• De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

gehackt?

Status
Niet open voor verdere reacties.

jupiter8

Gevestigd lid
Lid geworden
9 mei 2015
Berichten
204
Waarderingsscore
0
ten 1e: mijn link in mijn mail was al geactiveerd
ten 2e: recente activiteit bekijken bij msn geeft de mededeling firefox/abb.
ik gebruik alleen maar firefox
ten 3e: heb wachtwoord gewijzigd van e-mail account; heb mijn wachtwoord voor inloggen gewijzigd
ten 4e: bij Ccleaner staat altijd bij internet explorer: tijdelijke bestanden! terwijl ik IE nooit gebruik
 
Laatst bewerkt door een moderator:
Hallo jupiter8,
smiley_says_hello.gif
hartelijk welkom op dit geweldige forum.

Het voorstellenforum dien enkel om jezelf voor te stellen, niet om meteen maar met problemen in huis te vallen; daarom heb ik jouw topic ook verplaatst.

Wat betreft je mailaccount online, heb je soms "Altijd aangemeld blijven" geactiveerd?
Wat bedoel je met msn en welke webbrowser gebruik jij standaard?

Wat je over CCleaner schrijft is gewoon een standaard instelling.

Wil je een betere cleaner hebben, dan nodig ik je uit hier te kijken: http://www.nationaalcomputerforum.nl/showthread.php?t=99605
 
Hallo jupiter8,
smiley_says_hello.gif
hartelijk welkom op dit geweldige forum.

Het voorstellenforum dien enkel om jezelf voor te stellen, niet om meteen maar met problemen in huis te vallen; daarom heb ik jouw topic ook verplaatst.

Wat betreft je mailaccount online, heb je soms "Altijd aangemeld blijven" geactiveerd?
Wat bedoel je met msn en welke webbrowser gebruik jij standaard?

Wat je over CCleaner schrijft is gewoon een standaard instelling.

Wil je een betere cleaner hebben, dan nodig ik je uit hier te kijken: http://www.nationaalcomputerforum.nl/showthread.php?t=99605
------------
Heb geen antwoordvenster.

--- Update ---

Ik laat mijn mail doorsturen naar het bureaublad.
Bij msn kun je laatste activiteit bekijken. Er was 2x onbekend.
Ik gebruik standaard Firefox.
WinSYS heb ik al een keer van je gekregen evenals O&O defrag

--- Update ---

Jupiter is een vrouw die wel iets van de PC afweet, maar ook wel eens voor raadsels komt te staan.
 
Ik laat mijn mail doorsturen naar het bureaublad.
Dat begrijp ik nks van, mail doorsturen naar het bureaublad......


Download ZHPDiag naar het bureaublad.

Antivirussoftware uitschakelen
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met ZHPDiag.

ZHPDiag installeren
  • Dubbelklik op zhpdiag.exe om de installatie te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik meerdere keren op "Suivant" om het installatieproces te doorlopen.
  • Klik op "Installer" wanneer daar om gevraagd wordt en op "Terminer" wanneer de installatie voltooid is.

ZHPDiag uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
  • Dubbelklik op de snelkoppeling met de naam ZHPDiag
  • Het startvenster verschijnt, klik nu op "Configureren".
  • Als de taal niet als Nederlands is ingesteld klik rechts onderaan op het
    52c0016c69f81-huisje.png
    icoontje "Slectionner une langue" en kies "Nerlandais".
  • Klik daarna links onderaan op het
    52c001f7eec91-vergrootglas.png
    icoontje "Diagnosemogelijkheden".
  • Er wordt nu een scan van je systeem gemaakt wacht geduldig tot deze voltooid is.
  • 5457c42d077c1-ZHPDiag.jpg

ZHPDiag.txt logbestand plaatsen
  • Na afloop staat er een tekstbestand met de naam ZHPDiag.txt op het bureaublad.
  • Post vervolgens de inhoud van dit log in je volgende bericht.
 
Dat begrijp ik nks van, mail doorsturen naar het bureaublad......


Download ZHPDiag naar het bureaublad.

Antivirussoftware uitschakelen
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met ZHPDiag.

ZHPDiag installeren
  • Dubbelklik op zhpdiag.exe om de installatie te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik meerdere keren op "Suivant" om het installatieproces te doorlopen.
  • Klik op "Installer" wanneer daar om gevraagd wordt en op "Terminer" wanneer de installatie voltooid is.

ZHPDiag uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
  • Dubbelklik op de snelkoppeling met de naam ZHPDiag
  • Het startvenster verschijnt, klik nu op "Configureren".
  • Als de taal niet als Nederlands is ingesteld klik rechts onderaan op het
    52c0016c69f81-huisje.png
    icoontje "Slectionner une langue" en kies "Nerlandais".
  • Klik daarna links onderaan op het
    52c001f7eec91-vergrootglas.png
    icoontje "Diagnosemogelijkheden".
  • Er wordt nu een scan van je systeem gemaakt wacht geduldig tot deze voltooid is.
  • 5457c42d077c1-ZHPDiag.jpg

ZHPDiag.txt logbestand plaatsen
  • Na afloop staat er een tekstbestand met de naam ZHPDiag.txt op het bureaublad.
  • Post vervolgens de inhoud van dit log in je volgende bericht.
------------------------------
spreek geen frans, waar moet ik op drukken/aanklikken

--- Update ---

~ Verslag van ZHPDiag v2015.5.8.47 - Nicolas Coolman (5-5-2015)
~ Gelanceerd door pcprive (10-5-2015 14:32:29)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Het adres van de webforum : http://forum.nicolascoolman.fr
~ Vertaald door de gebruiker
~ Staat van de versie : Bijgewerkte versie.
~ Lijst wit : Ingeschakeld door het programma
~ Tot misbruik van bevoegdheden : OK
~ Gebruikersaccountbeheer (UAC) : Deactivate by program


---\\ Internet-browsers
MSIE: Internet Explorer v11.0.9600.17728
MFIE: Mozilla Firefox 37.0.2 (Defaut)
GCIE: Google Chrome v42.0.2311.135

---\\ Windows productinformatie
~ Langage: Nerlandais
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

---\\ Software om het systeem te beveiligen
Malwarebytes Anti-Malware versie 2.0.4.1028
Microsoft Security Client v4.7.0205.0
Windows Defender W7 (Deactivate)

---\\ Systeem optimalisatie software
CCleaner v5.02

---\\ Delen van software PeerToPeer

---\\ Software die extra aandacht behoeft
Adobe Flash Player 17 PPAPI
Adobe Reader XI

---\\ Informatie over het systeem
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (57% free)
System Restore: Activ (Enable)
System drive C: has 870 GB (93%) free of 931 GB

---\\ Verbinding met het systeem-modus
~ Computer Name: PCPRIVE-PC
~ User Name: pcprive
~ All Users Names: pcprive, Gast, Administrator,
~ Unselected Option: None
Logged in as Administrator

---\\ Omgevingsvariabelen
~ System Unit : C:\
~ %AppZHP% : C:\Users\pcprive\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\pcprive\AppData\Roaming\
~ %Desktop% : C:\Users\pcprive\Desktop\
~ %Favorites% : C:\Users\pcprive\Favorites\
~ %LocalAppData% : C:\Users\pcprive\AppData\Local\
~ %StartMenu% : C:\Users\pcprive\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Overzicht vaste en verwisselbare stations
C: Hard drive, Flash drive, Thumb drive (Free 870 Go of 931 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Staat van het Windows Beveiligingscentrum
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Zoeken naar bepaalde algemene bestanden
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Verkenner.) (.25-2-2011 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14-7-2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.77B35D0FC22A2D2EAC8D07C3F9784DBF] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.13-3-2015 - 3:45:57.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.17-7-2014 - 3:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.20-11-2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30-5-2014 - 7:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-7-2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-7-2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20-11-2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20-11-2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20-11-2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14-7-2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-7-2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-4-2011 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20-11-2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.24-1-2014 - 3:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14-7-2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20-11-2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-7-2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11-11-2014 - 2:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.20-11-2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Status van de verborgen bestanden (verborgen/totaal)
~ Mes images (My Pictures) : 1/369
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/21
~ Mes Favoris (My Favorites) : 1/355
~ Mes Documents (My Documents) : 1/207
~ Mon Bureau (My Desktop) : 1/13
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 01s



---\\ Gestarte processen
[MD5.3C13F26A4766752314A5413038BD86B4] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [7229752] [PID.3204]
[MD5.9429CDA9595BB34E2D92A6DBE7C46CB6] - (.IBM Corp. - RapportService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [2648344] [PID.3428]
[MD5.C64E9B1C9EA057DCECDCB98F34377811] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe [228552] [PID.840]
[MD5.11244837251AB1255A80DA14AEB45BD3] - (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [102088] [PID.2312]
[MD5.345B45BE09381D2011EB7F9AC11D8AC4] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.3324]
[MD5.4B88BF95F7C40E2EDD2B924E0111C456] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [267888] [PID.1188]
[MD5.66F6B3894132CC3D347CB85FBAE48D57] - (.Adobe Systems, Inc. - Adobe Flash Player 17.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe [1892528] [PID.1176]
[MD5.2727208EA26F6B6DA898AB6890417214] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8208384] [PID.2840]
[MD5.BF4E0DEE8566DDEC3D26F2D2B6B74FCB] - (.IBM Corp. - RapportMgmtService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1943832] [PID.948]
[MD5.2638395F6E61889D75C363A80A0E17F4] - (.SurfRight B.V. - HitmanPro.Alert.) -- C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816] [PID.1216]
[MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152] [PID.1768]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1808]
[MD5.0BB29DE40C9D9529793DCDB59A43CF5B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160] [PID.1324]
[MD5.5F82D8188B370B0CF185D4AE2B9B4A0E] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016] [PID.2068]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, start, zoeken, extensies (G0, G1, G2)
C:\Users\pcprive\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Google Chrome extensie map
~ Google Lines Browser: 7 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3)
C:\Users\pcprive\AppData\Roaming\Mozilla\Firefox\Profiles\ki8n165y.default\prefs.js
M2 - MFEP: prefs.js [pcprive - ki8n165y.default\googlesharing@extension.thoughtcrime.org] [] GoogleSharing v0.22 (..)
M2 - MFEP: Extension [pcprive - ki8n165y.default] googlesharing@extension.thoughtcrime.org
M2 - MFEP: Extension [pcprive - ki8n165y.default] jid1-ZAdIEUB7XOzOJw@jetpack.xpi
M2 - MFEP: Extension [pcprive - ki8n165y.default] {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
M2 - MFEP: Extension [pcprive - ki8n165y.default] {AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\bolcom-nl.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\marktplaats-nl.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wikipedia-nl.xml
~ Firefox Browser: 23 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, proxybeheer (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts-bestand omleiding (O1)
~ Le fichier hte est sain (The hosts file is clean) (24)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer werkbalken (O3)
O3 - Toolbar: (no name) - [HKLM]{71576546-354D-41c9-AAE8-31F2EC22BF0D} Orphan sleutel
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Orphan sleutel
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{71576546-354D-41C9-AAE8-31F2EC22BF0D} Orphan sleutel
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan sleutel
~ Toolbar: Scanned in 00mn 00s



---\\ Toepassingen gestart door register & bestand (O4)
O4 - HKLM\..\Run: [OODefragTray] . (.O&O Software GmbH - O&O Defrag Free Edition TrayIcon (x64).) -- C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKUS\S-1-5-21-2644516270-1603593607-3465043599-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2644516270-1603593607-3465043599-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s



---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9)
O9 - Extra button: &Verzenden naar OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~3\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Gekoppelde notities van OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~3\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Domeinadres van de DNS (O17) wijzigen
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CS2\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
~ Domain: Scanned in 00mn 00s



---\\ Aanvullend Protocol (O18)
O18 - Handler: wot [64Bits] - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} . (...) -- C:\Program Files\WOT\WOT.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lijst van niet-Microsoft NT services die niet uitgeschakeld zijn (O23)
O23 - Service: HitmanPro.Alert Service (hmpalertsvc) . (.SurfRight B.V. - HitmanPro.Alert.) - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
O23 - Service: lxcz_device (lxcz_device) . (.No owner - Printer Communication System.) - C:\Windows\system32\lxczcoms.exe
~ Services: 10 Legitimates Filtered in 00mn 24s



---\\ Taken die zijn gepland in de automatische modus (O39)
[MD5.235C127898A9AA40B74043E4C72DCA96] [APT] [{AC42C901-51AC-41EE-9B58-7DB5B2CF9FD2}] (...) -- C:\lexmark\drivers\1200\Setup.exe [303784]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [940]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 03s



---\\ Piloot aan het begin van het systeem (O41)
O41 - Driver: (A2DDA) . (. - .) - C:\USERS\PCPRIVE\DESKTOP\RUN\a2ddax64.sys (.not file.)
~ Drivers: 78 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\ABNAMRO]
[HKCU\Software\IncrediMail]
~ Key Software: 212 Legitimates Filtered in 00mn 00s



---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 18-8-2014 - 11:57:24 - [] ----D C:\Program Files (x86)\EMET 5.0
O43 - CFD: 23-11-2013 - 14:05:34 - [0] ----D C:\Program Files (x86)\Fotoservice
O43 - CFD: 14-10-2013 - 14:24:30 - [] ----D C:\Program Files (x86)\GUMCCC0.tmp
O43 - CFD: 7-10-2013 - 10:55:09 - [] ----D C:\ProgramData\IM
O43 - CFD: 7-10-2013 - 10:54:21 - [] ----D C:\ProgramData\IncrediMail
O43 - CFD: 22-8-2014 - 13:10:40 - [] ----D C:\ProgramData\{7AD360CC-1D61-4011-83BE-B257782BA5CB}
O43 - CFD: 22-8-2014 - 12:31:04 - [0] ----D C:\ProgramData\~1
O43 - CFD: 22-8-2014 - 12:31:04 - [0] ----D C:\ProgramData\~2
O43 - CFD: 22-8-2014 - 12:47:18 - [0] ----D C:\ProgramData\~3
O43 - CFD: 22-8-2014 - 12:47:18 - [0] ----D C:\ProgramData\~4
O43 - CFD: 24-8-2014 - 12:18:57 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail
O43 - CFD: 14-7-2009 - 11:55:40 - [0] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 22-1-2014 - 18:50:45 - [] ----D C:\Users\pcprive\AppData\Roaming\Avant Profiles
O43 - CFD: 26-3-2015 - 20:05:33 - [] -SH-D C:\Users\pcprive\AppData\Local\EmieBrowserModeList
O43 - CFD: 7-10-2013 - 14:46:18 - [] ----D C:\Users\pcprive\AppData\Local\IM
O43 - CFD: 8-1-2014 - 19:06:40 - [] ----D C:\Users\pcprive\AppData\Local\midori
~ Program Folder: 190 Legitimates Filtered in 00mn 00s



---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44)
O44 - LFC:[MD5.6F05138DBE344A179F9A11E847404A21] - 1-5-2015 - 9:45:15 ---A- . (...) -- C:\Windows\Lexstat.ini [312]
~ Files: 9 Legitimates Filtered in 00mn 01s



---\\ Activiteiten en functies bij het opstarten van Windows Verkenner (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Controle van veilige Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s



---\\ Opsomming van de registersleutel Hkey_local_machine\software\microsoft\shared (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\IncrediMail [Key] . (...) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (.not file.)
~ SMSR Keys: 7 Legitimates Filtered in 00mn 00s



---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Opsomming van de registersleutel PoliciesExplorer (CKVI) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Overzicht van de drivers (SDL) (O58)
O58 - SDL:20-3-2008 - 11:34:12 ---A- . (.Todos Data System AB - ABN AMRO e.dentifier2 Smart Card Reader.) -- C:\Windows\System32\Drivers\aabed2.sys [28672]
O58 - SDL:29-3-2005 - 0:30:38 ---A- . (.No owner - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [8192]
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:14-7-2009 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10-6-2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:11-4-2014 - 14:58:16 ---A- . (.No owner - HitmanPro.Alert Support Driver.) -- C:\Windows\System32\Drivers\hmpalert.sys [93144]
O58 - SDL:14-7-2009 - 2:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:4-10-2010 - 8:40:18 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\Drivers\TFsExDisk.sys [16448]
O58 - SDL:25-10-2007 - 16:26:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys [5632]
O58 - SDL:4-10-2010 - 8:40:18 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16448]
~ Drivers: 68 Legitimates Filtered in 00mn 07s



---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61)
O61 - LFC: 10-5-2015 - 14:33:28 ---A- . (...) -- C:\Users\pcprive\Downloads\Vollversion WinSysClean X2 - CHIP-Installer.exe [1203488]
O61 - LFC: 6-5-2015 - 14:33:24 ---A- . (...) -- C:\Users\pcprive\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [713907]
~ 2 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 6 Legitimates Filtered in 00mn 05s



---\\ Lijst van cleaning tools (CLAB) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Overzicht met LEGACY services (LALS) (O64)
O64 - Services: CurCS - 30-4-2013 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag) .(.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 11-4-2014 - C:\Windows\system32\drivers\hmpalert.sys (hmpalert) .(.No owner - HitmanPro.Alert Support Driver.) - LEGACY_HMPALERT
O64 - Services: CurCS - 21-11-2014 - C:\Windows\system32\drivers\mwac.sys (MBAMWebAccessControl) .(.Malwarebytes Corporation - Malwarebytes Web Access Control.) - LEGACY_MBAMWEBACCESSCONTROL
O64 - Services: CurCS - 11-3-2015 - C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (RapportPG64) .(.IBM Corp. - RapportPG64.) - LEGACY_RAPPORTPG64
O64 - Services: CurCS - 10-6-2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 153 Legitimates Filtered in 00mn 00s



---\\ Bestandsassociaties mogelijk aangepast (O67)
O67 - Shell Spawning: <.html> <SlimBrowserHtml>[HKLM\..\open\Command] (.Not Key.) =>PUP.SpeedBrowser
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Startmenu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Zoek "infecties in internetbrowsers (SBI) (O69)
O69 - SBI: prefs.js [pcprive - ki8n165y.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {689732D6-158F-43B0-97C6-4ECE896423D6} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84)
[MD5.6B530372E19D404C2001573D9A0BCBBC] [SPRF][20-2-2014] (...) -- C:\Users\pcprive\Desktop\Apache_OpenOffice_4.0.1_Win_x86_install_nl.exe [139734741]
[MD5.D093FD9D7785AE45700C1DDAB5215426] [SPRF][24-2-2014] (.SurfRight B.V. - HitmanPro.Alert.) -- C:\Users\pcprive\Desktop\hmpalert25.exe [1855848]
[MD5.651DC829BC822017CBBC40621DDCEA7A] [SPRF][25-8-2014] (...) -- C:\Users\pcprive\Desktop\Rebuild_Icon_Cache.bat [738]
~ Files: 7 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASMANCS =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASMANCS =>PUP.BuzzSearch
~ BTK: 108 Legitimates Filtered in 00mn 00s



---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt)
SS - | Demand 16-4-2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 25-6-2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25-6-2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 7-7-2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 23-2-2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 14-7-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Auto 22-7-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 18-3-2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 19-12-2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 30-4-2013 238080 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 11-4-2014 1876816 | (hmpalertsvc) . (.SurfRight B.V..) - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
SR - | Auto 19-4-2007 566192 | (lxcz_device) . (...) - C:\Windows\system32\lxczcoms.exe
SR - | Auto 21-11-2014 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 21-11-2014 969016 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 30-1-2015 23784 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 25-1-2011 3051848 | (OODefragAgent) . (.O&O Software GmbH.) - C:\Program Files\OO Software\Defrag\oodag.exe
SR - | Auto 11-3-2015 1943832 | (RapportMgmtService) . (.IBM Corp..) - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
SR - | Auto 14-7-2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s



---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80)
Run by pcprive at 10-5-2015 14:34:03
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80)
Written by ad13, http://ad13.geekstog
Run by pcprive at 10-5-2015 14:34:05
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Extra scan (O88)
Database Version : 13008 - (5-5-2015)
Cls trouves (Keys found) : 0
Valeurs trouves (Values found) : 0
Dossiers trouvs (Folders found) : 0
Fichiers trouvs (Files found) : 1

O67 - Shell Spawning: <.html> <SlimBrowserHtml>[HKLM\..\open\Command] (.Not Key.) =>PUP.SpeedBrowser^
~ Additionnel Scan: 219742 Items scanned in 00mn 25s



---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, proxybeheer (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer werkbalken (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Toepassingen gestart door register &amp; bestand (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Samenvatting van detecties gevonden op uw werkstation
http://www.nicolascoolman.fr/blog/ =>PUP.SpeedBrowser
http://nicolascoolman.fr/pup-buzzsearch =>PUP.BuzzSearch
~ MSI: 2 link(s) detected in 00mn 00s



~ 833 Legitimates filtered by white list
End of the scan (467 lines in 02mn 02s)(0.6)

--- Update ---

~ Verslag van ZHPDiag v2015.5.8.47 - Nicolas Coolman (5-5-2015)
~ Gelanceerd door pcprive (10-5-2015 14:32:29)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Het adres van de webforum : http://forum.nicolascoolman.fr
~ Vertaald door de gebruiker
~ Staat van de versie : Bijgewerkte versie.
~ Lijst wit : Ingeschakeld door het programma
~ Tot misbruik van bevoegdheden : OK
~ Gebruikersaccountbeheer (UAC) : Deactivate by program


---\\ Internet-browsers
MSIE: Internet Explorer v11.0.9600.17728
MFIE: Mozilla Firefox 37.0.2 (Defaut)
GCIE: Google Chrome v42.0.2311.135

---\\ Windows productinformatie
~ Langage: Nerlandais
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

---\\ Software om het systeem te beveiligen
Malwarebytes Anti-Malware versie 2.0.4.1028
Microsoft Security Client v4.7.0205.0
Windows Defender W7 (Deactivate)

---\\ Systeem optimalisatie software
CCleaner v5.02

---\\ Delen van software PeerToPeer

---\\ Software die extra aandacht behoeft
Adobe Flash Player 17 PPAPI
Adobe Reader XI

---\\ Informatie over het systeem
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (57% free)
System Restore: Activ (Enable)
System drive C: has 870 GB (93%) free of 931 GB

---\\ Verbinding met het systeem-modus
~ Computer Name: PCPRIVE-PC
~ User Name: pcprive
~ All Users Names: pcprive, Gast, Administrator,
~ Unselected Option: None
Logged in as Administrator

---\\ Omgevingsvariabelen
~ System Unit : C:\
~ %AppZHP% : C:\Users\pcprive\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\pcprive\AppData\Roaming\
~ %Desktop% : C:\Users\pcprive\Desktop\
~ %Favorites% : C:\Users\pcprive\Favorites\
~ %LocalAppData% : C:\Users\pcprive\AppData\Local\
~ %StartMenu% : C:\Users\pcprive\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Overzicht vaste en verwisselbare stations
C: Hard drive, Flash drive, Thumb drive (Free 870 Go of 931 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Staat van het Windows Beveiligingscentrum
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Zoeken naar bepaalde algemene bestanden
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Verkenner.) (.25-2-2011 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14-7-2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.77B35D0FC22A2D2EAC8D07C3F9784DBF] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.13-3-2015 - 3:45:57.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.17-7-2014 - 3:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.20-11-2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30-5-2014 - 7:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-7-2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-7-2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20-11-2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20-11-2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20-11-2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14-7-2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-7-2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-4-2011 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20-11-2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.24-1-2014 - 3:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14-7-2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20-11-2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-7-2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11-11-2014 - 2:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.20-11-2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Status van de verborgen bestanden (verborgen/totaal)
~ Mes images (My Pictures) : 1/369
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/21
~ Mes Favoris (My Favorites) : 1/355
~ Mes Documents (My Documents) : 1/207
~ Mon Bureau (My Desktop) : 1/13
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 01s



---\\ Gestarte processen
[MD5.3C13F26A4766752314A5413038BD86B4] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [7229752] [PID.3204]
[MD5.9429CDA9595BB34E2D92A6DBE7C46CB6] - (.IBM Corp. - RapportService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [2648344] [PID.3428]
[MD5.C64E9B1C9EA057DCECDCB98F34377811] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe [228552] [PID.840]
[MD5.11244837251AB1255A80DA14AEB45BD3] - (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [102088] [PID.2312]
[MD5.345B45BE09381D2011EB7F9AC11D8AC4] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.3324]
[MD5.4B88BF95F7C40E2EDD2B924E0111C456] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [267888] [PID.1188]
[MD5.66F6B3894132CC3D347CB85FBAE48D57] - (.Adobe Systems, Inc. - Adobe Flash Player 17.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe [1892528] [PID.1176]
[MD5.2727208EA26F6B6DA898AB6890417214] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8208384] [PID.2840]
[MD5.BF4E0DEE8566DDEC3D26F2D2B6B74FCB] - (.IBM Corp. - RapportMgmtService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1943832] [PID.948]
[MD5.2638395F6E61889D75C363A80A0E17F4] - (.SurfRight B.V. - HitmanPro.Alert.) -- C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816] [PID.1216]
[MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152] [PID.1768]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1808]
[MD5.0BB29DE40C9D9529793DCDB59A43CF5B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160] [PID.1324]
[MD5.5F82D8188B370B0CF185D4AE2B9B4A0E] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016] [PID.2068]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, start, zoeken, extensies (G0, G1, G2)
C:\Users\pcprive\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Google Chrome extensie map
~ Google Lines Browser: 7 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3)
C:\Users\pcprive\AppData\Roaming\Mozilla\Firefox\Profiles\ki8n165y.default\prefs.js
M2 - MFEP: prefs.js [pcprive - ki8n165y.default\googlesharing@extension.thoughtcrime.org] [] GoogleSharing v0.22 (..)
M2 - MFEP: Extension [pcprive - ki8n165y.default] googlesharing@extension.thoughtcrime.org
M2 - MFEP: Extension [pcprive - ki8n165y.default] jid1-ZAdIEUB7XOzOJw@jetpack.xpi
M2 - MFEP: Extension [pcprive - ki8n165y.default] {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
M2 - MFEP: Extension [pcprive - ki8n165y.default] {AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\bolcom-nl.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\marktplaats-nl.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wikipedia-nl.xml
~ Firefox Browser: 23 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, proxybeheer (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts-bestand omleiding (O1)
~ Le fichier hte est sain (The hosts file is clean) (24)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer werkbalken (O3)
O3 - Toolbar: (no name) - [HKLM]{71576546-354D-41c9-AAE8-31F2EC22BF0D} Orphan sleutel
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Orphan sleutel
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{71576546-354D-41C9-AAE8-31F2EC22BF0D} Orphan sleutel
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan sleutel
~ Toolbar: Scanned in 00mn 00s



---\\ Toepassingen gestart door register &amp; bestand (O4)
O4 - HKLM\..\Run: [OODefragTray] . (.O&O Software GmbH - O&O Defrag Free Edition TrayIcon (x64).) -- C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKUS\S-1-5-21-2644516270-1603593607-3465043599-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2644516270-1603593607-3465043599-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s



---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9)
O9 - Extra button: &Verzenden naar OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~3\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Gekoppelde notities van OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~3\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Domeinadres van de DNS (O17) wijzigen
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CS2\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
~ Domain: Scanned in 00mn 00s



---\\ Aanvullend Protocol (O18)
O18 - Handler: wot [64Bits] - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} . (...) -- C:\Program Files\WOT\WOT.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lijst van niet-Microsoft NT services die niet uitgeschakeld zijn (O23)
O23 - Service: HitmanPro.Alert Service (hmpalertsvc) . (.SurfRight B.V. - HitmanPro.Alert.) - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
O23 - Service: lxcz_device (lxcz_device) . (.No owner - Printer Communication System.) - C:\Windows\system32\lxczcoms.exe
~ Services: 10 Legitimates Filtered in 00mn 24s



---\\ Taken die zijn gepland in de automatische modus (O39)
[MD5.235C127898A9AA40B74043E4C72DCA96] [APT] [{AC42C901-51AC-41EE-9B58-7DB5B2CF9FD2}] (...) -- C:\lexmark\drivers\1200\Setup.exe [303784]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [940]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 03s



---\\ Piloot aan het begin van het systeem (O41)
O41 - Driver: (A2DDA) . (. - .) - C:\USERS\PCPRIVE\DESKTOP\RUN\a2ddax64.sys (.not file.)
~ Drivers: 78 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\ABNAMRO]
[HKCU\Software\IncrediMail]
~ Key Software: 212 Legitimates Filtered in 00mn 00s



---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 18-8-2014 - 11:57:24 - [] ----D C:\Program Files (x86)\EMET 5.0
O43 - CFD: 23-11-2013 - 14:05:34 - [0] ----D C:\Program Files (x86)\Fotoservice
O43 - CFD: 14-10-2013 - 14:24:30 - [] ----D C:\Program Files (x86)\GUMCCC0.tmp
O43 - CFD: 7-10-2013 - 10:55:09 - [] ----D C:\ProgramData\IM
O43 - CFD: 7-10-2013 - 10:54:21 - [] ----D C:\ProgramData\IncrediMail
O43 - CFD: 22-8-2014 - 13:10:40 - [] ----D C:\ProgramData\{7AD360CC-1D61-4011-83BE-B257782BA5CB}
O43 - CFD: 22-8-2014 - 12:31:04 - [0] ----D C:\ProgramData\~1
O43 - CFD: 22-8-2014 - 12:31:04 - [0] ----D C:\ProgramData\~2
O43 - CFD: 22-8-2014 - 12:47:18 - [0] ----D C:\ProgramData\~3
O43 - CFD: 22-8-2014 - 12:47:18 - [0] ----D C:\ProgramData\~4
O43 - CFD: 24-8-2014 - 12:18:57 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail
O43 - CFD: 14-7-2009 - 11:55:40 - [0] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 22-1-2014 - 18:50:45 - [] ----D C:\Users\pcprive\AppData\Roaming\Avant Profiles
O43 - CFD: 26-3-2015 - 20:05:33 - [] -SH-D C:\Users\pcprive\AppData\Local\EmieBrowserModeList
O43 - CFD: 7-10-2013 - 14:46:18 - [] ----D C:\Users\pcprive\AppData\Local\IM
O43 - CFD: 8-1-2014 - 19:06:40 - [] ----D C:\Users\pcprive\AppData\Local\midori
~ Program Folder: 190 Legitimates Filtered in 00mn 00s



---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44)
O44 - LFC:[MD5.6F05138DBE344A179F9A11E847404A21] - 1-5-2015 - 9:45:15 ---A- . (...) -- C:\Windows\Lexstat.ini [312]
~ Files: 9 Legitimates Filtered in 00mn 01s



---\\ Activiteiten en functies bij het opstarten van Windows Verkenner (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Controle van veilige Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s



---\\ Opsomming van de registersleutel Hkey_local_machine\software\microsoft\shared (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\IncrediMail [Key] . (...) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (.not file.)
~ SMSR Keys: 7 Legitimates Filtered in 00mn 00s



---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Opsomming van de registersleutel PoliciesExplorer (CKVI) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Overzicht van de drivers (SDL) (O58)
O58 - SDL:20-3-2008 - 11:34:12 ---A- . (.Todos Data System AB - ABN AMRO e.dentifier2 Smart Card Reader.) -- C:\Windows\System32\Drivers\aabed2.sys [28672]
O58 - SDL:29-3-2005 - 0:30:38 ---A- . (.No owner - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [8192]
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:14-7-2009 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10-6-2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:11-4-2014 - 14:58:16 ---A- . (.No owner - HitmanPro.Alert Support Driver.) -- C:\Windows\System32\Drivers\hmpalert.sys [93144]
O58 - SDL:14-7-2009 - 2:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:4-10-2010 - 8:40:18 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\Drivers\TFsExDisk.sys [16448]
O58 - SDL:25-10-2007 - 16:26:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys [5632]
O58 - SDL:4-10-2010 - 8:40:18 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16448]
~ Drivers: 68 Legitimates Filtered in 00mn 07s



---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61)
O61 - LFC: 10-5-2015 - 14:33:28 ---A- . (...) -- C:\Users\pcprive\Downloads\Vollversion WinSysClean X2 - CHIP-Installer.exe [1203488]
O61 - LFC: 6-5-2015 - 14:33:24 ---A- . (...) -- C:\Users\pcprive\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [713907]
~ 2 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 6 Legitimates Filtered in 00mn 05s



---\\ Lijst van cleaning tools (CLAB) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Overzicht met LEGACY services (LALS) (O64)
O64 - Services: CurCS - 30-4-2013 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag) .(.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 11-4-2014 - C:\Windows\system32\drivers\hmpalert.sys (hmpalert) .(.No owner - HitmanPro.Alert Support Driver.) - LEGACY_HMPALERT
O64 - Services: CurCS - 21-11-2014 - C:\Windows\system32\drivers\mwac.sys (MBAMWebAccessControl) .(.Malwarebytes Corporation - Malwarebytes Web Access Control.) - LEGACY_MBAMWEBACCESSCONTROL
O64 - Services: CurCS - 11-3-2015 - C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (RapportPG64) .(.IBM Corp. - RapportPG64.) - LEGACY_RAPPORTPG64
O64 - Services: CurCS - 10-6-2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 153 Legitimates Filtered in 00mn 00s



---\\ Bestandsassociaties mogelijk aangepast (O67)
O67 - Shell Spawning: <.html> <SlimBrowserHtml>[HKLM\..\open\Command] (.Not Key.) =>PUP.SpeedBrowser
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Startmenu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Zoek "infecties in internetbrowsers (SBI) (O69)
O69 - SBI: prefs.js [pcprive - ki8n165y.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {689732D6-158F-43B0-97C6-4ECE896423D6} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84)
[MD5.6B530372E19D404C2001573D9A0BCBBC] [SPRF][20-2-2014] (...) -- C:\Users\pcprive\Desktop\Apache_OpenOffice_4.0.1_Win_x86_install_nl.exe [139734741]
[MD5.D093FD9D7785AE45700C1DDAB5215426] [SPRF][24-2-2014] (.SurfRight B.V. - HitmanPro.Alert.) -- C:\Users\pcprive\Desktop\hmpalert25.exe [1855848]
[MD5.651DC829BC822017CBBC40621DDCEA7A] [SPRF][25-8-2014] (...) -- C:\Users\pcprive\Desktop\Rebuild_Icon_Cache.bat [738]
~ Files: 7 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASMANCS =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASMANCS =>PUP.BuzzSearch
~ BTK: 108 Legitimates Filtered in 00mn 00s



---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt)
SS - | Demand 16-4-2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 25-6-2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25-6-2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 7-7-2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 23-2-2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 14-7-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Auto 22-7-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 18-3-2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 19-12-2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 30-4-2013 238080 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 11-4-2014 1876816 | (hmpalertsvc) . (.SurfRight B.V..) - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
SR - | Auto 19-4-2007 566192 | (lxcz_device) . (...) - C:\Windows\system32\lxczcoms.exe
SR - | Auto 21-11-2014 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 21-11-2014 969016 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 30-1-2015 23784 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 25-1-2011 3051848 | (OODefragAgent) . (.O&O Software GmbH.) - C:\Program Files\OO Software\Defrag\oodag.exe
SR - | Auto 11-3-2015 1943832 | (RapportMgmtService) . (.IBM Corp..) - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
SR - | Auto 14-7-2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s



---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80)
Run by pcprive at 10-5-2015 14:34:03
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80)
Written by ad13, http://ad13.geekstog
Run by pcprive at 10-5-2015 14:34:05
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Extra scan (O88)
Database Version : 13008 - (5-5-2015)
Cls trouves (Keys found) : 0
Valeurs trouves (Values found) : 0
Dossiers trouvs (Folders found) : 0
Fichiers trouvs (Files found) : 1

O67 - Shell Spawning: <.html> <SlimBrowserHtml>[HKLM\..\open\Command] (.Not Key.) =>PUP.SpeedBrowser^
~ Additionnel Scan: 219742 Items scanned in 00mn 25s



---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, proxybeheer (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer werkbalken (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Toepassingen gestart door register &amp; bestand (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Samenvatting van detecties gevonden op uw werkstation
http://www.nicolascoolman.fr/blog/ =>PUP.SpeedBrowser
http://nicolascoolman.fr/pup-buzzsearch =>PUP.BuzzSearch
~ MSI: 2 link(s) detected in 00mn 00s



~ 833 Legitimates filtered by white list
End of the scan (467 lines in 02mn 02s)(0.6)
 
S.v.p. niet meer quoten.


Graag de twee logs in n keer posten - gebruik de tools in de volgorde zoals aangegeven.

Stap 1
Download
51e281a62c183-Junkware_Removal_Tool_icon_Canned_1351185104.png.jpg
Junkware Removal Tool by Thisisu.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
Opmerkingen:
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
  • Het is raadzaam de actieve beveiligingssoftware te de-activeren, zodat mogelijke conflicten met JRT.exe uitgsloten worden.:
  • Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.
  • Dat tijdens de scan van JRT.exe tijdelijk de snelkoppelingen verdwijnen van het bureaublad, is normaal.
Junkware Removal Tool by Thisisu opstarten:
  • Windows 2000 en Windows XP: dubbelklik op JRT.exe.
  • Windows Vista, Windows 7 en Windows 8: via rechtsklik op JRT.exe en kies voor "Als Administrator uitvoeren".
  • JRT.exe zal daarna Windows gaan scannen.
  • Deze scan kan afhankelijk van de systeemspecificaties soms vrij lang duren, wees dus geduldig.
  • Indien de scan voltooid is, zal een logje (JRT.txt) op het bureaublad opgeslagen worden en automatisch openen.
  • Post de inhoud van dit log in je volgende bericht.

Stap 2
Download
52186926180a1-adwcleaner_nieuw.png
AdwCleaner by Xplode.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
Opmerkingen:
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
AdwCleaner opstarten:
  • Windows 2000 en Windows XP: dubbelklik op adwcleaner.exe.
  • Windows Vista, Windows 7 en Windows 8: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".
AdwCleaner is opgestart:
  • Klik op de knop Scan
  • Is de scan gereed, klik dan op de knop Verwijderen
  • Klik bij AdwCleaner Afsluiting van de programma's op OK
  • Klik bij AdwCleaner Herstarten noodzakelijk op OK
AdwCleaner logbestand:
  • Nadat de PC opnieuw is opgestart, opent een logfile.
  • Ingeval het log niet opent, is dit alsnog terug te vinden in C:\AdwCleaner\AdwCleaner[R0, of 1, of 2].txt
  • Post vervolgens de inhoud van dit log in je volgende bericht.
 
~ Verslag van ZHPDiag v2015.5.8.47 - Nicolas Coolman (5-5-2015)
~ Gelanceerd door pcprive (10-5-2015 14:32:29)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Het adres van de webforum : http://forum.nicolascoolman.fr
~ Vertaald door de gebruiker
~ Staat van de versie : Bijgewerkte versie.
~ Lijst wit : Ingeschakeld door het programma
~ Tot misbruik van bevoegdheden : OK
~ Gebruikersaccountbeheer (UAC) : Deactivate by program


---\\ Internet-browsers
MSIE: Internet Explorer v11.0.9600.17728
MFIE: Mozilla Firefox 37.0.2 (Defaut)
GCIE: Google Chrome v42.0.2311.135

---\\ Windows productinformatie
~ Langage: Nerlandais
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

---\\ Software om het systeem te beveiligen
Malwarebytes Anti-Malware versie 2.0.4.1028
Microsoft Security Client v4.7.0205.0
Windows Defender W7 (Deactivate)

---\\ Systeem optimalisatie software
CCleaner v5.02

---\\ Delen van software PeerToPeer

---\\ Software die extra aandacht behoeft
Adobe Flash Player 17 PPAPI
Adobe Reader XI

---\\ Informatie over het systeem
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (57% free)
System Restore: Activ (Enable)
System drive C: has 870 GB (93%) free of 931 GB

---\\ Verbinding met het systeem-modus
~ Computer Name: PCPRIVE-PC
~ User Name: pcprive
~ All Users Names: pcprive, Gast, Administrator,
~ Unselected Option: None
Logged in as Administrator

---\\ Omgevingsvariabelen
~ System Unit : C:\
~ %AppZHP% : C:\Users\pcprive\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\pcprive\AppData\Roaming\
~ %Desktop% : C:\Users\pcprive\Desktop\
~ %Favorites% : C:\Users\pcprive\Favorites\
~ %LocalAppData% : C:\Users\pcprive\AppData\Local\
~ %StartMenu% : C:\Users\pcprive\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Overzicht vaste en verwisselbare stations
C: Hard drive, Flash drive, Thumb drive (Free 870 Go of 931 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Staat van het Windows Beveiligingscentrum
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Zoeken naar bepaalde algemene bestanden
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Verkenner.) (.25-2-2011 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14-7-2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.77B35D0FC22A2D2EAC8D07C3F9784DBF] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.13-3-2015 - 3:45:57.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.17-7-2014 - 3:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.20-11-2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30-5-2014 - 7:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-7-2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-7-2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20-11-2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20-11-2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20-11-2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14-7-2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-7-2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-4-2011 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20-11-2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.24-1-2014 - 3:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14-7-2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20-11-2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-7-2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11-11-2014 - 2:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.20-11-2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Status van de verborgen bestanden (verborgen/totaal)
~ Mes images (My Pictures) : 1/369
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/21
~ Mes Favoris (My Favorites) : 1/355
~ Mes Documents (My Documents) : 1/207
~ Mon Bureau (My Desktop) : 1/13
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 01s



---\\ Gestarte processen
[MD5.3C13F26A4766752314A5413038BD86B4] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [7229752] [PID.3204]
[MD5.9429CDA9595BB34E2D92A6DBE7C46CB6] - (.IBM Corp. - RapportService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [2648344] [PID.3428]
[MD5.C64E9B1C9EA057DCECDCB98F34377811] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe [228552] [PID.840]
[MD5.11244837251AB1255A80DA14AEB45BD3] - (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [102088] [PID.2312]
[MD5.345B45BE09381D2011EB7F9AC11D8AC4] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.3324]
[MD5.4B88BF95F7C40E2EDD2B924E0111C456] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [267888] [PID.1188]
[MD5.66F6B3894132CC3D347CB85FBAE48D57] - (.Adobe Systems, Inc. - Adobe Flash Player 17.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe [1892528] [PID.1176]
[MD5.2727208EA26F6B6DA898AB6890417214] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8208384] [PID.2840]
[MD5.BF4E0DEE8566DDEC3D26F2D2B6B74FCB] - (.IBM Corp. - RapportMgmtService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1943832] [PID.948]
[MD5.2638395F6E61889D75C363A80A0E17F4] - (.SurfRight B.V. - HitmanPro.Alert.) -- C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816] [PID.1216]
[MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152] [PID.1768]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1808]
[MD5.0BB29DE40C9D9529793DCDB59A43CF5B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160] [PID.1324]
[MD5.5F82D8188B370B0CF185D4AE2B9B4A0E] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016] [PID.2068]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, start, zoeken, extensies (G0, G1, G2)
C:\Users\pcprive\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Google Chrome extensie map
~ Google Lines Browser: 7 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3)
C:\Users\pcprive\AppData\Roaming\Mozilla\Firefox\Profiles\ki8n165y.default\prefs.js
M2 - MFEP: prefs.js [pcprive - ki8n165y.default\googlesharing@extension.thoughtcrime.org] [] GoogleSharing v0.22 (..)
M2 - MFEP: Extension [pcprive - ki8n165y.default] googlesharing@extension.thoughtcrime.org
M2 - MFEP: Extension [pcprive - ki8n165y.default] jid1-ZAdIEUB7XOzOJw@jetpack.xpi
M2 - MFEP: Extension [pcprive - ki8n165y.default] {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
M2 - MFEP: Extension [pcprive - ki8n165y.default] {AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\bolcom-nl.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\marktplaats-nl.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wikipedia-nl.xml
~ Firefox Browser: 23 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, proxybeheer (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts-bestand omleiding (O1)
~ Le fichier hte est sain (The hosts file is clean) (24)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer werkbalken (O3)
O3 - Toolbar: (no name) - [HKLM]{71576546-354D-41c9-AAE8-31F2EC22BF0D} Orphan sleutel
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Orphan sleutel
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{71576546-354D-41C9-AAE8-31F2EC22BF0D} Orphan sleutel
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan sleutel
~ Toolbar: Scanned in 00mn 00s



---\\ Toepassingen gestart door register &amp; bestand (O4)
O4 - HKLM\..\Run: [OODefragTray] . (.O&O Software GmbH - O&O Defrag Free Edition TrayIcon (x64).) -- C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKUS\S-1-5-21-2644516270-1603593607-3465043599-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2644516270-1603593607-3465043599-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s



---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9)
O9 - Extra button: &Verzenden naar OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~3\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Gekoppelde notities van OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~3\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Domeinadres van de DNS (O17) wijzigen
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CS2\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
~ Domain: Scanned in 00mn 00s



---\\ Aanvullend Protocol (O18)
O18 - Handler: wot [64Bits] - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} . (...) -- C:\Program Files\WOT\WOT.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lijst van niet-Microsoft NT services die niet uitgeschakeld zijn (O23)
O23 - Service: HitmanPro.Alert Service (hmpalertsvc) . (.SurfRight B.V. - HitmanPro.Alert.) - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
O23 - Service: lxcz_device (lxcz_device) . (.No owner - Printer Communication System.) - C:\Windows\system32\lxczcoms.exe
~ Services: 10 Legitimates Filtered in 00mn 24s



---\\ Taken die zijn gepland in de automatische modus (O39)
[MD5.235C127898A9AA40B74043E4C72DCA96] [APT] [{AC42C901-51AC-41EE-9B58-7DB5B2CF9FD2}] (...) -- C:\lexmark\drivers\1200\Setup.exe [303784]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [940]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 03s



---\\ Piloot aan het begin van het systeem (O41)
O41 - Driver: (A2DDA) . (. - .) - C:\USERS\PCPRIVE\DESKTOP\RUN\a2ddax64.sys (.not file.)
~ Drivers: 78 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\ABNAMRO]
[HKCU\Software\IncrediMail]
~ Key Software: 212 Legitimates Filtered in 00mn 00s



---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 18-8-2014 - 11:57:24 - [] ----D C:\Program Files (x86)\EMET 5.0
O43 - CFD: 23-11-2013 - 14:05:34 - [0] ----D C:\Program Files (x86)\Fotoservice
O43 - CFD: 14-10-2013 - 14:24:30 - [] ----D C:\Program Files (x86)\GUMCCC0.tmp
O43 - CFD: 7-10-2013 - 10:55:09 - [] ----D C:\ProgramData\IM
O43 - CFD: 7-10-2013 - 10:54:21 - [] ----D C:\ProgramData\IncrediMail
O43 - CFD: 22-8-2014 - 13:10:40 - [] ----D C:\ProgramData\{7AD360CC-1D61-4011-83BE-B257782BA5CB}
O43 - CFD: 22-8-2014 - 12:31:04 - [0] ----D C:\ProgramData\~1
O43 - CFD: 22-8-2014 - 12:31:04 - [0] ----D C:\ProgramData\~2
O43 - CFD: 22-8-2014 - 12:47:18 - [0] ----D C:\ProgramData\~3
O43 - CFD: 22-8-2014 - 12:47:18 - [0] ----D C:\ProgramData\~4
O43 - CFD: 24-8-2014 - 12:18:57 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail
O43 - CFD: 14-7-2009 - 11:55:40 - [0] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 22-1-2014 - 18:50:45 - [] ----D C:\Users\pcprive\AppData\Roaming\Avant Profiles
O43 - CFD: 26-3-2015 - 20:05:33 - [] -SH-D C:\Users\pcprive\AppData\Local\EmieBrowserModeList
O43 - CFD: 7-10-2013 - 14:46:18 - [] ----D C:\Users\pcprive\AppData\Local\IM
O43 - CFD: 8-1-2014 - 19:06:40 - [] ----D C:\Users\pcprive\AppData\Local\midori
~ Program Folder: 190 Legitimates Filtered in 00mn 00s



---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44)
O44 - LFC:[MD5.6F05138DBE344A179F9A11E847404A21] - 1-5-2015 - 9:45:15 ---A- . (...) -- C:\Windows\Lexstat.ini [312]
~ Files: 9 Legitimates Filtered in 00mn 01s



---\\ Activiteiten en functies bij het opstarten van Windows Verkenner (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Controle van veilige Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s



---\\ Opsomming van de registersleutel Hkey_local_machine\software\microsoft\shared (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\IncrediMail [Key] . (...) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (.not file.)
~ SMSR Keys: 7 Legitimates Filtered in 00mn 00s



---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Opsomming van de registersleutel PoliciesExplorer (CKVI) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Overzicht van de drivers (SDL) (O58)
O58 - SDL:20-3-2008 - 11:34:12 ---A- . (.Todos Data System AB - ABN AMRO e.dentifier2 Smart Card Reader.) -- C:\Windows\System32\Drivers\aabed2.sys [28672]
O58 - SDL:29-3-2005 - 0:30:38 ---A- . (.No owner - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [8192]
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:14-7-2009 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10-6-2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:11-4-2014 - 14:58:16 ---A- . (.No owner - HitmanPro.Alert Support Driver.) -- C:\Windows\System32\Drivers\hmpalert.sys [93144]
O58 - SDL:14-7-2009 - 2:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:4-10-2010 - 8:40:18 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\Drivers\TFsExDisk.sys [16448]
O58 - SDL:25-10-2007 - 16:26:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys [5632]
O58 - SDL:4-10-2010 - 8:40:18 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16448]
~ Drivers: 68 Legitimates Filtered in 00mn 07s



---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61)
O61 - LFC: 10-5-2015 - 14:33:28 ---A- . (...) -- C:\Users\pcprive\Downloads\Vollversion WinSysClean X2 - CHIP-Installer.exe [1203488]
O61 - LFC: 6-5-2015 - 14:33:24 ---A- . (...) -- C:\Users\pcprive\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [713907]
~ 2 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 6 Legitimates Filtered in 00mn 05s



---\\ Lijst van cleaning tools (CLAB) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Overzicht met LEGACY services (LALS) (O64)
O64 - Services: CurCS - 30-4-2013 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag) .(.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 11-4-2014 - C:\Windows\system32\drivers\hmpalert.sys (hmpalert) .(.No owner - HitmanPro.Alert Support Driver.) - LEGACY_HMPALERT
O64 - Services: CurCS - 21-11-2014 - C:\Windows\system32\drivers\mwac.sys (MBAMWebAccessControl) .(.Malwarebytes Corporation - Malwarebytes Web Access Control.) - LEGACY_MBAMWEBACCESSCONTROL
O64 - Services: CurCS - 11-3-2015 - C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (RapportPG64) .(.IBM Corp. - RapportPG64.) - LEGACY_RAPPORTPG64
O64 - Services: CurCS - 10-6-2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 153 Legitimates Filtered in 00mn 00s



---\\ Bestandsassociaties mogelijk aangepast (O67)
O67 - Shell Spawning: <.html> <SlimBrowserHtml>[HKLM\..\open\Command] (.Not Key.) =>PUP.SpeedBrowser
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Startmenu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Zoek "infecties in internetbrowsers (SBI) (O69)
O69 - SBI: prefs.js [pcprive - ki8n165y.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {689732D6-158F-43B0-97C6-4ECE896423D6} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84)
[MD5.6B530372E19D404C2001573D9A0BCBBC] [SPRF][20-2-2014] (...) -- C:\Users\pcprive\Desktop\Apache_OpenOffice_4.0.1_Win_x86_install_nl.exe [139734741]
[MD5.D093FD9D7785AE45700C1DDAB5215426] [SPRF][24-2-2014] (.SurfRight B.V. - HitmanPro.Alert.) -- C:\Users\pcprive\Desktop\hmpalert25.exe [1855848]
[MD5.651DC829BC822017CBBC40621DDCEA7A] [SPRF][25-8-2014] (...) -- C:\Users\pcprive\Desktop\Rebuild_Icon_Cache.bat [738]
~ Files: 7 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASMANCS =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASMANCS =>PUP.BuzzSearch
~ BTK: 108 Legitimates Filtered in 00mn 00s



---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt)
SS - | Demand 16-4-2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 25-6-2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25-6-2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 7-7-2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 23-2-2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 14-7-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Auto 22-7-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 18-3-2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 19-12-2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 30-4-2013 238080 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 11-4-2014 1876816 | (hmpalertsvc) . (.SurfRight B.V..) - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
SR - | Auto 19-4-2007 566192 | (lxcz_device) . (...) - C:\Windows\system32\lxczcoms.exe
SR - | Auto 21-11-2014 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 21-11-2014 969016 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 30-1-2015 23784 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 25-1-2011 3051848 | (OODefragAgent) . (.O&O Software GmbH.) - C:\Program Files\OO Software\Defrag\oodag.exe
SR - | Auto 11-3-2015 1943832 | (RapportMgmtService) . (.IBM Corp..) - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
SR - | Auto 14-7-2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s



---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80)
Run by pcprive at 10-5-2015 14:34:03
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80)
Written by ad13, http://ad13.geekstog
Run by pcprive at 10-5-2015 14:34:05
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Extra scan (O88)
Database Version : 13008 - (5-5-2015)
Cls trouves (Keys found) : 0
Valeurs trouves (Values found) : 0
Dossiers trouvs (Folders found) : 0
Fichiers trouvs (Files found) : 1

O67 - Shell Spawning: <.html> <SlimBrowserHtml>[HKLM\..\open\Command] (.Not Key.) =>PUP.SpeedBrowser^
~ Additionnel Scan: 219742 Items scanned in 00mn 25s



---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, proxybeheer (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer werkbalken (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Toepassingen gestart door register &amp; bestand (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Samenvatting van detecties gevonden op uw werkstation
http://www.nicolascoolman.fr/blog/ =>PUP.SpeedBrowser
http://nicolascoolman.fr/pup-buzzsearch =>PUP.BuzzSearch
~ MSI: 2 link(s) detected in 00mn 00s



~ 833 Legitimates filtered by white list
End of the scan (467 lines in 02mn 02s)(0.6)
------------------
~ Verslag van ZHPDiag v2015.5.8.47 - Nicolas Coolman (5-5-2015)
~ Gelanceerd door pcprive (10-5-2015 14:32:29)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Het adres van de webforum : http://forum.nicolascoolman.fr
~ Vertaald door de gebruiker
~ Staat van de versie : Bijgewerkte versie.
~ Lijst wit : Ingeschakeld door het programma
~ Tot misbruik van bevoegdheden : OK
~ Gebruikersaccountbeheer (UAC) : Deactivate by program


---\\ Internet-browsers
MSIE: Internet Explorer v11.0.9600.17728
MFIE: Mozilla Firefox 37.0.2 (Defaut)
GCIE: Google Chrome v42.0.2311.135

---\\ Windows productinformatie
~ Langage: Nerlandais
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

---\\ Software om het systeem te beveiligen
Malwarebytes Anti-Malware versie 2.0.4.1028
Microsoft Security Client v4.7.0205.0
Windows Defender W7 (Deactivate)

---\\ Systeem optimalisatie software
CCleaner v5.02

---\\ Delen van software PeerToPeer

---\\ Software die extra aandacht behoeft
Adobe Flash Player 17 PPAPI
Adobe Reader XI

---\\ Informatie over het systeem
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (57% free)
System Restore: Activ (Enable)
System drive C: has 870 GB (93%) free of 931 GB

---\\ Verbinding met het systeem-modus
~ Computer Name: PCPRIVE-PC
~ User Name: pcprive
~ All Users Names: pcprive, Gast, Administrator,
~ Unselected Option: None
Logged in as Administrator

---\\ Omgevingsvariabelen
~ System Unit : C:\
~ %AppZHP% : C:\Users\pcprive\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\pcprive\AppData\Roaming\
~ %Desktop% : C:\Users\pcprive\Desktop\
~ %Favorites% : C:\Users\pcprive\Favorites\
~ %LocalAppData% : C:\Users\pcprive\AppData\Local\
~ %StartMenu% : C:\Users\pcprive\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Overzicht vaste en verwisselbare stations
C: Hard drive, Flash drive, Thumb drive (Free 870 Go of 931 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Staat van het Windows Beveiligingscentrum
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Zoeken naar bepaalde algemene bestanden
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Verkenner.) (.25-2-2011 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14-7-2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.77B35D0FC22A2D2EAC8D07C3F9784DBF] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.13-3-2015 - 3:45:57.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.17-7-2014 - 3:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.20-11-2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30-5-2014 - 7:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-7-2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-7-2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20-11-2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20-11-2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20-11-2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14-7-2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-7-2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-4-2011 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20-11-2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.24-1-2014 - 3:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14-7-2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20-11-2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-7-2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11-11-2014 - 2:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.20-11-2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Status van de verborgen bestanden (verborgen/totaal)
~ Mes images (My Pictures) : 1/369
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/21
~ Mes Favoris (My Favorites) : 1/355
~ Mes Documents (My Documents) : 1/207
~ Mon Bureau (My Desktop) : 1/13
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 01s



---\\ Gestarte processen
[MD5.3C13F26A4766752314A5413038BD86B4] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [7229752] [PID.3204]
[MD5.9429CDA9595BB34E2D92A6DBE7C46CB6] - (.IBM Corp. - RapportService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [2648344] [PID.3428]
[MD5.C64E9B1C9EA057DCECDCB98F34377811] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe [228552] [PID.840]
[MD5.11244837251AB1255A80DA14AEB45BD3] - (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [102088] [PID.2312]
[MD5.345B45BE09381D2011EB7F9AC11D8AC4] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.3324]
[MD5.4B88BF95F7C40E2EDD2B924E0111C456] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [267888] [PID.1188]
[MD5.66F6B3894132CC3D347CB85FBAE48D57] - (.Adobe Systems, Inc. - Adobe Flash Player 17.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe [1892528] [PID.1176]
[MD5.2727208EA26F6B6DA898AB6890417214] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8208384] [PID.2840]
[MD5.BF4E0DEE8566DDEC3D26F2D2B6B74FCB] - (.IBM Corp. - RapportMgmtService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1943832] [PID.948]
[MD5.2638395F6E61889D75C363A80A0E17F4] - (.SurfRight B.V. - HitmanPro.Alert.) -- C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816] [PID.1216]
[MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152] [PID.1768]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1808]
[MD5.0BB29DE40C9D9529793DCDB59A43CF5B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160] [PID.1324]
[MD5.5F82D8188B370B0CF185D4AE2B9B4A0E] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016] [PID.2068]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, start, zoeken, extensies (G0, G1, G2)
C:\Users\pcprive\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Google Chrome extensie map
~ Google Lines Browser: 7 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3)
C:\Users\pcprive\AppData\Roaming\Mozilla\Firefox\Profiles\ki8n165y.default\prefs.js
M2 - MFEP: prefs.js [pcprive - ki8n165y.default\googlesharing@extension.thoughtcrime.org] [] GoogleSharing v0.22 (..)
M2 - MFEP: Extension [pcprive - ki8n165y.default] googlesharing@extension.thoughtcrime.org
M2 - MFEP: Extension [pcprive - ki8n165y.default] jid1-ZAdIEUB7XOzOJw@jetpack.xpi
M2 - MFEP: Extension [pcprive - ki8n165y.default] {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
M2 - MFEP: Extension [pcprive - ki8n165y.default] {AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\bolcom-nl.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\marktplaats-nl.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wikipedia-nl.xml
~ Firefox Browser: 23 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, proxybeheer (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts-bestand omleiding (O1)
~ Le fichier hte est sain (The hosts file is clean) (24)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer werkbalken (O3)
O3 - Toolbar: (no name) - [HKLM]{71576546-354D-41c9-AAE8-31F2EC22BF0D} Orphan sleutel
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Orphan sleutel
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{71576546-354D-41C9-AAE8-31F2EC22BF0D} Orphan sleutel
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan sleutel
~ Toolbar: Scanned in 00mn 00s



---\\ Toepassingen gestart door register &amp; bestand (O4)
O4 - HKLM\..\Run: [OODefragTray] . (.O&O Software GmbH - O&O Defrag Free Edition TrayIcon (x64).) -- C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKUS\S-1-5-21-2644516270-1603593607-3465043599-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2644516270-1603593607-3465043599-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s



---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9)
O9 - Extra button: &Verzenden naar OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~3\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Gekoppelde notities van OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~3\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Domeinadres van de DNS (O17) wijzigen
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CS2\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
~ Domain: Scanned in 00mn 00s



---\\ Aanvullend Protocol (O18)
O18 - Handler: wot [64Bits] - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} . (...) -- C:\Program Files\WOT\WOT.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lijst van niet-Microsoft NT services die niet uitgeschakeld zijn (O23)
O23 - Service: HitmanPro.Alert Service (hmpalertsvc) . (.SurfRight B.V. - HitmanPro.Alert.) - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
O23 - Service: lxcz_device (lxcz_device) . (.No owner - Printer Communication System.) - C:\Windows\system32\lxczcoms.exe
~ Services: 10 Legitimates Filtered in 00mn 24s



---\\ Taken die zijn gepland in de automatische modus (O39)
[MD5.235C127898A9AA40B74043E4C72DCA96] [APT] [{AC42C901-51AC-41EE-9B58-7DB5B2CF9FD2}] (...) -- C:\lexmark\drivers\1200\Setup.exe [303784]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [940]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 03s



---\\ Piloot aan het begin van het systeem (O41)
O41 - Driver: (A2DDA) . (. - .) - C:\USERS\PCPRIVE\DESKTOP\RUN\a2ddax64.sys (.not file.)
~ Drivers: 78 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\ABNAMRO]
[HKCU\Software\IncrediMail]
~ Key Software: 212 Legitimates Filtered in 00mn 00s



---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 18-8-2014 - 11:57:24 - [] ----D C:\Program Files (x86)\EMET 5.0
O43 - CFD: 23-11-2013 - 14:05:34 - [0] ----D C:\Program Files (x86)\Fotoservice
O43 - CFD: 14-10-2013 - 14:24:30 - [] ----D C:\Program Files (x86)\GUMCCC0.tmp
O43 - CFD: 7-10-2013 - 10:55:09 - [] ----D C:\ProgramData\IM
O43 - CFD: 7-10-2013 - 10:54:21 - [] ----D C:\ProgramData\IncrediMail
O43 - CFD: 22-8-2014 - 13:10:40 - [] ----D C:\ProgramData\{7AD360CC-1D61-4011-83BE-B257782BA5CB}
O43 - CFD: 22-8-2014 - 12:31:04 - [0] ----D C:\ProgramData\~1
O43 - CFD: 22-8-2014 - 12:31:04 - [0] ----D C:\ProgramData\~2
O43 - CFD: 22-8-2014 - 12:47:18 - [0] ----D C:\ProgramData\~3
O43 - CFD: 22-8-2014 - 12:47:18 - [0] ----D C:\ProgramData\~4
O43 - CFD: 24-8-2014 - 12:18:57 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail
O43 - CFD: 14-7-2009 - 11:55:40 - [0] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 22-1-2014 - 18:50:45 - [] ----D C:\Users\pcprive\AppData\Roaming\Avant Profiles
O43 - CFD: 26-3-2015 - 20:05:33 - [] -SH-D C:\Users\pcprive\AppData\Local\EmieBrowserModeList
O43 - CFD: 7-10-2013 - 14:46:18 - [] ----D C:\Users\pcprive\AppData\Local\IM
O43 - CFD: 8-1-2014 - 19:06:40 - [] ----D C:\Users\pcprive\AppData\Local\midori
~ Program Folder: 190 Legitimates Filtered in 00mn 00s



---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44)
O44 - LFC:[MD5.6F05138DBE344A179F9A11E847404A21] - 1-5-2015 - 9:45:15 ---A- . (...) -- C:\Windows\Lexstat.ini [312]
~ Files: 9 Legitimates Filtered in 00mn 01s



---\\ Activiteiten en functies bij het opstarten van Windows Verkenner (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Controle van veilige Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s



---\\ Opsomming van de registersleutel Hkey_local_machine\software\microsoft\shared (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\IncrediMail [Key] . (...) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (.not file.)
~ SMSR Keys: 7 Legitimates Filtered in 00mn 00s



---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Opsomming van de registersleutel PoliciesExplorer (CKVI) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Overzicht van de drivers (SDL) (O58)
O58 - SDL:20-3-2008 - 11:34:12 ---A- . (.Todos Data System AB - ABN AMRO e.dentifier2 Smart Card Reader.) -- C:\Windows\System32\Drivers\aabed2.sys [28672]
O58 - SDL:29-3-2005 - 0:30:38 ---A- . (.No owner - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [8192]
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:14-7-2009 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10-6-2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:11-4-2014 - 14:58:16 ---A- . (.No owner - HitmanPro.Alert Support Driver.) -- C:\Windows\System32\Drivers\hmpalert.sys [93144]
O58 - SDL:14-7-2009 - 2:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:4-10-2010 - 8:40:18 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\Drivers\TFsExDisk.sys [16448]
O58 - SDL:25-10-2007 - 16:26:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys [5632]
O58 - SDL:4-10-2010 - 8:40:18 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16448]
~ Drivers: 68 Legitimates Filtered in 00mn 07s



---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61)
O61 - LFC: 10-5-2015 - 14:33:28 ---A- . (...) -- C:\Users\pcprive\Downloads\Vollversion WinSysClean X2 - CHIP-Installer.exe [1203488]
O61 - LFC: 6-5-2015 - 14:33:24 ---A- . (...) -- C:\Users\pcprive\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [713907]
~ 2 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 6 Legitimates Filtered in 00mn 05s



---\\ Lijst van cleaning tools (CLAB) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Overzicht met LEGACY services (LALS) (O64)
O64 - Services: CurCS - 30-4-2013 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag) .(.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 11-4-2014 - C:\Windows\system32\drivers\hmpalert.sys (hmpalert) .(.No owner - HitmanPro.Alert Support Driver.) - LEGACY_HMPALERT
O64 - Services: CurCS - 21-11-2014 - C:\Windows\system32\drivers\mwac.sys (MBAMWebAccessControl) .(.Malwarebytes Corporation - Malwarebytes Web Access Control.) - LEGACY_MBAMWEBACCESSCONTROL
O64 - Services: CurCS - 11-3-2015 - C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (RapportPG64) .(.IBM Corp. - RapportPG64.) - LEGACY_RAPPORTPG64
O64 - Services: CurCS - 10-6-2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 153 Legitimates Filtered in 00mn 00s



---\\ Bestandsassociaties mogelijk aangepast (O67)
O67 - Shell Spawning: <.html> <SlimBrowserHtml>[HKLM\..\open\Command] (.Not Key.) =>PUP.SpeedBrowser
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Startmenu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Zoek "infecties in internetbrowsers (SBI) (O69)
O69 - SBI: prefs.js [pcprive - ki8n165y.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {689732D6-158F-43B0-97C6-4ECE896423D6} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84)
[MD5.6B530372E19D404C2001573D9A0BCBBC] [SPRF][20-2-2014] (...) -- C:\Users\pcprive\Desktop\Apache_OpenOffice_4.0.1_Win_x86_install_nl.exe [139734741]
[MD5.D093FD9D7785AE45700C1DDAB5215426] [SPRF][24-2-2014] (.SurfRight B.V. - HitmanPro.Alert.) -- C:\Users\pcprive\Desktop\hmpalert25.exe [1855848]
[MD5.651DC829BC822017CBBC40621DDCEA7A] [SPRF][25-8-2014] (...) -- C:\Users\pcprive\Desktop\Rebuild_Icon_Cache.bat [738]
~ Files: 7 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASMANCS =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASMANCS =>PUP.BuzzSearch
~ BTK: 108 Legitimates Filtered in 00mn 00s



---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt)
SS - | Demand 16-4-2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 25-6-2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25-6-2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 7-7-2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 23-2-2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 14-7-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Auto 22-7-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 18-3-2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 19-12-2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 30-4-2013 238080 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 11-4-2014 1876816 | (hmpalertsvc) . (.SurfRight B.V..) - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
SR - | Auto 19-4-2007 566192 | (lxcz_device) . (...) - C:\Windows\system32\lxczcoms.exe
SR - | Auto 21-11-2014 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 21-11-2014 969016 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 30-1-2015 23784 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 25-1-2011 3051848 | (OODefragAgent) . (.O&O Software GmbH.) - C:\Program Files\OO Software\Defrag\oodag.exe
SR - | Auto 11-3-2015 1943832 | (RapportMgmtService) . (.IBM Corp..) - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
SR - | Auto 14-7-2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s



---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80)
Run by pcprive at 10-5-2015 14:34:03
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80)
Written by ad13, http://ad13.geekstog
Run by pcprive at 10-5-2015 14:34:05
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Extra scan (O88)
Database Version : 13008 - (5-5-2015)
Cls trouves (Keys found) : 0
Valeurs trouves (Values found) : 0
Dossiers trouvs (Folders found) : 0
Fichiers trouvs (Files found) : 1

O67 - Shell Spawning: <.html> <SlimBrowserHtml>[HKLM\..\open\Command] (.Not Key.) =>PUP.SpeedBrowser^
~ Additionnel Scan: 219742 Items scanned in 00mn 25s



---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, proxybeheer (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer werkbalken (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Toepassingen gestart door register &amp; bestand (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Samenvatting van detecties gevonden op uw werkstation
http://www.nicolascoolman.fr/blog/ =>PUP.SpeedBrowser
http://nicolascoolman.fr/pup-buzzsearch =>PUP.BuzzSearch
~ MSI: 2 link(s) detected in 00mn 00s



~ 833 Legitimates filtered by white list
End of the scan (467 lines in 02mn 02s)(0.6)
-----------------

# AdwCleaner v4.203 - Logbestand aangemaakt 10/05/2015 op 17:37:59
# Laatste update 30/04/2015 door Xplode
# Database : 2015-05-09.1 [Server]
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (x64)
# Gebruikersnaam : pcprive - PCPRIVE-PC
# Gestart vanuit : C:\Users\pcprive\Desktop\adwcleaner_4.203.exe
# Optie : Verwijderen

***** [ Services ] *****


***** [ Bestanden / Mappen ] *****

Map Verwijderd : C:\Users\pcprive\AppData\Local\DriverTuner

***** [ Geplande taken ] *****


***** [ Snelkoppelingen ] *****


***** [ Register ] *****

Sleutel Verwijderd : HKCU\Software\DriverTuner_Init
Sleutel Verwijderd : HKCU\Software\DriverTuner

***** [ Webbrowsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 nl)


-\\ Google Chrome v42.0.2311.135


*************************

AdwCleaner[R0].txt - [1073 bytes] - [22/08/2014 12:57:05]
AdwCleaner[R1].txt - [1134 bytes] - [22/08/2014 18:10:43]
AdwCleaner[R2].txt - [1220 bytes] - [05/09/2014 14:43:15]
AdwCleaner[R3].txt - [1345 bytes] - [26/09/2014 18:02:06]
AdwCleaner[R4].txt - [1513 bytes] - [10/05/2015 17:34:59]
AdwCleaner[S0].txt - [1143 bytes] - [22/08/2014 13:01:14]
AdwCleaner[S1].txt - [1201 bytes] - [22/08/2014 18:12:37]
AdwCleaner[S2].txt - [1285 bytes] - [05/09/2014 14:45:03]
AdwCleaner[S3].txt - [1335 bytes] - [10/05/2015 17:37:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1394 bytes] ##########
-----------------------

C: staat bestandsmap, geen text
 
Ik weet niet wat je aan het doen bent, maar wat je nu gepost hebt is niet conform hetgeen ik in bericht #6 gevraagd heb te doen.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.0 (05.09.2015:1)
OS: Windows 7 Home Premium x64
Ran by pcprive on zo 10-05-2015 at 18:32:26,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on zo 10-05-2015 at 18:40:13,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v4.203 - Logbestand aangemaakt 10/05/2015 op 18:47:10
# Laatste update 30/04/2015 door Xplode
# Database : 2015-05-09.1 [Server]
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (x64)
# Gebruikersnaam : pcprive - PCPRIVE-PC
# Gestart vanuit : C:\Users\pcprive\Desktop\adwcleaner_4.203.exe
# Optie : Verwijderen

***** [ Services ] *****


***** [ Bestanden / Mappen ] *****


***** [ Geplande taken ] *****


***** [ Snelkoppelingen ] *****


***** [ Register ] *****


***** [ Webbrowsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 nl)


-\\ Google Chrome v42.0.2311.135


*************************

AdwCleaner[R0].txt - [1073 bytes] - [22/08/2014 12:57:05]
AdwCleaner[R1].txt - [1134 bytes] - [22/08/2014 18:10:43]
AdwCleaner[R2].txt - [1220 bytes] - [05/09/2014 14:43:15]
AdwCleaner[R3].txt - [1345 bytes] - [26/09/2014 18:02:06]
AdwCleaner[R4].txt - [1513 bytes] - [10/05/2015 17:34:59]
AdwCleaner[R5].txt - [1365 bytes] - [10/05/2015 18:43:44]
AdwCleaner[S0].txt - [1143 bytes] - [22/08/2014 13:01:14]
AdwCleaner[S1].txt - [1201 bytes] - [22/08/2014 18:12:37]
AdwCleaner[S2].txt - [1285 bytes] - [05/09/2014 14:45:03]
AdwCleaner[S3].txt - [1474 bytes] - [10/05/2015 17:37:59]
AdwCleaner[S4].txt - [1291 bytes] - [10/05/2015 18:47:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1350 bytes] ##########
 
Tot dusver niet; ben ook met andere zaken bezig geweest.
Ik heb WinSysClean x5 64 bit; deze staat er al een hele tijd op. Moet ik dat veranderen?
Windows essentials heeft diverse programma's, 1 ervan is windows mail die je op het buroblad zet en waar je nog meerdere accounts in kunt zetten. (vandaar buroblad)
Als ik nog wat tegen kom meldt ik me wel even.
 
Doe dan ook alvast het volgende: download
522adc2487fb5-SecurityCheck_cannednieuw.jpg
Security Check
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
SecurityCheck.exe opstarten:
  • Windows 2000 en Windows XP: dubbelklik op SecurityCheck.exe.
  • Windows Vista, Windows 7 en Windows 8 rechtsklik op SecurityCheck.exe en kies "Als Administrator uitvoeren".
  • Let op de instrukties in het zwarte venster.
  • Een Kladblok document genaamd checkup.txt dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
  • Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.
Post de inhoud van checkup.txt in jouw volgende post

Alternatieve downloadlink: http://www.bleepingcomputer.com/download/securitycheck/
 
Results of screen317's Security Check version 1.001
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 17.0.0.169
Adobe Reader XI
Mozilla Firefox (37.0.2)
Mozilla Thunderbird (31.6.0)
Google Chrome (42.0.2311.135)
Google Chrome (42.0.2311.90)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
--------------------------------------
kreeg eerst mededeling dat firefox niet reageerde
kreeg en krijg nu weer de melding dat een achtergrond programma afsluiten verhindert.
 
Laatst bewerkt door een moderator:
Ga naar de site van de
51a5de408905c-th_EsetLogo.png
ESET Online Scanner
  • Klik op de knop ESET Online Scanner
  • Zet een vinkje bij YES, I accept the Terms of Use
  • Klik op Start
  • Sta het ActiveX control toe om te installeren.
    • Zet een vinkje bij de volgende opties:
    • Enable detection of potentially unwanted applications
    • Indien verborgen, open vervolgens Advanced Settings en vink ondervermelde instellingen aan
    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
    • Notabene: deaktiveer tijdelijk de eigen antivirus tijdens de scan, dan is de onlinescan sneller!
  • Klik op Start
  • De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
  • is de scan klaar, daarna mag jij het venster sluiten omdat de scan klaar is.
  • Ga vervolgens naar C:\Program Files\ESET\ESET Online Scanner (Windows 64-bit: C:\Program Files (x86)\ESET\ESET Online Scanner) en klik daar op log.txt
  • Selekteer, kopieer en plak dan de inhoud van dit log in je volgende bericht.

Gebruik je een andere browser dan IE, dan download je een kleine webinstaller, esetsmartinstaller_enu.exe.
De Eset Online scanner zal vervolgens in een kleiner venster opstarten, je markeert dan eerst de instelling zoals hierboven aangegeven.
Klik daarna op de knop "Start" - vervolgens zal eerst de database worden gedownload en is dat gebeurd, start de scan.
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=13573f7fa4906346a38be6ca5c7a5dfa
# engine=23792
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-11 02:36:59
# local_time=2015-05-11 04:36:59 (+0100, West-Europa (zomertijd))
# country="Netherlands"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 7696784 54339013 0 0
# scanned=156879
# found=2
# cleaned=2
# scan_time=4320
sh=4853648196E0847B1D052AA07A18CB30E6C26F9C ft=1 fh=3cf47bc6439a2667 vn="a variant of Win32/DownloadSponsor.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\pcprive\Downloads\Vollversion WinSysClean X2 - CHIP-Installer.exe"
sh=6728FCB15459ED30EB8E33A78E9BA4EF963B77C0 ft=1 fh=b058b7c8ce3a954a vn="Win32/Systweak.R potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\pcprive\Downloads\wzdu24.exe"
 
Ja, de eset scan laat ik zelf ook scannen.
 
Fijn, ik zet alleen vraagtekens bij de antivirus die jij gebruikt om Windows te beschermen.
Hier kan je zien hoe slecht MSE eigenlijk is.
 
Dus dan zou ik Avira moeten kiezen
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan