Ga naar inhoud

HJT Logje

naabje
 Delen

Aanbevolen berichten

naabje Vergevorderde

naabje

Geplaatst:
Geplaatst:

Laptop word weer een beetje sloom tijdens het gamen, dus maar even een logje!

vriendelijk bedankt!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:11:50, on 22-11-2013

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v11.0 (11.00.9600.16384)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Gyazo\GyStation.exe

C:\Users\Danny\AppData\Local\FilesFrog Update Checker\update_checker.exe

C:\Program Files\AVAST Software\Avast\avastui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: YouTube to MP3 Converter - {A3EDD32E-7957-4F51-8BFD-A528BBBE5DE5} - C:\PROGRA~2\YOUTUB~1\ytdl.dll

O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Danny\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe

O4 - HKCU\..\Run: [spotify] "C:\Users\Danny\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

O4 - HKCU\..\Run: [AceStream] C:\Users\Danny\AppData\Roaming\ACEStream\engine\ace_engine.exe

O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX235"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

O23 - Service: AtherosSvc - Unknown owner - C:\WINDOWS\system32\AdminService.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)

O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\WINDOWS\unsignedthemes.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9535 bytes

Link naar reactie
Delen op andere sites
  • Reacties 31
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

juisterr Veteraan

juisterr

Geplaatst:
Geplaatst:

Download 51a612a8b27e2-Zoek.pngZoek.zip naar het bureaublad.

  1. Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  2. Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

  • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
    
[HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers];e
torpigcheck;
emptyclsid;
emptyfolderscheck;delete
firefoxlook; 
Chromelook;  
autoclean; 
iedefaults; 
filesrcm;


  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.

*****************************

Download 51a5f5d096dae-icon_RSIT.pngRSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

Dubbelklik op RSIT.exe om de tool te starten.

  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  • Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  • Plaats de inhoud hiervan in het volgende bericht.

Link naar reactie
Delen op andere sites
naabje Vergevorderde

naabje

Geplaatst:
  • Auteur
Geplaatst:

Nee, helaas. het is niet heel erg ofzo, maar om de halve minuut een kleine seconde lagg. Voorheen had ik dit niet. kan ook zijn dat mijn laptop het niet aan kan hoor, er zit maar een i3 met intel hd 3000 graphics kaart in. Het gaat om het spel S.K.I.L.L. Special force 2

Link naar reactie
Delen op andere sites
juisterr Veteraan

juisterr

Geplaatst:
Geplaatst:

Wil je dit eens proberen aub.

Download zhpdiag.exe vanaf deze website: http://en.kioskea.net/download/download-23176-zhpdiag

1fadad0a-9261-4491-96ff-bfe101a6e5ef_zpsc967aa95.jpg

  1. XP gebruikers: dubbelklik zhpdiag.exe om het te installeren.
    Voor Windows Vista en hoger: rechtsklik zhpdiag.exe en kies voor "Uitvoeren als administrator".
  2. Klik meerdere keren op "Suivant" om het installatieproces te doorlopen.
  3. Klik op "Installer" wanneer daar om gevraagd wordt en op "Terminer" wanneer de installatie voltooid is.
  4. Er zijn nu 2 pictogrammen op je bureaublad verschenen: ZHPDiag en ZHPFix.
  5. Dubbelklik nu op de snelkoppeling met de naam ZHPDiag
  6. Het startvenster verschijnt, klik nu op "Configurer".
  7. Klik rechts onderaan op het icoontje met het huisje "Sélectionner une langue" en kies "Anglais"(Engels).
  8. Klik daarna links onderaan op het middelste icoontje(een vergrootglas en een + symbool) "Diagnostic options".
  9. Er wordt nu een scan van je systeem gemaakt wacht geduldig tot deze voltooid is.
  10. Na afloop staat er een tekstbestand met de naam ZHPDiag.txt op je bureaublad, post deze in je volgende bericht.

Link naar reactie
Delen op andere sites
naabje Vergevorderde

naabje

Geplaatst:
  • Auteur
Geplaatst:

~ Report of ZHPDiag v2013.11.22.46 - Nicolas Coolman (22-11-2013)

~ Launched by Danny (22-11-2013 18:35:18)

~ Web site address : Home - Malicius Software Information

~ Free support forums for disinfection : Links - Malicius Software Information

~ Translated by

~ Version State :

~ White List : Activate by program

~ Elevation of privilege : OK

~ User Account Control : Activate by user

---\\ Internet browsers

MSIE: Internet Explorer v11.0.9600.16438

MFIE: Mozilla Firefox 25.0

GCIE: Google Chrome v31.0.1650.57

OPIE: Opera vStable 18.0.1284.49 (Defaut)

---\\ Windows product information

~ Langage: Anglais

Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

---\\ System protection software

avast! Free Antivirus v9.0.2006

Windows Defender W8

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software

Adobe Flash Player 11 Plugin

Java 7 Update 45

---\\ Information on the system

~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 3912 MB (58% free)

System Restore: Activé (Enable)

System drive C: has 284 GB (71%) free of 395 GB

---\\ Connection to the system mode

~ Computer Name: PCDANNY

~ User Name: Danny

~ All Users Names: HomeGroupUser$, Guest, Danny, ASPNET, Administrator,

~ Unselected Option: None

Logged in as Administrator

---\\ Environment variables

~ System Unit : C:\

~ %AppZHP% : C:\Users\Danny\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\Danny\AppData\Roaming\

~ %Desktop% : C:\Users\Danny\Desktop\

~ %Favorites% : C:\Users\Danny\Favorites\

~ %LocalAppData% : C:\Users\Danny\AppData\Local\

~ %StartMenu% : C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units

C: Hard drive, Flash drive, Thumb drive (Free 284 Go of 395 Go)

D: Hard drive, Flash drive, Thumb drive (Free 34 Go of 49 Go)

F: CD-ROM drive (Free 0 Go of 1 Go)

S: CD-ROM drive (Not Inserted)

---\\ State of the Windows Security Center

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

~ Security Center: 41 Legitimates Filtered in 00mn 00s

---\\ Search Generic System Files

[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Windows Verkenner.) (.22-10-2013 - 08:55:27.) -- C:\Windows\Explorer.exe [2328872]

[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.22-8-2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]

[MD5.92E05214CC073A85CEDFF9BD4966F96B] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.19-10-2013 - 04:53:26.) -- C:\Windows\System32\wininet.dll [2332160]

[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.22-8-2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]

[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.22-8-2013 - 11:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488]

[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Ondersteunend functiestuurprogramma van WinSock.) (.22-8-2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]

[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22-8-2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]

[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22-8-2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]

[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22-8-2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]

[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22-8-2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]

[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22-8-2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]

[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.22-8-2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]

[MD5.E23D32BAF152FBE35F18C6A2AB8EF271] - (.Microsoft Corporation - IP Network Address Translator.) (.30-9-2013 - 05:11:10.) -- C:\Windows\system32\Drivers\IpNat.sys [141824]

[MD5.6129EDB793A4255B1E2FB41773AC9D9A] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.30-9-2013 - 05:11:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404992]

[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22-8-2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]

[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.22-8-2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]

[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.22-8-2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]

[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22-8-2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]

[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.30-9-2013 - 04:58:55.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]

[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22-8-2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]

[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.22-8-2013 - 13:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]

~ Generic Processes: Scanned in 00mn 01s

---\\ Hidden files state (Hidden/Total)

~ Mes images (My Pictures) : 2/51

~ Mes musiques (My Musics) : 5/6689

~ Mes Videos (My Videos) : 2/70

~ Mes Favoris (My Favorites) : 1/7

~ Mes Documents (My Documents) : 1/7137

~ Mon Bureau (My Desktop) : 3/1725

~ Menu demarrer (Programs) : 1/31

~ Hidden Files: Scanned in 00mn 33s

---\\ Process running

[MD5.1DE65EBD6DF1ADC1D74CD9218FC68693] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Danny\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896] [PID.3276]

[MD5.DDE16105862139906957070ADC7F5B65] - (.Nota Inc. - Gyazo Station.) -- C:\Program Files (x86)\Gyazo\GyStation.exe [2990304] [PID.3440]

[MD5.7C0704D4523BA671AFE6D028399942D3] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3567800] [PID.3796]

[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3816]

[MD5.F6C30F1B0EDF56F51467CA2EFDB139C1] - (...) -- C:\Program Files (x86)\GameforgeLive\gfl_client.exe [2899840] [PID.3564]

[MD5.849D66021A0EF43A20137BA9D85ECADF] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222720] [PID.4236]

[MD5.636D97B3BAF854511FF3F4093E895FED] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184] [PID.3672]

[MD5.06BC146E6C2E881A7235A142BA877B82] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8262144] [PID.5212]

~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)

C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Preferences

G2 - GCE: Preference [user Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Winkel v.0.2 (Activé)

G2 - GCE: Preference [user Data\Default] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)

G2 - GCE: Preference [user Data\Default] [kpckgflgdapkpabemgkielbefdildaio] Magic Player v.1.1.32 (Activé)

~ Google Browser: 16 Legitimates Filtered in 00mn 17s

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

---\\ Hosts file redirection (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects (O2)

O2 - BHO: YouTube to MP3 Converter [64Bits] - {A3EDD32E-7957-4F51-8BFD-A528BBBE5DE5} . (.YouTube to MP3 Converter - No Comment.) -- C:\Program Files (x86)\YouTube to MP3 Converter\ytdl.dll

~ BHO: 9 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer toolbars (O3)

O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Orphan key

~ Toolbar: Scanned in 00mn 00s

---\\ Other User Links (O4)

O4 - GS\Desktop [Public]: Gameforge Live.lnk . (...) -- C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe

O4 - GS\Program [Public]: Desktop.lnk - Orphan key

O4 - GS\Program [Public]: FL Studio 11.lnk . (.Image-Line - FL Studio launcher.) -- C:\Program Files (x86)\Image-Line\FL Studio 11\FL.exe

O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O4 - GS\Program [Public]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\launcher.exe

O4 - GS\QuickLaunch [Danny]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\QuickLaunch [Danny]: Gyazo GIF.lnk . (.Nota Inc. - Gyazo GIF.) -- C:\Program Files (x86)\Gyazo\GyazoGIF.exe

O4 - GS\QuickLaunch [Danny]: Gyazo.lnk . (.Nota Inc. - Gyazo: Screen Uploader.) -- C:\Program Files (x86)\Gyazo\Gyazowin.exe

O4 - GS\QuickLaunch [Danny]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\TaskBar [Danny]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\TaskBar [Danny]: Gyazo.lnk . (.Nota Inc. - Gyazo: Screen Uploader.) -- C:\Program Files (x86)\Gyazo\Gyazowin.exe

O4 - GS\TaskBar [Danny]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\TaskBar [Danny]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O4 - GS\TaskBar [Danny]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\launcher.exe

O4 - GS\Program [Danny]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\SendTo [Danny]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe

O4 - GS\Desktop [Administrator]: Crossfire Europe.lnk . (.Neowiz Games - Crossfire Patcher.) -- C:\SG Interactive\Crossfire Europe\patcher_cf.exe

O4 - GS\Desktop [Administrator]: SopCast.lnk . (...) -- C:\Program Files (x86)\SopCast\SopCast.exe (.not file.)

~ Global Startup: 45 Legitimates Filtered in 00mn 01s

---\\ Auto loading programs from Registry and folders (O4)

O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio configuratie.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

O4 - HKLM\..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe

O4 - HKCU\..\Run: [spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Danny\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

O4 - HKCU\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.

O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd

O4 - HKCU\..\Run: [Gyazo] . (.Nota Inc. - Gyazo Station.) -- C:\Program Files (x86)\Gyazo\GyStation.exe

O4 - HKCU\..\Run: [spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\Danny\AppData\Roaming\Spotify\Spotify.exe

O4 - HKCU\..\Run: [AceStream] . (...) -- C:\Users\Danny\AppData\Roaming\ACEStream\engine\ace_engine.exe

O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.exe =>.Epson Seiko Corporation

O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation

O4 - HKUS\S-1-5-21-3751033221-735151488-1739522443-1001\..\Run: [spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Danny\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

O4 - HKUS\S-1-5-21-3751033221-735151488-1739522443-1001\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.

O4 - HKUS\S-1-5-21-3751033221-735151488-1739522443-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd

O4 - HKUS\S-1-5-21-3751033221-735151488-1739522443-1001\..\Run: [Gyazo] . (.Nota Inc. - Gyazo Station.) -- C:\Program Files (x86)\Gyazo\GyStation.exe

O4 - HKUS\S-1-5-21-3751033221-735151488-1739522443-1001\..\Run: [spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\Danny\AppData\Roaming\Spotify\Spotify.exe

O4 - HKUS\S-1-5-21-3751033221-735151488-1739522443-1001\..\Run: [AceStream] . (...) -- C:\Users\Danny\AppData\Roaming\ACEStream\engine\ace_engine.exe

O4 - HKUS\S-1-5-21-3751033221-735151488-1739522443-1001\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.exe =>.Epson Seiko Corporation

~ Application: Scanned in 00mn 00s

---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)

O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office15\ONBttnIE.dll =>.Microsoft Corporation

O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\lync.exe

O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office15\ONBTTN~1.dll =>.Microsoft Corporation

~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Lop.com/Domain Hijackers (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{77EE3CE1-F2D8-46A6-9319-E6A9B0194D84}: DhcpNameServer = 213.46.228.196 62.179.104.196

O17 - HKLM\System\CCS\Services\Tcpip\..\{874F96E4-7CCE-4671-B704-101382BB5721}: DhcpNameServer = 213.46.228.196 62.179.104.196

O17 - HKLM\System\CCS\Services\Tcpip\..\{77EE3CE1-F2D8-46A6-9319-E6A9B0194D84}: DhcpDomain = arnhem.chello.nl

O17 - HKLM\System\CCS\Services\Tcpip\..\{874F96E4-7CCE-4671-B704-101382BB5721}: DhcpDomain = arnhem.chello.nl

O17 - HKLM\System\CS1\Services\Tcpip\..\{77EE3CE1-F2D8-46A6-9319-E6A9B0194D84}: DhcpNameServer = 213.46.228.196 62.179.104.196

O17 - HKLM\System\CS1\Services\Tcpip\..\{874F96E4-7CCE-4671-B704-101382BB5721}: DhcpNameServer = 213.46.228.196 62.179.104.196

O17 - HKLM\System\CS1\Services\Tcpip\..\{77EE3CE1-F2D8-46A6-9319-E6A9B0194D84}: DhcpDomain = arnhem.chello.nl

O17 - HKLM\System\CS1\Services\Tcpip\..\{874F96E4-7CCE-4671-B704-101382BB5721}: DhcpDomain = arnhem.chello.nl

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.228.196 62.179.104.196

~ Domain: Scanned in 00mn 00s

---\\ Extra protocols (O18)

O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML-viewer.) -- C:\Windows\System32\mshtml.dll

O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s

---\\ AppInit_DLLs Registry value Autorun (O20)

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

~ Winlogon: Scanned in 00mn 00s

---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)

O23 - Service: Unsigned Themes (UnsignedThemes) . (.The Within Network, LLC - Unsigned themes service executable.) - C:\WINDOWS\unsignedthemes.exe

~ Services: 5 Legitimates Filtered in 00mn 03s

---\\ Task Planned Automatically (039)

[MD5.4E8C983215115036C46841FFB51562A1] [APT] [AutoKMS] (...) -- C:\WINDOWS\AutoKMS\AutoKMS.exe [2820608] =>Trojan.Keygen

~ Scheduled Task: 10 Legitimates Filtered in 00mn 08s

---\\ Software installed (O42)

O42 - Logiciel: Ace Stream Media 2.1.8 - (.Ace Stream Media.) [HKCU][64Bits] -- AceStream

O42 - Logiciel: Easy Cover Print 2.3 - (...) [HKLM][64Bits] -- Easy Cover Print 2.3

O42 - Logiciel: UxStyle - (.The Within Network, LLC.) [HKLM][64Bits] -- {05560347-3a9b-4644-a8ed-8b64cc947189}

O42 - Logiciel: UxStyle - (.The Within Network, LLC.) [HKLM][64Bits] -- {86D24646-DAF6-4F5E-BCAD-CF7EF8E362E1}

O42 - Logiciel: YouTube to MP3 Converter - (.YouTube to MP3 Converter.) [HKLM][64Bits] -- YouTube to MP3 Converter

~ Logic: 92 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys

[HKCU\Software\BI]

[HKCU\Software\Drivers]

[HKCU\Software\Pando Networks]

[HKCU\Software\Somoto] =>Adware.MegaSearch

[HKCU\Software\System32]

[HKCU\Software\Win]

[HKCU\Software\XinYi Network]

[HKLM\Software\Wow6432Node\Pando Networks]

[HKLM\Software\Wow6432Node\XinYi Network]

~ Key Software: 203 Legitimates Filtered in 00mn 00s

---\\ Contents of the Common Files folders (O43)

O43 - CFD: 12-11-2013 - 14:24:42 - [0,877] ----D C:\Program Files (x86)\CoverPro

O43 - CFD: 12-11-2013 - 14:17:38 - [0,774] ----D C:\Program Files (x86)\Easy Cover Print

O43 - CFD: 6-11-2013 - 14:05:30 - [22,674] ----D C:\Program Files (x86)\YouTube to MP3 Converter

O43 - CFD: 9-11-2013 - 20:34:53 - [3,530] ----D C:\Users\Danny\AppData\Roaming\.ACEStream

O43 - CFD: 26-10-2013 - 21:03:59 - [187,239] ----D C:\Users\Danny\AppData\Roaming\ACEStream

O43 - CFD: 28-10-2013 - 01:18:51 - [0,110] ----D C:\Users\Danny\AppData\Roaming\mgyun

O43 - CFD: 17-10-2013 - 20:25:43 - [1,865] ----D C:\Users\Danny\AppData\Local\Adscan

O43 - CFD: 6-11-2013 - 14:05:16 - [0,099] ----D C:\Users\Danny\AppData\Local\YouTube to MP3 Converter

O43 - CFD: 12-11-2013 - 14:17:37 - [0] ----D C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Cover Print

~ Program Folder: 139 Legitimates Filtered in 00mn 47s

---\\ Last modified or created files under Windows and System32 (O44)

O44 - LFC:[MD5.D2096B322A5F8D9354B61B4BFDFA7132] - 17-11-2013 - 13:15:53 ---A- . (...) -- C:\Windows\SysNative\ApnDatabase.xml [385528]

O44 - LFC:[MD5.D2096B322A5F8D9354B61B4BFDFA7132] - 17-11-2013 - 13:15:53 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [385528]

O44 - LFC:[MD5.919DAC5548D2000BFE3E43C0F74CE669] - 22-11-2013 - 12:33:46 ---A- . (...) -- C:\Windows\win.ini [167]

O44 - LFC:[MD5.02940D6C7722E91342A32CFF5C60F4E4] - 22-11-2013 - 16:47:46 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]

O44 - LFC:[MD5.0F0D1A59C67F5E83DCB199A3D0743EDB] - 22-11-2013 - 16:50:05 ---A- . (...) -- C:\zoek-results.log [42784]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22-11-2013 - 17:37:11 ---A- . (...) -- C:\dfu.log [0]

O44 - LFC:[MD5.DE91B46904C6AD1FEC7B34C98B4E852B] - 9-11-2013 - 16:51:13 ---A- . (...) -- C:\Windows\SysNative\unrar64.dll [256088]

O44 - LFC:[MD5.DE91B46904C6AD1FEC7B34C98B4E852B] - 9-11-2013 - 16:51:13 ---A- . (...) -- C:\Windows\System32\unrar64.dll [256088]

~ Files: 231 Legitimates Filtered in 00mn 14s

---\\ Last files created in Windows Prefetcher (O45)

O45 - LFCP:[MD5.5AD6273CFAA3809984727A775F9255DD] - 1-11-2013 - 15:49:53 ---A- - C:\Windows\Prefetch\FASTBOOT-WINDOWS.EXE-BA3D93F1.pf

O45 - LFCP:[MD5.6021B2C505B4914E60F54EB35DBBF44C] - 1-11-2013 - 15:49:58 ---A- - C:\Windows\Prefetch\ADB-WINDOWS.EXE-1915F602.pf

O45 - LFCP:[MD5.A6532043CCC9432F3ECC31C4920D66D1] - 1-11-2013 - 16:18:15 ---A- - C:\Windows\Prefetch\UXSTYLE_BUNDLE.EXE-6428FFC2.pf

O45 - LFCP:[MD5.B997FEBFDAA3BCE0B91AF59902D3E932] - 1-11-2013 - 16:44:24 ---A- - C:\Windows\Prefetch\KEYGEN.EXE-08AE2355.pf

O45 - LFCP:[MD5.DA4AD86FDB865D2646ADE75B94D0851B] - 1-11-2013 - 19:37:30 ---A- - C:\Windows\Prefetch\AUTHHOST.EXE-44C90B62.pf

O45 - LFCP:[MD5.CB6A4475FA42B348610B0E0A221F1B70] - 10-11-2013 - 19:52:22 ---A- - C:\Windows\Prefetch\XM.EXE-627D5C51.pf

O45 - LFCP:[MD5.4715BC56566904532DD92A334F0150D5] - 10-11-2013 - 20:01:38 ---A- - C:\Windows\Prefetch\RENAMEME.EXE-10A502CA.pf

O45 - LFCP:[MD5.FE54FEF05DA93EFAFC1B4723FDA7646B] - 12-11-2013 - 11:36:08 ---A- - C:\Windows\Prefetch\ASIO4ALL.EXE-A5EEECA0.pf

O45 - LFCP:[MD5.6E1F7A4BFAE76EDB845001B79A6B4FC1] - 12-11-2013 - 12:25:55 ---A- - C:\Windows\Prefetch\FL.EXE-4963A95D.pf

O45 - LFCP:[MD5.AC8DBC4039E9081F632B996729352573] - 12-11-2013 - 14:16:14 ---A- - C:\Windows\Prefetch\YOURSOFTWAREDEALS.TMP-2380E230.pf

O45 - LFCP:[MD5.D9305D8A186449B681E05F99CA99BEB0] - 12-11-2013 - 14:16:27 ---A- - C:\Windows\Prefetch\BURNINGSTUDIO.EXE-7AABD021.pf

O45 - LFCP:[MD5.49981D71F526B409D716984C001F70CE] - 12-11-2013 - 14:17:17 ---A- - C:\Windows\Prefetch\EASYCOVERPRINT.EXE-012D8A96.pf

O45 - LFCP:[MD5.3C473246BA9B256D1D42D6506C33BC68] - 12-11-2013 - 14:18:58 ---A- - C:\Windows\Prefetch\EASYCO~1.EXE-4EB74246.pf

O45 - LFCP:[MD5.43A1E082696D6F4EE8A5B35BD91A8DBF] - 12-11-2013 - 14:25:06 ---A- - C:\Windows\Prefetch\COVER.EXE-5E199D4E.pf

O45 - LFCP:[MD5.DCE0EA02036464353DD544564ECBF8D7] - 12-11-2013 - 15:20:36 ---A- - C:\Windows\Prefetch\PRINTDIALOGHOST.EXE-90923561.pf

O45 - LFCP:[MD5.995AF18A236C9BF99C49C8171689E6C8] - 12-11-2013 - 20:16:56 ---A- - C:\Windows\Prefetch\GYAZOSETUP (3).TMP-8FC402A0.pf

O45 - LFCP:[MD5.8D6BE5B1A1409226711F08C337D271AB] - 12-11-2013 - 20:16:59 ---A- - C:\Windows\Prefetch\GYAZOSETUP (3).TMP-20AE2D74.pf

O45 - LFCP:[MD5.04B76BB300FED70488A9DA33B19530F1] - 13-11-2013 - 19:06:14 ---A- - C:\Windows\Prefetch\SETUP-STUB.EXE-3D48A72A.pf

O45 - LFCP:[MD5.AD84705FDE83948D003F168892D22E1F] - 13-11-2013 - 19:37:46 ---A- - C:\Windows\Prefetch\GLCND.EXE-02A191A6.pf

O45 - LFCP:[MD5.C32A281994FC0BAC58B44C97B056A662] - 16-11-2013 - 14:53:19 ---A- - C:\Windows\Prefetch\SUDDENATTACK.EXE-5BEDBF88.pf

O45 - LFCP:[MD5.254DB839309339AC92335C76A17A2DFE] - 16-11-2013 - 15:05:40 ---A- - C:\Windows\Prefetch\SAENDINGBANNER.EXE-836405B4.pf

O45 - LFCP:[MD5.477071B890B51453D78949A51158C3DE] - 16-11-2013 - 17:09:52 ---A- - C:\Windows\Prefetch\SKY37DF.TMP-D1EEFEB0.pf

O45 - LFCP:[MD5.AE7568A00F8DE8161507967DDAAAFA6A] - 19-11-2013 - 14:22:00 ---A- - C:\Windows\Prefetch\GUNGODZ.EXE-82B46402.pf

O45 - LFCP:[MD5.7346DFAD4369EB53CD9C164B25C1A6C2] - 2-11-2013 - 12:59:28 ---A- - C:\Windows\Prefetch\SUDDENATTACKV42.EXE-F99E1BE3.pf

O45 - LFCP:[MD5.11329125F3E622D21D55B2FADBEDC28C] - 20-11-2013 - 20:00:27 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf

O45 - LFCP:[MD5.74D89D9BA279FCED6BFE63F38A4C3C98] - 20-11-2013 - 21:11:20 ---A- - C:\Windows\Prefetch\dynreservedpri.db

O45 - LFCP:[MD5.22A75CBDEA0BEE02AFFA8F634153F7F6] - 21-11-2013 - 18:32:18 ---A- - C:\Windows\Prefetch\7.8.2_30332.EXE-A3D13883.pf

O45 - LFCP:[MD5.F60EEC5633854D7A3121C10B81F7D903] - 21-11-2013 - 20:14:19 ---A- - C:\Windows\Prefetch\BITTORRENT.EXE-7B6B07AF.pf =>P2P.BitTorrent

O45 - LFCP:[MD5.6394CDBEB99CEC94AE302AC74E0AD326] - 21-11-2013 - 20:15:03 ---A- - C:\Windows\Prefetch\KMSAUTOEASY EN.EXE-E0B011AA.pf

O45 - LFCP:[MD5.A41896E00DA9C3CB6915651AB0C9919C] - 22-11-2013 - 12:39:56 ---A- - C:\Windows\Prefetch\IGXPUN.EXE-3A9B3A59.pf

O45 - LFCP:[MD5.5C6BB3E7E02FB57D5C8BAFA3078AC56B] - 22-11-2013 - 12:41:14 ---A- - C:\Windows\Prefetch\LAUNCHTM.EXE-B444BC8E.pf

O45 - LFCP:[MD5.302574BFE22B25424CC7F7AB14B0F676] - 22-11-2013 - 12:44:14 ---A- - C:\Windows\Prefetch\CAMERA.EXE-D751BF92.pf

O45 - LFCP:[MD5.7DB3C22E5377A3FF414B1E348FF72881] - 22-11-2013 - 14:06:53 ---A- - C:\Windows\Prefetch\INSTUP.EXE-3AF05CB9.pf

O45 - LFCP:[MD5.748EA9FAA3A0ADA22C6F5DD295B2A950] - 22-11-2013 - 15:01:59 ---A- - C:\Windows\Prefetch\GAMEFORGELIVE.EXE-1D04B684.pf

O45 - LFCP:[MD5.024B21D17F6564F84C68656803EADC99] - 22-11-2013 - 16:02:46 ---A- - C:\Windows\Prefetch\AUTOREPORTER.EXE-5288A910.pf

O45 - LFCP:[MD5.351AA2E40B33BA360333E6C7AFA45A9E] - 22-11-2013 - 16:05:10 ---A- - C:\Windows\Prefetch\UNINST.EXE-15E1F145.pf

O45 - LFCP:[MD5.C5D9CADAA6A4E795DCAB4C80C5F5FFCF] - 22-11-2013 - 16:05:41 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-B0D51EDE.pf

O45 - LFCP:[MD5.E94B81B272F97E04A68207A3FDBC0AE5] - 22-11-2013 - 16:31:10 ---A- - C:\Windows\Prefetch\WGET.EXE-B2D6EC90.pf

O45 - LFCP:[MD5.ED70CDCF884F7F9339B67BD2ED0C903E] - 22-11-2013 - 16:31:48 ---A- - C:\Windows\Prefetch\PEVZ.EXE-1248E520.pf

O45 - LFCP:[MD5.9276D41F4F69D1E99C9FA19078A57A4D] - 22-11-2013 - 16:31:54 ---A- - C:\Windows\Prefetch\PEVZ.EXE-044FB5BD.pf

O45 - LFCP:[MD5.B0AA5B9091BC7D18A96FFF156B91DF22] - 22-11-2013 - 16:31:55 ---A- - C:\Windows\Prefetch\ZOEK.SCR-7D91160E.pf

O45 - LFCP:[MD5.6F2487C4FEFC05829AEE7EC3B21858D3] - 22-11-2013 - 16:32:01 ---A- - C:\Windows\Prefetch\ZOEK.COM-3B78AE61.pf

O45 - LFCP:[MD5.733B55E82C28B07BDD2AC39CCBAB26D8] - 22-11-2013 - 16:40:05 ---A- - C:\Windows\Prefetch\XCOPY.EXE-85839ADD.pf

O45 - LFCP:[MD5.1472457395D22CFD66CC3AA99F95EBBB] - 22-11-2013 - 16:40:11 ---A- - C:\Windows\Prefetch\SWXCACLS.EXE-DACFDEE5.pf

O45 - LFCP:[MD5.F51287D30248745855573370A80ED353] - 22-11-2013 - 16:46:02 ---A- - C:\Windows\Prefetch\PEVZ.EXE-02F1F156.pf

O45 - LFCP:[MD5.A7D002DA5E31F7563483144CA4ED3FA5] - 22-11-2013 - 16:46:02 ---A- - C:\Windows\Prefetch\SORT.EXE-EA1A5446.pf

O45 - LFCP:[MD5.451564BD1DD0F9951A8A315093B0CA0C] - 22-11-2013 - 16:46:48 ---A- - C:\Windows\Prefetch\FIND.EXE-3298DC3B.pf

O45 - LFCP:[MD5.D8F003B116029BC42C447D2C215772E0] - 22-11-2013 - 16:46:56 ---A- - C:\Windows\Prefetch\MORE.COM-B7EC4EA6.pf

O45 - LFCP:[MD5.679CAE59BE858B4FC3F53287EF05FEA9] - 22-11-2013 - 16:47:46 ---A- - C:\Windows\Prefetch\REMOVE.EXE-25E5916B.pf

O45 - LFCP:[MD5.84B326E27990545E0A994038B4780DFF] - 22-11-2013 - 16:48:42 ---A- - C:\Windows\Prefetch\WLRMDR.EXE-8CD26CA2.pf

O45 - LFCP:[MD5.5AF420ADAE8133B5EBC593F544B73065] - 22-11-2013 - 16:50:51 ---A- - C:\Windows\Prefetch\ACE_ENGINE.EXE-2D7C7672.pf

O45 - LFCP:[MD5.55488B21B61B2AC4CAD16DC132DFE1F8] - 22-11-2013 - 16:50:51 ---A- - C:\Windows\Prefetch\GYSTATION.EXE-8C07B337.pf

O45 - LFCP:[MD5.8C37B14FBF219A172A4DDA5BA6FFC3D3] - 22-11-2013 - 16:51:18 ---A- - C:\Windows\Prefetch\NETSTAT.EXE-726AAE4D.pf

O45 - LFCP:[MD5.FE1BA7E885313D3B333C5119940C3689] - 22-11-2013 - 16:52:50 ---A- - C:\Windows\Prefetch\RSITX64.EXE-0BF1C9C4.pf

O45 - LFCP:[MD5.2FA391F9993C5DF88EEF030F33E2F6E4] - 22-11-2013 - 16:52:54 ---A- - C:\Windows\Prefetch\DANNY.EXE-559ACA85.pf

O45 - LFCP:[MD5.E26B4C73A08B5C7D014760055EA52D3D] - 22-11-2013 - 16:58:01 ---A- - C:\Windows\Prefetch\WSHOST.EXE-05F0A3AF.pf

O45 - LFCP:[MD5.5C10B2F1B22D4E5D7199EA4120173A42] - 22-11-2013 - 17:30:07 ---A- - C:\Windows\Prefetch\PACKAGE TRACK.EXE-FA199DB0.pf

O45 - LFCP:[MD5.04949B8CACACE1638A1AE8C23D4C451D] - 22-11-2013 - 17:35:01 ---A- - C:\Windows\Prefetch\SPOTIFY.EXE-423E842D.pf

O45 - LFCP:[MD5.70220D0A8F8C78089318EFFDC76DD3AB] - 22-11-2013 - 17:36:45 ---A- - C:\Windows\Prefetch\SKILL_GAMEFORGELIVESETUP (1).-9ABCC733.pf

O45 - LFCP:[MD5.1F4ED08DC7446BB6C9A2ADF48ED873CC] - 22-11-2013 - 17:36:52 ---A- - C:\Windows\Prefetch\SKILL_GAMEFORGELIVESETUP (1).-0985E10E.pf

O45 - LFCP:[MD5.CDD76320D4D9E78D008343BCA66DBFFD] - 22-11-2013 - 17:36:52 ---A- - C:\Windows\Prefetch\SKILL_GAMEFORGELIVESETUP (1).-58B394E3.pf

O45 - LFCP:[MD5.E7F37399D70EEA0002AF0840F953F87D] - 22-11-2013 - 17:37:01 ---A- - C:\Windows\Prefetch\GAMEFORGELIVE.EXE-82576BD5.pf

O45 - LFCP:[MD5.03A3485494D74360F741B5D5AF8941C4] - 22-11-2013 - 17:37:11 ---A- - C:\Windows\Prefetch\DFUBG.EXE-92307C7F.pf

O45 - LFCP:[MD5.04578E3695E58323B89C59CBA59CE5E7] - 22-11-2013 - 17:37:15 ---A- - C:\Windows\Prefetch\DFUFG.EXE-27FA4173.pf

O45 - LFCP:[MD5.54BC16079CEDE4F3AE35F9582B2D1BD3] - 22-11-2013 - 17:38:07 ---A- - C:\Windows\Prefetch\SF2.EXE-4C5B1246.pf

O45 - LFCP:[MD5.58C03CCC11CC9DA0DAAF9524627EB058] - 22-11-2013 - 17:38:17 ---A- - C:\Windows\Prefetch\XXD.XEM-56E9612C.pf

O45 - LFCP:[MD5.400FAA149DE2598B9AB30F07F8DB54ED] - 22-11-2013 - 17:50:35 ---A- - C:\Windows\Prefetch\PfPre_f1989cdb.db

O45 - LFCP:[MD5.F387A69C8E562000677AF07B0288E101] - 28-10-2013 - 01:13:52 ---A- - C:\Windows\Prefetch\UNLOCKROOT.EXE-A7601503.pf

O45 - LFCP:[MD5.9BB74FABA8519BBD4F8CAC4A7DA560DA] - 28-10-2013 - 01:19:00 ---A- - C:\Windows\Prefetch\ROOT.EXE-CEF59991.pf

O45 - LFCP:[MD5.A092C65AFE752E558000E16A53A923F6] - 28-10-2013 - 02:30:12 ---A- - C:\Windows\Prefetch\FASTBOOT-WINDOWS.EXE-29098A6F.pf

O45 - LFCP:[MD5.C6F706784AC7EB59FF6F3B37DEC3B5F8] - 29-10-2013 - 17:10:48 ---A- - C:\Windows\Prefetch\FASTBOOT.EXE-AD585884.pf

O45 - LFCP:[MD5.A23A45957F2620168365EB55E61D5180] - 6-11-2013 - 12:22:48 ---A- - C:\Windows\Prefetch\FM.EXE-FF3A8A5F.pf

O45 - LFCP:[MD5.4E3CBE4438487E793ED44E9ECEC53BD2] - 7-11-2013 - 15:14:56 ---A- - C:\Windows\Prefetch\IMAGINGDEVICES.EXE-F990F186.pf

O45 - LFCP:[MD5.A508BC155BE33CF6C5F568E4F96AEF65] - 7-11-2013 - 17:12:33 ---A- - C:\Windows\Prefetch\HANDSET WINDRIVER.EXE-50B860C8.pf

O45 - LFCP:[MD5.73C75FFC5E01935373C72612A0DD5346] - 8-11-2013 - 16:39:15 ---A- - C:\Windows\Prefetch\SETUP64.EXE-001C6BF1.pf

O45 - LFCP:[MD5.B7AD0FC4080C6CD8D8D9EE9D4464ABF5] - 9-11-2013 - 20:34:53 ---A- - C:\Windows\Prefetch\ACE_PLAYER.EXE-890A6130.pf

~ Prefetcher: 301 Legitimates Filtered in 00mn 01s

---\\ Local Security Authority-LSA Deny (O48)

~ LSA: 3 Legitimates Filtered in 00mn 00s

---\\ MountPoints2 Shell Key (MPKS) (O51)

O51 - MPSK:{53fff45e-1164-11e3-9b1f-20689d174ab8}\AutoRun\command. (.Microsoft Corporation - Microsoft Setup Bootstrapper.) -- F:\SETUP.exe

~ Keys: Scanned in 00mn 00s

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers32\"VIDC.FICV"="ficvdec_x64.dll" . (...) -- C:\Windows\System32\ficvdec_x64.dll

~ TDSD: 3 Legitimates Filtered in 00mn 00s

---\\ Microsoft Windows Policies System (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

~ MWPS: 17 Legitimates Filtered in 00mn 00s

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

---\\ System Drivers List (SDL) (O58)

O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 17-10-2013 - 21:26:37 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]

~ Drivers: 17 Legitimates Filtered in 00mn 01s

---\\ Last modified or created user files (O61)

O61 - LFC: 19-11-2013 - 18:38:56 ---A- . (...) -- C:\Users\Danny\Links\Desktop.lnk [449]

O61 - LFC: 19-11-2013 - 18:38:56 ---A- . (...) -- C:\Users\Danny\Links\Downloads.lnk [870]

O61 - LFC: 19-11-2013 - 18:38:56 ---A- . (...) -- C:\Users\Danny\Links\RecentPlaces.lnk [367]

O61 - LFC: 20-11-2013 - 18:38:48 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_dcgfeeneehecjobkopmnpaiffolcnhli_0.localstorage [49152]

O61 - LFC: 20-11-2013 - 18:38:48 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_dcgfeeneehecjobkopmnpaiffolcnhli_0.localstorage-journal [16384]

O61 - LFC: 20-11-2013 - 18:38:48 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\bookmarks.db-journal [1544]

O61 - LFC: 20-11-2013 - 18:38:49 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\Login Data [12288]

O61 - LFC: 20-11-2013 - 18:38:49 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\Login Data-journal [8736]

O61 - LFC: 20-11-2013 - 18:38:49 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\Visited Links [131072]

O61 - LFC: 21-11-2013 - 18:38:48 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\Local State [431]

O61 - LFC: 21-11-2013 - 18:38:49 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\Local Storage\opera_discover_0.localstorage [232448]

O61 - LFC: 21-11-2013 - 18:38:49 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\Local Storage\opera_discover_0.localstorage-journal [16384]

O61 - LFC: 21-11-2013 - 18:38:49 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\TransportSecurity [1284]

O61 - LFC: 21-11-2013 - 18:38:55 ---A- . (...) -- C:\Users\Danny\Downloads\MSo2013a.rar [1125754]

O61 - LFC: 21-11-2013 - 18:38:55 R--A- . (...) -- C:\Users\Danny\Downloads\Microsoft OFFICE 2010 Pro Plus PRECRACKED.rar [741891315]

O61 - LFC: 21-11-2013 - 18:38:56 ---A- . (...) -- C:\Users\Danny\Downloads\[kickass.to]microsoft.office.2010.pro.plus.precracked.rar.torrent [57195]

O61 - LFC: 21-11-2013 - 18:38:56 ---A- . (...) -- C:\Users\Danny\Downloads\[kickass.to]microsoft.office.proplus.2013.vl.x86.x64.en.us.oct2013.torrent [15008]

O61 - LFC: 21-11-2013 - 18:38:56 ---A- . (.johnson siu.) -- C:\Users\Danny\Downloads\Z20130924.xls [39936]

O61 - LFC: 22-11-2013 - 18:37:42 ---A- . (...) -- C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [266033]

O61 - LFC: 22-11-2013 - 18:37:48 ---A- . (...) -- C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Local State [47102]

O61 - LFC: 22-11-2013 - 18:38:46 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\.ACEStream\a\.lock [0]

O61 - LFC: 22-11-2013 - 18:38:46 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\.ACEStream\itracker\tracker.db [74]

O61 - LFC: 22-11-2013 - 18:38:46 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\.ACEStream\state.dat [10638]

O61 - LFC: 22-11-2013 - 18:38:47 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\ACEStream\engine\acestream.port [5]

O61 - LFC: 22-11-2013 - 18:38:47 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\ACEStream\updater\updater.conf [508]

O61 - LFC: 22-11-2013 - 18:38:47 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\ACEStream\updater\updater.port [5]

O61 - LFC: 22-11-2013 - 18:38:48 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\Cookies [64512]

O61 - LFC: 22-11-2013 - 18:38:48 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\Cookies-journal [16384]

O61 - LFC: 22-11-2013 - 18:38:48 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\Extension State\CURRENT [16]

O61 - LFC: 22-11-2013 - 18:38:48 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\Extension State\LOCK [0]

O61 - LFC: 22-11-2013 - 18:38:48 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\Extension State\LOG [47]

O61 - LFC: 22-11-2013 - 18:38:48 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000002 [50]

O61 - LFC: 22-11-2013 - 18:38:48 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\Favicons [79872]

O61 - LFC: 22-11-2013 - 18:38:48 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\Favicons-journal [16384]

O61 - LFC: 22-11-2013 - 18:38:48 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\GPUCache\data_0 [45056]

O61 - LFC: 22-11-2013 - 18:38:48 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\GPUCache\data_1 [270336]

O61 - LFC: 22-11-2013 - 18:38:48 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\GPUCache\data_2 [1056768]

O61 - LFC: 22-11-2013 - 18:38:48 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\History [159744]

O61 - LFC: 22-11-2013 - 18:38:48 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\History Provider Cache [12750]

O61 - LFC: 22-11-2013 - 18:38:48 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\History-journal [16384]

O61 - LFC: 22-11-2013 - 18:38:48 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\favorites.db [163840]

O61 - LFC: 22-11-2013 - 18:38:48 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\favorites.db-journal [16384]

O61 - LFC: 22-11-2013 - 18:38:49 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\Preferences [24745]

O61 - LFC: 22-11-2013 - 18:38:49 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\Preferences.bak [24745]

O61 - LFC: 22-11-2013 - 18:38:49 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\Web Data [49152]

O61 - LFC: 22-11-2013 - 18:38:49 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal [10792]

O61 - LFC: 22-11-2013 - 18:38:49 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\session.db [229376]

O61 - LFC: 22-11-2013 - 18:38:49 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\session.db-journal [16384]

O61 - LFC: 22-11-2013 - 18:38:49 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\session.dbak [229376]

O61 - LFC: 22-11-2013 - 18:38:49 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\thumbnails.db [524288]

O61 - LFC: 22-11-2013 - 18:38:49 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\Opera Software\Opera Stable\thumbnails.db-journal [16384]

O61 - LFC: 22-11-2013 - 18:38:51 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\ZHP\Log.txt [17848] =>.Nicolas Coolman

O61 - LFC: 22-11-2013 - 18:38:51 ---A- . (...) -- C:\Users\Danny\AppData\Roaming\ZHP\TestsZHPDiag.txt [2855] =>.Nicolas Coolman

O61 - LFC: 22-11-2013 - 18:38:55 ---A- . (...) -- C:\Users\Danny\Downloads\RSITx64.exe [935175]

O61 - LFC: 22-11-2013 - 18:38:56 ---A- . (...) -- C:\Users\Danny\Downloads\zoek-results.txt [42784]

O61 - LFC: 22-11-2013 - 18:38:56 ---A- . (...) -- C:\Users\Danny\Downloads\zoek.rar [4182609]

~ 5 Fichiers temporaires (Temporary files)

~ 2 Fichiers cookies (Cookies files)

~ Files: 1663 Legitimates Filtered in 01mn 18s

---\\ List all tools cleaner (LATC) (O63)

O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}

O63 - Logiciel: RSIT - (.random/random.)

~ ADS: Scanned in 00mn 00s

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Start Menu Internet (SMI) (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O68 - StartMenuInternet: <OperaStable> <Opera Stable>[HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe

~ Keys: Scanned in 00mn 00s

---\\ Search Browser Infection (SBI) (O69)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - Bing

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - Google

~ Keys: Scanned in 00mn 00s

---\\ Crack & Keygen Files (CKF) (O82)

C:\Users\Danny\Downloads\Microsoft OFFICE 2010 Pro Plus PRECRACKED.rar

C:\Users\Danny\Downloads\[katproxy.com]adobe.photoshop.lightroom.2.5.keygen.torrent

C:\Users\Danny\Downloads\[katproxy.com]adobe.photoshop.lightroom.5.2.rc.multilingual.keygen.torrent

C:\Users\Danny\Downloads\[katproxy.com]simcity.2013.no.drm.cracked.1.5.vulpeszedra (1).torrent

C:\Users\Danny\Downloads\[katproxy.com]simcity.2013.no.drm.cracked.1.5.vulpeszedra - Copy.torrent

C:\Users\Danny\Downloads\[kickass.to]microsoft.office.2010.pro.plus.precracked.rar.torrent

C:\Windows.old\Users\Danny\AppData\Roaming\BitTorrent\Microsoft OFFICE 2010 Pro Plus PRECRACKED.rar.torrent =>P2P.BitTorrent

C:\Users\Danny\Downloads\Microsoft OFFICE 2010 Pro Plus PRECRACKED.rar

C:\Users\Danny\Downloads\[katproxy.com]adobe.photoshop.lightroom.2.5.keygen.torrent

C:\Users\Danny\Downloads\[katproxy.com]adobe.photoshop.lightroom.5.2.rc.multilingual.keygen.torrent

C:\Users\Danny\Downloads\[katproxy.com]simcity.2013.no.drm.cracked.1.5.vulpeszedra (1).torrent

C:\Users\Danny\Downloads\[katproxy.com]simcity.2013.no.drm.cracked.1.5.vulpeszedra - Copy.torrent

C:\Users\Danny\Downloads\[kickass.to]microsoft.office.2010.pro.plus.precracked.rar.torrent

C:\Windows.old\Users\Danny\AppData\Roaming\BitTorrent\Microsoft OFFICE 2010 Pro Plus PRECRACKED.rar.torrent =>P2P.BitTorrent

~ Files: Scanned in 01mn 35s

---\\ Search Particular Root Folder (SPRF) (O84)

[MD5.32C736FB85BC71F67450CD23B89A1066] [sPRF][22-11-2013] (...) -- C:\Users\Danny\AppData\Local\Temp\71ec268ab42822c4d9d539589dff355e.dll [56]

[MD5.F80CFD218A94524669236F311CAA1846] [sPRF][28-8-2013] (.No owner - Package Track.) -- C:\Users\Danny\Desktop\Package Track.exe [1144832]

~ Files: 2 Legitimates Filtered in 00mn 00s

---\\ Firewall Active Exception List (FirewallRules) (O87)

O87 - FAEL: "TCP Query User{F400C8C3-7E2D-4CD2-9172-6762A8B87B56}C:\users\danny\desktop\microsoft toolkit.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\danny\desktop\microsoft toolkit.exe (.not file.)

O87 - FAEL: "UDP Query User{16CBF918-229D-4CC7-9A2F-267CA08DC7AC}C:\users\danny\desktop\microsoft toolkit.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\danny\desktop\microsoft toolkit.exe (.not file.)

O87 - FAEL: "TCP Query User{DD5EA7DD-56FF-4283-8F9F-C1779290D1DA}C:\users\danny\appdata\roaming\acestream\engine\ace_engine.exe" | In - Public - P6 - TRUE | .(...) -- C:\users\danny\appdata\roaming\acestream\engine\ace_engine.exe

O87 - FAEL: "UDP Query User{3C6A3509-826F-4A5D-B534-3490059C28DF}C:\users\danny\appdata\roaming\acestream\engine\ace_engine.exe" | In - Public - P17 - TRUE | .(...) -- C:\users\danny\appdata\roaming\acestream\engine\ace_engine.exe

~ Firewall: 242 Legitimates Filtered in 00mn 01s

---\\ MyComputer Name Space (MNS) (O92)

O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}

O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B}

O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}

O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C}

O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}

O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}

~ MNS: 6 Legitimates Filtered in 00mn 00s

---\\ Windows Installer Scan (WIS) (O93) (NTFS)

[MD5.E4617689D2A51DA75ECEF98CD2250F56] [WIS][23-9-2013] (.The Within Network, LLC - UxStyle.) -- C:\Windows\Installer\4b28f90.msi [208896]

~ WIS: 42 Legitimates Filtered in 00mn 03s

---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)

SR - | Auto 29-8-2012 208384 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Windows\System32\AdminService.exe

SR - | Auto 17-10-2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

SS - | Demand 7-11-2013 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe

SS - | Auto 17-10-2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 17-10-2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SR - | Demand 24-4-2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

SS - | Demand 26-10-2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

SS - | Auto 5-9-2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SR - | Auto 23-9-2013 13824 | (UnsignedThemes) . (.The Within Network, LLC.) - C:\WINDOWS\unsignedthemes.exe

SR - | Demand 10-7-1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe

SR - | Demand 10-7-1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe

SS - | Demand 10-7-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SS - | Demand 22-8-2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 06s

---\\ Search Master Boot Record Infection (MBR)(O80)

Run by Danny at 22-11-2013 18:40:48

~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s

---\\ Search Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, PC Helpforum - Gratis hulp bij computer problemen

Run by Danny at 22-11-2013 18:40:51

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s

---\\ Scan Additionnel (O88)

Database Version : 12996 - (22-11-2013)

Clés trouvées (Keys found) : 2

Valeurs trouvées (Values found) : 0

Dossiers trouvés (Folders found) : 0

Fichiers trouvés (Files found) : 1

[HKCU\Software\Somoto] =>Adware.MegaSearch

[HKCU\Software\BI] =>Adware.MegaSearch

C:\WINDOWS\AutoKMS\AutoKMS.exe =>Trojan.Keygen^

~ Additionnel Scan: 219533 Items scanned in 00mn 22s

---\\ Summary of the detections found on your workstation

~ Adware.MegaSearch - Malicius Software Information =>Adware.MegaSearch

~ MSI: 1 link(s) detected in 00mn 22s

~ 3060 Legitimates filtered by white list

End of the scan (639 lines in 05mn 55s)(14)

Link naar reactie
Delen op andere sites
juisterr Veteraan

juisterr

Geplaatst:
Geplaatst:

Start ZHPFix opnieuw.

Kopieer de tekst in het code-veld volledig:

Script ZHPFix 
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Orphan key
[MD5.4E8C983215115036C46841FFB51562A1] [APT] [AutoKMS] (...) -- C:\WINDOWS\AutoKMS\AutoKMS.exe [2820608] =>Trojan.Keygen
shortcutfix
emptytemp
emptyflash
emptyjava

Dubbelklik de snelkoppeling: ZHPFix

Druk op de button "Import"

Druk daarna onderaan op de knop "Go".

De fix zal beginnen post het resultaat ZPHFix[r2].txt

Link naar reactie
Delen op andere sites
naabje Vergevorderde

naabje

Geplaatst:
  • Auteur
Geplaatst:

Rapport de ZHPFix 2013.11.19.7 par Nicolas Coolman, Update du 19/11/2013

Fichier d'export Registre :

Run by Danny at 24-11-2013 12:35:12

High Elevated Privileges : OK

Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Recycle Bin emptied (00mn 06s)

Repair of browser shortcuts

========== Process memory ==========

REMOVES: Memory Process: C:\WINDOWS\AutoKMS\AutoKMS.exe

========== Registry keys ==========

REMOVES: [HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]

========== Registry values ==========

REMOVES: Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}

========== Folders ==========

Deletes temporary Windows (14)

REMOVES Flash Cookies (0)

========== Files ==========

Deletes temporary Windows (18) (6.643.314 octets)

REMOVES Flash Cookies (0) (0 octets)

========== Scheduled task ==========

REMOVES: AutoKMS

REMOVES: AutoKMS

REMOVES: AutoKMS

========== Other ==========

NON-TREATY emptyjava

========== Summary ==========

1 : Process memory

1 : Registry keys

1 : Registry values

2 : Folders

2 : Files

3 : Scheduled task

1 : Other

End of clean in 00mn 15s

========== Path to file report ==========

C:\Users\Danny\AppData\Roaming\ZHP\ZHPFix[R1].txt - 24-11-2013 12:35:18 [1195]

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.