System drive C: has 18 GB (7%) free of 226 GB ---\\ Verbinding met het systeem-modus ~ Computer Name: KRISTIANNE-PC ~ User Name: KristiAnne ~ All Users Names: Verjaardag, KristiAnne, HomeGroupUser$, Gast, Administrator, ~ Unselected Option: None Logged in as Administrator ---\\ Omgevingsvariabelen ~ System Unit : C:\ ~ %AppZHP% : C:\Users\KristiAnne\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\KristiAnne\AppData\Roaming\ ~ %Desktop% : C:\Users\KristiAnne\Desktop\ ~ %Favorites% : C:\Users\KristiAnne\Favorites\ ~ %LocalAppData% : C:\Users\KristiAnne\AppData\Local\ ~ %StartMenu% : C:\Users\KristiAnne\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Overzicht vaste en verwisselbare stations C: Hard drive, Flash drive, Thumb drive (Free 18 Go of 226 Go) D: Hard drive, Flash drive, Thumb drive (Free 43 Go of 226 Go) E: CD-ROM drive (Not Inserted) ---\\ Staat van het Windows Beveiligingscentrum [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified ~ Security Center: 49 Legitimates Filtered in 00mn 00s ---\\ Zoeken naar bepaalde algemene bestanden [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Verkenner.) (.25-2-2011 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14-7-2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.4AF089160FE082E5EA5C4AA72782DCA2] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.22-11-2014 - 2:28:21.) -- C:\Windows\System32\wininet.dll [2358272] [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.17-7-2014 - 3:07:24.) -- C:\Windows\System32\Winlogon.exe [455168] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.20-11-2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30-5-2014 - 7:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-7-2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-7-2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20-11-2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20-11-2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20-11-2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14-7-2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-7-2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-4-2011 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20-11-2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.24-1-2014 - 3:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14-7-2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20-11-2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-7-2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11-11-2014 - 2:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.20-11-2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Status van de verborgen bestanden (verborgen/totaal) ~ Mes images (My Pictures) : 2/20952 ~ Mes musiques (My Musics) : 2/280 ~ Mes Videos (My Videos) : 1/5 ~ Mes Favoris (My Favorites) : 1/165 ~ Mes Documents (My Documents) : 3/1820 ~ Mon Bureau (My Desktop) : 2/1076 ~ Menu demarrer (Programs) : 1/51 ~ Hidden Files: Scanned in 00mn 09s ---\\ Gestarte processen [MD5.C69BA1CF0DADD458E4ABA3F737285991] - (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [109784] [PID.3456] [MD5.3905B9467E35115C76466AA0A7426F8A] - (.FreeCall - Client to make VoIP calls..) -- C:\Program Files (x86)\FreeCall.com\FreeCall\FreeCall.exe [19827512] [PID.3480] [MD5.312C7978F0A42DB0475CE31D884DCE88] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [5227112] [PID.3668] [MD5.2EBE05FD8ECBA5F230FC26E534E91A11] - (.Citrix Systems, Inc. - Citrix Connection Center.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656] [PID.3676] [MD5.17D9622BFE68386E8C647C4C7F8FEA3E] - (.Citrix Systems, Inc. - Citrix FTA, URL Redirector.) -- C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992] [PID.3684] [MD5.E33A5DEC4567EFA268DD268BAA4E3FC0] - (.Citrix Systems, Inc. - Citrix Receiver Application.) -- C:\Program Files (x86)\Citrix\Receiver\Receiver.exe [1505608] [PID.3720] [MD5.657DD66775AA2516472AE9F91E8BB58A] - (.Citrix Systems, Inc. - Citrix Connection Manager.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe [928136] [PID.1844] [MD5.CB9C87514EF3D391CDE3AB8A33A6609C] - (.Citrix Systems, Inc. - Citrix Receiver.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe [54152] [PID.3240] [MD5.22A5AB0A62CFE32AA790C007E5BBBA63] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [338032] [PID.5960] [MD5.3C13F26A4766752314A5413038BD86B4] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [7229752] [PID.2552] [MD5.A24BFBAE8B50A6780B68FF3673FAB52F] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [815280] [PID.6104] [MD5.58F52FBF326EC6E98564F6A8F1AB604F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8155648] [PID.6828] [MD5.8B802B483CBDE06F62DBC04DC7AFAF8E] - (.Logitech Inc. - Logitech User mode UMVPF service.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640] [PID.1048] [MD5.E3F7EC811923F3F1A77B185F22638E5E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1412] [MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1836] [MD5.650D03E40F93FAE323CB841F80368E5C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [60744] [PID.1900] [MD5.D2D165DE63B8398BF74483207FB16CA1] - (...) -- C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe [1917832] [PID.1924] [MD5.1F79342D9EB530A48742F651E570983A] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176] [PID.1964] [MD5.EFCF6509E37E52329C5AF76D4E97F542] - (...) -- C:\Program Files (x86)\KPN\Mobiel Internet Software\LoggerServer.exe [294400] [PID.1972] [MD5.E4938E0A376CF0B9D989EE5C0A146891] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520] [PID.2024] [MD5.6227D8C06F94D4C59623AC661947CCD1] - (.Foxit Software Inc. - Foxit Cloud Safe Update Service.) -- C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [244448] [PID.1376] [MD5.816FD5A6F3C2F3D600900096632FC60E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [1150496] [PID.1572] [MD5.0BB29DE40C9D9529793DCDB59A43CF5B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160] [PID.2148] [MD5.0F5FAAC852DB4C340B7A2F187E3358B8] - (.Egis Technology Inc. - MyWinLocker Service.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [311592] [PID.2268] [MD5.BD691091AC7D9713D8F0B07C6B099E6C] - (.NewTech Infosystems, Inc. - Backup Manager Module.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [62208] [PID.2316] [MD5.EA569D48B2E755AF6D96F03F3335D98A] - (.Realtek - RtlService MFC Application.) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864] [PID.2388] [MD5.70DDE3A86DBEB1D6C3C30AD687B1877A] - (.Acer - Acer Update Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160] [PID.2500] [MD5.C47CDBB681656B57E830283C86CA990F] - (.Realtek Semiconductor Corp. - RtWLan ( For Vista / Win7) Application(Exte.) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe [1167360] [PID.3308] [MD5.51508F0C2476177E50C31B0BBFBF1BDB] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912] [PID.5768] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, start, zoeken, extensies (G0, G1, G2) C:\Users\KristiAnne\AppData\Local\Google\Chrome\User Data\Default\Preferences ---\\ Google Chrome extensie map ~ Google Lines Browser: 1 Legitimates Filtered in 00mn 00s ---\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3) C:\Users\KristiAnne\AppData\Roaming\Mozilla\Firefox\Profiles\f9las1fh.default\prefs.js ~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, proxybeheer (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts-bestand omleiding (O1) ~ Le fichier hôte est sain (The hosts file is clean) (0) ~ Hosts File: Scanned in 00mn 00s ---\\ Internet Explorer werkbalken (O3) O3 - Toolbar: &RoboForm Toolbar - [HKLM]{724d43a0-0d85-11d4-9908-00400523e39a} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Orphan sleutel O3 - Toolbar\WebBrowser: (no name) - [HKCU]{724D43A0-0D85-11D4-9908-00400523E39A} Orphan sleutel O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan sleutel ~ Toolbar: Scanned in 00mn 00s ---\\ Andere Verwijzigingen gebruikers (O4) O4 - GS\Desktop [Public]: BitComet.lnk . (.www.BitComet.com - BitComet - a BitTorrent Client.) -- D:\BitComet\BitComet.exe =>P2P.BitComet ~ Global Startup: 1 Legitimates Filtered in 00mn 04s ---\\ Toepassingen gestart door register & bestand (O4) O4 - HKCU\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd O4 - HKCU\..\Run: [FreeCall] . (.FreeCall - Client to make VoIP calls..) -- C:\Program Files (x86)\FreeCall.com\FreeCall\FreeCall.exe O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe O4 - HKLM\..\Wow6432Node\Run: [ConnectionCenter] . (.Citrix Systems, Inc. - Citrix Connection Center.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe O4 - HKLM\..\Wow6432Node\Run: [Redirector] . (.Citrix Systems, Inc. - Citrix FTA, URL Redirector.) -- C:\Program Files (x86)\Citrix\ICA Client\redirector.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-1279715118-3890717141-3735741419-1000\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe O4 - HKUS\S-1-5-21-1279715118-3890717141-3735741419-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd O4 - HKUS\S-1-5-21-1279715118-3890717141-3735741419-1000\..\Run: [FreeCall] . (.FreeCall - Client to make VoIP calls..) -- C:\Program Files (x86)\FreeCall.com\FreeCall\FreeCall.exe ~ Application: Scanned in 00mn 00s ---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9) O9 - Extra button: Formulieren Invullen [64Bits] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra button: Formulieren opslaan [64Bits] - {320AF880-6646-11D3-ABEE-C5DBF3571F49} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra button: RoboForm Werkbalk [64Bits] - {724d43aa-0d85-11d4-9908-00400523e39a} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Site in vertrouwde Zone d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] *.mijnknltb.nl ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ ActiveX-objecten (Downloaded Program Files) (O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Domeinadres van de DNS (O17) wijzigen O17 - HKLM\System\CCS\Services\Tcpip\..\{BC349176-666E-4CA8-BD8D-E45DF634016B}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{D57922AE-253F-462C-9105-A4A13244A62F}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{BC349176-666E-4CA8-BD8D-E45DF634016B}: DhcpDomain = fritz.box O17 - HKLM\System\CCS\Services\Tcpip\..\{D57922AE-253F-462C-9105-A4A13244A62F}: DhcpDomain = fritz.box O17 - HKLM\System\CS1\Services\Tcpip\..\{BC349176-666E-4CA8-BD8D-E45DF634016B}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{D57922AE-253F-462C-9105-A4A13244A62F}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{BC349176-666E-4CA8-BD8D-E45DF634016B}: DhcpDomain = fritz.box O17 - HKLM\System\CS1\Services\Tcpip\..\{D57922AE-253F-462C-9105-A4A13244A62F}: DhcpDomain = fritz.box O17 - HKLM\System\CS2\Services\Tcpip\..\{BC349176-666E-4CA8-BD8D-E45DF634016B}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{D57922AE-253F-462C-9105-A4A13244A62F}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{BC349176-666E-4CA8-BD8D-E45DF634016B}: DhcpDomain = fritz.box O17 - HKLM\System\CS2\Services\Tcpip\..\{D57922AE-253F-462C-9105-A4A13244A62F}: DhcpDomain = fritz.box O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 ~ Domain: Scanned in 00mn 00s ---\\ Aanvullend Protocol (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ AppInit_DLLs waarde en subsleutels Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Lijst van niet-Microsoft NT services die niet uitgeschakeld zijn (O23) O23 - Service: BecHelperService (BecHelperService) . (...) - C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) . (.Foxit Software Inc. - Foxit Cloud Safe Update Service.) - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe ~ Services: 16 Legitimates Filtered in 00mn 07s ---\\ Geeft een opsomming van de BootExecute (BEX) gegevens (O34) O34 - HKLM BootExecute: (bootdelete) - File not found ~ BEX: 2 Legitimates Filtered in 00mn 00s ---\\ Taken die zijn gepland in de automatische modus (O39) [MD5.00000000000000000000000000000000] [APT] [{112C4264-ADD4-4A94-9AEA-4CA081784210}] (...) -- C:\Program Files (x86)\Common Files\Symantec Shared\SymSetup\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}_15_0_0_58\Setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{11820ECE-C9A0-4903-AD9D-C8AE4A788A70}] (...) -- C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\ReStart.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{1694C47A-5345-4FC7-8FA2-8816F7BA30C2}] (...) -- H:\nieuwsgroepen\SetupFTD3.8.5.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{17D98DC6-515E-414B-832D-EED840F128A8}] (...) -- C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\ReStart.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{4C7C8BE5-876A-40D4-9CEE-76AD35735353}] (...) -- C:\Program Files (x86)\Kalypso Media\Tropico 4\Tropico4.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{7362B5E7-4890-4F57-9DEB-9990E4D64BF3}] (...) -- E:\autorun.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{808C9C01-BFCB-4AA2-BEE2-B9C777A0A2E5}] (...) -- C:\Program Files (x86)\Kalypso Media\Tropico 4\Tropico4.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{8E1CD8F5-7D1E-4375-85F1-C7F11AA039B5}] (...) -- E:\Oefenbestanden_PC-Gebruik_Excel_2007.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{A5E3B866-CB4E-4F7A-B997-8CD61801050E}] (...) -- C:\Program Files (x86)\Kalypso Media\Tropico 4\Tropico4.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{B429F31C-302F-4E99-976F-22EA44552EB6}] (...) -- E:\PL-X507\PL-X507 DRIVER.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{B4F7123C-B6D5-44BC-B4AB-E8BC2FDCBAAC}] (...) -- C:\Program Files (x86)\Kalypso Media\Tropico 4\Tropico4.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{CF5E2618-74FA-4563-B2FD-5675869F6989}] (...) -- C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\ReStart.exe (.not file.) [0] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [940] O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1279715118-3890717141-3735741419-1000Core [926] O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1279715118-3890717141-3735741419-1000UA [948] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056] ~ Scheduled Task: 32 Legitimates Filtered in 00mn 05s ---\\ Geïnstalleerde software (O42) O42 - Logiciel: Hema Fotoalbum - (.Hema.) [HKCU][64Bits] -- {83EF9202-135C-4AFC-A083-DE9D09C6BC46}_is1 ~ Logic: 20 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Birdstep Technology] [HKCU\Software\BitComet] =>P2P.BitComet [HKCU\Software\Computer Artworks] [HKCU\Software\FTDv3.8] [HKCU\Software\Full Tilt Poker] [HKCU\Software\Henzo] [HKCU\Software\IDLI] [HKCU\Software\NZBuddy] [HKCU\Software\Vlad] [HKCU\Software\WSSE] [HKCU\Software\ZAR] [HKCU\Software\coverXP] [HKLM\Software\FiveSphere] [HKLM\Software\MazFX] [HKLM\Software\Wow6432Node\Birdstep Technology] [HKLM\Software\Wow6432Node\CodedColor] [HKLM\Software\Wow6432Node\Computer Artworks] [HKLM\Software\Wow6432Node\FiveSphere] [HKLM\Software\Wow6432Node\Full Tilt Poker] [HKLM\Software\Wow6432Node\KPN] [HKLM\Software\Wow6432Node\MaxPower] [HKLM\Software\Wow6432Node\MazFX] [HKLM\Software\Wow6432Node\Spotnet] [HKLM\Software\Wow6432Node\Universal] [HKLM\Software\Wow6432Node\coverXP] [HKLM\Software\jumpshot.com] ~ Key Software: 311 Legitimates Filtered in 00mn 00s ---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43) O43 - CFD: 8-1-2014 - 20:08:36 - [] ----D C:\Program Files (x86)\Belastingdienst O43 - CFD: 30-12-2011 - 18:04:31 - [] ----D C:\Program Files (x86)\Computer Artworks O43 - CFD: 23-12-2011 - 21:17:28 - [] ----D C:\Program Files (x86)\coverXP O43 - CFD: 20-1-2015 - 18:42:46 - [] ---AD C:\Program Files (x86)\EliteUnzip_aaEI =>Adware.MyWebSearch O43 - CFD: 26-7-2011 - 19:41:37 - [] ----D C:\Program Files (x86)\FTD Watchdog O43 - CFD: 7-1-2013 - 16:39:45 - [] ----D C:\Program Files (x86)\Full Tilt Poker O43 - CFD: 14-7-2010 - 19:08:30 - [] ----D C:\Program Files (x86)\Henzo O43 - CFD: 24-10-2011 - 16:59:51 - [] ----D C:\Program Files (x86)\KPN O43 - CFD: 17-3-2014 - 15:54:31 - [] ----D C:\Program Files (x86)\PokerStars O43 - CFD: 24-5-2014 - 16:20:36 - [] ----D C:\Program Files (x86)\Spotnet O43 - CFD: 24-12-2011 - 1:33:58 - [] ----D C:\Program Files (x86)\TableNinja O43 - CFD: 3-4-2010 - 14:55:28 - [] ----D C:\Program Files (x86)\TrackMaker O43 - CFD: 29-1-2011 - 16:17:05 - [] ----D C:\Program Files (x86)\ZAR O43 - CFD: 24-10-2011 - 21:23:50 - [] ----D C:\ProgramData\Birdstep Technology O43 - CFD: 14-7-2010 - 19:29:28 - [] ----D C:\ProgramData\CodedColor Common O43 - CFD: 23-5-2011 - 18:56:12 - [] --H-D C:\ProgramData\D200901B9FAC42F3919E4E3E4A915B0A O43 - CFD: 28-10-2014 - 21:41:41 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 O43 - CFD: 14-7-2010 - 19:08:49 - [] ----D C:\ProgramData\Henzo O43 - CFD: 24-5-2014 - 16:22:06 - [] ----D C:\ProgramData\Spotnet O43 - CFD: 23-5-2011 - 18:56:29 - [] ----D C:\ProgramData\SystemProfile O43 - CFD: 23-5-2011 - 18:56:12 - [] --H-D C:\ProgramData\SystemTask O43 - CFD: 9-6-2014 - 11:52:49 - [] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} O43 - CFD: 23-1-2011 - 15:34:07 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner O43 - CFD: 8-1-2014 - 20:08:37 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belastingdienst O43 - CFD: 16-11-2014 - 22:25:19 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet =>P2P.BitComet O43 - CFD: 8-6-2014 - 22:57:44 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codec Pack O43 - CFD: 23-12-2011 - 21:17:23 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\coverXP O43 - CFD: 8-6-2014 - 22:57:44 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FTDv3.8 O43 - CFD: 14-7-2010 - 19:08:44 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Henzo O43 - CFD: 24-10-2011 - 21:22:49 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KPN O43 - CFD: 14-7-2009 - 8:44:38 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 30-12-2011 - 18:05:08 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Thing O43 - CFD: 9-3-2014 - 19:55:08 - [] ----D C:\Users\KristiAnne\AppData\Roaming\Belastingdienst O43 - CFD: 24-10-2011 - 21:23:50 - [] ----D C:\Users\KristiAnne\AppData\Roaming\Birdstep Technology O43 - CFD: 15-11-2014 - 21:49:46 - [] ----D C:\Users\KristiAnne\AppData\Roaming\HYXDevPsnList O43 - CFD: 14-7-2010 - 19:24:05 - [] ----D C:\Users\KristiAnne\AppData\Roaming\PrintKiosk O43 - CFD: 9-6-2014 - 11:39:12 - [] ----D C:\Users\KristiAnne\AppData\Roaming\ProductData O43 - CFD: 24-5-2014 - 16:19:25 - [] ----D C:\Users\KristiAnne\AppData\Roaming\Spotnet O43 - CFD: 30-10-2014 - 20:35:11 - [] ----D C:\Users\KristiAnne\AppData\Local\01B3D0B3-2D2A-463B-9150-A42F8CCA4681.aplzod O43 - CFD: 13-11-2014 - 10:43:34 - [] -SH-D C:\Users\KristiAnne\AppData\Local\EmieBrowserModeList O43 - CFD: 1-1-2013 - 17:33:08 - [] ----D C:\Users\KristiAnne\AppData\Local\FullTiltPoker O43 - CFD: 27-8-2013 - 22:08:31 - [] ----D C:\Users\KristiAnne\AppData\Local\Hema Fotoalbum O43 - CFD: 14-7-2010 - 19:08:55 - [] ----D C:\Users\KristiAnne\AppData\Local\HenzoXL O43 - CFD: 17-3-2014 - 15:54:27 - [] ----D C:\Users\KristiAnne\AppData\Local\PokerStars.EU O43 - CFD: 24-5-2014 - 16:22:18 - [] ----D C:\Users\KristiAnne\AppData\Local\Spotnet O43 - CFD: 23-12-2011 - 21:17:23 - [] ----D C:\Users\KristiAnne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\coverXP O43 - CFD: 8-1-2014 - 20:27:25 - [] ----D C:\Users\KristiAnne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup O43 - CFD: 27-8-2013 - 22:08:21 - [] ----D C:\Users\KristiAnne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hema Fotoalbum ~ Program Folder: 369 Legitimates Filtered in 00mn 01s ---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44) O44 - LFC:[MD5.A318E3D50090765F50B25C833B403F2C] - 19-1-2015 - 11:17:22 ---A- . (...) -- C:\zoek-results2015-01-19-101722.log [59137] O44 - LFC:[MD5.B739BAB07E0E70F2C807F43278D145C3] - 19-1-2015 - 12:59:32 ---A- . (...) -- C:\zoek-results2015-01-19-115932.log [49450] O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 19-1-2015 - 13:32:12 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064] O44 - LFC:[MD5.BA1A376DFC9D10A2B27B50F40160DD13] - 19-1-2015 - 16:50:32 ---A- . (...) -- C:\zoek-results.log [20454] O44 - LFC:[MD5.F3544A2BDF3C02F676890E64E766F64A] - 20-1-2015 - 9:35:27 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [9920] O44 - LFC:[MD5.F3544A2BDF3C02F676890E64E766F64A] - 20-1-2015 - 9:35:27 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [9920] ~ Files: 23 Legitimates Filtered in 00mn 02s ---\\ Laatste bestanden die zijn gemaakt in Windows Prefetcher (O45) O45 - LFCP:[MD5.44B8365918FF4FDC37234CE1906BB70A] - 20-1-2015 - 18:43:55 ---A- - C:\Windows\Prefetch\ELITEUNZIP.EXE-7ABBD399.pf =>Adware.MyWebSearch ~ Prefetcher: 1 Legitimates Filtered in 00mn 00s ---\\ Registersleutel Shell MountPoints2 (MPSK) (O51) O51 - MPSK:{4b7cbaab-fe7c-11e0-a3ce-001f16f5680a}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.) O51 - MPSK:{4b7cbaae-fe7c-11e0-a3ce-001f16f5680a}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.) O51 - MPSK:{4b7cbae9-fe7c-11e0-a3ce-001f16f5680a}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Opsomming van de registersleutel Hkey_local_machine\software\microsoft\shared (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\FreeCall [Key] . (.FreeCall - Client to make VoIP calls..) -- C:\Program Files (x86)\FreeCall.com\FreeCall\FreeCall.exe ~ SMSR Keys: 20 Legitimates Filtered in 00mn 00s ---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Opsomming van de registersleutel PoliciesExplorer (CÖKVI) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 9 Legitimates Filtered in 00mn 00s ---\\ Overzicht van de drivers (SDL) (O58) O58 - SDL:18-12-2014 - 17:29:11 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software O58 - SDL:18-12-2014 - 17:29:11 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software O58 - SDL:18-12-2014 - 17:29:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [267632] =>.ALWIL Software O58 - SDL:14-7-2009 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:2-6-2014 - 15:20:26 ---A- . (.Windows (R) Win 7 DDK provider - GridinSoft Trojan Killer Mini-Filter Driver.) -- C:\Windows\System32\Drivers\gtkdrv.sys [16640] O58 - SDL:10-6-2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:7-5-2010 - 18:43:30 ---A- . (...) -- C:\Windows\System32\Drivers\LVPr2M64.sys [30304] O58 - SDL:2-3-2011 - 17:23:40 ---A- . (.MBB Incorporated - CDROM Filter.) -- C:\Windows\System32\Drivers\massfilter.sys [11776] O58 - SDL:9-12-2012 - 16:13:21 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824] O58 - SDL:14-7-2009 - 2:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] O58 - SDL:15-8-2014 - 23:35:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784] O58 - SDL:23-7-2005 - 9:24:58 R--A- . (.General - USB Storage Driver.) -- C:\Windows\SysWOW64\drivers\geneuide.sys [22260] ~ Drivers: 93 Legitimates Filtered in 00mn 13s ---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61) O61 - LFC: 19-1-2015 - 18:48:27 ---A- . (...) -- C:\Users\KristiAnne\Desktop\adwcleaner_4.108.exe [2186752] O61 - LFC: 20-1-2015 - 18:48:27 ---A- . (...) -- C:\Users\KristiAnne\Desktop\EliteUnzip.exe [443264] =>Adware.MyWebSearch ~ 33 Fichiers temporaires (Temporary files) ~ 346 Fichiers cookies (Cookies files) ~ Files: 7 Legitimates Filtered in 00mn 02s ---\\ Lijst van cleaning tools (CLAB) (O63) O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman O63 - Logiciel: RSIT - (.random/random.) ~ ADS: Scanned in 00mn 00s ---\\ Overzicht met LEGACY services (LALS) (O64) O64 - Services: CurCS - 18-12-2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID O64 - Services: CurCS - 20-1-2015 - C:\Windows\system32\drivers\MBAMSwissArmy.sys (MBAMSwissArmy) .(.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - LEGACY_MBAMSWISSARMY ~ Legacy: 112 Legitimates Filtered in 00mn 00s ---\\ Startmenu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\program files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Zoek "infecties in internetbrowsers (SBI) (O69) O69 - SBI: prefs.js [KristiAnne - f9las1fh.default] user_pref("extensions.wrc.SearchRules.google.com.style", ".WRCN {display:none} .r .WRCN, .osl .WRCN, .bc .WRCN, .fc .WRCN, #rhslin[...] =>Toolbar.Ask O69 - SBI: prefs.js [KristiAnne - f9las1fh.default] user_pref("extensions.wrc.SearchRules.google.com.url", "^http(s)?\\:\\/\\/((.)+\\.)?google\\.(com|[a-z\\.]{2,})\\/(.)*"); =>Toolbar.Ask O69 - SBI: prefs.js [KristiAnne - f9las1fh.default] user_pref("extensions.wrc.SearchRules.public.avast.com.style", ".WRCN {display:inline; background: url(\"IMAGE\") right no-repeat}[...] =>Toolbar.Ask O69 - SBI: prefs.js [KristiAnne - f9las1fh.default] user_pref("extensions.wrc.SearchRules.public.avast.com.url", "^http(s)?\\:\\/\\/public\\.avast\\.com\\/(.)*"); =>Toolbar.Ask O69 - SBI: prefs.js [KristiAnne - f9las1fh.default] user_pref("extensions.wrc.SearchRules.seznam.cz.style", ".WRCN {display:none} #results .WRCN, .sklik-title > .WRCN {display:inline[...] =>Toolbar.Ask O69 - SBI: prefs.js [KristiAnne - f9las1fh.default] user_pref("extensions.wrc.SearchRules.seznam.cz.url", "^http(s)?\\:\\/\\/search\\.seznam\\.cz\\/(.)*"); =>Toolbar.Ask O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKUS\S-1-5-19] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKUS\S-1-5-20] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84) [MD5.EB734492856AA5225B1FD258DBF2E25E] [SPRF][30-1-2011] (...) -- C:\Users\KristiAnne\AppData\Roaming\mdb.bin [3665] [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][6-3-2010] (...) -- C:\Users\KristiAnne\AppData\Roaming\wklnhst.dat [0] [MD5.6EA377DA154B0111D59AE70C35F9864E] [SPRF][19-1-2015] (.No owner - Aut2Exe.) -- C:\Users\KristiAnne\Desktop\adwcleaner_4.108.exe [2186752] [MD5.6EE366C8FB42431E29413D1DD6EDFA6A] [SPRF][17-11-2014] (...) -- C:\Users\KristiAnne\Desktop\cc_20141117_143546.reg [137016] [MD5.31E1690358107191E4C4249A5F81B4C2] [SPRF][17-1-2015] (...) -- C:\Users\KristiAnne\Desktop\cc_20150117_231704.reg [22468] [MD5.02EBC1AFA28CC46B092A8A5F960BB417] [SPRF][20-1-2015] (...) -- C:\Users\KristiAnne\Desktop\EliteUnzip.exe [443264] =>Adware.MyWebSearch [MD5.0C551B004AAA6E53E9FA96ED74276DF6] [SPRF][23-7-2014] (.PortableApps.com - VLC Media Player Portable.) -- C:\Users\KristiAnne\Desktop\VLCPortable_2-0-5-paf.exe [23553112] [MD5.2C0D23DDB20B92B938499A59630BAED3] [SPRF][7-12-2014] (...) -- C:\Users\KristiAnne\Desktop\zoek.exe.com [1429293] ~ Files: 12 Legitimates Filtered in 00mn 03s ---\\ Zoek 'infection Rogue (SRI) (O86) O43 - CFD: 23-5-2011 - 18:56:12 - [] --H-D C:\ProgramData\D200901B9FAC42F3919E4E3E4A915B0A ~ Files: Scanned in 00mn 00s ---\\ Lijst van uitzonderingen in de firewall (FirewallRules) (O87) O87 - FAEL: "{DF2BAA0C-FE48-4BFF-A79A-17D74EFFD7AB}" | In - Private - P6 - TRUE | .(.www.BitComet.com - BitComet - a BitTorrent Client.) -- D:\BitComet\BitComet.exe =>P2P.BitComet O87 - FAEL: "{520999D2-CC46-48B4-B8B8-F832D1AD7FB6}" | In - Private - P17 - TRUE | .(.www.BitComet.com - BitComet - a BitTorrent Client.) -- D:\BitComet\BitComet.exe =>P2P.BitComet O87 - FAEL: "{D62089DB-B5F3-4F12-B756-6A21293BB5F8}" | In - Public - P6 - TRUE | .(.www.BitComet.com - BitComet - a BitTorrent Client.) -- D:\BitComet\BitComet.exe =>P2P.BitComet O87 - FAEL: "{023300F8-DB4A-49FF-AE8C-87168B6A2866}" | In - Public - P17 - TRUE | .(.www.BitComet.com - BitComet - a BitTorrent Client.) -- D:\BitComet\BitComet.exe =>P2P.BitComet ~ Firewall: 4 Legitimates Filtered in 00mn 02s ---\\ Search CLSID Registry Key (O101) [HKCR\CLSID\{320AF880-6646-11D3-ABEE-C5DBF3571F49}] (SavePass) =>PUP.CrossRider ~ BCK: 4484 Legitimates Filtered in 00mn 08s ---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt) SS - | Demand 12-11-2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 21-10-2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 21-10-2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 21-8-2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Auto 5-6-2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe SS - | Demand 15-10-2014 643880 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 8-2-2013 359664 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe SS - | Demand 15-1-2010 227232 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe SS - | Demand 17-1-2015 114800 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 28-7-2009 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe SS - | Auto 3-4-2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SR - | Auto 18-12-2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 2-7-2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 7-10-2014 60744 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 18-12-2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 2-3-2011 1917832 | (BecHelperService) . (...) - C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe SR - | Auto 28-10-2014 244448 | (FoxitCloudUpdateService) . (.Foxit Software Inc..) - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe SR - | Auto 4-6-2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe SR - | Auto 21-11-2014 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe SR - | Auto 6-8-2009 311592 | (MWLService) . (.Egis Technology Inc..) - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe SR - | Auto 12-8-2009 62208 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe SR - | Auto 16-4-2010 36864 | (Realtek11nSU) . (.Realtek.) - C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe SR - | Auto 1-4-2011 428640 | (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe SR - | Auto 4-7-2009 240160 | (Updater Service) . (.Acer.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe SR - | Auto 14-7-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 10-7-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14-7-2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 10s ---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80) Run by KristiAnne at 20-1-2015 18:50:29 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80) Written by ad13, http://ad13.geekstog Run by KristiAnne at 20-1-2015 18:50:31 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Lijst van CD/DVD emulators (MBR Hook) O58 - SDL:9-12-2012 - 16:13:21 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824] ~ Emulateurs: Scanned in 00mn 02s ---\\ Extra scan (O88) Database Version : 13008 - (18-1-2015) Clés trouvées (Keys found) : 2 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 3 [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^ C:\Program Files (x86)\EliteUnzip_aaEI =>Adware.MyWebSearch^ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet =>P2P.BitComet^ [HKCU\Software\BitComet] =>P2P.BitComet^ C:\Users\KristiAnne\Desktop\EliteUnzip.exe =>Adware.MyWebSearch^ [HKCR\CLSID\{320AF880-6646-11D3-ABEE-C5DBF3571F49}] (SavePass) =>PUP.CrossRider^ ~ Additionnel Scan: 383110 Items scanned in 00mn 34s ---\\ Additional information about modules ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, proxybeheer (R5) ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer werkbalken (O3) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Toepassingen gestart door register & bestand (O4) ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Registersleutel Shell MountPoints2 (MPSK) (O51) ~ AMI: 4 Legitimates Filtered in 00mn 00s ---\\ Samenvatting van detecties gevonden op uw werkstation http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM ~ MSI: 4 link(s) detected in 00mn 00s ~ 1163 Legitimates filtered by white list End of the scan (640 lines in 03mn 36s)(0)