~ Verslag van ZHPDiag v2014.9.30.139 - Nicolas Coolman (28-9-2014) ~ Gelanceerd door Riekie (2-10-2014 19:34:03) ~ Het adres van de website : http://nicolascoolman.fr ~ Het adres van de webforum : http://forum.nicolascoolman.fr ~ Vertaald door de gebruiker ~ Staat van de versie : Bijgewerkte versie. ~ Lijst wit : Ingeschakeld door het programma ~ Tot misbruik van bevoegdheden : OK ~ Gebruikersaccountbeheer (UAC) : Activate by user ---\\ Internet-browsers MSIE: Internet Explorer v11.0.9600.17278 GCIE: Google Chrome v37.0.2062.124 (Defaut) ---\\ Windows productinformatie ~ Langage: Néerlandais Windows 8.1, 64-bit (Build 9600) Windows Server License Manager Script : OK Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Software om het systeem te beveiligen AVG 2014 v14.0.4037 Malwarebytes Anti-Malware versie 2.0.2.1012 Secunia PSI Windows Defender W8 (Deactivate) ---\\ Systeem optimalisatie software CCleaner v4.17 ---\\ Delen van software PeerToPeer ---\\ Software die extra aandacht behoeft Adobe Flash Player 15 Plugin Adobe Reader XI ---\\ Informatie over het systeem ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3912 MB (47% free) System Restore: Activé (Enable) System drive C: has 376 GB (84%) free of 444 GB ---\\ Verbinding met het systeem-modus ~ Computer Name: PC-RIEKIE ~ User Name: Riekie ~ All Users Names: Riekie, HomeGroupUser$, Gast, Administrator, ~ Unselected Option: None Logged in as Administrator ---\\ Omgevingsvariabelen ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Riekie\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Riekie\AppData\Roaming\ ~ %Desktop% : C:\Users\Riekie\Desktop\ ~ %Favorites% : C:\Users\Riekie\Favorites\ ~ %LocalAppData% : C:\Users\Riekie\AppData\Local\ ~ %StartMenu% : C:\Users\Riekie\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Overzicht vaste en verwisselbare stations C: Hard drive, Flash drive, Thumb drive (Free 376 Go of 444 Go) D: CD-ROM drive (Not Inserted) ---\\ Staat van het Windows Beveiligingscentrum [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Zoeken naar bepaalde algemene bestanden [MD5.ACDBE1ED38167C8B01B8F63161BB2CEA] - (.Microsoft Corporation - Windows Verkenner.) (.23-8-2014 - 08:48:28.) -- C:\Windows\Explorer.exe [2374784] [MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.22-8-2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384] [MD5.30C355249224173151874A7B86A8BB66] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.16-8-2014 - 01:56:32.) -- C:\Windows\System32\wininet.dll [2310656] [MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.18-3-2014 - 16:29:20.) -- C:\Windows\System32\Winlogon.exe [562176] [MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.18-3-2014 - 16:29:21.) -- C:\Windows\System32\sppcomapi.dll [447488] [MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Ondersteunend functiestuurprogramma van WinSock.) (.30-5-2014 - 04:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200] [MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22-8-2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464] [MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22-8-2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576] [MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22-8-2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352] [MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.18-5-2014 - 16:49:34.) -- C:\Windows\system32\Drivers\DfsC.sys [134144] [MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.24-7-2014 - 12:45:39.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800] [MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.22-8-2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520] [MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18-3-2014 - 16:29:23.) -- C:\Windows\system32\Drivers\IpNat.sys [142848] [MD5.7A1A3F213CDB3363D179D5014272025D] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.30-4-2014 - 07:41:46.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432] [MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22-8-2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624] [MD5.038C77D577900EE39410662478BB0D50] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.24-7-2014 - 16:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [2009920] [MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.22-8-2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208] [MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22-8-2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832] [MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.18-3-2014 - 16:12:23.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584] [MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22-8-2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520] [MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.19-6-2014 - 03:13:36.) -- C:\Windows\system32\Drivers\volsnap.sys [310080] ~ Generic Processes: Scanned in 00mn 01s ---\\ Status van de verborgen bestanden (verborgen/totaal) ~ Mes images (My Pictures) : 2/6088 ~ Mes musiques (My Musics) : 1/8 ~ Mes Videos (My Videos) : 1/2 ~ Mes Favoris (My Favorites) : 1/76 ~ Mes Documents (My Documents) : 2/1581 ~ Mon Bureau (My Desktop) : 2/7 ~ Menu demarrer (Programs) : 1/39 ~ Hidden Files: Scanned in 00mn 14s ---\\ Gestarte processen [MD5.88805F1099EBCF3508A28E37F2DEE0E6] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe [12710240] [PID.2508] [MD5.0EFF23C3D910380746D4F56BA5C746C4] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1192784] [PID.308] [MD5.361B0893A5C6741F347568A3232D2822] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112] [PID.4480] [MD5.74A44017136DE7BBB3CC5CBF0768F820] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [22038120] [PID.2204] [MD5.FBB33D6550559030FE42615572FE9FC3] - (.Secunia - Secunia PSI Tray.) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe [565464] [PID.4880] [MD5.5AB8DB8F9CADBFBB3C132E8316FE337E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808] [PID.7076] [MD5.09252818AC12B2D32D6B4403C13BCF75] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8109568] [PID.26056] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, start, zoeken, extensies (G0, G1, G2) C:\Users\Riekie\AppData\Local\Google\Chrome\User Data\Default\Preferences ---\\ Google Chrome extensie map ~ Google Lines Browser: 0 Legitimates Filtered in 00mn 01s ---\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3) C:\Users\Riekie\AppData\Roaming\Mozilla\Firefox\Profiles\61zaa8ks.default\prefs.js (.not file.) ~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, proxybeheer (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts-bestand omleiding (O1) ~ Le fichier hôte est sain (The hosts file is clean) (21) ~ Hosts File: Scanned in 00mn 00s ---\\ Internet Explorer werkbalken (O3) O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Orphan sleutel ~ Toolbar: Scanned in 00mn 00s ---\\ Toepassingen gestart door register & bestand (O4) O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio configuratie.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe O4 - HKLM\..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe O4 - HKLM\..\Run: [BtPreLoad] . (...) -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe O4 - HKCU\..\Run: [StartMenuX] . (.OrdinarySoft - StartMenuX.) -- C:\Program Files\Start Menu X\StartMenuX.exe O4 - HKCU\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd or its subsidiaries - Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKLM\..\Wow6432Node\Run: [Dolby Home Theater v4] . (.Dolby Laboratories Inc. - Dolby Profile Selector.) -- C:\Dolby PCEE4\pcee4.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe O4 - HKLM\..\policies\Explorer\Run: [BtvStack] . (.Qualcomm Atheros Commnucations - Extension Core.) -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd or its subsidiaries - Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd or its subsidiaries - Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe O4 - HKUS\S-1-5-21-2871391618-1465616402-3070090435-1001\..\Run: [StartMenuX] . (.OrdinarySoft - StartMenuX.) -- C:\Program Files\Start Menu X\StartMenuX.exe O4 - HKUS\S-1-5-21-2871391618-1465616402-3070090435-1001\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd or its subsidiaries - Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe O4 - HKUS\S-1-5-21-2871391618-1465616402-3070090435-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. ~ Application: Scanned in 00mn 00s ---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9) O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Orphan sleutel O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Domeinadres van de DNS (O17) wijzigen O17 - HKLM\System\CCS\Services\Tcpip\..\{5C0D780B-84BD-45CF-A100-3AD026C77146}: DhcpNameServer = 192.168.48.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{9921FE32-9FB4-4DC9-A479-078F37FE1ED9}: DhcpNameServer = 212.54.40.25 212.54.44.54 O17 - HKLM\System\CS1\Services\Tcpip\..\{5C0D780B-84BD-45CF-A100-3AD026C77146}: DhcpNameServer = 192.168.48.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{9921FE32-9FB4-4DC9-A479-078F37FE1ED9}: DhcpNameServer = 212.54.40.25 212.54.44.54 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.44.54 ~ Domain: Scanned in 00mn 00s ---\\ Aanvullend Protocol (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML-viewer.) -- C:\Windows\System32\mshtml.dll O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ AppInit_DLLs waarde en subsleutels Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Taken die zijn gepland in de automatische modus (O39) [MD5.F7F9C1A4DC29D6C28218ECE8C794F99D] [APT] [GarminUpdaterTask] (...) -- C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [24920] [MD5.00000000000000000000000000000000] [APT] [{A7ADDC98-EAD3-4F0D-8D7C-F81940B40360}] (...) -- C:\Users\Riekie\Downloads\TeamViewer_Setup_nl.exe (.not file.) [0] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [940] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1072] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1076] ~ Scheduled Task: 21 Legitimates Filtered in 00mn 19s ---\\ Geïnstalleerde software (O42) O42 - Logiciel: Verzoek of wijziging voorlopige aanslag 2013 - (.Belastingdienst.) [HKLM][64Bits] -- Verzoek of wijziging voorlopige aanslag 2013 ~ Logic: 7 Legitimates Filtered in 00mn 01s ---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43) O43 - CFD: 25-8-2014 - 13:56:22 - [] ----D C:\Program Files (x86)\Belastingdienst O43 - CFD: 25-8-2014 - 13:56:42 - [] ----D C:\Users\Riekie\AppData\Roaming\Belastingdienst O43 - CFD: 19-11-2013 - 15:08:58 - [] ----D C:\Users\Riekie\AppData\Roaming\lm ~ Program Folder: 180 Legitimates Filtered in 00mn 01s ---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44) O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 29-9-2014 - 11:08:43 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064] O44 - LFC:[MD5.B6F423906D3E10BE38C16726C0905033] - 30-9-2014 - 21:47:02 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [388729] ~ Files: 42 Legitimates Filtered in 00mn 10s ---\\ Laatste bestanden die zijn gemaakt in Windows Prefetcher (O45) O45 - LFCP:[MD5.01B805CCB3EB8B01297049DB481AA1FE] - 18-8-2014 - 11:37:50 ---A- - C:\Windows\Prefetch\SOFTONICDOWNLOADER_VOOR_AVG-A-DDACFB7D.pf =>Toolbar.Conduit O45 - LFCP:[MD5.1BF0B0CE07156FA828B128591EBF6386] - 18-9-2014 - 13:42:11 ---A- - C:\Windows\Prefetch\SOFTONICDOWNLOADER_VOOR_UNLOC-FF61EDCD.pf =>Toolbar.Conduit ~ Prefetcher: 2 Legitimates Filtered in 00mn 00s ---\\ Controle van veilige Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\41505288.sys . (...) -- C:\Windows\System32\Drivers\41505288.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\41505288.sys . (...) -- C:\Windows\System32\Drivers\41505288.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.) ~ CSB: 21 Legitimates Filtered in 00mn 00s ---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1 ~ MWPS: 18 Legitimates Filtered in 00mn 00s ---\\ Opsomming van de registersleutel PoliciesExplorer (CÖKVI) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Overzicht van de drivers (SDL) (O58) O58 - SDL:19-7-2014 - 08:50:14 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software O58 - SDL:13-8-2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624] O58 - SDL:6-12-2013 - 15:47:12 ---A- . (.Secunia - Secunia PSI Driver.) -- C:\Windows\System32\Drivers\psi_mf_amd64.sys [18456] O58 - SDL:22-8-2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072] ~ Drivers: 70 Legitimates Filtered in 00mn 11s ---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61) O61 - LFC: 1-10-2014 - 19:36:22 ---A- . (...) -- C:\Users\Riekie\AppData\Local\Microsoft\Internet Explorer\UrlBlockManager\urlblocklist.bin [0] O61 - LFC: 1-10-2014 - 19:36:31 ---A- . (...) -- C:\Users\Riekie\AppData\Local\Microsoft\Windows\INetCache\IE\TQR1N7D0\201311NLNag1[1].bin [294703] O61 - LFC: 25-9-2014 - 19:36:22 ---A- . (...) -- C:\Users\Riekie\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\CollectOneDriveLogs.bat [5843] O61 - LFC: 25-9-2014 - 19:36:22 ---A- . (...) -- C:\Users\Riekie\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll [81056] O61 - LFC: 25-9-2014 - 19:36:22 ---A- . (...) -- C:\Users\Riekie\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\LoggingPlatform64.dll [100008] O61 - LFC: 27-9-2014 - 19:36:24 R--A- . (...) -- C:\Users\Riekie\AppData\Local\Microsoft\Windows\FileHistory\Data\1107\C\Users\Riekie\Favorites\Downloads\RSITx64.exe [1222144] O61 - LFC: 27-9-2014 - 19:36:24 R--A- . (...) -- C:\Users\Riekie\AppData\Local\Microsoft\Windows\FileHistory\Data\1113\C\Users\Riekie\Favorites\Downloads\zoek.exe [1290752] O61 - LFC: 30-9-2014 - 19:36:24 R--A- . (.Secunia.) -- C:\Users\Riekie\AppData\Local\Microsoft\Windows\FileHistory\Data\1132\C\Users\Riekie\Favorites\Downloads\PSISetup.exe [5329480] O61 - LFC: 30-9-2014 - 19:36:41 ---A- . (.Secunia.) -- C:\Users\Riekie\Favorites\Downloads\PSISetup.exe [5329480] ~ 38 Fichiers temporaires (Temporary files) ~ 1 Fichiers cookies (Cookies files) ~ Files: 134 Legitimates Filtered in 00mn 22s ---\\ Lijst van cleaning tools (CLAB) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Bestandsassociaties mogelijk aangepast (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Startmenu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Zoek "infecties in internetbrowsers (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {8B08C8CE-F1C7-4E52-9C21-05986D1F1DC0} - (Google) - http://www.google.nl O69 - SBI: SearchScopes [HKCU] {8C8BDECA-373C-43B4-B852-B148C64FFFF7} [DefaultScope] - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt) SS - | Demand 15-9-2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 29-1-2014 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SS - | Demand 16-11-2012 469648 | (DeviceFastLaneService) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe SS - | Demand 22-3-2013 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe SS - | Auto 19-11-2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 19-11-2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 11-3-2014 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Auto 3-12-2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe SS - | Auto 11-5-2012 200728 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe SS - | Auto 3-4-2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Auto 10-7-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 12-9-2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 28-1-2013 227456 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe SR - | Auto 25-8-2014 3242000 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe SR - | Auto 25-8-2014 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe SR - | Auto 26-10-2012 2449552 | (CCDMonitorService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe SR - | Auto 10-12-2012 350544 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe SR - | Demand 23-10-2012 658064 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe SR - | Auto 23-7-2014 438616 | (Garmin Core Update Service) . (.Garmin Ltd or its subsidiaries.) - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe SR - | Auto 24-7-2012 2457232 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe SR - | Auto 20-4-2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Auto 17-7-2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SR - | Auto 17-7-2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 3-11-2012 259136 | (NTI IScheduleSvc) . (.NTI Corporation.) - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe SR - | Auto 22-3-2013 93296 | (RfButtonDriverService) . (.Dritek System INC..) - C:\Windows\RfBtnSvc64.exe SR - | Auto 6-12-2013 1229528 | (Secunia PSI Agent) . (.Secunia.) - C:\Program Files (x86)\Secunia\PSI\PSIA.exe SR - | Auto 6-12-2013 662232 | (Secunia Update Agent) . (.Secunia.) - C:\Program Files (x86)\Secunia\PSI\sua.exe SR - | Auto 4-8-2014 5095264 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe SR - | Auto 4-9-2014 2538808 | (TuneUp.UtilitiesSvc) . (.AVG Technologies.) - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe SR - | Auto 17-7-2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Demand 10-7-1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe SR - | Demand 10-7-1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe SR - | Demand 22-8-2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 34s ---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80) Run by Riekie at 2-10-2014 19:39:18 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80) Written by ad13, http://ad13.geekstog Run by Riekie at 2-10-2014 19:39:20 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Extra scan (O88) Database Version : 13026 - (28-9-2014) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 ~ Additionnel Scan: 227565 Items scanned in 03mn 42s ---\\ Additional information about modules ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, proxybeheer (R5) ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer werkbalken (O3) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Toepassingen gestart door register & bestand (O4) ~ AMI: 3 Legitimates Filtered in 00mn 00s ---\\ Samenvatting van detecties gevonden op uw werkstation http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit ~ MSI: 1 link(s) detected in 00mn 00s ~ 811 Legitimates filtered by white list End of the scan (423 lines in 09mn 00s)(0)