~ Verslag van ZHPDiag v2014.12.24.177 - Nicolas Coolman  (21/12/2014)
~ Gelanceerd door robke (26/12/2014 9:33:10)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Het adres van de webforum : http://forum.nicolascoolman.fr
~ Vertaald door de gebruiker
~ Staat van de versie : New version available
~  Lijst wit : Ingeschakeld door het programma
~ Tot misbruik van bevoegdheden : OK
~ Gebruikersaccountbeheer (UAC) : Activate by user


---\\ Internet-browsers
MSIE: Internet Explorer v7.0.6001.18000
GCIE: Google Chrome v39.0.2171.95 (Defaut)

---\\ Windows productinformatie
~ Langage: Néerlandais
Windows Vista (TM) Home Premium, 32-bit Service Pack 1 (Build 6001)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK

---\\ Software om het systeem te beveiligen
Malwarebytes Anti-Malware versie 2.0.4.1028
Microsoft Security Client v4.6.0305.0

---\\ Systeem optimalisatie software
CCleaner v3.27

---\\ Delen van software PeerToPeer

---\\ Software die extra aandacht behoeft
Adobe Flash Player 15 Plugin
Adobe Reader 8.1.2 Security Update 1

---\\ Informatie over het systeem
~ Processor: x86 Family 15 Model 104 Stepping 1, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1790 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 22 GB (32%) free of 67 GB

---\\ Verbinding met het systeem-modus
~ Computer Name: PC_VAN_ROBKE
~ User Name: robke
~ All Users Names: robke, Gast, ASPNET, Administrator, 
~ Unselected Option: None
Logged in as Administrator

---\\ Omgevingsvariabelen
~ System Unit : C:\
~ %AppZHP% : C:\Users\robke\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\robke\AppData\Roaming\
~ %Desktop% : C:\Users\robke\Desktop\
~ %Favorites% : C:\Users\robke\Favorites\
~ %LocalAppData% : C:\Users\robke\AppData\Local\
~ %StartMenu% : C:\Users\robke\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Overzicht vaste en verwisselbare stations
C: Hard drive, Flash drive, Thumb drive (Free 22 Go of 67 Go)
D: CD-ROM drive (Not Inserted)



---\\ Staat van het Windows Beveiligingscentrum
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: Modified
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Zoeken naar bepaalde algemene bestanden
[MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] - (.Microsoft Corporation - Windows Verkenner.) (.29/10/2008 - 7:29:41.) -- C:\Windows\Explorer.exe [2927104]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.19/01/2008 - 8:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.76C9A358D176DD7904C8A72BB7235608] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.9/03/2010 - 17:28:40.) -- C:\Windows\System32\wininet.dll [833024]
[MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.19/01/2008 - 8:33:37.) -- C:\Windows\System32\Winlogon.exe [314880]
[MD5.48EB99503533C27AC6135648E5474457] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:16:42.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.2D9C903DC76A66813D350A562DE40ED9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.19/01/2008 - 8:41:30.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 6:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.1EC25CEA0DE6AC4718BF89F9E1778B57] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.19/01/2008 - 6:49:51.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.A3E9FA213F443AC77C7746119D13FEEC] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:24:14.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.C87B1EE051C0464491C1A7B03FA0BC99] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.19/01/2008 - 5:30:49.) -- C:\Windows\system32\Drivers\HDAudBus.sys [53760]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.19/01/2008 - 6:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 6:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.5734A0F2BE7E495F7D3ED6EFD4B9F5A1] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 13:49:35.) -- C:\Windows\system32\Drivers\MRxSmb.sys [105984]
[MD5.7C5FEE5B1C5728507CD96FB4A13E7A02] - (.Microsoft Corporation - MBT Transport driver.) (.19/01/2008 - 6:55:35.) -- C:\Windows\system32\Drivers\netBT.sys [184320]
[MD5.B4EFFE29EB4F15538FD8A9681108492D] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.19/01/2008 - 8:43:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1081912]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.2/11/2006 - 9:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 6:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.031E6BCD53C9B2B9ACE111EAFEC347B6] - (.Microsoft Corporation - SMB Transport driver.) (.19/01/2008 - 6:55:27.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.D09276B1FAB033CE1D40DCBDF303D10F] - (.Microsoft Corporation - TDI Translation Driver.) (.19/01/2008 - 6:55:58.) -- C:\Windows\system32\Drivers\tdx.sys [71680]
[MD5.D8B4A53DD2769F226B3EB374374987C9] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.19/01/2008 - 8:42:48.) -- C:\Windows\system32\Drivers\volsnap.sys [227896]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Status van de verborgen bestanden (verborgen/totaal)
~ Mes images (My Pictures) : 1/1261
~ Mes musiques (My Musics) : 1/89
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/37
~ Mes Documents (My Documents) : 2/111
~ Mon Bureau (My Desktop) : 1/18
~ Menu demarrer (Programs) : 1/27
~ Hidden Files:  Scanned in 00mn 00s



---\\ Gestarte processen
[MD5.E4E99677636EF949B546A1751C9B3A35] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe   [845360] [PID.2612]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe   [0] [PID.2680]
[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe   [53472] [PID.3864]
[MD5.88412F8968F43B7C51F8F4EAC98A0558] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [8144384] [PID.840]
[MD5.F96EBC5A624349D81DCC7600A3C5DC43] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe   [69120] [PID.3984]
[MD5.A4B109D057E15A438CE74E5B71187417] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe   [22192] [PID.944]
[MD5.0BA91E1358AD25236863039BB2609A2E] - (.Microsoft Corporation - Microsoft Software Licensing Service.) -- C:\Windows\system32\SLsvc.exe   [2623488] [PID.1292]
~ Processes Running:  Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3)
C:\Users\robke\AppData\Roaming\Mozilla\Firefox\Profiles\yr4xnxgp.default\prefs.js
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\Plugins\NPSWF32.dll
~ Firefox Browser: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, start, zoeken, URLSearchHook, Phishing (R0, R1, R3, R4)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, proxybeheer (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys:  Scanned in 00mn 00s



---\\ Hosts-bestand omleiding (O1)
~ Le fichier hôte est sain (The hosts file is clean) (20)
~ Hosts File:  Scanned in 00mn 00s



---\\ Toepassingen gestart door register &amp; bestand (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe 
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe 
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
O4 - HKLM\..\Run: [NvSvc] . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 156.6.) -- C:\Windows\system32\nvsvc.dll 
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll   =>.NVIDIA Corporation
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter 
~ Application:  Scanned in 00mn 00s



---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9)
O9 - Extra button: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ ActiveX-objecten (Downloaded Program Files) (O16)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} ((no name)) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ((no name)) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
~ Objets ActiveX:  Scanned in 00mn 00s



---\\ Domeinadres van de DNS (O17) wijzigen
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DAFC38E-4274-49EA-864D-B1E448B81AC6}: DhcpNameServer = 195.130.131.132 195.130.130.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{2ACE56C9-4C66-416C-A0E3-29C7DC6A5F27}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DAFC38E-4274-49EA-864D-B1E448B81AC6}: DhcpNameServer = 195.130.131.132 195.130.130.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{2ACE56C9-4C66-416C-A0E3-29C7DC6A5F27}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1DAFC38E-4274-49EA-864D-B1E448B81AC6}: DhcpNameServer = 195.130.131.132 195.130.130.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{2ACE56C9-4C66-416C-A0E3-29C7DC6A5F27}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.132 195.130.130.4
~ Domain:  Scanned in 00mn 00s



---\\ Aanvullend Protocol (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll  =>.Microsoft Corporation
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Registersleutel autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browserbibliotheek met gebruikersinte.) -- C:\Windows\System32\browseui.dll
~ STS/SSO:  Scanned in 00mn 00s



---\\ Geeft een opsomming van de BootExecute (BEX) gegevens (O34)
O34 - HKLM BootExecute: (bootdelete) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s



---\\ Taken die zijn gepland in de automatische modus (O39)
[MD5.4CCD772ADC75A6F284461402BDB32981] [APT] [HDReg] (...) -- C:\Program Files\HDReg\HDRegRem.exe   [24576]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [940]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3723894691-1265959471-2415864850-1002Core   [906]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3723894691-1265959471-2415864850-1002UA   [928]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [884]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [888]
O39 - APT: HDReg - (...) -- C:\Windows\Tasks\HDReg.job   [226]
O39 - APT: HDReg - (...) -- C:\Windows\System32\Tasks\HDReg   [226]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\User_Feed_Synchronization-{FA5BB042-30F9-427A-9F0A-4A90A31DFB6A}   [418]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 03s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BearShare]  =>PUP.BearShare
[HKCU\Software\IncrediMail]
[HKLM\Software\Better Surf Plus]
[HKLM\Software\Better-Surf]  =>PUP.BetterSurf
[HKLM\Software\Client]
[HKLM\Software\RichMediaViewV1]  =>PUP.MediaViewer
[HKLM\Software\WinIo]
~ Key Software: 207 Legitimates Filtered in 00mn 00s



---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 7/07/2008 - 19:32:16 - [] ----D C:\ProgramData\IM
O43 - CFD: 7/07/2008 - 19:31:22 - [] ----D C:\ProgramData\IncrediMail
O43 - CFD: 5/02/2013 - 19:59:07 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD-Writer
O43 - CFD: 2/11/2006 - 13:37:34 - [] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 7/07/2008 - 19:35:31 - [] ----D C:\Users\robke\AppData\Local\IM
O43 - CFD: 11/12/2014 - 17:36:04 - [] ----D C:\Users\robke\AppData\Local\SWDS
O43 - CFD: 29/02/2008 - 17:09:15 - [] ----D C:\Users\robke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeAgostini
~ Program Folder: 168 Legitimates Filtered in 00mn 00s



---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44)
O44 - LFC:[MD5.1916D94C15BA24648E3FDEF734074614] - 16/12/2014 - 15:26:56 ---A- . (...) -- C:\Windows\System32\.crusader   [13568]
O44 - LFC:[MD5.B3635FD088BA2F6F03A276A961BE6ED2] - 16/12/2014 - 20:06:11 ---A- . (.No owner - HitmanPro 3.7 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro37.sys   [35992]
O44 - LFC:[MD5.BE884AD8CF22CD1FC9DC1372C9652BBE] - 18/12/2014 - 20:26:39 ---A- . (...) -- C:\Windows\DtcInstall.log   [468]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 18/12/2014 - 20:29:08 R-HA- . (...) -- C:\Windows\WindowsShell.Manifest   [749]
O44 - LFC:[MD5.D5CB548738E0CB4C74D67653DE0AE31B] - 23/12/2014 - 22:04:43 ---A- . (...) -- C:\zoek-results2014-12-23-210443.log   [22255]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 24/12/2014 - 16:24:34 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]
O44 - LFC:[MD5.1685CFD64E8EA34AE6E79536AC044B2D] - 24/12/2014 - 16:27:40 ---A- . (...) -- C:\zoek-results.log   [27221]
O44 - LFC:[MD5.B2EDF82825D979928AE07CBE9C7A2160] - 24/12/2014 - 8:38:39 ---A- . (...) -- C:\Windows\System32\WsmTxt.xsl   [2426]
O44 - LFC:[MD5.F6D48AE1F578493D2E19DD644B153976] - 24/12/2014 - 8:38:39 ---A- . (...) -- C:\Windows\System32\winrm.vbs   [201184]
O44 - LFC:[MD5.3C436603213561E2E7DD3D4459DBB7D4] - 24/12/2014 - 8:38:39 ---A- . (...) -- C:\Windows\System32\wsmanconfig_schema.xml   [4675]
O44 - LFC:[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - 24/12/2014 - 9:05:53 ---A- . (...) -- C:\Windows\System32\korwbrkr.lex   [11967524]
O44 - LFC:[MD5.1F0DC7DEE80AC47EDC207FAB5ED54DA2] - 24/12/2014 - 9:06:05 ---A- . (...) -- C:\Windows\System32\StructuredQuerySchema.bin   [106605]
O44 - LFC:[MD5.D07E5384D2B4E71F7D49C9F334D69284] - 24/12/2014 - 9:06:05 ---A- . (...) -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin   [18904]
~ Files: 170 Legitimates Filtered in 00mn 25s



---\\ Laatste bestanden die zijn gemaakt in Windows Prefetcher (O45)
O45 - LFCP:[MD5.940CFA81B613172D59E6958BBC868F44] - 16/12/2014 - 14:18:14 ---A- - C:\Windows\Prefetch\DEALPLYLIVE.EXE-7BB1D07F.pf  =>PUP.DealPly
~ Prefetcher: 1 Legitimates Filtered in 00mn 00s



---\\ Controle van veilige Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (.No owner - HitmanPro 3.7 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro37.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (.No owner - HitmanPro 3.7 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro37.sys
~ CSB: 17 Legitimates Filtered in 00mn 00s



---\\ Registersleutel Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{31d5e8d3-d6aa-11e3-b145-00140b4064d7}\AutoRun\command. (...) -- E:\Startme.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Overzicht van de drivers (SDL) (O58)
O58 - SDL:2/11/2006 - 10:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [316520]
O58 - SDL:16/12/2014 - 20:06:11 ---A- . (.No owner - HitmanPro 3.7 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro37.sys   [35992]
O58 - SDL:2/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys   [35944]
O58 - SDL:2/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys   [35944]
O58 - SDL:26/01/2007 - 20:09:40 ---A- . (.Windows (R) 2000 DDK provider - Universal Serial Bus Camera Driver.) -- C:\Windows\System32\Drivers\jl2005c.sys   [68954]
O58 - SDL:2/11/2006 - 10:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys   [235112]
O58 - SDL:2/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys   [98408]
O58 - SDL:2/11/2006 - 10:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys   [115816]
O58 - SDL:2/11/2006 - 8:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
O58 - SDL:2/11/2006 - 8:09:45 ---A- . (...) -- C:\Windows\System32\country.sys   [27097]
O58 - SDL:2/11/2006 - 8:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS   [4768]
O58 - SDL:2/11/2006 - 8:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS   [42809]
O58 - SDL:2/11/2006 - 8:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS   [42537]
O58 - SDL:2/11/2006 - 8:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS   [27866]
O58 - SDL:2/11/2006 - 8:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS   [29146]
O58 - SDL:2/11/2006 - 8:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS   [29370]
O58 - SDL:2/11/2006 - 8:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS   [29274]
O58 - SDL:2/11/2006 - 8:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS   [29146]
O58 - SDL:2/11/2006 - 8:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS   [33952]
O58 - SDL:2/11/2006 - 8:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS   [34672]
O58 - SDL:2/11/2006 - 8:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS   [35776]
O58 - SDL:2/11/2006 - 8:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS   [35536]
O58 - SDL:2/11/2006 - 8:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS   [34672]
O58 - SDL:4/01/2007 - 11:15:08 ---A- . (.http://www.internals.com - WinIo.) -- C:\Windows\System32\WinIo.sys   [9336]
~ Drivers: 79 Legitimates Filtered in 00mn 12s



---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61)
O61 - LFC: 20/12/2014 - 9:34:32 ---A- . (...) -- C:\Users\robke\AppData\Local\Google\Chrome\User Data\nacl_validation_cache.bin   [128]
O61 - LFC: 24/12/2014 - 9:34:32 ---A- . (...) -- C:\Users\robke\AppData\Local\Microsoft\Windows\1043\StructuredQuerySchema.bin   [199458]
O61 - LFC: 24/12/2014 - 9:34:34 ---A- . (...) -- C:\Users\robke\Desktop\AdwCleaner.exe   [2173952]
~ 15 Fichiers temporaires (Temporary files)
~ 1448 Fichiers cookies (Cookies files)
~ Files: 7 Legitimates Filtered in 00mn 03s



---\\ Lijst van cleaning tools (CLAB) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
O63 - Logiciel: RSIT - (.random/random.)
~ ADS:  Scanned in 00mn 00s



---\\ Bestandsassociaties mogelijk aangepast (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s



---\\ Startmenu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Zoek "infecties in internetbrowsers (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {70D46D94-BF1E-45ED-B567-48701376298E} - (Google Desktop) - http://127.0.0.1:4664/search&s=2Ptl7vgAfzmJU5zw-WWfL0HODTc?q={searchTerms}
O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Bing) - http://www.bing.com
~ Keys:  Scanned in 00mn 00s



---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84)
[MD5.4C808B5009557B03806EC40179C4B60B] [SPRF][26/12/2014] (...) -- C:\Users\robke\AppData\Roaming\nvModes.dat   [27335]
[MD5.9208E5A0A844FCCB39B5252C07B4E860] [SPRF][24/12/2014] (.No owner - Aut2Exe.) -- C:\Users\robke\Desktop\AdwCleaner.exe   [2173952]
[MD5.2C0D23DDB20B92B938499A59630BAED3] [SPRF][7/12/2014] (...) -- C:\Users\robke\Desktop\zoek.exe.com   [1429293]
~ Files: 10 Legitimates Filtered in 00mn 04s



---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt)
SS - | Demand 10/12/2014 267440 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 26/08/2010 30192 |  (GoogleDesktopManager-051210-111108) . (.Google.) - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
SS - | Auto 24/12/2014 107912 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 24/12/2014 107912 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 21/08/2012 194032 |  (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 22/10/2004 73728 |  (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Auto 3/04/2014 315008 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/08/2014 22192 |  (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 18s



---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by robke at 26/12/2014 9:35:21
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
1 ntkrnlpa!IofCallDriver[0x81CCEFEF] >> \Device\Harddisk0\DR0[0x852487D0]
kernel: MBR read successfully
user & kernel MBR OK 
~ MBR: 13 Legitimates Filtered in 00mn 02s



---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80)
Written by ad13, http://ad13.geekstog
Run by robke at 26/12/2014 9:35:23
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 04s



---\\ Extra scan (O88)
Database Version : 13026 - (21/12/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 3

[HKCU\Software\BearShare]   =>PUP.BearShare^
[HKLM\Software\Better-Surf]   =>PUP.BetterSurf^
[HKLM\Software\RichMediaViewV1]   =>PUP.MediaViewer^
~ Additionnel Scan: 221909 Items scanned in 00mn 28s



---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/  =>.Internet Explorer, proxybeheer (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/  =>.Toepassingen gestart door register &amp; bestand (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/  =>.Registersleutel Shell MountPoints2 (MPSK) (O51)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Samenvatting van detecties gevonden op uw werkstation
http://nicolascoolman.fr/pup-bearshare  =>PUP.BearShare
http://nicolascoolman.fr/pup-bettersurf  =>PUP.BetterSurf
http://www.nicolascoolman.fr/blog/  =>PUP.MediaViewer
http://nicolascoolman.fr/pup-dealply  =>PUP.DealPly
~ MSI: 4 link(s) detected in 00mn 00s



~ 866 Legitimates filtered by white list
End of the scan (453 lines in 02mn 43s)(0)