~ Verslag van ZHPDiag v2015.5.8.47 - Nicolas Coolman (5-5-2015)
~ Gelanceerd door pcprive (10-5-2015 14:32:29)
~ Facebook :
https://www.facebook.com/nicolascoolman1
~ Het adres van de webforum :
http://forum.nicolascoolman.fr
~ Vertaald door de gebruiker
~ Staat van de versie : Bijgewerkte versie.
~ Lijst wit : Ingeschakeld door het programma
~ Tot misbruik van bevoegdheden : OK
~ Gebruikersaccountbeheer (UAC) : Deactivate by program
---\\ Internet-browsers
MSIE: Internet Explorer v11.0.9600.17728
MFIE: Mozilla Firefox 37.0.2 (Defaut)
GCIE: Google Chrome v42.0.2311.135
---\\ Windows productinformatie
~ Langage: Nerlandais
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
---\\ Software om het systeem te beveiligen
Malwarebytes Anti-Malware versie 2.0.4.1028
Microsoft Security Client v4.7.0205.0
Windows Defender W7 (Deactivate)
---\\ Systeem optimalisatie software
CCleaner v5.02
---\\ Delen van software PeerToPeer
---\\ Software die extra aandacht behoeft
Adobe Flash Player 17 PPAPI
Adobe Reader XI
---\\ Informatie over het systeem
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (57% free)
System Restore: Activ (Enable)
System drive C: has 870 GB (93%) free of 931 GB
---\\ Verbinding met het systeem-modus
~ Computer Name: PCPRIVE-PC
~ User Name: pcprive
~ All Users Names: pcprive, Gast, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ Omgevingsvariabelen
~ System Unit : C:\
~ %AppZHP% : C:\Users\pcprive\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\pcprive\AppData\Roaming\
~ %Desktop% : C:\Users\pcprive\Desktop\
~ %Favorites% : C:\Users\pcprive\Favorites\
~ %LocalAppData% : C:\Users\pcprive\AppData\Local\
~ %StartMenu% : C:\Users\pcprive\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Overzicht vaste en verwisselbare stations
C: Hard drive, Flash drive, Thumb drive (Free 870 Go of 931 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Staat van het Windows Beveiligingscentrum
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Zoeken naar bepaalde algemene bestanden
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Verkenner.) (.25-2-2011 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14-7-2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.77B35D0FC22A2D2EAC8D07C3F9784DBF] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.13-3-2015 - 3:45:57.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.17-7-2014 - 3:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.20-11-2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30-5-2014 - 7:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-7-2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-7-2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20-11-2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20-11-2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20-11-2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14-7-2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-7-2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-4-2011 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20-11-2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.24-1-2014 - 3:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14-7-2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20-11-2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-7-2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11-11-2014 - 2:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.20-11-2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Status van de verborgen bestanden (verborgen/totaal)
~ Mes images (My Pictures) : 1/369
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/21
~ Mes Favoris (My Favorites) : 1/355
~ Mes Documents (My Documents) : 1/207
~ Mon Bureau (My Desktop) : 1/13
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 01s
---\\ Gestarte processen
[MD5.3C13F26A4766752314A5413038BD86B4] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [7229752] [PID.3204]
[MD5.9429CDA9595BB34E2D92A6DBE7C46CB6] - (.IBM Corp. - RapportService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [2648344] [PID.3428]
[MD5.C64E9B1C9EA057DCECDCB98F34377811] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe [228552] [PID.840]
[MD5.11244837251AB1255A80DA14AEB45BD3] - (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [102088] [PID.2312]
[MD5.345B45BE09381D2011EB7F9AC11D8AC4] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.3324]
[MD5.4B88BF95F7C40E2EDD2B924E0111C456] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [267888] [PID.1188]
[MD5.66F6B3894132CC3D347CB85FBAE48D57] - (.Adobe Systems, Inc. - Adobe Flash Player 17.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe [1892528] [PID.1176]
[MD5.2727208EA26F6B6DA898AB6890417214] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8208384] [PID.2840]
[MD5.BF4E0DEE8566DDEC3D26F2D2B6B74FCB] - (.IBM Corp. - RapportMgmtService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1943832] [PID.948]
[MD5.2638395F6E61889D75C363A80A0E17F4] - (.SurfRight B.V. - HitmanPro.Alert.) -- C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816] [PID.1216]
[MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152] [PID.1768]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1808]
[MD5.0BB29DE40C9D9529793DCDB59A43CF5B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160] [PID.1324]
[MD5.5F82D8188B370B0CF185D4AE2B9B4A0E] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016] [PID.2068]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, start, zoeken, extensies (G0, G1, G2)
C:\Users\pcprive\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Google Chrome extensie map
~ Google Lines Browser: 7 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3)
C:\Users\pcprive\AppData\Roaming\Mozilla\Firefox\Profiles\ki8n165y.default\prefs.js
M2 - MFEP: prefs.js [pcprive - ki8n165y.default\googlesharing@extension.thoughtcrime.org] [] GoogleSharing v0.22 (..)
M2 - MFEP: Extension [pcprive - ki8n165y.default]
googlesharing@extension.thoughtcrime.org
M2 - MFEP: Extension [pcprive - ki8n165y.default]
jid1-ZAdIEUB7XOzOJw@jetpack.xpi
M2 - MFEP: Extension [pcprive - ki8n165y.default] {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
M2 - MFEP: Extension [pcprive - ki8n165y.default] {AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\bolcom-nl.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\marktplaats-nl.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wikipedia-nl.xml
~ Firefox Browser: 23 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, proxybeheer (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts-bestand omleiding (O1)
~ Le fichier hte est sain (The hosts file is clean) (24)
~ Hosts File: Scanned in 00mn 00s
---\\ Internet Explorer werkbalken (O3)
O3 - Toolbar: (no name) - [HKLM]{71576546-354D-41c9-AAE8-31F2EC22BF0D} Orphan sleutel
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Orphan sleutel
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{71576546-354D-41C9-AAE8-31F2EC22BF0D} Orphan sleutel
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan sleutel
~ Toolbar: Scanned in 00mn 00s
---\\ Toepassingen gestart door register & bestand (O4)
O4 - HKLM\..\Run: [OODefragTray] . (.O&O Software GmbH - O&O Defrag Free Edition TrayIcon (x64).) -- C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKUS\S-1-5-21-2644516270-1603593607-3465043599-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2644516270-1603593607-3465043599-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s
---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9)
O9 - Extra button: &Verzenden naar OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~3\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Gekoppelde notities van OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~3\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Domeinadres van de DNS (O17) wijzigen
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CS2\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
~ Domain: Scanned in 00mn 00s
---\\ Aanvullend Protocol (O18)
O18 - Handler: wot [64Bits] - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} . (...) -- C:\Program Files\WOT\WOT.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lijst van niet-Microsoft NT services die niet uitgeschakeld zijn (O23)
O23 - Service: HitmanPro.Alert Service (hmpalertsvc) . (.SurfRight B.V. - HitmanPro.Alert.) - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
O23 - Service: lxcz_device (lxcz_device) . (.No owner - Printer Communication System.) - C:\Windows\system32\lxczcoms.exe
~ Services: 10 Legitimates Filtered in 00mn 24s
---\\ Taken die zijn gepland in de automatische modus (O39)
[MD5.235C127898A9AA40B74043E4C72DCA96] [APT] [{AC42C901-51AC-41EE-9B58-7DB5B2CF9FD2}] (...) -- C:\lexmark\drivers\1200\Setup.exe [303784]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [940]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 03s
---\\ Piloot aan het begin van het systeem (O41)
O41 - Driver: (A2DDA) . (. - .) - C:\USERS\PCPRIVE\DESKTOP\RUN\a2ddax64.sys (.not file.)
~ Drivers: 78 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ABNAMRO]
[HKCU\Software\IncrediMail]
~ Key Software: 212 Legitimates Filtered in 00mn 00s
---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 18-8-2014 - 11:57:24 - [] ----D C:\Program Files (x86)\EMET 5.0
O43 - CFD: 23-11-2013 - 14:05:34 - [0] ----D C:\Program Files (x86)\Fotoservice
O43 - CFD: 14-10-2013 - 14:24:30 - [] ----D C:\Program Files (x86)\GUMCCC0.tmp
O43 - CFD: 7-10-2013 - 10:55:09 - [] ----D C:\ProgramData\IM
O43 - CFD: 7-10-2013 - 10:54:21 - [] ----D C:\ProgramData\IncrediMail
O43 - CFD: 22-8-2014 - 13:10:40 - [] ----D C:\ProgramData\{7AD360CC-1D61-4011-83BE-B257782BA5CB}
O43 - CFD: 22-8-2014 - 12:31:04 - [0] ----D C:\ProgramData\~1
O43 - CFD: 22-8-2014 - 12:31:04 - [0] ----D C:\ProgramData\~2
O43 - CFD: 22-8-2014 - 12:47:18 - [0] ----D C:\ProgramData\~3
O43 - CFD: 22-8-2014 - 12:47:18 - [0] ----D C:\ProgramData\~4
O43 - CFD: 24-8-2014 - 12:18:57 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail
O43 - CFD: 14-7-2009 - 11:55:40 - [0] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 22-1-2014 - 18:50:45 - [] ----D C:\Users\pcprive\AppData\Roaming\Avant Profiles
O43 - CFD: 26-3-2015 - 20:05:33 - [] -SH-D C:\Users\pcprive\AppData\Local\EmieBrowserModeList
O43 - CFD: 7-10-2013 - 14:46:18 - [] ----D C:\Users\pcprive\AppData\Local\IM
O43 - CFD: 8-1-2014 - 19:06:40 - [] ----D C:\Users\pcprive\AppData\Local\midori
~ Program Folder: 190 Legitimates Filtered in 00mn 00s
---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44)
O44 - LFC:[MD5.6F05138DBE344A179F9A11E847404A21] - 1-5-2015 - 9:45:15 ---A- . (...) -- C:\Windows\Lexstat.ini [312]
~ Files: 9 Legitimates Filtered in 00mn 01s
---\\ Activiteiten en functies bij het opstarten van Windows Verkenner (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Controle van veilige Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s
---\\ Opsomming van de registersleutel Hkey_local_machine\software\microsoft\shared (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\IncrediMail [Key] . (...) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (.not file.)
~ SMSR Keys: 7 Legitimates Filtered in 00mn 00s
---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Opsomming van de registersleutel PoliciesExplorer (CKVI) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Overzicht van de drivers (SDL) (O58)
O58 - SDL:20-3-2008 - 11:34:12 ---A- . (.Todos Data System AB - ABN AMRO e.dentifier2 Smart Card Reader.) -- C:\Windows\System32\Drivers\aabed2.sys [28672]
O58 - SDL:29-3-2005 - 0:30:38 ---A- . (.No owner - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [8192]
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:14-7-2009 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10-6-2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:11-4-2014 - 14:58:16 ---A- . (.No owner - HitmanPro.Alert Support Driver.) -- C:\Windows\System32\Drivers\hmpalert.sys [93144]
O58 - SDL:14-7-2009 - 2:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:4-10-2010 - 8:40:18 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\Drivers\TFsExDisk.sys [16448]
O58 - SDL:25-10-2007 - 16:26:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys [5632]
O58 - SDL:4-10-2010 - 8:40:18 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16448]
~ Drivers: 68 Legitimates Filtered in 00mn 07s
---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61)
O61 - LFC: 10-5-2015 - 14:33:28 ---A- . (...) -- C:\Users\pcprive\Downloads\Vollversion WinSysClean X2 - CHIP-Installer.exe [1203488]
O61 - LFC: 6-5-2015 - 14:33:24 ---A- . (...) -- C:\Users\pcprive\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [713907]
~ 2 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 6 Legitimates Filtered in 00mn 05s
---\\ Lijst van cleaning tools (CLAB) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Overzicht met LEGACY services (LALS) (O64)
O64 - Services: CurCS - 30-4-2013 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag) .(.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 11-4-2014 - C:\Windows\system32\drivers\hmpalert.sys (hmpalert) .(.No owner - HitmanPro.Alert Support Driver.) - LEGACY_HMPALERT
O64 - Services: CurCS - 21-11-2014 - C:\Windows\system32\drivers\mwac.sys (MBAMWebAccessControl) .(.Malwarebytes Corporation - Malwarebytes Web Access Control.) - LEGACY_MBAMWEBACCESSCONTROL
O64 - Services: CurCS - 11-3-2015 - C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (RapportPG64) .(.IBM Corp. - RapportPG64.) - LEGACY_RAPPORTPG64
O64 - Services: CurCS - 10-6-2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 153 Legitimates Filtered in 00mn 00s
---\\ Bestandsassociaties mogelijk aangepast (O67)
O67 - Shell Spawning: <.html> <SlimBrowserHtml>[HKLM\..\open\Command] (.Not Key.) =>PUP.SpeedBrowser
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Startmenu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Zoek "infecties in internetbrowsers (SBI) (O69)
O69 - SBI: prefs.js [pcprive - ki8n165y.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) -
http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {689732D6-158F-43B0-97C6-4ECE896423D6} [DefaultScope] - (Bing) -
http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84)
[MD5.6B530372E19D404C2001573D9A0BCBBC] [SPRF][20-2-2014] (...) -- C:\Users\pcprive\Desktop\Apache_OpenOffice_4.0.1_Win_x86_install_nl.exe [139734741]
[MD5.D093FD9D7785AE45700C1DDAB5215426] [SPRF][24-2-2014] (.SurfRight B.V. - HitmanPro.Alert.) -- C:\Users\pcprive\Desktop\hmpalert25.exe [1855848]
[MD5.651DC829BC822017CBBC40621DDCEA7A] [SPRF][25-8-2014] (...) -- C:\Users\pcprive\Desktop\Rebuild_Icon_Cache.bat [738]
~ Files: 7 Legitimates Filtered in 00mn 01s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASMANCS =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASMANCS =>PUP.BuzzSearch
~ BTK: 108 Legitimates Filtered in 00mn 00s
---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt)
SS - | Demand 16-4-2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 25-6-2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25-6-2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 7-7-2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 23-2-2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 14-7-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Auto 22-7-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 18-3-2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 19-12-2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 30-4-2013 238080 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 11-4-2014 1876816 | (hmpalertsvc) . (.SurfRight B.V..) - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
SR - | Auto 19-4-2007 566192 | (lxcz_device) . (...) - C:\Windows\system32\lxczcoms.exe
SR - | Auto 21-11-2014 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 21-11-2014 969016 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 30-1-2015 23784 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 25-1-2011 3051848 | (OODefragAgent) . (.O&O Software GmbH.) - C:\Program Files\OO Software\Defrag\oodag.exe
SR - | Auto 11-3-2015 1943832 | (RapportMgmtService) . (.IBM Corp..) - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
SR - | Auto 14-7-2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s
---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80)
Run by pcprive at 10-5-2015 14:34:03
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80)
Written by ad13,
http://ad13.geekstog
Run by pcprive at 10-5-2015 14:34:05
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Extra scan (O88)
Database Version : 13008 - (5-5-2015)
Cls trouves (Keys found) : 0
Valeurs trouves (Values found) : 0
Dossiers trouvs (Folders found) : 0
Fichiers trouvs (Files found) : 1
O67 - Shell Spawning: <.html> <SlimBrowserHtml>[HKLM\..\open\Command] (.Not Key.) =>PUP.SpeedBrowser^
~ Additionnel Scan: 219742 Items scanned in 00mn 25s
---\\ Additional information about modules
~
http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, proxybeheer (R5)
~
http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer werkbalken (O3)
~
http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Toepassingen gestart door register & bestand (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s
---\\ Samenvatting van detecties gevonden op uw werkstation
http://www.nicolascoolman.fr/blog/ =>PUP.SpeedBrowser
http://nicolascoolman.fr/pup-buzzsearch =>PUP.BuzzSearch
~ MSI: 2 link(s) detected in 00mn 00s
~ 833 Legitimates filtered by white list
End of the scan (467 lines in 02mn 02s)(0.6)
------------------
~ Verslag van ZHPDiag v2015.5.8.47 - Nicolas Coolman (5-5-2015)
~ Gelanceerd door pcprive (10-5-2015 14:32:29)
~ Facebook :
https://www.facebook.com/nicolascoolman1
~ Het adres van de webforum :
http://forum.nicolascoolman.fr
~ Vertaald door de gebruiker
~ Staat van de versie : Bijgewerkte versie.
~ Lijst wit : Ingeschakeld door het programma
~ Tot misbruik van bevoegdheden : OK
~ Gebruikersaccountbeheer (UAC) : Deactivate by program
---\\ Internet-browsers
MSIE: Internet Explorer v11.0.9600.17728
MFIE: Mozilla Firefox 37.0.2 (Defaut)
GCIE: Google Chrome v42.0.2311.135
---\\ Windows productinformatie
~ Langage: Nerlandais
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
---\\ Software om het systeem te beveiligen
Malwarebytes Anti-Malware versie 2.0.4.1028
Microsoft Security Client v4.7.0205.0
Windows Defender W7 (Deactivate)
---\\ Systeem optimalisatie software
CCleaner v5.02
---\\ Delen van software PeerToPeer
---\\ Software die extra aandacht behoeft
Adobe Flash Player 17 PPAPI
Adobe Reader XI
---\\ Informatie over het systeem
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (57% free)
System Restore: Activ (Enable)
System drive C: has 870 GB (93%) free of 931 GB
---\\ Verbinding met het systeem-modus
~ Computer Name: PCPRIVE-PC
~ User Name: pcprive
~ All Users Names: pcprive, Gast, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ Omgevingsvariabelen
~ System Unit : C:\
~ %AppZHP% : C:\Users\pcprive\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\pcprive\AppData\Roaming\
~ %Desktop% : C:\Users\pcprive\Desktop\
~ %Favorites% : C:\Users\pcprive\Favorites\
~ %LocalAppData% : C:\Users\pcprive\AppData\Local\
~ %StartMenu% : C:\Users\pcprive\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Overzicht vaste en verwisselbare stations
C: Hard drive, Flash drive, Thumb drive (Free 870 Go of 931 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Staat van het Windows Beveiligingscentrum
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Zoeken naar bepaalde algemene bestanden
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Verkenner.) (.25-2-2011 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14-7-2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.77B35D0FC22A2D2EAC8D07C3F9784DBF] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.13-3-2015 - 3:45:57.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.17-7-2014 - 3:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.20-11-2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30-5-2014 - 7:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-7-2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-7-2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20-11-2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20-11-2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20-11-2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14-7-2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-7-2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-4-2011 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20-11-2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.24-1-2014 - 3:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14-7-2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20-11-2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-7-2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11-11-2014 - 2:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.20-11-2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Status van de verborgen bestanden (verborgen/totaal)
~ Mes images (My Pictures) : 1/369
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/21
~ Mes Favoris (My Favorites) : 1/355
~ Mes Documents (My Documents) : 1/207
~ Mon Bureau (My Desktop) : 1/13
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 01s
---\\ Gestarte processen
[MD5.3C13F26A4766752314A5413038BD86B4] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [7229752] [PID.3204]
[MD5.9429CDA9595BB34E2D92A6DBE7C46CB6] - (.IBM Corp. - RapportService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [2648344] [PID.3428]
[MD5.C64E9B1C9EA057DCECDCB98F34377811] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe [228552] [PID.840]
[MD5.11244837251AB1255A80DA14AEB45BD3] - (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [102088] [PID.2312]
[MD5.345B45BE09381D2011EB7F9AC11D8AC4] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.3324]
[MD5.4B88BF95F7C40E2EDD2B924E0111C456] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [267888] [PID.1188]
[MD5.66F6B3894132CC3D347CB85FBAE48D57] - (.Adobe Systems, Inc. - Adobe Flash Player 17.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe [1892528] [PID.1176]
[MD5.2727208EA26F6B6DA898AB6890417214] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8208384] [PID.2840]
[MD5.BF4E0DEE8566DDEC3D26F2D2B6B74FCB] - (.IBM Corp. - RapportMgmtService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1943832] [PID.948]
[MD5.2638395F6E61889D75C363A80A0E17F4] - (.SurfRight B.V. - HitmanPro.Alert.) -- C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816] [PID.1216]
[MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152] [PID.1768]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1808]
[MD5.0BB29DE40C9D9529793DCDB59A43CF5B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160] [PID.1324]
[MD5.5F82D8188B370B0CF185D4AE2B9B4A0E] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016] [PID.2068]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, start, zoeken, extensies (G0, G1, G2)
C:\Users\pcprive\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Google Chrome extensie map
~ Google Lines Browser: 7 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3)
C:\Users\pcprive\AppData\Roaming\Mozilla\Firefox\Profiles\ki8n165y.default\prefs.js
M2 - MFEP: prefs.js [pcprive - ki8n165y.default\googlesharing@extension.thoughtcrime.org] [] GoogleSharing v0.22 (..)
M2 - MFEP: Extension [pcprive - ki8n165y.default]
googlesharing@extension.thoughtcrime.org
M2 - MFEP: Extension [pcprive - ki8n165y.default]
jid1-ZAdIEUB7XOzOJw@jetpack.xpi
M2 - MFEP: Extension [pcprive - ki8n165y.default] {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
M2 - MFEP: Extension [pcprive - ki8n165y.default] {AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\bolcom-nl.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\marktplaats-nl.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wikipedia-nl.xml
~ Firefox Browser: 23 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, proxybeheer (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts-bestand omleiding (O1)
~ Le fichier hte est sain (The hosts file is clean) (24)
~ Hosts File: Scanned in 00mn 00s
---\\ Internet Explorer werkbalken (O3)
O3 - Toolbar: (no name) - [HKLM]{71576546-354D-41c9-AAE8-31F2EC22BF0D} Orphan sleutel
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Orphan sleutel
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{71576546-354D-41C9-AAE8-31F2EC22BF0D} Orphan sleutel
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan sleutel
~ Toolbar: Scanned in 00mn 00s
---\\ Toepassingen gestart door register & bestand (O4)
O4 - HKLM\..\Run: [OODefragTray] . (.O&O Software GmbH - O&O Defrag Free Edition TrayIcon (x64).) -- C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKUS\S-1-5-21-2644516270-1603593607-3465043599-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2644516270-1603593607-3465043599-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s
---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9)
O9 - Extra button: &Verzenden naar OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~3\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Gekoppelde notities van OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~3\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Domeinadres van de DNS (O17) wijzigen
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CS2\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
~ Domain: Scanned in 00mn 00s
---\\ Aanvullend Protocol (O18)
O18 - Handler: wot [64Bits] - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} . (...) -- C:\Program Files\WOT\WOT.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lijst van niet-Microsoft NT services die niet uitgeschakeld zijn (O23)
O23 - Service: HitmanPro.Alert Service (hmpalertsvc) . (.SurfRight B.V. - HitmanPro.Alert.) - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
O23 - Service: lxcz_device (lxcz_device) . (.No owner - Printer Communication System.) - C:\Windows\system32\lxczcoms.exe
~ Services: 10 Legitimates Filtered in 00mn 24s
---\\ Taken die zijn gepland in de automatische modus (O39)
[MD5.235C127898A9AA40B74043E4C72DCA96] [APT] [{AC42C901-51AC-41EE-9B58-7DB5B2CF9FD2}] (...) -- C:\lexmark\drivers\1200\Setup.exe [303784]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [940]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 03s
---\\ Piloot aan het begin van het systeem (O41)
O41 - Driver: (A2DDA) . (. - .) - C:\USERS\PCPRIVE\DESKTOP\RUN\a2ddax64.sys (.not file.)
~ Drivers: 78 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ABNAMRO]
[HKCU\Software\IncrediMail]
~ Key Software: 212 Legitimates Filtered in 00mn 00s
---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 18-8-2014 - 11:57:24 - [] ----D C:\Program Files (x86)\EMET 5.0
O43 - CFD: 23-11-2013 - 14:05:34 - [0] ----D C:\Program Files (x86)\Fotoservice
O43 - CFD: 14-10-2013 - 14:24:30 - [] ----D C:\Program Files (x86)\GUMCCC0.tmp
O43 - CFD: 7-10-2013 - 10:55:09 - [] ----D C:\ProgramData\IM
O43 - CFD: 7-10-2013 - 10:54:21 - [] ----D C:\ProgramData\IncrediMail
O43 - CFD: 22-8-2014 - 13:10:40 - [] ----D C:\ProgramData\{7AD360CC-1D61-4011-83BE-B257782BA5CB}
O43 - CFD: 22-8-2014 - 12:31:04 - [0] ----D C:\ProgramData\~1
O43 - CFD: 22-8-2014 - 12:31:04 - [0] ----D C:\ProgramData\~2
O43 - CFD: 22-8-2014 - 12:47:18 - [0] ----D C:\ProgramData\~3
O43 - CFD: 22-8-2014 - 12:47:18 - [0] ----D C:\ProgramData\~4
O43 - CFD: 24-8-2014 - 12:18:57 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail
O43 - CFD: 14-7-2009 - 11:55:40 - [0] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 22-1-2014 - 18:50:45 - [] ----D C:\Users\pcprive\AppData\Roaming\Avant Profiles
O43 - CFD: 26-3-2015 - 20:05:33 - [] -SH-D C:\Users\pcprive\AppData\Local\EmieBrowserModeList
O43 - CFD: 7-10-2013 - 14:46:18 - [] ----D C:\Users\pcprive\AppData\Local\IM
O43 - CFD: 8-1-2014 - 19:06:40 - [] ----D C:\Users\pcprive\AppData\Local\midori
~ Program Folder: 190 Legitimates Filtered in 00mn 00s
---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44)
O44 - LFC:[MD5.6F05138DBE344A179F9A11E847404A21] - 1-5-2015 - 9:45:15 ---A- . (...) -- C:\Windows\Lexstat.ini [312]
~ Files: 9 Legitimates Filtered in 00mn 01s
---\\ Activiteiten en functies bij het opstarten van Windows Verkenner (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Controle van veilige Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s
---\\ Opsomming van de registersleutel Hkey_local_machine\software\microsoft\shared (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\IncrediMail [Key] . (...) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (.not file.)
~ SMSR Keys: 7 Legitimates Filtered in 00mn 00s
---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Opsomming van de registersleutel PoliciesExplorer (CKVI) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Overzicht van de drivers (SDL) (O58)
O58 - SDL:20-3-2008 - 11:34:12 ---A- . (.Todos Data System AB - ABN AMRO e.dentifier2 Smart Card Reader.) -- C:\Windows\System32\Drivers\aabed2.sys [28672]
O58 - SDL:29-3-2005 - 0:30:38 ---A- . (.No owner - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [8192]
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:14-7-2009 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10-6-2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:11-4-2014 - 14:58:16 ---A- . (.No owner - HitmanPro.Alert Support Driver.) -- C:\Windows\System32\Drivers\hmpalert.sys [93144]
O58 - SDL:14-7-2009 - 2:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:4-10-2010 - 8:40:18 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\Drivers\TFsExDisk.sys [16448]
O58 - SDL:25-10-2007 - 16:26:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys [5632]
O58 - SDL:4-10-2010 - 8:40:18 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16448]
~ Drivers: 68 Legitimates Filtered in 00mn 07s
---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61)
O61 - LFC: 10-5-2015 - 14:33:28 ---A- . (...) -- C:\Users\pcprive\Downloads\Vollversion WinSysClean X2 - CHIP-Installer.exe [1203488]
O61 - LFC: 6-5-2015 - 14:33:24 ---A- . (...) -- C:\Users\pcprive\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [713907]
~ 2 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 6 Legitimates Filtered in 00mn 05s
---\\ Lijst van cleaning tools (CLAB) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Overzicht met LEGACY services (LALS) (O64)
O64 - Services: CurCS - 30-4-2013 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag) .(.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 11-4-2014 - C:\Windows\system32\drivers\hmpalert.sys (hmpalert) .(.No owner - HitmanPro.Alert Support Driver.) - LEGACY_HMPALERT
O64 - Services: CurCS - 21-11-2014 - C:\Windows\system32\drivers\mwac.sys (MBAMWebAccessControl) .(.Malwarebytes Corporation - Malwarebytes Web Access Control.) - LEGACY_MBAMWEBACCESSCONTROL
O64 - Services: CurCS - 11-3-2015 - C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (RapportPG64) .(.IBM Corp. - RapportPG64.) - LEGACY_RAPPORTPG64
O64 - Services: CurCS - 10-6-2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 153 Legitimates Filtered in 00mn 00s
---\\ Bestandsassociaties mogelijk aangepast (O67)
O67 - Shell Spawning: <.html> <SlimBrowserHtml>[HKLM\..\open\Command] (.Not Key.) =>PUP.SpeedBrowser
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Startmenu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Zoek "infecties in internetbrowsers (SBI) (O69)
O69 - SBI: prefs.js [pcprive - ki8n165y.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) -
http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {689732D6-158F-43B0-97C6-4ECE896423D6} [DefaultScope] - (Bing) -
http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84)
[MD5.6B530372E19D404C2001573D9A0BCBBC] [SPRF][20-2-2014] (...) -- C:\Users\pcprive\Desktop\Apache_OpenOffice_4.0.1_Win_x86_install_nl.exe [139734741]
[MD5.D093FD9D7785AE45700C1DDAB5215426] [SPRF][24-2-2014] (.SurfRight B.V. - HitmanPro.Alert.) -- C:\Users\pcprive\Desktop\hmpalert25.exe [1855848]
[MD5.651DC829BC822017CBBC40621DDCEA7A] [SPRF][25-8-2014] (...) -- C:\Users\pcprive\Desktop\Rebuild_Icon_Cache.bat [738]
~ Files: 7 Legitimates Filtered in 00mn 01s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASMANCS =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASMANCS =>PUP.BuzzSearch
~ BTK: 108 Legitimates Filtered in 00mn 00s
---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt)
SS - | Demand 16-4-2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 25-6-2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25-6-2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 7-7-2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 23-2-2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 14-7-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Auto 22-7-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 18-3-2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 19-12-2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 30-4-2013 238080 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 11-4-2014 1876816 | (hmpalertsvc) . (.SurfRight B.V..) - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
SR - | Auto 19-4-2007 566192 | (lxcz_device) . (...) - C:\Windows\system32\lxczcoms.exe
SR - | Auto 21-11-2014 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 21-11-2014 969016 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 30-1-2015 23784 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 25-1-2011 3051848 | (OODefragAgent) . (.O&O Software GmbH.) - C:\Program Files\OO Software\Defrag\oodag.exe
SR - | Auto 11-3-2015 1943832 | (RapportMgmtService) . (.IBM Corp..) - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
SR - | Auto 14-7-2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s
---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80)
Run by pcprive at 10-5-2015 14:34:03
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80)
Written by ad13,
http://ad13.geekstog
Run by pcprive at 10-5-2015 14:34:05
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Extra scan (O88)
Database Version : 13008 - (5-5-2015)
Cls trouves (Keys found) : 0
Valeurs trouves (Values found) : 0
Dossiers trouvs (Folders found) : 0
Fichiers trouvs (Files found) : 1
O67 - Shell Spawning: <.html> <SlimBrowserHtml>[HKLM\..\open\Command] (.Not Key.) =>PUP.SpeedBrowser^
~ Additionnel Scan: 219742 Items scanned in 00mn 25s
---\\ Additional information about modules
~
http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, proxybeheer (R5)
~
http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer werkbalken (O3)
~
http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Toepassingen gestart door register & bestand (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s
---\\ Samenvatting van detecties gevonden op uw werkstation
http://www.nicolascoolman.fr/blog/ =>PUP.SpeedBrowser
http://nicolascoolman.fr/pup-buzzsearch =>PUP.BuzzSearch
~ MSI: 2 link(s) detected in 00mn 00s
~ 833 Legitimates filtered by white list
End of the scan (467 lines in 02mn 02s)(0.6)
-----------------
# AdwCleaner v4.203 - Logbestand aangemaakt 10/05/2015 op 17:37:59
# Laatste update 30/04/2015 door Xplode
# Database : 2015-05-09.1 [Server]
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (x64)
# Gebruikersnaam : pcprive - PCPRIVE-PC
# Gestart vanuit : C:\Users\pcprive\Desktop\adwcleaner_4.203.exe
# Optie : Verwijderen
***** [ Services ] *****
***** [ Bestanden / Mappen ] *****
Map Verwijderd : C:\Users\pcprive\AppData\Local\DriverTuner
***** [ Geplande taken ] *****
***** [ Snelkoppelingen ] *****
***** [ Register ] *****
Sleutel Verwijderd : HKCU\Software\DriverTuner_Init
Sleutel Verwijderd : HKCU\Software\DriverTuner
***** [ Webbrowsers ] *****
-\\ Internet Explorer v11.0.9600.17728
-\\ Mozilla Firefox v37.0.2 (x86 nl)
-\\ Google Chrome v42.0.2311.135
*************************
AdwCleaner[R0].txt - [1073 bytes] - [22/08/2014 12:57:05]
AdwCleaner[R1].txt - [1134 bytes] - [22/08/2014 18:10:43]
AdwCleaner[R2].txt - [1220 bytes] - [05/09/2014 14:43:15]
AdwCleaner[R3].txt - [1345 bytes] - [26/09/2014 18:02:06]
AdwCleaner[R4].txt - [1513 bytes] - [10/05/2015 17:34:59]
AdwCleaner[S0].txt - [1143 bytes] - [22/08/2014 13:01:14]
AdwCleaner[S1].txt - [1201 bytes] - [22/08/2014 18:12:37]
AdwCleaner[S2].txt - [1285 bytes] - [05/09/2014 14:45:03]
AdwCleaner[S3].txt - [1335 bytes] - [10/05/2015 17:37:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1394 bytes] ##########
-----------------------
C: staat bestandsmap, geen text