~ Verslag van ZHPDiag v2014.6.5.84 - Nicolas Coolman  (5-6-2014)
~ Gelanceerd door toshiba (5-6-2014 22:29:42)
~ Het adres van de website : http://nicolascoolman.fr
~ Vertaald door de gebruiker
~ Staat van de versie : Bijgewerkte versie.
~  Lijst wit : Ingeschakeld door het programma
~ Tot misbruik van bevoegdheden : OK
~ Gebruikersaccountbeheer (UAC) : Activate by user


---\\ Internet-browsers
MSIE: Internet Explorer v11.0.9600.17107
GCIE: Google Chrome v35.0.1916.114 (Defaut)

---\\ Windows productinformatie
~ Langage: Néerlandais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Software om het systeem te beveiligen
AVG 2014 v14.0.3955
Computer Security 12.71.102.0
Malwarebytes Anti-Malware versie 2.0.1.1004
Windows Defender W7 (Deactivate)

---\\ Systeem optimalisatie software
CCleaner v4.12

---\\ Delen van software PeerToPeer

---\\ Software die extra aandacht behoeft
Adobe Flash Player 13 ActiveX
Adobe Reader X
Java 7 Update 55

---\\ Informatie over het systeem
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4003 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 99 GB (42%) free of 233 GB

---\\ Verbinding met het systeem-modus
~ Computer Name: TOSHIBA-TOSH
~ User Name: toshiba
~ All Users Names: toshiba, HomeGroupUser$, Gast, Administrator, 
~ Unselected Option: None
Logged in as Administrator

---\\ Omgevingsvariabelen
~ System Unit : C:\
~ %AppZHP% : C:\Users\toshiba\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\toshiba\AppData\Roaming\
~ %Desktop% : C:\Users\toshiba\Desktop\
~ %Favorites% : C:\Users\toshiba\Favorites\
~ %LocalAppData% : C:\Users\toshiba\AppData\Local\
~ %StartMenu% : C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Overzicht vaste en verwisselbare stations
C: Hard drive, Flash drive, Thumb drive (Free 99 Go of 233 Go)
D: Hard drive, Flash drive, Thumb drive (Free 210 Go of 232 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Free 2 Go of 7 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Staat van het Windows Beveiligingscentrum
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Zoeken naar bepaalde algemene bestanden
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Verkenner.) (.25-2-2011 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14-7-2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.6-3-2014 - 7:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.4-3-2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.21-11-2010 - 4:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28-9-2013 - 2:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-7-2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-7-2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21-11-2010 - 4:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21-11-2010 - 4:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21-11-2010 - 4:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14-7-2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-7-2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-4-2011 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21-11-2010 - 4:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.24-1-2014 - 3:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14-7-2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21-11-2010 - 4:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-7-2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21-11-2010 - 4:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.21-11-2010 - 4:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Status van de verborgen bestanden (verborgen/totaal)
~ Mes images (My Pictures) : 3/2942
~ Mes musiques (My Musics) : 3/86
~ Mes Videos (My Videos) : 1/25
~ Mes Favoris (My Favorites) : 1/604
~ Mes Documents (My Documents) : 1/105
~ Mon Bureau (My Desktop) : 1/19
~ Menu demarrer (Programs) : 1/32
~ Hidden Files:  Scanned in 00mn 00s



---\\ Gestarte processen
[MD5.1FAA54E9FFEA6FD3E0CEAD951CDDFEF6] - (.TOSHIBA CORPORATION - KeNotify MFC Application.) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe   [34160] [PID.3120]
[MD5.C8F0DCA0E032881B6C4422B502194629] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe   [5181456] [PID.2956]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [254336] [PID.2564]
[MD5.97A1AFD42B8016D132C7BF38C955C6E1] - (.TOSHIBA CORPORATION - ConfigFree Task Tray Menu.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe   [304560] [PID.5008]
[MD5.8A07221789D46B2EA7DFCA2BC807572A] - (.TOSHIBA CORPORATION - ConfigFree Switch Manager Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe   [62848] [PID.5080]
[MD5.D645B082E49F8655F14C61DB4EEBBA1D] - (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe   [367016] [PID.3000]
[MD5.59A409BAB55E72D33409A8A99F50DB17] - (.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe   [264616] [PID.3656]
[MD5.0667ED9F8E905E1F73DB60ACCEDCBCA7] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe   [811728] [PID.2288]
[MD5.E8B7FD67DA14A7BE57A5CB80E3139E60] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe   [309704] [PID.5152]  =>Toolbar.Google
[MD5.915D0372DD0ECD8417AFBB173D47FCE9] - (.AVG Technologies CZ, s.r.o. - AVG Configuration Management Application.) -- C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe   [318480] [PID.5440]
[MD5.E49EFBE3AB99298789D60399BFB6BB1C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8022528] [PID.6636]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe   [65432] [PID.1832]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe   [43336] [PID.1868]
[MD5.561CE09C52F6E945ED4CE7E173D1F542] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe   [3644432] [PID.1896]
[MD5.E5C581D358B62CF65776B8E4E17B9E5C] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe   [292424] [PID.1936]
[MD5.5B54469855533D8E9F420297F8DFBCC8] - (.Garmin Ltd or its subsidiaries - Garmin Core Update Service.) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe   [436056] [PID.2044]
[MD5.DABFBE88774A3C1A8CEA198348E02740] - (.Realsil Microelectronics Inc. - Realtek Card Reader Icon Tool..) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe   [1809920] [PID.2488]
[MD5.BEFF149A82F78B648046108EB9D28893] - (.IObit - Product Updater.) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe   [2151200] [PID.2512]
[MD5.CAB0EEAF5295FC96DDD3E19DCE27E131] - (.TOSHIBA CORPORATION - ConfigFree Service Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe   [46448] [PID.3260]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe   [136176] [PID.4280]
[MD5.50C7CE53EF461870410355F1F2E7D515] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe   [326168] [PID.1664]
[MD5.2989174DF02E0AEF54BAE90674FB445F] - (.Nero AG - NeroUpdate.) -- c:\Program Files (x86)\Nero\Update\NASvc.exe   [572712] [PID.3508]
[MD5.374EBDA379A8F38E0CFC2211611E7167] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe   [2656280] [PID.792]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, start, zoeken, extensies (G0, G1, G2)
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://search.babylon.com  =>PUP.Babylon

---\\ Google Chrome extensie map
~ Google Lines Browser: 1 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, proxybeheer (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts-bestand omleiding (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Internet Explorer werkbalken (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll  =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{95324E44-4B0A-47A9-8F77-9C6415E51C29} Orphan sleutel
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan sleutel
~ Toolbar:  Scanned in 00mn 00s



---\\ Toepassingen gestart door register &amp; bestand (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe 
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe 
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.exe (.not file.) 
O4 - HKLM\..\Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe (.not file.) 
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) 
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe 
O4 - HKLM\..\Wow6432Node\Run: [SVPWUTIL] . (.TOSHIBA - SVPWUTIL Application.) -- C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe 
O4 - HKLM\..\Wow6432Node\Run: [HWSetup] . (.TOSHIBA Electronics, Inc. - HWSetup.) -- C:\Program Files\TOSHIBA\Utilities\HWSetup.exe 
O4 - HKLM\..\Wow6432Node\Run: [KeNotify] . (.TOSHIBA CORPORATION - KeNotify MFC Application.) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe 
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe 
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKUS\.DEFAULT\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe   =>.Toshiba Corporation
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd or its subsidiaries - Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe 
O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe   =>.Toshiba Corporation
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd or its subsidiaries - Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe 
~ Application:  Scanned in 00mn 00s



---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 [64Bits] - {97F922BD-8563-4184-87EE-8C4ACA438823} . (...) -- C:\Program Files\TOSHIBA\BulletinBoard\images\pin.ico
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Domeinadres van de DNS (O17) wijzigen
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC1D8308-75AC-43E2-B709-7BE743F8B006}: DhcpNameServer = 212.54.44.54 212.54.40.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8A6080B-AC3B-4D9E-98F0-F105B7CD91BE}: DhcpNameServer = 212.54.44.54 212.54.40.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{BC1D8308-75AC-43E2-B709-7BE743F8B006}: DhcpNameServer = 212.54.44.54 212.54.40.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{F8A6080B-AC3B-4D9E-98F0-F105B7CD91BE}: DhcpNameServer = 212.54.44.54 212.54.40.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{BC1D8308-75AC-43E2-B709-7BE743F8B006}: DhcpNameServer = 212.54.44.54 212.54.40.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{F8A6080B-AC3B-4D9E-98F0-F105B7CD91BE}: DhcpNameServer = 212.54.44.54 212.54.40.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.44.54 212.54.40.25
~ Domain:  Scanned in 00mn 00s



---\\ Aanvullend Protocol (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- 
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ AppInit_DLLs waarde en subsleutels Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Taken die zijn gepland in de automatische modus (O39)
[MD5.00000000000000000000000000000000] [APT] [4927] (...) -- C:\Users\toshiba\AppData\Local\Temp\launchie.vbs \\B (.not file.)   [0]
[MD5.73BA1B709BCFC035370DF303FD254F69] [APT] [GarminUpdaterTask] (...) -- C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe   [24920]
[MD5.00000000000000000000000000000000] [APT] [{3D559E10-AD91-4AE0-90BA-634B9AC21196}] (...) -- C:\Users\toshiba\Documents\zoek\zoek.scr -d C:\Users\toshiba\Documents\zoek -c \S (.not file.)   [0]
[MD5.DDD6AAF4BEDB8B74C9A154D455DFE5E8] [APT] [{577E63D8-67E0-414B-BBC0-1546E9D5FA7D}] (...) -- C:\Windows\OVTUNS.exe   [40960]
[MD5.D645B082E49F8655F14C61DB4EEBBA1D] [APT] [{943D2F94-DAB4-41D7-80D7-C8A01BE1AEA8}] (.IncrediMail, Ltd..) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe   [367016]
[MD5.00000000000000000000000000000000] [APT] [{B51E00B5-7893-4DF9-B7BB-9BDC74D02F46}] (...) -- C:\Users\toshiba\Desktop\zoek\zoek.scr -d C:\Users\toshiba\Desktop\zoek -c \S (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{E7E6B778-371F-4870-AAFD-1E1F4D14DF82}] (...) -- C:\Users\toshiba\Documents\zoek\zoek.com -d C:\Users\toshiba\Documents\zoek (.not file.)   [0]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [940]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1054]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1058]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 05s



---\\ Piloot aan het begin van het systeem (O41)
O41 - Driver:  (fsvista) . (...) - C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
~ Drivers: 84 Legitimates Filtered in 00mn 00s



---\\ Geïnstalleerde software (O42)
O42 - Logiciel: DiskRedactor - (.CEZEO software Ltd..) [HKLM][64Bits] -- DiskRedactor_is1
O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM][64Bits] -- {FDFE5E63-116A-4655-9B4D-29F4AFE441B3}
O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM][64Bits] -- IncrediMail
~ Logic: 29 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\IncrediMail]
[HKCU\Software\Tech-Pro]
~ Key Software: 372 Legitimates Filtered in 00mn 00s



---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 1-2-2014 - 17:49:08 - [] ----D C:\Program Files (x86)\Flipora
O43 - CFD: 9-1-2012 - 18:17:46 - [] ----D C:\Program Files (x86)\IncrediMail
O43 - CFD: 28-4-2014 - 15:49:26 - [] ----D C:\Program Files (x86)\Internetbeveiliging
O43 - CFD: 9-1-2012 - 18:18:27 - [] ----D C:\ProgramData\IM
O43 - CFD: 9-1-2012 - 18:17:46 - [] ----D C:\ProgramData\IncrediMail
O43 - CFD: 12-6-2013 - 12:05:31 - [] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 19-11-2013 - 10:27:52 - [] ----D C:\Users\toshiba\AppData\Local\3689AE00-01AD-4E47-A4EB-A70EE980AC7E.aplzod
O43 - CFD: 31-1-2012 - 18:46:26 - [] ----D C:\Users\toshiba\AppData\Local\BFE
O43 - CFD: 1-7-2013 - 11:47:10 - [] ----D C:\Users\toshiba\AppData\Local\BlokkerFotoalbum
O43 - CFD: 27-6-2013 - 16:34:16 - [] ----D C:\Users\toshiba\AppData\Local\IM
O43 - CFD: 19-1-2014 - 14:42:01 - [] ----D C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flipora - Discover the Web with Friends
O43 - CFD: 3-2-2014 - 17:38:59 - [] ----D C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
~ Program Folder: 196 Legitimates Filtered in 00mn 00s



---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44)
O44 - LFC:[MD5.10F506D847563F0A6EF0F66A1E419CD7] - 2-6-2014 - 10:29:02 ---A- . (...) -- C:\zoek-results2014-06-02-092902.log   [588]
O44 - LFC:[MD5.FE5DB98DB2B46F70BFB31270CCF43A67] - 2-6-2014 - 23:13:58 ---A- . (...) -- C:\zoek-results2014-06-02-221358.log   [633]
O44 - LFC:[MD5.FF11A99D4BACA33DCC3B9FEB0104AB15] - 23-5-2014 - 14:20:29 ---A- . (...) -- C:\zoek-results2014-05-19-154955.log   [72089]
O44 - LFC:[MD5.7C89B87D084DA0B9EB9D20F9EEA55B85] - 23-5-2014 - 16:01:52 ---A- . (...) -- C:\zoek-results2014-05-23-150152.log   [70707]
O44 - LFC:[MD5.31A5ECD08D8279BC929CB201279CF66B] - 4-6-2014 - 6:54:34 ---A- . (...) -- C:\zoek-results2014-06-04-055434.log   [685]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 5-6-2014 - 20:31:34 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]
O44 - LFC:[MD5.628D9A86BD201F600A8F673B0BEF2DBA] - 5-6-2014 - 20:37:23 ---A- . (...) -- C:\zoek-results.log   [3277]
O44 - LFC:[MD5.6D615FC79C54719FC94CCEBADD971EC8] - 5-6-2014 - 8:35:52 ---A- . (...) -- C:\zoek-results2014-06-05-073552.log   [20346]
~ Files: 19 Legitimates Filtered in 00mn 03s



---\\ Laatste bestanden die zijn gemaakt in Windows Prefetcher (O45)
O45 - LFCP:[MD5.F92A57E9ED6BD4A11525F9E9A0AC987D] - 5-6-2014 - 20:41:23 ---A- - C:\Windows\Prefetch\GOOGLETOOLBARMANAGER_8CA8B414-8A88BD82.pf  =>Toolbar.Google
O45 - LFCP:[MD5.2B2ACB537CEBF428F2AED44E0B966BF0] - 5-6-2014 - 21:18:46 ---A- - C:\Windows\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf  =>Toolbar.Google
O45 - LFCP:[MD5.8A9CDBAB19D91DF00CEBA409D5086764] - 5-6-2014 - 21:11:42 ---A- - C:\Windows\Prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf  =>Toolbar.Google
~ Prefetcher: 3 Legitimates Filtered in 00mn 00s



---\\ Opsomming van de registersleutel Hkey_local_machine\software\microsoft\shared (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\IncrediMail  [Key] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe
~ SMSR Keys: 20 Legitimates Filtered in 00mn 00s



---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Overzicht van de drivers (SDL) (O58)
O58 - SDL:14-7-2009 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
O58 - SDL:17-7-2013 - 12:25:10 ---A- . (...) -- C:\Windows\System32\Drivers\fsbts.sys   [56016]
O58 - SDL:10-6-2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [31232]
O58 - SDL:23-11-2010 - 11:09:32 ---A- . (.Omnivision Technologies, Inc. - Stream Class Mini Driver.) -- C:\Windows\System32\Drivers\OVTX16.sys   [139520]
O58 - SDL:14-7-2009 - 2:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [24656]
O58 - SDL:13-12-2012 - 12:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys   [54784]
O58 - SDL:17-7-2013 - 12:15:36 ---A- . (...) -- C:\Windows\SysWOW64\drivers\fsbts.sys   [42672]
~ Drivers: 84 Legitimates Filtered in 00mn 02s



---\\ Lijst van cleaning tools (CLAB) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
O63 - Logiciel: RSIT - (.random/random.)
~ ADS:  Scanned in 00mn 00s



---\\ Bestandsassociaties mogelijk aangepast (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Startmenu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Zoek "infecties in internetbrowsers (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {A4DBC004-B83F-4138-BF87-A747E0EF3A62} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {EF7D0E23-43C9-467F-AC8E-9715860B327F} - (Google) - http://www.google.com
~ Keys:  Scanned in 00mn 00s



---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84)
[MD5.51E79A54516D2953D4D8431E90010BB9] [SPRF][30-4-2014] (.Audacity Team - LADSPA_plugins-win Setup.) -- C:\Users\toshiba\Desktop\LADSPA_plugins-win-0.4.15.exe   [1512927]
[MD5.8E0B594E6C2E3C62E6E57611059CD5FA] [SPRF][13-2-2014] (.No owner - MainResource Module.) -- C:\Program Files (x86)\8hres.dll   [189832]
[MD5.3F7583821989E49412F4A3531F04744B] [SPRF][13-2-2014] (.Mindspark - Mindspark Toolbar Platform.) -- C:\Program Files (x86)\8hUninstall Allin1Convert.dll   [859720]  =>Adware.Allin1Convert
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Geeft een opsomming van de essentiële gegevens van de naamruimte (MNS) (O92)
O92 - MNS: iCloud-foto's - {F0D63F85-37EC-4097-B30D-61B4A8917118}
~ MNS: 1 Legitimates Filtered in 00mn 00s



---\\ Microsoft Installer-bestanden (WIS) (NTFS) (O93)
[MD5.8797F3592E055284D113FEAA21B71ED3] [WIS][27-8-2012] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\49522.msi   [28160]  =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 05s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS  =>Toolbar.Google
~ BTK: 244 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar)  =>Toolbar.Google
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper)  =>Toolbar.Google
~ BCK: 4495 Legitimates Filtered in 00mn 04s



---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt)
SS - | Demand 14-5-2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 2-2-2012 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2-2-2012 136176 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28-8-2012 194032 |  (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 14-11-2005 69632 |  (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SS - | Demand 15-5-2014 641352 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 19-12-2012 732648 |  (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Demand 10-2-2011 112080 |  (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe  =>.Toshiba Corporation
SS - | Demand 29-11-2010 54136 |  (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe  =>.Toshiba Corporation
SS - | Demand 8-12-2010 137632 |  (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
SS - | Demand 14-7-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18-12-2013 65432 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12-2-2014 43336 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 13-5-2014 3644432 |  (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
SR - | Auto 13-5-2014 292424 |  (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 30-8-2011 462184 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 28-1-2010 249200 |  (cfWiMAXService) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
SR - | Auto 10-3-2009 46448 |  (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
SR - | Auto 23-4-2014 436056 |  (Garmin Core Update Service) . (.Garmin Ltd or its subsidiaries.) - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
SR - | Auto 4-8-2010 1809920 |  (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
SR - | Auto 25-10-2013 2151200 |  (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SR - | Auto 1-2-2011 326168 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 14-1-2011 572712 |  (NAUpdate) . (.Nero AG.) - c:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 20-10-2010 138656 |  (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
SR - | Auto 9-12-2010 489384 |  (TosCoSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
SR - | Auto 1-2-2011 2656280 |  (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 10-7-1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 14-7-2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 06s



---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80)
Run by toshiba at 5-6-2014 22:31:24
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80)
Written by ad13, http://ad13.geekstog
Run by toshiba at 5-6-2014 22:31:26
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 02s



---\\ Extra scan (O88)
Database Version : 13026 - (5-6-2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 5

[HKLM\Software\Classes\Interface\{09B8C335-1622-42C7-8650-A79D56551343}]   =>Adware.MapsGalaxy
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F}   =>Toolbar.Google^
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe   =>Toolbar.Google^
C:\Program Files (x86)\8hUninstall Allin1Convert.dll   =>Adware.Allin1Convert^
C:\Windows\Installer\49522.msi   =>Toolbar.Google^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar)   =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper)   =>Toolbar.Google^
~ Additionnel Scan: 370028 Items scanned in 00mn 18s



---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/  =>.Internet Explorer, Proxy Management (R5)
~ AMI: 1 Legitimates Filtered in 00mn 00s



---\\ Samenvatting van detecties gevonden op uw werkstation
http://nicolascoolman.fr/pup-babylon  =>PUP.Babylon
http://nicolascoolman.fr/adware-allin1convert  =>Adware.Allin1Convert
http://nicolascoolman.fr/adware-mapsgalaxy  =>Adware.MapsGalaxy
~ MSI: 3 link(s) detected in 00mn 00s



~ 878 Legitimates filtered by white list
End of the scan (488 lines in 02mn 02s)(0)