~ Verslag van ZHPDiag v2014.8.23.122 - Nicolas Coolman (23-8-2014)
~ Gelanceerd door pcprive (24-8-2014 10:28:35)
~ Het adres van de website :
http://nicolascoolman.fr
~ Het adres van de webforum :
http://forum.nicolascoolman.fr
~ Vertaald door de gebruiker
~ Staat van de versie : Bijgewerkte versie.
~ Lijst wit : Ingeschakeld door het programma
~ Tot misbruik van bevoegdheden : OK
~ Gebruikersaccountbeheer (UAC) : Activate by user
---\\ Internet-browsers
MSIE: Internet Explorer v11.0.9600.17239
MFIE: Mozilla Firefox 31.0 (Defaut)
GCIE: Google Chrome v36.0.1985.143
---\\ Windows productinformatie
~ Langage: Nerlandais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Software om het systeem te beveiligen
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versie 2.0.2.1012
ESET Online Scanner v3
Windows Defender W7 (Activate)
---\\ Systeem optimalisatie software
CCleaner v4.09
---\\ Delen van software PeerToPeer
---\\ Software die extra aandacht behoeft
Adobe Flash Player 14 Plugin
Adobe Reader XI
---\\ Informatie over het systeem
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (59% free)
System Restore: Activ (Enable)
System drive C: has 880 GB (94%) free of 931 GB
---\\ Verbinding met het systeem-modus
~ Computer Name: PCPRIVE-PC
~ User Name: pcprive
~ All Users Names: pcprive, Gast, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ Omgevingsvariabelen
~ System Unit : C:\
~ %AppZHP% : C:\Users\pcprive\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\pcprive\AppData\Roaming\
~ %Desktop% : C:\Users\pcprive\Desktop\
~ %Favorites% : C:\Users\pcprive\Favorites\
~ %LocalAppData% : C:\Users\pcprive\AppData\Local\
~ %StartMenu% : C:\Users\pcprive\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Overzicht vaste en verwisselbare stations
C: Hard drive, Flash drive, Thumb drive (Free 880 Go of 931 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Staat van het Windows Beveiligingscentrum
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Zoeken naar bepaalde algemene bestanden
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Verkenner.) (.25-2-2011 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14-7-2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.8E71A5CB5312B8392D4DA4CA37BB5868] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.25-7-2014 - 11:52:06.) -- C:\Windows\System32\wininet.dll [2266624]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.4-3-2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.20-11-2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30-5-2014 - 7:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-7-2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-7-2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20-11-2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20-11-2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20-11-2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14-7-2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-7-2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-4-2011 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20-11-2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.24-1-2014 - 3:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14-7-2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20-11-2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-7-2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20-11-2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.20-11-2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Status van de verborgen bestanden (verborgen/totaal)
~ Mes images (My Pictures) : 1/292
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/20
~ Mes Favoris (My Favorites) : 2/354
~ Mes Documents (My Documents) : 1/141
~ Mon Bureau (My Desktop) : 1/11
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 00s
---\\ Gestarte processen
[MD5.C64E9B1C9EA057DCECDCB98F34377811] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe [228552] [PID.2776]
[MD5.A7810B302294793DE88542AAE177D1B1] - (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424] [PID.3056]
[MD5.26B558B2D31C7425B455B00E562EAD93] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896] [PID.2648]
[MD5.90A87B0D44209F1803422BDCD5C0A866] - (.Trusteer Ltd. - RapportService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [2640152] [PID.3224]
[MD5.11244837251AB1255A80DA14AEB45BD3] - (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [102088] [PID.1908]
[MD5.10F36FB8CD6218CD7F818268E0F3F9C6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.5028]
[MD5.02F8883595A2B3D7FFA11C71EAC68473] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.4660]
[MD5.46F4B7B42581E0681EC387BD0A447EB4] - (.Adobe Systems, Inc. - Adobe Flash Player 14.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe [1868976] [PID.4696]
[MD5.4B2D5118B141488B6FCFE199DEEC8002] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8096256] [PID.3396]
[MD5.7B80AB7816A75535900B95D1FEABB3C2] - (.Trusteer Ltd. - RapportMgmtService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1886488] [PID.932]
[MD5.2638395F6E61889D75C363A80A0E17F4] - (.SurfRight B.V. - HitmanPro.Alert.) -- C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816] [PID.1192]
[MD5.73F5C13B431915BAE35254B4E95DFB71] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1412]
[MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152] [PID.1748]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1768]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.3004]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, start, zoeken, extensies (G0, G1, G2)
C:\Users\pcprive\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Google Chrome extensie map
~ Google Lines Browser: 1 Legitimates Filtered in 00mn 05s
---\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3)
C:\Users\pcprive\AppData\Roaming\Mozilla\Firefox\Profiles\ki8n165y.default\prefs.js
M2 - MFEP: prefs.js [pcprive - ki8n165y.default\googlesharing@extension.thoughtcrime.org] [] GoogleSharing v0.22 (..)
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, proxybeheer (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts-bestand omleiding (O1)
~ Le fichier hte est sain (The hosts file is clean) (1)
~ Hosts File: Scanned in 00mn 00s
---\\ Internet Explorer werkbalken (O3)
O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Orphan sleutel
O3 - Toolbar: WOT - [HKLM]{71576546-354D-41c9-AAE8-31F2EC22BF0D} . (...) -- C:\Program Files\WOT\WOT.dll
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Orphan sleutel
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{A13C2648-91D4-4BF3-BC6D-0079707C4389} Orphan sleutel
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan sleutel
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{71576546-354D-41C9-AAE8-31F2EC22BF0D} Orphan sleutel
~ Toolbar: Scanned in 00mn 00s
---\\ Toepassingen gestart door register & bestand (O4)
O4 - HKLM\..\Run: [OODefragTray] . (.O&O Software GmbH - O&O Defrag Free Edition TrayIcon (x64).) -- C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Wow6432Node\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2644516270-1603593607-3465043599-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
~ Application: Scanned in 00mn 00s
---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9)
O9 - Extra button: &Verzenden naar OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~3\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Gekoppelde notities van OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~3\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Domeinadres van de DNS (O17) wijzigen
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CS2\Services\Tcpip\..\{4D7D1457-1F63-45C2-8490-B219E8622AD5}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
~ Domain: Scanned in 00mn 00s
---\\ Aanvullend Protocol (O18)
O18 - Handler: wot [64Bits] - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} . (...) -- C:\Program Files\WOT\WOT.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lijst van niet-Microsoft NT services die niet uitgeschakeld zijn (O23)
O23 - Service: HitmanPro.Alert Service (hmpalertsvc) . (.SurfRight B.V. - HitmanPro.Alert.) - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
O23 - Service: lxcz_device (lxcz_device) . (.No owner - Printer Communication System.) - C:\Windows\system32\lxczcoms.exe
~ Services: 10 Legitimates Filtered in 00mn 17s
---\\ Taken die zijn gepland in de automatische modus (O39)
[MD5.235C127898A9AA40B74043E4C72DCA96] [APT] [{AC42C901-51AC-41EE-9B58-7DB5B2CF9FD2}] (...) -- C:\lexmark\drivers\1200\Setup.exe [303784]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [940]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 03s
---\\ Piloot aan het begin van het systeem (O41)
O41 - Driver: (A2DDA) . (. - .) - C:\USERS\PCPRIVE\DESKTOP\RUN\a2ddax64.sys (.not file.)
~ Drivers: 87 Legitimates Filtered in 00mn 00s
---\\ Genstalleerde software (O42)
O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM][64Bits] -- {FDFE5E63-116A-4655-9B4D-29F4AFE441B3}
O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM][64Bits] -- IncrediMail
~ Logic: 21 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ABNAMRO]
[HKCU\Software\IncrediMail]
[HKLM\Software\Wow6432Node\ABNAMRO]
~ Key Software: 218 Legitimates Filtered in 00mn 00s
---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 11-9-2013 - 11:24:42 - [] ----D C:\Program Files (x86)\ABN AMRO e.dentifier2
O43 - CFD: 18-8-2014 - 11:57:24 - [] ----D C:\Program Files (x86)\EMET 5.0
O43 - CFD: 23-11-2013 - 14:05:34 - [0] ----D C:\Program Files (x86)\Fotoservice
O43 - CFD: 14-10-2013 - 14:24:30 - [] ----D C:\Program Files (x86)\GUMCCC0.tmp
O43 - CFD: 7-10-2013 - 10:54:21 - [] ----D C:\Program Files (x86)\IncrediMail
O43 - CFD: 7-10-2013 - 10:55:09 - [] ----D C:\ProgramData\IM
O43 - CFD: 7-10-2013 - 10:54:21 - [] ----D C:\ProgramData\IncrediMail
O43 - CFD: 22-8-2014 - 13:10:40 - [] --H-D C:\ProgramData\{7AD360CC-1D61-4011-83BE-B257782BA5CB}
O43 - CFD: 22-8-2014 - 12:31:04 - [0] --H-D C:\ProgramData\~1
O43 - CFD: 22-8-2014 - 12:31:04 - [0] --H-D C:\ProgramData\~2
O43 - CFD: 22-8-2014 - 12:47:18 - [0] --H-D C:\ProgramData\~3
O43 - CFD: 22-8-2014 - 12:47:18 - [0] --H-D C:\ProgramData\~4
O43 - CFD: 22-1-2014 - 18:50:45 - [] ----D C:\Users\pcprive\AppData\Roaming\Avant Profiles
O43 - CFD: 7-10-2013 - 14:46:18 - [] ----D C:\Users\pcprive\AppData\Local\IM
O43 - CFD: 8-1-2014 - 19:06:40 - [] ----D C:\Users\pcprive\AppData\Local\midori
~ Program Folder: 159 Legitimates Filtered in 00mn 00s
---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44)
O44 - LFC:[MD5.9DDFE63A2A475A4E51DE8F4C580F238D] - 17-8-2014 - 11:38:35 ---A- . (...) -- C:\MBAM Scanlog.txt [1170]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 17-8-2014 - 15:07:42 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.2F8538B4692D7926043F31FF459FA928] - 18-8-2014 - 10:45:58 ---A- . (...) -- C:\DelFix.txt [1698]
~ Files: 60 Legitimates Filtered in 00mn 02s
---\\ Activiteiten en functies bij het opstarten van Windows Verkenner (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Controle van veilige Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s
---\\ Opsomming van de registersleutel Hkey_local_machine\software\microsoft\shared (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\IncrediMail [Key] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe
~ SMSR Keys: 7 Legitimates Filtered in 00mn 00s
---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s
---\\ Opsomming van de registersleutel PoliciesExplorer (CKVI) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Overzicht van de drivers (SDL) (O58)
O58 - SDL:20-3-2008 - 11:34:12 ---A- . (.Todos Data System AB - ABN AMRO e.dentifier2 Smart Card Reader.) -- C:\Windows\System32\Drivers\aabed2.sys [28672]
O58 - SDL:29-3-2005 - 0:30:38 ---A- . (.No owner - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [8192]
O58 - SDL:6-8-2014 - 14:24:22 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:6-8-2014 - 14:24:22 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:6-8-2014 - 14:24:22 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [224896] =>.ALWIL Software
O58 - SDL:23-7-2013 - 15:47:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:14-7-2009 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10-6-2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:11-4-2014 - 14:58:16 ---A- . (.No owner - HitmanPro.Alert Support Driver.) -- C:\Windows\System32\Drivers\hmpalert.sys [93144]
O58 - SDL:14-7-2009 - 2:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:4-10-2010 - 8:40:18 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\Drivers\TFsExDisk.sys [16448]
O58 - SDL:25-10-2007 - 16:26:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys [5632]
O58 - SDL:4-10-2010 - 8:40:18 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16448]
~ Drivers: 77 Legitimates Filtered in 00mn 02s
---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61)
O61 - LFC: 22-8-2014 - 10:29:29 ---A- . (...) -- C:\Users\pcprive\Desktop\adwcleaner_3.308.exe [1364531]
~ 125 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 5 Legitimates Filtered in 00mn 03s
---\\ Lijst van cleaning tools (CLAB) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Overzicht met LEGACY services (LALS) (O64)
O64 - Services: CurCS - 30-4-2013 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag) .(.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 6-8-2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 6-8-2014 - C:\Windows\System32\Drivers\aswVmm.sys (aswVmm) .(...) - LEGACY_ASWVMM
O64 - Services: CurCS - 11-4-2014 - C:\Windows\system32\drivers\hmpalert.sys (hmpalert) .(.No owner - HitmanPro.Alert Support Driver.) - LEGACY_HMPALERT
O64 - Services: CurCS - 10-7-2014 - C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (RapportPG64) .(.Trusteer Ltd. - RapportPG64.) - LEGACY_RAPPORTPG64
O64 - Services: CurCS - 10-6-2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 147 Legitimates Filtered in 00mn 00s
---\\ Bestandsassociaties mogelijk aangepast (O67)
O67 - Shell Spawning: <.html> <SlimBrowserHtml>[HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Startmenu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Zoek "infecties in internetbrowsers (SBI) (O69)
O69 - SBI: prefs.js [pcprive - ki8n165y.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) -
http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {689732D6-158F-43B0-97C6-4ECE896423D6} - (Bing) -
http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84)
[MD5.9DED4724D695CFB01960426DA011ABAE] [SPRF][22-8-2014] (...) -- C:\Users\pcprive\Desktop\adwcleaner_3.308.exe [1364531]
[MD5.6B530372E19D404C2001573D9A0BCBBC] [SPRF][20-2-2014] (...) -- C:\Users\pcprive\Desktop\Apache_OpenOffice_4.0.1_Win_x86_install_nl.exe [139734741]
[MD5.D093FD9D7785AE45700C1DDAB5215426] [SPRF][24-2-2014] (.SurfRight B.V. - HitmanPro.Alert.) -- C:\Users\pcprive\Desktop\hmpalert25.exe [1855848]
~ Files: 6 Legitimates Filtered in 00mn 02s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASMANCS =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASMANCS =>PUP.BuzzSearch
~ BTK: 107 Legitimates Filtered in 00mn 00s
---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt)
SS - | Demand 16-8-2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 25-6-2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25-6-2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 7-7-2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 4-8-2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 18-3-2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 21-12-2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 30-4-2013 238080 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 6-8-2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 11-4-2014 1876816 | (hmpalertsvc) . (.SurfRight B.V..) - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
SR - | Auto 19-4-2007 566192 | (lxcz_device) . (...) - C:\Windows\system32\lxczcoms.exe
SR - | Auto 12-5-2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 25-1-2011 3051848 | (OODefragAgent) . (.O&O Software GmbH.) - C:\Program Files\OO Software\Defrag\oodag.exe
SR - | Auto 10-7-2014 1886488 | (RapportMgmtService) . (.Trusteer Ltd..) - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
SR - | Auto 14-7-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10-7-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14-7-2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s
---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80)
Run by pcprive at 24-8-2014 10:29:58
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80)
Written by ad13,
http://ad13.geekstog
Run by pcprive at 24-8-2014 10:30:00
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Extra scan (O88)
Database Version : 13026 - (23-8-2014)
Cls trouves (Keys found) : 0
Valeurs trouves (Values found) : 0
Dossiers trouvs (Folders found) : 0
Fichiers trouvs (Files found) : 0
~ Additionnel Scan: 212270 Items scanned in 00mn 30s
---\\ Additional information about modules
~
http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, proxybeheer (R5)
~
http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer werkbalken (O3)
~
http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Toepassingen gestart door register & bestand (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s
---\\ Samenvatting van detecties gevonden op uw werkstation
http://nicolascoolman.fr/pup-buzzsearch =>PUP.BuzzSearch
~ MSI: 1 link(s) detected in 00mn 00s
~ 851 Legitimates filtered by white list
End of the scan (472 lines in 01mn 55s)(0)