~ Verslag van ZHPDiag v2015.4.13.38 - Nicolas Coolman (13/04/2015) ~ Gelanceerd door Laurens (16/04/2015 9:21:23) ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ Het adres van de webforum : http://forum.nicolascoolman.fr ~ Vertaald door de gebruiker ~ Staat van de versie : Aktualisierte Version. ~ Lijst wit : Ingeschakeld door het programma ~ Tot misbruik van bevoegdheden : OK ~ Gebruikersaccountbeheer (UAC) : Activate by user ---\\ Internet-browsers MSIE: Internet Explorer v10.0.9200.17296 MFIE: Mozilla Firefox 37.0.1 (Defaut) ---\\ Windows productinformatie ~ Langage: Néerlandais Windows Server License Manager Script : OK Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) ---\\ Software om het systeem te beveiligen Emsisoft Anti-Malware McAfee Security Scan Plus v3.8.150.1 Windows Defender W7 (Activate) ---\\ Systeem optimalisatie software CCleaner v3.13 ---\\ Delen van software PeerToPeer ---\\ Software die extra aandacht behoeft Adobe Flash Player 17 NPAPI Adobe Reader XI Java 7 Update 45 (64-bit) ---\\ Informatie over het systeem ~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 2940 MB (33% free) System Restore: Activé (Enable) System drive C: has 10 GB (8%) free of 116 GB ---\\ Verbinding met het systeem-modus ~ Computer Name: USER-TOSH ~ User Name: Laurens ~ All Users Names: User, Laurens, HomeGroupUser$, Gast, Administrator, ~ Unselected Option: None Logged in as Administrator ---\\ Omgevingsvariabelen ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Laurens\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Laurens\AppData\Roaming\ ~ %Desktop% : C:\Users\Laurens\Desktop\ ~ %Favorites% : C:\Users\Laurens\Favorites\ ~ %LocalAppData% : C:\Users\Laurens\AppData\Local\ ~ %StartMenu% : C:\Users\Laurens\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Overzicht vaste en verwisselbare stations C: Hard drive, Flash drive, Thumb drive (Free 10 Go of 116 Go) D: Hard drive, Flash drive, Thumb drive (Free 38 Go of 116 Go) E: CD-ROM drive (Not Inserted) ---\\ Staat van het Windows Beveiligingscentrum [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 46 Legitimates Filtered in 00mn 00s ---\\ Zoeken naar bepaalde algemene bestanden [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Verkenner.) (.25/02/2011 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14/07/2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.11306EED81A8F0A48AFBB3960FFAD07E] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.10/03/2015 - 6:28:47.) -- C:\Windows\System32\wininet.dll [2237952] [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.17/07/2014 - 3:07:24.) -- C:\Windows\System32\Winlogon.exe [455168] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 7:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14/07/2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.24/01/2014 - 3:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14/07/2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 2:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 01s ---\\ Status van de verborgen bestanden (verborgen/totaal) ~ Mes images (My Pictures) : 2/4 ~ Mes musiques (My Musics) : 3/14082 ~ Mes Videos (My Videos) : 1/520 ~ Mes Favoris (My Favorites) : 1/27 ~ Mes Documents (My Documents) : 1/108 ~ Mon Bureau (My Desktop) : 1/2014 ~ Menu demarrer (Programs) : 1/33 ~ Hidden Files: Scanned in 00mn 23s ---\\ Gestarte processen [MD5.A7E406711790197712D376B44A9FBB0B] - (.TOSHIBA CORPORATION - ConfigFree Task Tray Menu.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [304496] [PID.5016] [MD5.8A07221789D46B2EA7DFCA2BC807572A] - (.TOSHIBA CORPORATION - ConfigFree Switch Manager Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe [62848] [PID.1292] [MD5.3446EFE5B35A7478CA26932084F2E1C6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8197120] [PID.5228] [MD5.BFC9B9FDFDEA8DFA86239ED8F961528E] - (.Emsisoft GmbH - Emsisoft Protection Service.) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5020520] [PID.1184] [MD5.4C72FDD915D62EAEF149BD9C73AB9CF4] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1772] [MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.1808] [MD5.A5BEA0E5C297F5F3835638A87E512FBA] - (.Creative Technology Ltd - CTDevSrv Window Service Application.) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440] [PID.1884] [MD5.7D2633295EB6FF2B938185874884059D] - (.Nero AG - Nero BackItUp.) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208] [PID.1240] [MD5.67AABA0E9372C9CD340C719D33F20EB4] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568] [PID.1388] [MD5.DF23E379C825484CA5472F94D3A761C5] - (.RealNetworks, Inc. - RealPlayer Cloud Service.) -- c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848] [PID.1752] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.2068] [MD5.72989631E59FC624C360A30DB31AC22A] - (...) -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552] [PID.2096] [MD5.E87213F37A13E2B54391E40934F071D0] - (.Microsoft Corporation - .NET Runtime Optimization Service.) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [105144] [PID.252] [MD5.CAB0EEAF5295FC96DDD3E19DCE27E131] - (.TOSHIBA CORPORATION - ConfigFree Service Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [46448] [PID.3264] ~ Processes Running: Scanned in 00mn 02s ---\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3) M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi M0 - MFSP: prefs.js [Laurens - kic4cxak.default-1428649081503] about:blank =>PUP.LaurensCustomized P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll P2 - FPN: [HKCU] [vasco.com/VascoCardReaderPlugin] - (.VASCO Data Security - VASCO Card Reader Plugin.) -- C:\Users\Laurens\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin.dll =>PUP.LaurensCustomized P2 - FPN: [HKCU] [vasco.com/VascoCardReaderPlugin64] - (.VASCO Data Security - VASCO Card Reader Plugin.) -- C:\Users\Laurens\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll =>PUP.LaurensCustomized ~ Firefox Browser: 32 Legitimates Filtered in 00mn 01s ---\\ Internet Explorer, start, zoeken, URLSearchHook, Phishing (R0, R1, R3, R4) R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab ~ IE Browser: 20 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, proxybeheer (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts-bestand omleiding (O1) ~ Le fichier hôte est sain (The hosts file is clean) (21) ~ Hosts File: Scanned in 00mn 00s ---\\ Internet Explorer werkbalken (O3) O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Andere Verwijzigingen gebruikers (O4) O4 - GS\QuickLaunch [Laurens]: Inkscape.lnk . (.inkscape.org - Inkscape.) -- C:\Program Files (x86)\Inkscape\inkscape.exe =>PUP.LaurensCustomized O4 - GS\QuickLaunch [Laurens]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe =>PUP.LaurensCustomized O4 - GS\QuickLaunch [Laurens]: SoMud.lnk . (...) -- C:\Program Files (x86)\SoMud\somud.exe =>PUP.LaurensCustomized O4 - GS\TaskBar [Laurens]: Creative Centrale.lnk . (.Creative Technology Ltd - Creative Centrale.) -- C:\Program Files (x86)\Creative\Creative Centrale\Centrale.exe =>PUP.LaurensCustomized O4 - GS\TaskBar [Laurens]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>PUP.LaurensCustomized O4 - GS\TaskBar [Laurens]: RawTherapee.lnk . (...) -- C:\Program Files\RawTherapee3.0.1\rawtherapee.exe =>PUP.LaurensCustomized O4 - GS\Program [Laurens]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe =>PUP.LaurensCustomized O4 - GS\Program [Laurens]: SmartDraw 2014.lnk . (.SmartDraw.com - SmartDraw Executable.) -- C:\Program Files (x86)\SmartDraw 2014\SmartDraw.exe =>PUP.LaurensCustomized O4 - GS\SystemTools [Laurens]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe =>PUP.LaurensCustomized ~ Global Startup: 33 Legitimates Filtered in 00mn 11s ---\\ Toepassingen gestart door register & bestand (O4) O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [cAudioFilterAgent] . (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) -- C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe O4 - HKLM\..\Run: [SmartAudio] . (.No owner - SAIICpl MFC Application.) -- C:\Program Files\CONEXANT\SAII\SAIICpl.exe O4 - HKLM\..\Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.exe (.not file.) O4 - HKLM\..\Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe (.not file.) O4 - HKLM\..\Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe (.not file.) O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\Run: [TosVolRegulator] . (.TOSHIBA Corporation - Toshiba Volume Regulator.) -- C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe =>.Toshiba Corporation O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe (.not file.) O4 - HKLM\..\Wow6432Node\Run: [ToshibaServiceStation] . (.TOSHIBA Corporation - TOSHIBA Service Station.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe =>.Toshiba Corporation O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee.) -- C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe =>.Toshiba Corporation O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-3635746246-4039717782-239317034-1004\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe (.not file.) ~ Application: Scanned in 00mn 03s ---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9) O9 - Extra button: &Verzenden naar OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.) O9 - Extra button: &Gekoppelde notities van OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.) ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Domeinadres van de DNS (O17) wijzigen O17 - HKLM\System\CCS\Services\Tcpip\..\{6D4BAD3C-990F-40DD-B2EC-A6DFAC071A7F}: DhcpNameServer = 195.130.131.4 195.130.130.132 O17 - HKLM\System\CS1\Services\Tcpip\..\{6D4BAD3C-990F-40DD-B2EC-A6DFAC071A7F}: DhcpNameServer = 195.130.131.4 195.130.130.132 O17 - HKLM\System\CS2\Services\Tcpip\..\{6D4BAD3C-990F-40DD-B2EC-A6DFAC071A7F}: DhcpNameServer = 195.130.131.4 195.130.130.132 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.4 195.130.130.132 ~ Domain: Scanned in 00mn 00s ---\\ Aanvullend Protocol (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ AppInit_DLLs waarde en subsleutels Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Lijst van niet-Microsoft NT services die niet uitgeschakeld zijn (O23) O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) . (...) - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe ~ Services: 28 Legitimates Filtered in 00mn 42s ---\\ Taken die zijn gepland in de automatische modus (O39) [MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [disco_games_notification_service] (...) -- C:\Program Files (x86)\disco games\disco_games_notification_service.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [{EDD1E00A-89D5-4591-AFB7-345169E39BAF}] (...) -- C:\Laurenss\Laurens\Downloads\2360(1)\Support\SETUP.exe (.not file.) [0] =>PUP.LaurensCustomized O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [940] O39 - APT: disco_games_notification_service - (...) -- C:\Windows\Tasks\disco_games_notification_service.job [1324] =>PUP.CrossRider O39 - APT: disco_games_notification_service - (...) -- C:\Windows\System32\Tasks\disco_games_notification_service [1324] =>PUP.CrossRider O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056] O39 - APT: - (..) -- C:\Windows\System32\Tasks\SDMsgUpdate (Local) [484] O39 - APT: - (..) -- C:\Windows\System32\Tasks\SDMsgUpdate (TE) [476] ~ Scheduled Task: 26 Legitimates Filtered in 00mn 14s ---\\ Geïnstalleerde software (O42) O42 - Logiciel: Stuurprogrammapakket voor Windows - Fedict SmartCard (03/25/2014 4.0.7.4) - (.Fedict.) [HKLM][64Bits] -- B02255EDA75F867B4D85C5A5D23E13D9EF71E8AE O42 - Logiciel: VASCO Card Reader Plug-In (64-Bit) - (.VASCO Data Security.) [HKLM][64Bits] -- {47659F12-27AE-6400-9B8A-2BD803020302} ~ Logic: 36 Legitimates Filtered in 00mn 02s ---\\ HKCU & HKLM Software Keys [HKCU\Software\AMIJ] [HKCU\Software\LC Technology] [HKCU\Software\RootGenius] [HKCU\Software\VASCO] [HKCU\Software\i2KP16dgfO6HxP1w7u6] [HKLM\Software\Wow6432Node\DRWNewFree] [HKLM\Software\Wow6432Node\SiteFinder] =>Adware.ShoppingReport ~ Key Software: 400 Legitimates Filtered in 00mn 02s ---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43) O43 - CFD: 9/04/2015 - 16:58:55 - [] ----D C:\ProgramData\boost_interprocess O43 - CFD: 31/01/2015 - 12:35:48 - [] ----D C:\ProgramData\SmmartCompiare =>PUP.SmartCompare O43 - CFD: 4/02/2011 - 17:35:08 - [] --H-D C:\ProgramData\{26D901A1-2540-4430-81DC-0317F01BD7BE} O43 - CFD: 22/11/2012 - 17:16:31 - [] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} O43 - CFD: 19/02/2011 - 20:13:56 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Sound Recorder O43 - CFD: 5/07/2014 - 13:30:03 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID O43 - CFD: 20/04/2010 - 15:52:07 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Service O43 - CFD: 14/07/2009 - 11:55:40 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 13/08/2014 - 15:57:21 - [] ----D C:\Users\Laurens\AppData\Roaming\VASCO =>PUP.LaurensCustomized ~ Program Folder: 250 Legitimates Filtered in 00mn 04s ---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44) O44 - LFC:[MD5.4E226B090E8D1799B62AD490CFC45DD7] - 14/04/2015 - 11:41:09 ---A- . (...) -- C:\zoek-results2015-04-14-104109.log [36536] O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 14/04/2015 - 16:03:40 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064] O44 - LFC:[MD5.C46F7F67E39E5A4A64CC4B267DD7A1E2] - 14/04/2015 - 16:59:47 ---A- . (...) -- C:\zoek-results.log [29425] ~ Files: 130 Legitimates Filtered in 00mn 20s ---\\ Laatste bestanden die zijn gemaakt in Windows Prefetcher (O45) O45 - LFCP:[MD5.88B9835AD2E792AA05AB052E108C9970] - 14/04/2015 - 23:26:25 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-96C1B22D.pf =>P2P.µTorrent ~ Prefetcher: 1 Legitimates Filtered in 00mn 00s ---\\ Controle van veilige Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\mfetdi2k.sys . (...) -- C:\Windows\System32\Drivers\mfetdi2k.sys (.not file.) ~ CSB: 18 Legitimates Filtered in 00mn 00s ---\\ Opsomming van de registersleutel Hkey_local_machine\software\microsoft\shared (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\SoMud [Key] . (...) -- C:\Program Files (x86)\SoMud\somud.exe ~ SMSR Keys: 20 Legitimates Filtered in 00mn 01s ---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1 ~ MWPS: 18 Legitimates Filtered in 00mn 00s ---\\ Opsomming van de registersleutel PoliciesExplorer (CÖKVI) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s ---\\ Overzicht van de drivers (SDL) (O58) O58 - SDL:14/07/2009 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:30/09/2006 - 10:36:14 ---A- . (...) -- C:\Windows\System32\Drivers\pstrip64.sys [13008] O58 - SDL:28/10/2013 - 1:12:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [107288] O58 - SDL:28/10/2013 - 1:12:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [204568] O58 - SDL:28/10/2013 - 1:12:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [204568] O58 - SDL:14/07/2009 - 2:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] ~ Drivers: 74 Legitimates Filtered in 01mn 54s ---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61) O61 - LFC: 13/04/2015 - 9:27:44 ---A- . (...) -- C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\CertUtils\certutil.exe [102400] =>PUP.LaurensCustomized O61 - LFC: 13/04/2015 - 9:27:45 ---A- . (...) -- C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\CertUtils\sqlite3.dll [484864] =>PUP.LaurensCustomized O61 - LFC: 13/04/2015 - 9:27:48 ---A- . (...) -- C:\Users\Laurens\Desktop\RSITx64.exe [1222144] =>PUP.LaurensCustomized O61 - LFC: 14/04/2015 - 9:27:49 ---A- . (...) -- C:\Users\Laurens\Downloads\Game of Thrones - 05x02 - The House of Black and White.exe [391168] =>PUP.LaurensCustomized O61 - LFC: 14/04/2015 - 9:27:49 ---A- . (...) -- C:\Users\Laurens\Downloads\adwcleaner_4.201.exe [2217984] =>PUP.LaurensCustomized O61 - LFC: 9/04/2015 - 9:27:48 ---A- . (...) -- C:\Users\Laurens\Desktop\Oude Firefox-gegevens\ct49jm5d.default-1428592226600\CertUtils\certutil.exe [102400] =>PUP.LaurensCustomized O61 - LFC: 9/04/2015 - 9:27:48 ---A- . (...) -- C:\Users\Laurens\Desktop\Oude Firefox-gegevens\ct49jm5d.default-1428592226600\CertUtils\sqlite3.dll [484864] =>PUP.LaurensCustomized O61 - LFC: 9/04/2015 - 9:27:49 ---A- . (...) -- C:\Users\Laurens\Downloads\Adaware_Installer.exe [2057008] =>PUP.LaurensCustomized O61 - LFC: 9/04/2015 - 9:27:49 ---A- . (...) -- C:\Users\Laurens\Downloads\PANDAFREEAV.exe [1630952] =>PUP.LaurensCustomized ~ 73 Fichiers temporaires (Temporary files) ~ 60 Fichiers cookies (Cookies files) ~ Files: 42 Legitimates Filtered in 00mn 51s ---\\ Lijst van cleaning tools (CLAB) (O63) O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman O63 - Logiciel: RSIT - (.random/random.) ~ ADS: Scanned in 00mn 00s ---\\ Startmenu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Zoek "infecties in internetbrowsers (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84) [MD5.1EDF8948EC79930AD8A624F3F050FE54] [SPRF][5/02/2011] (...) -- C:\ProgramData\ezsidmv.dat [56] [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][21/11/2013] (...) -- C:\Users\Laurens\AppData\Roaming\wklnhst.dat [0] =>PUP.LaurensCustomized [MD5.8045ABB21A3BDD66A48E1ED5C0F0EF6A] [SPRF][13/04/2015] (...) -- C:\Users\Laurens\Desktop\RSITx64.exe [1222144] =>PUP.LaurensCustomized ~ Files: 5 Legitimates Filtered in 00mn 36s ---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt) SS - | Demand 15/04/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 21/05/2008 64000 | (CTUPnPSv) . (.Creative Technology Ltd.) - C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe SS - | Auto 14/04/2015 107848 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 14/04/2015 107848 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 29/11/2012 640912 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 9/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe SS - | Demand 27/02/2015 605472 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe SS - | Demand 10/04/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Auto 11/05/2010 124368 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe =>.Toshiba Corporation SS - | Demand 5/02/2010 137560 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe SR - | Auto 23/03/2015 5020520 | (a2AntiMalware) . (.Emsisoft GmbH.) - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe SR - | Auto 3/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 28/01/2010 249200 | (cfWiMAXService) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe SR - | Auto 10/03/2009 46448 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe SR - | Auto 2/04/2007 61440 | (CTDevice_Srv) . (.Creative Technology Ltd.) - C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe SR - | Auto 11/02/2015 340744 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe SR - | Auto 10/04/2015 154856 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe SR - | Auto 3/03/2015 752232 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe SR - | Auto 22/01/2015 422632 | (mccspsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe SR - | Auto 11/02/2015 340744 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe SR - | Auto 11/02/2015 340744 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe SR - | Auto 11/02/2015 340744 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe SR - | Auto 11/02/2015 340744 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe SR - | Auto 17/02/2015 232656 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe SR - | Auto 1/03/2015 372144 | (mfemms) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe SR - | Auto 17/02/2015 250672 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe SR - | Auto 11/02/2015 340744 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe SR - | Auto 15/01/2010 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe SR - | Auto 30/07/2014 39568 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe SR - | Auto 9/10/2014 1141848 | (RealPlayer Cloud Service) . (.RealNetworks, Inc..) - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe SR - | Auto 30/07/2014 23552 | (RealPlayerUpdateSvc) . (...) - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe SR - | Demand 11/02/2011 54136 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation SR - | Auto 28/07/2009 140632 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe SR - | Auto 5/11/2009 489312 | (TosCoSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 33s ---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80) Run by Laurens at 16/04/2015 9:32:08 =>PUP.LaurensCustomized ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80) Written by ad13, http://ad13.geekstog Run by Laurens at 16/04/2015 9:32:10 =>PUP.LaurensCustomized ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Extra scan (O88) Database Version : 13008 - (13/04/2015) Clés trouvées (Keys found) : 1 Valeurs trouvées (Values found) : 9 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 5 [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit C:\ProgramData\SmmartCompiare =>PUP.SmartCompare^ C:\Users\Laurens\AppData\Roaming\VASCO =>PUP.LaurensCustomized^ C:\Windows\Tasks\disco_games_notification_service.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\disco_games_notification_service =>PUP.CrossRider^ [HKLM\Software\Wow6432Node\SiteFinder] =>Adware.ShoppingReport^ C:\Users\Laurens\AppData\Roaming\wklnhst.dat =>PUP.LaurensCustomized^ C:\Users\Laurens\Desktop\RSITx64.exe =>PUP.LaurensCustomized^ ~ Additionnel Scan: 369881 Items scanned in 04mn 23s ---\\ Additional information about modules ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, proxybeheer (R5) ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer werkbalken (O3) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Toepassingen gestart door register & bestand (O4) ~ AMI: 3 Legitimates Filtered in 00mn 00s ---\\ Samenvatting van detecties gevonden op uw werkstation http://www.nicolascoolman.fr/blog/ =>PUP.LaurensCustomized http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider http://nicolascoolman.fr/adware-shoppingreport =>Adware.ShoppingReport http://www.nicolascoolman.fr/blog/ =>PUP.SmartCompare http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit ~ MSI: 5 link(s) detected in 00mn 00s ~ 1143 Legitimates filtered by white list End of the scan (498 lines in 15mn 12s)(0.6)