~ Verslag van ZHPDiag v2014.11.15.164 - Nicolas Coolman (15-11-2014) ~ Gelanceerd door M. Robbescheuten (18-11-2014 22:14:41) ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ Het adres van de webforum : http://forum.nicolascoolman.fr ~ Vertaald door de gebruiker ~ Staat van de versie : Bijgewerkte versie. ~ Lijst wit : Ingeschakeld door het programma ~ Tot misbruik van bevoegdheden : OK ~ Gebruikersaccountbeheer (UAC) : Deactivate by program ---\\ Internet-browsers MSIE: Internet Explorer v11.0.9600.17416 (Defaut) ---\\ Windows productinformatie ~ Langage: Néerlandais Windows 8.1, 64-bit (Build 9600) Windows Server License Manager Script : OK ---\\ Software om het systeem te beveiligen Windows Defender W8 (Deactivate) ---\\ Systeem optimalisatie software CCleaner v4.10 ---\\ Delen van software PeerToPeer ---\\ Software die extra aandacht behoeft ---\\ Informatie over het systeem ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 6094 MB (79% free) System Restore: Activé (Enable) System drive C: has 241 GB (52%) free of 457 GB ---\\ Verbinding met het systeem-modus ~ Computer Name: ROBBESCHEUTEN ~ User Name: M. Robbescheuten ~ All Users Names: UpdatusUser, M. Robbescheuten, Gast, Administrator, ~ Unselected Option: None Logged in as Administrator ---\\ Omgevingsvariabelen ~ System Unit : C:\ ~ %AppZHP% : C:\Users\M. Robbescheuten\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\M. Robbescheuten\AppData\Roaming\ ~ %Desktop% : C:\Users\M. Robbescheuten\Desktop\ ~ %Favorites% : C:\Users\M. Robbescheuten\Favorites\ ~ %LocalAppData% : C:\Users\M. Robbescheuten\AppData\Local\ ~ %StartMenu% : C:\Users\M. Robbescheuten\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Overzicht vaste en verwisselbare stations C: Hard drive, Flash drive, Thumb drive (Free 241 Go of 457 Go) D: Hard drive, Flash drive, Thumb drive (Free 264 Go of 459 Go) E: CD-ROM drive (Not Inserted) K: Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Staat van het Windows Beveiligingscentrum [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Zoeken naar bepaalde algemene bestanden [MD5.ACDBE1ED38167C8B01B8F63161BB2CEA] - (.Microsoft Corporation - Windows Verkenner.) (.23-8-2014 - 08:48:28.) -- C:\Windows\Explorer.exe [2374784] [MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.22-8-2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384] [MD5.BF1FC65A307B31939ADF7F976FDE033C] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.31-10-2014 - 04:45:17.) -- C:\Windows\System32\wininet.dll [2365440] [MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.22-2-2014 - 10:45:48.) -- C:\Windows\System32\Winlogon.exe [562176] [MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.21-12-2013 - 09:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488] [MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Ondersteunend functiestuurprogramma van WinSock.) (.30-5-2014 - 04:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200] [MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22-8-2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464] [MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22-8-2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576] [MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22-8-2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352] [MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.6-3-2014 - 10:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144] [MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.24-7-2014 - 12:45:39.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800] [MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.22-8-2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520] [MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27-11-2013 - 13:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848] [MD5.7A1A3F213CDB3363D179D5014272025D] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.30-4-2014 - 07:41:46.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432] [MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22-8-2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624] [MD5.038C77D577900EE39410662478BB0D50] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.24-7-2014 - 16:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [2009920] [MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.22-8-2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208] [MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22-8-2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832] [MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.23-8-2013 - 00:00:27.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584] [MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22-8-2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520] [MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.19-6-2014 - 03:13:36.) -- C:\Windows\system32\Drivers\volsnap.sys [310080] ~ Generic Processes: Scanned in 00mn 00s ---\\ Status van de verborgen bestanden (verborgen/totaal) ~ Mes images (My Pictures) : 1/2799 ~ Mes Videos (My Videos) : 1/9 ~ Mes Favoris (My Favorites) : 1/668 ~ Mes Documents (My Documents) : 1/1124 ~ Mon Bureau (My Desktop) : 1/19 ~ Menu demarrer (Programs) : 1/32 ~ Hidden Files: Scanned in 00mn 04s ---\\ Gestarte processen [MD5.280B64F6BFCEDE6D67D261EB808AA617] - (.Acer Incorporated - Hotkey Utility.) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [524944] [PID.1952] [MD5.81FDC3C9A719EA86C8D86D20F1DCF185] - (.Creative Home - Hallmark Event Planner.) -- C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2015 Deluxe\Planner\PLNRnote.exe [364032] [PID.4120] [MD5.887CAA31048EB8ED09A0CBD0E6F46F09] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776] [PID.4172] [MD5.2B02551F83340E9F77A66ED3A6964AAD] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8128000] [PID.1528] ~ Processes Running: Scanned in 00mn 00s ---\\ Internet Explorer, proxybeheer (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts-bestand omleiding (O1) ~ Le fichier hôte est sain (The hosts file is clean) (21) ~ Hosts File: Scanned in 00mn 00s ---\\ Andere Verwijzigingen gebruikers (O4) O4 - GS\Program [Public]: Your Software Deals.lnk . (...) -- C:\ProgramData\ashampoo\YourDeals.exe ~ Global Startup: 1 Legitimates Filtered in 00mn 01s ---\\ Toepassingen gestart door register & bestand (O4) O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Realtek HD Audio configuratie.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation O4 - HKLM\..\Run: [egui] . (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Plaknotities.) -- C:\Windows\System32\StikyNot.exe O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe O4 - HKLM\..\Wow6432Node\Run: [PowerDVD12DMREngine] . (.CyberLink - DMREngine.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe O4 - HKLM\..\Wow6432Node\Run: [PowerDVD12Agent] . (.CyberLink Corp. - PowerDVD 12.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- c:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- c:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co O4 - HKLM\..\Wow6432Node\Run: [AddressBookReminderApp] C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2015 Deluxe\ReminderApp.exe (.not file.) O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKUS\S-1-5-21-2617873385-1771127311-2925833956-1001\..\RunOnce: [WAB Migrate] . (.Microsoft Corporation - Windows Contacts.) -- C:\Program Files (x86)\Windows Mail\wab.exe =>.Microsoft Corporation ~ Application: Scanned in 00mn 00s ---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9) O9 - Extra button: &Verzenden naar OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.) O9 - Extra button: &Gekoppelde notities van OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.) ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Domeinadres van de DNS (O17) wijzigen O17 - HKLM\System\CCS\Services\Tcpip\..\{11E3AC34-AD43-4F94-9C41-301EA3DB4AFF}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{11E3AC34-AD43-4F94-9C41-301EA3DB4AFF}: DhcpDomain = sitecom.router O17 - HKLM\System\CS1\Services\Tcpip\..\{11E3AC34-AD43-4F94-9C41-301EA3DB4AFF}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{11E3AC34-AD43-4F94-9C41-301EA3DB4AFF}: DhcpDomain = sitecom.router O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 ~ Domain: Scanned in 00mn 00s ---\\ Aanvullend Protocol (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ AppInit_DLLs waarde en subsleutels Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - C:\Users\M. ~ AppInit DLL: Scanned in 00mn 00s ---\\ Lijst van niet-Microsoft NT services die niet uitgeschakeld zijn (O23) O23 - Service: FolderImportPrivacy.exe (FolderImportPrivacy.exe) . (...) - C:\Users\M. Robbescheuten\AppData\Local\FolderImportPrivacy\FolderImportPrivacy.exe (.not file.) O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) . (.Foxit Software Inc. - Foxit Cloud Safe Update Service.) - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe ~ Services: 28 Legitimates Filtered in 00mn 02s ---\\ Geïnstalleerde software (O42) O42 - Logiciel: Click'N Design 3D for AfterBurner(tm) (V5) - (.Stomp Inc..) [HKLM][64Bits] -- Click'N Design 3D for AfterBurner(tm) (V5) O42 - Logiciel: Easy Cover Print 2.3 - (...) [HKLM][64Bits] -- Easy Cover Print 2.3 O42 - Logiciel: SiteFinder - (.SiteFinder.) [HKLM][64Bits] -- SiteFinder =>Adware.ShoppingReport O42 - Logiciel: Spotnet - (.Spotnet.) [HKLM][64Bits] -- Spotnet 1.8.1.1 O42 - Logiciel: Spotnet - (.Spotnet.) [HKLM][64Bits] -- {12878924-210B-4A0C-8CA6-6C697756BA32} ~ Logic: 33 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Click'N Design 3D] [HKCU\Software\Ease-Soft] [HKCU\Software\ForumerIT] =>Toolbar.Forumer [HKCU\Software\hvcc] [HKCU\Software\thyanté] [HKLM\Software\Wow6432Node\Spotnet] [HKLM\Software\Wow6432Node\iFoxSoft] ~ Key Software: 369 Legitimates Filtered in 00mn 00s ---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43) O43 - CFD: 13-9-2014 - 23:29:22 - [] ----D C:\Program Files (x86)\Click'N Design 3D (V5) O43 - CFD: 20-9-2014 - 19:50:13 - [] ----D C:\Program Files (x86)\Easy Cover Print O43 - CFD: 20-9-2014 - 22:23:39 - [] ----D C:\Program Files (x86)\iFoxSoft O43 - CFD: 15-3-2014 - 08:01:56 - [] ----D C:\Program Files (x86)\Spotnet O43 - CFD: 10-11-2014 - 22:31:36 - [] ---AD C:\ProgramData\Reprise O43 - CFD: 15-10-2014 - 22:57:59 - [] ----D C:\ProgramData\Spotnet O43 - CFD: 6-7-2014 - 22:41:58 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Click'N Design 3D for AfterBurner (V5) O43 - CFD: 11-9-2014 - 13:21:57 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Cover Print O43 - CFD: 28-10-2014 - 23:26:48 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hallmark O43 - CFD: 15-3-2014 - 08:01:56 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotnet O43 - CFD: 23-8-2013 - 00:00:37 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 15-3-2014 - 08:01:44 - [] ----D C:\Users\M. Robbescheuten\AppData\Roaming\Spotnet O43 - CFD: 13-11-2014 - 00:37:11 - [] -SH-D C:\Users\M. Robbescheuten\AppData\Local\EmieBrowserModeList O43 - CFD: 28-10-2014 - 23:57:05 - [] ----D C:\Users\M. Robbescheuten\AppData\Local\HCSShell O43 - CFD: 15-3-2014 - 08:05:49 - [] ----D C:\Users\M. Robbescheuten\AppData\Local\Spotnet O43 - CFD: 20-9-2014 - 16:14:56 - [] ----D C:\Users\M. Robbescheuten\AppData\Local\_ O43 - CFD: 6-7-2014 - 22:41:58 - [0] ----D C:\Users\M. Robbescheuten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Click'N Design 3D for AfterBurner (V5) O43 - CFD: 11-9-2014 - 13:21:57 - [0] ----D C:\Users\M. Robbescheuten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Cover Print ~ Program Folder: 292 Legitimates Filtered in 00mn 00s ---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44) O44 - LFC:[MD5.A92EF73B02686B7E6F070B486512DB88] - 12-11-2014 - 23:46:39 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [389176] O44 - LFC:[MD5.17C989D1E34A7C70B05E288AB826BE05] - 15-11-2014 - 19:21:35 ---A- . (...) -- C:\zoek-results2014-09-20-192658.log [36064] O44 - LFC:[MD5.755A7A382C1CE9BCFDE001DC8317EBA5] - 15-11-2014 - 19:22:16 ---A- . (...) -- C:\zoek-results2014-11-15-182216.log [877] O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 15-11-2014 - 20:56:12 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064] O44 - LFC:[MD5.9EAC4C3C6327ABF82AAD7F9D3F027C26] - 15-11-2014 - 21:13:23 ---A- . (...) -- C:\zoek-results.log [50380] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 17-11-2014 - 19:04:21 ---A- . (...) -- C:\Windows\System32\Drivers\lvuvc.hs [0] O44 - LFC:[MD5.B91D4F7818FBE20292D46638357D7A75] - 18-11-2014 - 18:05:10 ---A- . (...) -- C:\Windows\System32\lvcoinst.log [34684] ~ Files: 126 Legitimates Filtered in 00mn 04s ---\\ Laatste bestanden die zijn gemaakt in Windows Prefetcher (O45) O45 - LFCP:[MD5.FAD0A269457110AB45DC543699D3457B] - 9-10-2014 - 17:31:52 ---A- - C:\Windows\Prefetch\STORMWATCHBROWSER.EXE-D1B35635.pf =>PUP.StormWatch O45 - LFCP:[MD5.598D6839E55450936F967A209E72E318] - 6-10-2014 - 23:03:10 ---A- - C:\Windows\Prefetch\WAJAMINTERNETENHANCERSERVICE.-85203576.pf =>PUP.Wajam ~ Prefetcher: 2 Legitimates Filtered in 00mn 00s ---\\ Activiteiten en functies bij het opstarten van Windows Verkenner (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Controle van veilige Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.) ~ CSB: 19 Legitimates Filtered in 00mn 00s ---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Opsomming van de registersleutel PoliciesExplorer (CÖKVI) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Overzicht van de drivers (SDL) (O58) O58 - SDL:13-8-2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624] O58 - SDL:27-9-2014 - 12:54:39 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [386680] O58 - SDL:22-1-2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800] O58 - SDL:22-1-2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080] O58 - SDL:22-8-2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072] ~ Drivers: 61 Legitimates Filtered in 00mn 03s ---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61) O61 - LFC: 11-11-2014 - 22:15:15 ---A- . (.Burnaware.) -- C:\Users\M. Robbescheuten\Downloads\BurnAware Premium 76 Multilingual Nederlands\burnaware_premium.exe [7987248] O61 - LFC: 15-11-2014 - 22:15:13 ---A- . (...) -- C:\Users\M. Robbescheuten\Desktop\RSIT.exe [1107968] O61 - LFC: 15-11-2014 - 22:15:13 ---A- . (...) -- C:\Users\M. Robbescheuten\Desktop\zoek.exe [1294848] O61 - LFC: 16-11-2014 - 22:15:16 ---A- . (.CAM Development.) -- C:\Users\M. Robbescheuten\Downloads\Label Designer Plus DELUXE 11600\Citp\ldpd.exe [4842056] O61 - LFC: 16-11-2014 - 22:15:16 ---A- . (.CAM Development.) -- C:\Users\M. Robbescheuten\Downloads\Label Designer Plus DELUXE 11600\ldpd11_setup.exe [4498544] O61 - LFC: 16-11-2014 - 22:15:25 ---A- . (.CAM Development.) -- C:\Users\M. Robbescheuten\Downloads\SOFTWARE\Print Designer GOLD 11600\Citp\pdg.exe [4839496] O61 - LFC: 16-11-2014 - 22:15:25 ---A- . (.CAM Development.) -- C:\Users\M. Robbescheuten\Downloads\SOFTWARE\Print Designer GOLD 11600\pdg11_setup.exe [5118736] O61 - LFC: 17-11-2014 - 22:15:13 ---A- . (...) -- C:\Users\M. Robbescheuten\Desktop\adwcleaner_4.101.exe [2140160] O61 - LFC: 18-11-2014 - 22:15:10 ---A- . (...) -- C:\Users\M. Robbescheuten\AppData\Local\Microsoft\Windows\INetCache\IE\BF9TV6YQ\urlblockindex[2].bin [16] ~ 225 Fichiers temporaires (Temporary files) ~ Files: 13 Legitimates Filtered in 00mn 19s ---\\ Lijst van cleaning tools (CLAB) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman O63 - Logiciel: RSIT - (.random/random.) ~ ADS: Scanned in 00mn 00s ---\\ Startmenu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Zoek "infecties in internetbrowsers (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {9DD089FE-3DBF-407D-97C1-B219EA7CE64C} [DefaultScope] - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Geeft een opsomming van bestanden Crack & Keygen (KKF) (O82) C:\Users\M. Robbescheuten\Downloads\Corel Draw Graphics Suite X72 -WIN64nzb\Crack\Keygen.exe =>.Crack,Keygen C:\Users\M. Robbescheuten\Downloads\SOFTWARE\ArtWeaver Plus 2 KeyGen (DrawPhotoshop)\ArtweaverPlus.exe =>.Crack,Keygen C:\Users\M. Robbescheuten\Downloads\SOFTWARE\ArtWeaver Plus 2 KeyGen (DrawPhotoshop)\keymaker.exe =>.Crack,Keygen C:\Users\M. Robbescheuten\Downloads\Corel Draw Graphics Suite X72 -WIN64nzb\Crack\Keygen.exe =>.Crack,Keygen C:\Users\M. Robbescheuten\Downloads\SOFTWARE\ArtWeaver Plus 2 KeyGen (DrawPhotoshop)\ArtweaverPlus.exe =>.Crack,Keygen C:\Users\M. Robbescheuten\Downloads\SOFTWARE\ArtWeaver Plus 2 KeyGen (DrawPhotoshop)\keymaker.exe =>.Crack,Keygen ~ Files: Scanned in 00mn 49s ---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84) [MD5.6504113C2218667814D4F54847BA046A] [SPRF][17-11-2014] (.No owner - Aut2Exe.) -- C:\Users\M. Robbescheuten\Desktop\adwcleaner_4.101.exe [2140160] [MD5.8685FAF50C04F9A9C2F56FF64B0B7ACB] [SPRF][15-11-2014] (...) -- C:\Users\M. Robbescheuten\Desktop\RSIT.exe [1107968] [MD5.BEDB5DA3735FF0E6578A8CA2FC305A60] [SPRF][15-11-2014] (...) -- C:\Users\M. Robbescheuten\Desktop\zoek.exe [1294848] ~ Files: 4 Legitimates Filtered in 00mn 00s ---\\ Microsoft Installer-bestanden (WIS) (NTFS) (O93) [MD5.48266154B281DC50EFBCC4B6A03B3E79] [WIS][27-8-2014] (.LPT - LPT System Updater Service.) -- C:\Windows\Installer\24a6841.msi [2138112] =>Adware.IncrediBar ~ WIS: 1 Legitimates Filtered in 00mn 03s ---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt) SS - | Demand 12-7-2012 174160 | (EgisTec Ticket Service) . (.Egis Technology Inc..) - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe SS - | Demand 7-8-2008 3276800 | (FirebirdServerMAGIXInstance) . (.MAGIX®.) - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe SS - | Auto 10-7-1658 0 | (FolderImportPrivacy.exe) . (...) - C:\Users\M. Robbescheuten\AppData\Local\FolderImportPrivacy\FolderImportPrivacy.exe SS - | Auto 11-5-2012 200728 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe SS - | Auto 11-5-2012 200728 | (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe SS - | Auto 11-5-2012 200728 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe SS - | Auto 11-5-2012 200728 | (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe SS - | Auto 11-5-2012 200728 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe SS - | Auto 11-5-2012 200728 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe SS - | Auto 11-5-2012 200728 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe SS - | Demand 10-7-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SS - | Demand 22-8-2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 19-3-2012 43072 | (ADExchange) . (.ArcSoft, Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe SR - | Auto 9-10-2012 2449552 | (CCDMonitorService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe SR - | Auto 25-7-2012 90640 | (CLHNServiceForPowerDVD12) . (.CyberLink Corp..) - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe SR - | Auto 25-7-2012 78352 | (CyberLink PowerDVD 12 Media Server Monitor Service) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe SR - | Auto 25-7-2012 295440 | (CyberLink PowerDVD 12 Media Server Service) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe SR - | Auto 12-9-2013 1337752 | (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe SR - | Demand 23-8-2012 658576 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe SR - | Auto 27-8-2009 1253376 | (Fabs) . (.MAGIX AG.) - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe SR - | Auto 11-9-2014 242912 | (FoxitCloudUpdateService) . (.Foxit Software Inc..) - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe SR - | Auto 13-7-2012 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe SR - | Auto 20-6-2012 634632 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Auto 19-7-2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SR - | Auto 19-7-2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 11-5-2012 200728 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe SR - | Auto 22-6-2012 237920 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe SR - | Auto 22-6-2012 218320 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe SR - | Auto 22-6-2012 177144 | (mfevtp) . (.McAfee, Inc..) - C:\windows\system32\mfevtps.exe SR - | Auto 31-7-2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe SR - | Auto 31-7-2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 31-7-2012 382312 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 19-7-2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Demand 10-7-1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe SR - | Demand 10-7-1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe SR - | Auto 10-8-2012 147704 | ({73526619-C24F-470B-9BED-53D455FBB5C6}) . (.CyberLink Corp..) - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl ~ Services: Scanned in 00mn 07s ---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80) Run by M. Robbescheuten at 18-11-2014 22:16:33 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80) Written by ad13, http://ad13.geekstog Run by M. Robbescheuten at 18-11-2014 22:16:35 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Lijst van CD/DVD emulators (MBR Hook) O58 - SDL:27-9-2014 - 12:54:39 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [386680] ~ Emulateurs: Scanned in 00mn 02s ---\\ Extra scan (O88) Database Version : 13026 - (15-11-2014) Clés trouvées (Keys found) : 1 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 1 Fichiers trouvés (Files found) : 2 [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SiteFinder] =>Adware.ShoppingReport^ C:\Users\M. Robbescheuten\Downloads\Software =>Adware.Boxore [HKCU\Software\ForumerIT] =>Toolbar.Forumer^ C:\Windows\Installer\24a6841.msi =>Adware.IncrediBar^ ~ Additionnel Scan: 388592 Items scanned in 00mn 16s ---\\ Additional information about modules ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, proxybeheer (R5) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Toepassingen gestart door register & bestand (O4) ~ AMI: 2 Legitimates Filtered in 00mn 00s ---\\ Samenvatting van detecties gevonden op uw werkstation http://nicolascoolman.fr/adware-shoppingreport =>Adware.ShoppingReport http://nicolascoolman.fr/toolbar-forumer =>Toolbar.Forumer http://www.nicolascoolman.fr/blog/ =>PUP.StormWatch http://nicolascoolman.fr/pup-wajam =>PUP.Wajam http://nicolascoolman.fr/adware-incredibar =>Adware.IncrediBar http://nicolascoolman.fr/adware-boxore =>Adware.Boxore ~ MSI: 6 link(s) detected in 00mn 00s ~ 949 Legitimates filtered by white list End of the scan (460 lines in 02mn 10s)(6)