~ Verslag van ZHPDiag v2015.1.24.9 - Nicolas Coolman (24/01/2015) ~ Gelanceerd door francist (25/01/2015 13:02:19) ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ Het adres van de webforum : http://forum.nicolascoolman.fr ~ Vertaald door de gebruiker ~ Staat van de versie : Aktualisierte Version. ~ Lijst wit : Ingeschakeld door het programma ~ Tot misbruik van bevoegdheden : OK ~ Gebruikersaccountbeheer (UAC) : Activate by user ---\\ Internet-browsers MSIE: Internet Explorer v11.0.9600.17501 (Defaut) MFIE: Mozilla Firefox 33.0.3 GCIE: Google Chrome v37.0.2062.124 OPIE: Opera vStable 26.0.1656.60 ---\\ Windows productinformatie ~ Langage: Néerlandais Windows 7 Professional, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : Absent (Not found) Windows ID Activation : Inconnue (Unknown) Windows Licence : Inconnue (Unknown) Software Protection Service (Protection logicielle) : KO Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Software om het systeem te beveiligen AVG 2015 v15.0.4273 Malwarebytes Anti-Malware versie 2.0.4.1028 Windows Defender W7 (Deactivate) ---\\ Systeem optimalisatie software CCleaner v4.19 ---\\ Delen van software PeerToPeer ---\\ Software die extra aandacht behoeft Adobe Flash Player 16 NPAPI Adobe Reader XI ---\\ Informatie over het systeem ~ Processor: x86 Family 16 Model 2 Stepping 3, AuthenticAMD ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2814 MB (51% free) System Restore: Activé (Enable) System drive C: has 364 GB (78%) free of 466 GB ---\\ Verbinding met het systeem-modus ~ Computer Name: FRANCIS ~ User Name: francist ~ All Users Names: HomeGroupUser$, Gast, francist, Administrator, ~ Unselected Option: None Logged in as Administrator ---\\ Omgevingsvariabelen ~ System Unit : C:\ ~ %AppZHP% : C:\Users\francist\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\francist\AppData\Roaming\ ~ %Desktop% : C:\Users\francist\Desktop\ ~ %Favorites% : C:\Users\francist\Favorites\ ~ %LocalAppData% : C:\Users\francist\AppData\Local\ ~ %StartMenu% : C:\Users\francist\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Overzicht vaste en verwisselbare stations C: Hard drive, Flash drive, Thumb drive (Free 364 Go of 466 Go) D: Hard drive, Flash drive, Thumb drive (Free 221 Go of 349 Go) E: CD-ROM drive (Not Inserted) ---\\ Staat van het Windows Beveiligingscentrum [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified ~ Security Center: 49 Legitimates Filtered in 00mn 00s ---\\ Zoeken naar bepaalde algemene bestanden [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Verkenner.) (.25/02/2011 - 6:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14/07/2009 - 2:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.5E4E0E43E0A5BF9F089696DFA7A3D677] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.22/11/2014 - 2:00:20.) -- C:\Windows\System32\wininet.dll [1888256] [MD5.52449FD429D6053B78AE564DEF303870] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.17/07/2014 - 2:39:27.) -- C:\Windows\System32\Winlogon.exe [304128] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.20/11/2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 7:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 2:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 0:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14/07/2009 - 0:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 0:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 3:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.24/01/2014 - 3:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14/07/2009 - 0:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 0:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 22:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 0:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.7FE680A3DFA421C4A8E4879AE4C5AAB0] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 2:32:14.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 00s ---\\ Status van de verborgen bestanden (verborgen/totaal) ~ Mes images (My Pictures) : 1/7 ~ Mes musiques (My Musics) : 1/20 ~ Mes Videos (My Videos) : 1/3 ~ Mes Favoris (My Favorites) : 1/25 ~ Mes Documents (My Documents) : 1/240 ~ Mon Bureau (My Desktop) : 3/1058 ~ Menu demarrer (Programs) : 1/34 ~ Hidden Files: Scanned in 00mn 01s ---\\ Gestarte processen [MD5.7E713E2ED0226EA82E97A630684115BE] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2015\avgui.exe [3667472] [PID.3976] [MD5.F00A74241943E58F3795291BC3AF0853] - (.Realtek Semiconductor - Realtek HD Audio configuratie.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464] [PID.3992] [MD5.6403C8BC755EDCF90A0D1E8B20E586A3] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [296520] [PID.4000] [MD5.20989BBD2114539B5C21948E94F6E11E] - (.No owner - RealDownloader.) -- C:\Program Files\RealNetworks\RealDownloader\downloader2.exe [560192] [PID.4012] [MD5.7E27D9F63364EF7CE4F06DB73A9CC5EB] - (.AMD - HydraDM.) -- C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216] [PID.4020] [MD5.B570BA44DDE76CCC95B96F326B9B990C] - (.RealNetworks, Inc. - RealPlayer Cloud Service UI.) -- C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe [824416] [PID.2148] [MD5.9673736471643D5E6D75BB8319589720] - (.TechSmith Corporation - Snagit.) -- C:\Program Files\TechSmith\Snagit 11\Snagit32.exe [9479536] [PID.2708] [MD5.C64E9B1C9EA057DCECDCB98F34377811] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe [228552] [PID.2908] [MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe [10376704] [PID.3044] [MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin [10368512] [PID.3228] [MD5.870893F2365CA9D91D2AC7C0BD391868] - (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe [4826904] [PID.3748] [MD5.812C5A0ABB4A254CD4EBA9D03B0CDB6E] - (.TechSmith Corporation - Snagit RPC Helper.) -- C:\Program Files\TechSmith\Snagit 11\SnagPriv.exe [105328] [PID.4544] [MD5.A24BFBAE8B50A6780B68FF3673FAB52F] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [815280] [PID.5404] [MD5.ABDFC60B9B0EB79E729EEC6EB5B763D3] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_16_0_0_287_ActiveX.exe [960176] [PID.5892] [MD5.24A091B9A97E9B323B6CE8278B547B20] - (.Microsoft Corporation - Microsoft Spell Checking Facility.) -- C:\Windows\System32\MsSpellCheckingFacility.exe [667648] [PID.2500] [MD5.3058D224A8424E1CF9B0E9889CAC707C] - (.Oki Data Corporation - Status Monitor.) -- C:\Program Files\Okidata\OKI C3200 Status Monitor\OPSTM010.exe [344064] [PID.3348] [MD5.B2C418B16792E227BF6D18C7261ABCD9] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8161792] [PID.7668] [MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.7988] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, start, zoeken, extensies (G0, G1, G2) C:\Users\francist\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Winkel v.0.2 (Activé) G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé) G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé) G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé) ---\\ Google Chrome extensie map ~ Google Lines Browser: 17 Legitimates Filtered in 00mn 01s ---\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3) P2 - FPN: [HKCU] [vasco.com/VascoCardReaderPlugin] - (.VASCO Data Security - VASCO Card Reader Plugin.) -- C:\Users\francist\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin.dll ~ Firefox Browser: 20 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, start, zoeken, URLSearchHook, Phishing (R0, R1, R3, R4) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.) ~ IE Browser: 12 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, proxybeheer (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts-bestand omleiding (O1) ~ Le fichier hôte est sain (The hosts file is clean) (21) ~ Hosts File: Scanned in 00mn 00s ---\\ Andere Verwijzigingen gebruikers (O4) O4 - GS\TaskBar [francist]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://be-aaa.s3-website-eu-west-1.amazonaws.com =>Hijacker.Browsers O4 - GS\Program [francist]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://be-aaa.s3-website-eu-west-1.amazonaws.com =>Hijacker.Browsers ~ Global Startup: 2 Legitimates Filtered in 00mn 01s ---\\ Toepassingen gestart door register & bestand (O4) O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2015\avgui.exe O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe =>.Advanced Micro Devices, Inc O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio configuratie.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files\real\realplayer\Update\realsched.exe =>.RealNetworks, Inc O4 - HKLM\..\Run: [RealDownloader] . (.No owner - RealDownloader.) -- C:\Program Files\RealNetworks\RealDownloader\downloader2.exe O4 - HKCU\..\Run: [HydraVisionDesktopManager] . (.AMD - HydraDM.) -- C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (.not file.) O4 - HKUS\S-1-5-21-3730078115-3281393171-2249441152-1000\..\Run: [HydraVisionDesktopManager] . (.AMD - HydraDM.) -- C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe O4 - HKUS\S-1-5-21-3730078115-3281393171-2249441152-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd O4 - HKUS\S-1-5-21-3730078115-3281393171-2249441152-1000\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (.not file.) ~ Application: Scanned in 00mn 00s ---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9) O9 - Extra button: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Domeinadres van de DNS (O17) wijzigen O17 - HKLM\System\CCS\Services\Tcpip\..\{E8245742-A29F-4910-900A-425A4787F08C}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{E8245742-A29F-4910-900A-425A4787F08C}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{E8245742-A29F-4910-900A-425A4787F08C}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 ~ Domain: Scanned in 00mn 00s ---\\ Aanvullend Protocol (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML-viewer.) -- C:\Windows\System32\mshtml.dll O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Lijst van niet-Microsoft NT services die niet uitgeschakeld zijn (O23) O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) . (...) - C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe ~ Services: 13 Legitimates Filtered in 00mn 03s ---\\ Taken die zijn gepland in de automatische modus (O39) [MD5.EEF3F22892837F327BD609CDDB0961C4] [APT] [Opera scheduled Autoupdate 1378240423] (.Opera Software.) -- C:\Program Files\Opera\launcher.exe [466040] [MD5.00000000000000000000000000000000] [APT] [{2E3BC6B7-6C96-4940-8B7E-BF505AA17EFA}] (...) -- C:\Users\francist\AppData\Roaming\mystartsearch\UninstallManager.exe (.not file.) [0] =>PUP.StartSearch [MD5.00000000000000000000000000000000] [APT] [{DDBD2AD1-B132-4D7F-9DA3-442165275904}] (...) -- C:\Program Files\SearchProtect\Main\bin\uninstall.exe (.not file.) [0] =>PUP.SearchProtect [MD5.00000000000000000000000000000000] [APT] [{E2D57E2C-544E-4C2B-89DF-3B5A9EF8E7FB}] (...) -- C:\ProgramData\YoutUBeAdBloacke\hKhwxoeNlMg1699.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{FCC2367D-24A1-490C-B2C4-CFC8ABC4CA51}] (...) -- C:\Program Files\YouTube Accelerator\YTAUninstall.exe (.not file.) [0] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [940] O39 - APT: - (..) -- C:\Windows\Tasks\DriverToolkit Autorun.job [352] ~ Scheduled Task: 17 Legitimates Filtered in 00mn 03s ---\\ Geïnstalleerde software (O42) O42 - Logiciel: E-Peek - (.E Dev.) [HKLM] -- {1CA0A028-0070-4E39-9450-9E7672FA3451} O42 - Logiciel: Stuurprogrammapakket voor Windows - Fedict SmartCard (03/25/2014 4.0.7.4) - (.Fedict.) [HKLM] -- B02255EDA75F867B4D85C5A5D23E13D9EF71E8AE O42 - Logiciel: USB Audio/Video Driver - (...) [HKLM] -- InstallShield_{015C057F-D7B9-4D82-B266-FBCF0178F382} O42 - Logiciel: VASCO Card Reader Plug-In (32-Bit) - (.VASCO Data Security.) [HKLM] -- {47659F12-27AE-3200-9B8A-2BD803020302} ~ Logic: 14 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Fonts101] [HKCU\Software\Linkey] =>PUP.LinkeySearch [HKCU\Software\OKI] [HKCU\Software\VASCO] [HKCU\Software\tinapcit] [HKLM\Software\E Dev] [HKLM\Software\SiteFinder] =>Adware.ShoppingReport [HKLM\Software\Universal] ~ Key Software: 203 Legitimates Filtered in 00mn 00s ---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43) O43 - CFD: 12/10/2014 - 9:45:58 - [] ----D C:\Program Files\Ares O43 - CFD: 29/06/2014 - 13:09:27 - [] ----D C:\Program Files\BeID Minidriver O43 - CFD: 23/01/2015 - 17:38:43 - [] ----D C:\Program Files\E Dev O43 - CFD: 25/06/2014 - 16:12:13 - [] ----D C:\ProgramData\OPHC O43 - CFD: 29/06/2014 - 13:09:54 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID O43 - CFD: 12/04/2011 - 5:57:03 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 23/01/2015 - 17:38:46 - [] ----D C:\Users\francist\AppData\Roaming\E Dev O43 - CFD: 3/09/2013 - 11:26:36 - [] ----D C:\Users\francist\AppData\Roaming\OPHC O43 - CFD: 11/10/2014 - 18:17:37 - [] ----D C:\Users\francist\AppData\Roaming\rmi O43 - CFD: 25/06/2014 - 16:33:42 - [] ----D C:\Users\francist\AppData\Roaming\VASCO O43 - CFD: 17/07/2014 - 21:38:37 - [] ----D C:\Users\francist\AppData\Local\Ares O43 - CFD: 12/11/2014 - 7:40:20 - [] -SH-D C:\Users\francist\AppData\Local\EmieBrowserModeList O43 - CFD: 9/10/2013 - 15:10:24 - [] ----D C:\Users\francist\AppData\Local\VHS to DVD O43 - CFD: 21/11/2014 - 16:53:50 - [] ----D C:\Users\francist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftKey ~ Program Folder: 205 Legitimates Filtered in 00mn 00s ---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44) O44 - LFC:[MD5.426D92ED5FC2175661E2903D721E130F] - 22/01/2015 - 9:56:46 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [31088] O44 - LFC:[MD5.426D92ED5FC2175661E2903D721E130F] - 22/01/2015 - 9:56:46 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [31088] O44 - LFC:[MD5.2995ABB31222F1F0AFB3A124CC2906CD] - 23/01/2015 - 18:51:01 ---A- . (...) -- C:\zoek-results2015-01-23-175101.log [70785] O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 25/01/2015 - 11:07:52 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064] O44 - LFC:[MD5.0AFDABFB52DB3A676DC78D11B4985D1C] - 25/01/2015 - 11:27:34 ---A- . (...) -- C:\zoek-results.log [23371] ~ Files: 31 Legitimates Filtered in 00mn 02s ---\\ Activiteiten en functies bij het opstarten van Windows Verkenner (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Overzicht van de drivers (SDL) (O58) O58 - SDL:14/07/2009 - 2:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712] O58 - SDL:14/05/2008 - 18:32:42 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Driver.) -- C:\Windows\System32\Drivers\emBDA.sys [535040] O58 - SDL:14/05/2008 - 18:32:24 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Lower filter.) -- C:\Windows\System32\Drivers\emOEM.sys [286208] O58 - SDL:13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624] O58 - SDL:28/11/2013 - 1:24:18 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [108000] O58 - SDL:26/01/2011 - 10:31:28 ---A- . (.Windows (R) Win 7 DDK provider - Analog Tuner Sample.) -- C:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [805888] O58 - SDL:22/01/2014 - 8:52:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [88576] O58 - SDL:22/01/2014 - 8:52:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [184192] O58 - SDL:14/07/2009 - 2:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072] O58 - SDL:13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] ~ Drivers: 85 Legitimates Filtered in 00mn 01s ---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61) O61 - LFC: 22/01/2015 - 13:02:45 ---A- . (.Megaify Software.) -- C:\Users\francist\Downloads\Programs\driver_setup.exe [2448688] O61 - LFC: 23/01/2015 - 13:02:43 ---A- . (...) -- C:\Users\francist\AppData\Local\Microsoft\Internet Explorer\UrlBlockManager\urlblocklist.bin [0] O61 - LFC: 23/01/2015 - 13:02:45 ---A- . (...) -- C:\Users\francist\Downloads\Programs\RSIT_2.exe [1107968] O61 - LFC: 23/01/2015 - 13:02:45 ---A- . (.E Dev.) -- C:\Users\francist\Downloads\Programs\setupE-Peek.exe [13842597] O61 - LFC: 23/01/2015 - 13:02:46 ---A- . (...) -- C:\Users\francist\Downloads\Programs\zoek_3.exe [1295360] O61 - LFC: 25/01/2015 - 13:02:46 ---A- . (...) -- C:\Users\francist\Downloads\Programs\zoek_2.exe [1295360] ~ 26 Fichiers temporaires (Temporary files) ~ 384 Fichiers cookies (Cookies files) ~ Files: 10 Legitimates Filtered in 00mn 03s ---\\ Lijst van cleaning tools (CLAB) (O63) O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman O63 - Logiciel: RSIT - (.random/random.) ~ ADS: Scanned in 00mn 00s ---\\ Startmenu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Launcher.exe ~ Keys: Scanned in 00mn 00s ---\\ Zoek "infecties in internetbrowsers (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Geeft een opsomming van bestanden Crack & Keygen (KKF) (O82) C:\Users\francist\Desktop\Internet Download Manager 6.19 Build 1 Retail Nederlands\Internet Download Manager 6.19 Build 1 Retail Nederlands\patch.new-UnREaL\Tonec.Inc.Internet.Download.Manager.v6.xx.WinALL.Incl.Keygen.and.Patch.update1-UnREaL.exe =>.Crack,Keygen C:\Users\francist\Downloads\Compressed\TechSmith Snagit 11.2.1.72 (FULL + Keygen).zip =>.Crack,Keygen C:\Users\francist\Desktop\Internet Download Manager 6.19 Build 1 Retail Nederlands\Internet Download Manager 6.19 Build 1 Retail Nederlands\patch.new-UnREaL\Tonec.Inc.Internet.Download.Manager.v6.xx.WinALL.Incl.Keygen.and.Patch.update1-UnREaL.exe =>.Crack,Keygen C:\Users\francist\Downloads\Compressed\TechSmith Snagit 11.2.1.72 (FULL + Keygen).zip =>.Crack,Keygen ~ Files: Scanned in 00mn 15s ---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84) [MD5.1DD5B62FBB4E4D038C67496C5DAA3BCE] [SPRF][16/01/2015] (...) -- C:\Users\francist\AppData\Roaming\Opusbext.dat [36] [MD5.23375C4BD17B71D826DAEE2090066E9B] [SPRF][8/12/2014] (...) -- C:\Users\francist\Desktop\snagit.exe [62083928] [MD5.A913BD4D28A8D979D44440AECCFD85B2] [SPRF][20/11/2014] (.http://www.streamtransport.com/ - http://www.streamtransport.com/.) -- C:\Users\francist\Desktop\streamtransport_setup.exe [2068128] ~ Files: 5 Legitimates Filtered in 00mn 01s ---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt) SS - | Demand 23/01/2015 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 18/12/2014 3432976 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2015\avgidsagent.exe SS - | Demand 11/03/2014 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 3/12/2014 114288 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Disabled 10/12/2014 1141848 | (RealPlayer Cloud Service) . (.RealNetworks, Inc..) - c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 22/07/2010 814344 | (ABBYY.Licensing.FineReader.Professional.10.0) . (.ABBYY.) - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 3/03/2010 172032 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 19/08/2013 276992 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe SR - | Auto 18/12/2014 298080 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2015\avgwdsvc.exe SR - | Auto 29/05/2007 24576 | (OKI OPHC DCS Loader) . (.Oki Data Corporation.) - C:\Windows\system32\spool\DRIVERS\W32X86\3\OPHCLDCS.exe SR - | Auto 28/05/2013 299008 | (OkiJaSvc) . (.Oki Data Corporation.) - C:\Program Files\Okidata\Print Job Accounting\oklogsvc.exe SR - | Auto 1/09/2010 49152 | (OkiWchSvc) . (.Oki Data Corporation.) - C:\Program Files\Okidata\Print Job Accounting\okwchsvc.exe SR - | Auto 18/04/2013 140800 | (opja0004) . (.Oki Data Corporation.) - C:\Program Files\Okidata\Print Job Accounting\opja0004.exe SR - | Auto 28/03/2012 147456 | (OpLclSrv) . (.Oki Data Corporation.) - C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe SR - | Auto 30/10/2014 31856 | (RealPlayerUpdateSvc) . (...) - C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 15s ---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by francist at 25/01/2015 13:03:28 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll win32k.sys 1 ntkrnlpa!IofCallDriver[0x83079BBA] >> \Device\Harddisk0\DR0[0x863AD6C8] kernel: MBR read successfully user & kernel MBR OK ~ MBR: 12 Legitimates Filtered in 00mn 02s ---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80) Written by ad13, http://ad13.geekstog Run by francist at 25/01/2015 13:03:30 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Extra scan (O88) Database Version : 13008 - (24/01/2015) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 2 [HKCU\Software\Linkey] =>PUP.LinkeySearch^ [HKLM\Software\SiteFinder] =>Adware.ShoppingReport^ ~ Additionnel Scan: 258229 Items scanned in 00mn 21s ---\\ Additional information about modules ~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, start, zoeken, extensies (G0, G1, G2) ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, proxybeheer (R5) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Toepassingen gestart door register & bestand (O4) ~ AMI: 3 Legitimates Filtered in 00mn 00s ---\\ Samenvatting van detecties gevonden op uw werkstation http://nicolascoolman.fr/hijacker-browsers =>Hijacker.Browsers http://nicolascoolman.fr/pup-startsearch =>PUP.StartSearch http://nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect http://nicolascoolman.fr/pup-linkeysearch =>PUP.LinkeySearch http://nicolascoolman.fr/adware-shoppingreport =>Adware.ShoppingReport ~ MSI: 5 link(s) detected in 00mn 00s ~ 808 Legitimates filtered by white list End of the scan (482 lines in 01mn 33s)(4)