~ ZHPCleaner v2017.12.8.213 by Nicolas Coolman (2017/12/08) ~ Run by Eddy (Administrator) (08/12/2017 10:06:22) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Versie OK ~ Certificate ZHPCleaner: Legal ~ Type : Scan ~ Report : C:\Users\Eddy\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Eddy\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home, 64-bit (Build 15063) ---\\ Services (0) ~ Geen schadelijk of onnodig element gevonden. ---\\ Browser internet (1) GEVONDEN Google Chrome Secure Preferences: "http://www.istartsurf.com/?type=hp&ts=1436519452&z=fcba280add550cde0f718fcg5z0c9q8wdg4t3w3zeg&from=obw&uid=WDCXWD3200AAJS-22VWA0_WD-WMARW056162861628" =>Adware.IsStart ---\\ Hosts file (2) GEVONDEN: 0.0.0.1 mssplus.mcafee.com =>Hijacker.Hosts Aantal gevonden redirections 1/42 ---\\ Scheduled automatic tasks. (1) GEVONDEN taak: [AutoKMS] [C:\WINDOWS\Tasks\AutoKMS.job] =>HackTool.AutoKMS ---\\ Explorer ( Bestand, Map) (63) GEVONDEN bestand: C:\Users\Eddy\AppData\Roaming\unins000.exe [ - Setup/Uninstall] =>Adware.Pirrit GEVONDEN bestand: C:\Users\Eddy\AppData\Roaming\unins000.exe [ - Setup/Uninstall] =>Adware.Suspect GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\netsession_win.exe [Akamai Technologies, Inc. - Akamai NetSession Client] =>.SUP.AkamaiHD GEVONDEN bestand: C:\Windows\Tasks\AutoKMS.job =>HackTool.AutoKMS GEVONDEN bestand: C:\Users\Eddy\AppData\Roaming\unins000.exe [ - Setup/Uninstall] =>Adware.GenericTask GEVONDEN bestand: C:\Windows\Prefetch\OFFICE 2010 TOOLKIT.EXE-3B3EE99C.pf =>Hacktool.Office GEVONDEN bestand: C:\Users\Eddy\Downloads\DLLEscort_Setup.exe [ - DLL Escort Setup] =>PUP.Optional.Funmoods GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage =>PUP.Optional.Generic GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal =>PUP.Optional.Generic GEVONDEN bestand: C:\Users\Eddy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk =>.SUP.GoodGameEmpire GEVONDEN bestand: C:\Users\Eddy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk =>.SUP.GoodGameEmpire GEVONDEN bestand: C:\Windows\AutoKMS\AutoKMS.log =>HackTool.AutoKMS GEVONDEN bestand: C:\Program Files (x86)\DLLEscort\DLLEscort.exe =>PUP.Optional.Funmoods GEVONDEN bestand: C:\Program Files (x86)\DLLEscort\icudt52.dll =>PUP.Optional.Funmoods GEVONDEN bestand: C:\Program Files (x86)\DLLEscort\icuin52.dll =>PUP.Optional.Funmoods GEVONDEN bestand: C:\Program Files (x86)\DLLEscort\icuuc52.dll =>PUP.Optional.Funmoods GEVONDEN bestand: C:\Program Files (x86)\DLLEscort\libgcc_s_dw2-1.dll =>PUP.Optional.Funmoods GEVONDEN bestand: C:\Program Files (x86)\DLLEscort\libstdc++-6.dll =>PUP.Optional.Funmoods GEVONDEN bestand: C:\Program Files (x86)\DLLEscort\libwinpthread-1.dll [MingW-W64 Project. All rights reserved. - POSIX WinThreads for Windows] =>PUP.Optional.Funmoods GEVONDEN bestand: C:\Program Files (x86)\DLLEscort\option.ini =>PUP.Optional.Funmoods GEVONDEN map: C:\Program Files (x86)\DLLEscort\imageformats =>PUP.Optional.Funmoods GEVONDEN map: C:\Program Files (x86)\DLLEscort\platforms =>PUP.Optional.Funmoods GEVONDEN map: C:\Program Files (x86)\DLLEscort\SysScan =>PUP.Optional.Funmoods GEVONDEN map: C:\Program Files (x86)\Pinnacle\Shared Files =>.SUP.Empty GEVONDEN map: C:\Program Files (x86)\DLLEscort =>PUP.Optional.Funmoods GEVONDEN map: C:\Program Files (x86)\Pinnacle =>.SUP.Empty GEVONDEN bestand: C:\ProgramData\dllescort\file.dat =>PUP.Optional.Funmoods GEVONDEN bestand: C:\ProgramData\dllescort\option.ini =>PUP.Optional.Funmoods GEVONDEN map: C:\ProgramData\dllescort =>PUP.Optional.Funmoods GEVONDEN bestand: C:\Windows\AutoKMS\AutoKMS.ini =>HackTool.AutoKMS GEVONDEN map: C:\WINDOWS\AutoKMS =>HackTool.AutoKMS GEVONDEN bestand: C:\Users\Eddy\AppData\Roaming\DesktopIconGoodgame\goodgame.ico =>PUP.Optional.Downware GEVONDEN map: C:\Users\Eddy\AppData\Roaming\DesktopIconGoodgame =>PUP.Optional.Downware GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\admintool.exe [Akamai Technologies, Inc. - Akamai NetSession Client Administration Too] =>.SUP.AkamaiHD GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\client.ini =>.SUP.AkamaiHD GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\ControlPanel.exe [Akamai Technologies, Inc. - Akamai NetSession Client Control Panel] =>.SUP.AkamaiHD GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\control_panel.txt =>.SUP.AkamaiHD GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\CplTasks.xml =>.SUP.AkamaiHD GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\euc_state.json =>.SUP.AkamaiHD GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\euc_state.json.bak =>.SUP.AkamaiHD GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\extraroot.pem =>.SUP.AkamaiHD GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\guid.ini =>.SUP.AkamaiHD GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\guid.ini.bak =>.SUP.AkamaiHD GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\installer.txt =>.SUP.AkamaiHD GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\installer.txt.old =>.SUP.AkamaiHD GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\installer_no_upload_silent.exe [Akamai Technologies, Inc. - Akamai NetSession Client Installer] =>.SUP.AkamaiHD GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\netsession_installer.exe [Akamai Technologies, Inc. - Akamai NetSession Client Installer] =>.SUP.AkamaiHD GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\readme.txt =>.SUP.AkamaiHD GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\root.pem =>.SUP.AkamaiHD GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\rswinui.exe [Akamai Technologies, Inc. - Akamai NetSession Client User Interface] =>.SUP.AkamaiHD GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\uninstall.exe [Akamai Technologies, Inc. - Akamai NetSession Client Uninstaller] =>.SUP.AkamaiHD GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\user.dat =>.SUP.AkamaiHD GEVONDEN bestand: C:\Users\Eddy\AppData\Local\Akamai\user.dat.bak =>.SUP.AkamaiHD GEVONDEN bestand: C:\Users\Eddy\AppData\Local\MSfree Inc\kmsauto.ini =>HackTool.WinActivator GEVONDEN map: C:\Users\Eddy\AppData\Local\Akamai\Cache =>.SUP.AkamaiHD GEVONDEN map: C:\Users\Eddy\AppData\Local\Akamai\Languages =>.SUP.AkamaiHD GEVONDEN map: C:\Users\Eddy\AppData\Local\Akamai\Logs =>.SUP.AkamaiHD GEVONDEN map: C:\Users\Eddy\AppData\Local\Akamai =>.SUP.AkamaiHD GEVONDEN map: C:\Users\Eddy\AppData\Local\MSfree Inc =>HackTool.WinActivator GEVONDEN map: C:\ProgramData\Application Data\IObit\ASCDownloader =>.SUP.AdvancedSystemCare GEVONDEN map: C:\ProgramData\IObit\ASCDownloader =>.SUP.AdvancedSystemCare GEVONDEN map: C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\File System\008 =>PUP.Optional.DomaIQ GEVONDEN map: C:\Users\Eddy\AppData\Local\Microsoft Toolkit =>HackTool.AutoKMS ---\\ Register ( Sleutel, Waarde, Data) (27) GEVONDEN waarde: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_69E7F8C71211886F1F608352B3438F2A ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window] =>PUP.Optional.MyBrowser GEVONDEN waarde: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface ["C:\Users\Eddy\AppData\Local\Akamai\netsession_win.exe"] =>.SUP.AkamaiHD GEVONDEN sleutel: HKEY_USERS\S-1-5-21-1943210992-1787449650-3504423798-1001\SOFTWARE\Akamai [] =>.SUP.AkamaiHD GEVONDEN sleutel: HKEY_USERS\S-1-5-21-1943210992-1787449650-3504423798-1001\SOFTWARE\Conduit [] =>.SUP.Conduit GEVONDEN sleutel: HKCU\Software\Akamai [] =>.SUP.AkamaiHD GEVONDEN sleutel: HKCU\Software\Conduit [] =>.SUP.Conduit GEVONDEN sleutel: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Akamai [Akamai Technologies, Inc] =>.SUP.AkamaiHD GEVONDEN sleutel: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\adblock-chrome.en.softonic.com [] =>.SUP.Softonic GEVONDEN sleutel: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\savefrom.net [] =>PUP.Optional.SaverOn GEVONDEN sleutel: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com [] =>.SUP.Softonic GEVONDEN sleutel: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\adblock-chrome.en.softonic.com [314] =>.SUP.Softonic GEVONDEN sleutel: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\savefrom.net [] =>PUP.Optional.SaverOn GEVONDEN sleutel: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com [] =>.SUP.Softonic GEVONDEN sleutel: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d16fk4ms6rqz1v.cloudfront.net [] =>.SUP.CloudfrontNet GEVONDEN sleutel: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.audienceinsights.net [43] =>.SUP.AudienceInsights GEVONDEN sleutel: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.olark.com [25021] =>PUP.Optional.Generic GEVONDEN sleutel: [X64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] =>Toolbar.Ask GEVONDEN sleutel: [X64] HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL [] =>.SUP.BearShare GEVONDEN sleutel: [X64] HKLM\Software\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E [globalupdate Helper] =>Adware.GlobalUpdate GEVONDEN sleutel: [X64] HKLM\SOFTWARE\Wow6432Node\Conduit [] =>.SUP.Conduit GEVONDEN sleutel: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\WMHelper.DLL [] =>.SUP.BearShare GEVONDEN waarde: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Akamai NetSession Interface [0x020000000000000000000000] =>.SUP.AkamaiHD GEVONDEN waarde: HKEY_USERS\S-1-5-21-1943210992-1787449650-3504423798-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Akamai NetSession Interface [0x020000000000000000000000] =>.SUP.AkamaiHD GEVONDEN waarde: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{34EAE684-A568-49D0-A51A-883881C71979}C:\users\eddy\appdata\local\akamai\netsession_win.exe [C:\users\eddy\appdata\local\akamai\netsession_win.exe] =>.SUP.AkamaiHD GEVONDEN waarde: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{05397367-24C5-4CBB-B748-1AF479D5FAD8}C:\users\eddy\appdata\local\akamai\netsession_win.exe [C:\users\eddy\appdata\local\akamai\netsession_win.exe] =>.SUP.AkamaiHD GEVONDEN waarde: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{0A436D49-B944-4164-A43D-90E743708662}C:\users\eddy\appdata\local\akamai\netsession_win.exe [C:\users\eddy\appdata\local\akamai\netsession_win.exe] =>.SUP.AkamaiHD GEVONDEN waarde: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{5853701C-F265-48F4-9531-4E39C561231B}C:\users\eddy\appdata\local\akamai\netsession_win.exe [C:\users\eddy\appdata\local\akamai\netsession_win.exe] =>.SUP.AkamaiHD ---\\ Samenvatting van elementen gevonden op uw werkstation (25) https://nicolascoolman.eu/2017/09/11/adware-isstart/ =>Adware.IsStart https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Hijacker.Hosts https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ =>HackTool.AutoKMS https://nicolascoolman.eu/2017/02/25/adware-pirrit/ =>Adware.Pirrit https://nicolascoolman.eu/2017/03/02/adware-suspect/ =>Adware.Suspect https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.AkamaiHD https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Adware.GenericTask https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Hacktool.Office https://www.nicolascoolman.com/fr/pup-funmoods/ =>PUP.Optional.Funmoods https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.Generic https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.GoodGameEmpire https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Empty https://www.nicolascoolman.com/fr/adware-downware/ =>PUP.Optional.Downware https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/ =>HackTool.WinActivator https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.AdvancedSystemCare https://nicolascoolman.eu/2017/10/04/adware-domaiq/ =>PUP.Optional.DomaIQ https://nicolascoolman.eu/2017/11/01/adware-mybrowser/ =>PUP.Optional.MyBrowser https://nicolascoolman.eu/2017/02/06/superfluous-conduit/ =>.SUP.Conduit https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Softonic https://www.nicolascoolman.com/fr/pup-saveron/ =>PUP.Optional.SaverOn https://nicolascoolman.eu/2017/02/02/superfluous-cloudfrontnet/ =>.SUP.CloudfrontNet https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.AudienceInsights https://nicolascoolman.eu/2017/02/28/toolbar-ask/ =>Toolbar.Ask https://nicolascoolman.eu/2017/09/15/sup-bearshare/ =>.SUP.BearShare https://nicolascoolman.eu/2017/09/20/adware-globalupdate/ =>Adware.GlobalUpdate ---\\Resultaat van reparaties ~ Gerepareerd ~ Browser niet gevonden (Mozilla Firefox) ~ Browser niet gevonden (Opera Software) ---\\Statistics ~ Items gescand : 108815 ~ Items gevonden : 105 ~ Items gecancelled : 0 ~ Items gerepareerd : 0 ~ End of search in 00h09mn32s ~==================== ZHPCleaner-[S]-08122017-10_15_54.txt