Sujet Précédent Sujet Suivant

Nettoyage nécessaire ?

Fermé
Pimz08 Messages postés 153 Date d'inscription jeudi 7 août 2008 Statut Membre Dernière intervention 16 mai 2015 - Modifié par Pimz08 le 31/01/2014 à 10:29
Pimz08 Messages postés 153 Date d'inscription jeudi 7 août 2008 Statut Membre Dernière intervention 16 mai 2015 - 1 févr. 2014 à 16:48
Bonjour,


Je voudrais savoir s'il y a des infections/adware sur mon PC
J'ai fait un scan avec ZHPDiag que voici. Merci d'avance

~ Bericht des ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Gestartet von Patrick (31/01/2014 10:26:15)
~ Die Website-Adresse : https://nicolascoolman.webs.com/
~ Kostenloses Support-Foren für die Desinfektion : https://nicolascoolman.webs.com/
~ Übersetzt von
~ Zustand der version :
~ Weiss : Durch das Programm aktiviert
~ Erhöhung von Berechtigungen : OK
~ Benutzerkontensteuerung : Deactivate by program


---\\ Internet-Browser
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
GCIE: Google Chrome v32.0.1700.102

---\\ Windows-Produkt-Informationen
~ Langage: Allemand
Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK

---\\ System-Datenschutz-software
Malwarebytes Anti-Malware versie 1.75.0.1300
Microsoft Security Client v4.4.0304.0

---\\ System-Optimierungs-software
CCleaner v4.04 =>Piriform Ltd

---\\ Sharing-Software PeerToPeer
µTorrent v3.2.0 =>P2P.µTorrent

---\\ Überwachungs-software
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 25

---\\ Informationen über das system
~ Processor: x86 Family 15 Model 107 Stepping 1, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 221 GB (72%) free of 305 GB

---\\ Verbindung zu den Systemmodus
~ Computer Name: PC_VAN_PATRICK
~ User Name: Patrick
~ All Users Names: UpdatusUser, Patrick, Gast, ASPNET, Administrator,
~ Unselected Option: O45,O61,O62,O65,OEA,O80,O82,O89
Logged in as Administrator

---\\ Umgebungsvariablen
~ System Unit : C:\
~ %AppZHP% : C:\Users\Patrick\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Patrick\AppData\Roaming\
~ %Desktop% : C:\Users\Patrick\Desktop\
~ %Favorites% : C:\Users\Patrick\Favorites\
~ %LocalAppData% : C:\Users\Patrick\AppData\Local\
~ %StartMenu% : C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Aufzählung von Disk-Einheiten
C: Hard drive, Flash drive, Thumb drive (Free 221 Go of 305 Go)
D: Hard drive, Flash drive, Thumb drive (Free 23 Go of 30 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Free 2 Go of 2 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)



---\\ Status der Windows-Sicherheitscenter
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Suche generische Systemdateien
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Windows Verkenner.) (.11/04/2009 - 7:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.19/01/2008 - 8:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.4CC9DF09C3D915BA0A101A11DB684F26] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.14/11/2013 - 23:42:41.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.11/04/2009 - 7:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 7:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 6:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 5:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 5:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.19/01/2008 - 6:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 6:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 5:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.3/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.8A79FDF04A73428597E2CAF9D0D67850] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.19/01/2008 - 6:49:33.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 6:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 5:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 5:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Versteckte Dateien angeben (Versteckte/Total)
~ Mes images (My Pictures) : 1/5413
~ Mes musiques (My Musics) : 183/437
~ Mes Videos (My Videos) : 1/271
~ Mes Favoris (My Favorites) : 1/2
~ Mes Documents (My Documents) : 1/106
~ Mon Bureau (My Desktop) : 1/33
~ Menu demarrer (Programs) : 0/85
~ Hidden Files: Scanned in 00mn 01s



---\\ Prozess läuft
[MD5.47C9EF1600EDD9EBD8155EB6B5206B6B] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.2188]
[MD5.A659F31AC25418738351E5BDF4C85780] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4669440] [PID.2200]
[MD5.0E7E8490BB5721E0FF51EA5684D5C072] - (.No owner - Order Software.) -- C:\Users\Patrick\ExtraFilm PhotoAssistant\Agent.exe [323584] [PID.2284]
[MD5.2F0F0E6AA6F5874E13E792996077138B] - (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.exe [1603152] [PID.2312]
[MD5.9C526EAF26ADF5346E607A7B82C76A3A] - (.Belgian Government - beidgui executable.) -- C:\Program Files\Belgium Identity Card\beid35gui.exe [2060288] [PID.2324]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.2344]
[MD5.6AFD3970A41F48306874DB23991A4955] - (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152] [PID.2352]
[MD5.AC59FCBBD9173BB84BC28CEA88645B0A] - (.D-Link - D-Link Wireless LAN Monitor.) -- C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe [1388544] [PID.2448]
[MD5.70A5FB08BBE2AE2B6A4D17F6F9F2E479] - (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1150976] [PID.2472]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.2480]
[MD5.BAF535F843A3E790E04A7613811B55BC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.2524]
[MD5.6407D56278190B304212464DFDCD0B8B] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152] [PID.2560]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.2588]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.2596] =>Toolbar.Google
[MD5.DF552350CDC2AA39C01CE40612DF82A8] - (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe [1564528] [PID.2632]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.2772]
[MD5.1F17D3F0A519844624BEEB8920B3DF2B] - (.Brother Industries, Ltd. - Brother Status Monitor (Local).) -- C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe [221184] [PID.3628]
[MD5.BE01E566D1F569AAB32D0335613E1EEA] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.4192]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.524]
[MD5.9B593137FBCC7C1E5D0E4A422749D9A5] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [866584] [PID.4264]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8339968] [PID.6088]
[MD5.E4284FCF99FEA13A7E1836F87AE356F6] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) -- C:\Windows\system32\nvvsvc.exe [639776] [PID.996]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.1012]
[MD5.B0F49DA36F30922F5DDC3B623B778FCE] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.1100]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Microsoft Software Licensing Service.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1468]
[MD5.8619BE54EC51A74A2C3F82B313AB445E] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [873248] [PID.1632]
[MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [63960] [PID.2820]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.2860]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.2880]
[MD5.BCEEF2999CB7DE5BEB17C17D73784058] - (.Textalk AB - ExtraFilm upload service.) -- C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe [1716224] [PID.2996]
[MD5.6E5DAC168D1FF9843E84A59D51D31107] - (.Hewlett-Packard Company - No Comment.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.3040]
[MD5.4D05898896EC49CF663DDA61041AB096] - (.No owner - RichVideo Module.) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024] [PID.3176]
[MD5.5A0C788C5BC5F2C993CB60940ADCF95E] - (.X10 - X10 Module.) -- C:\Program Files\Common Files\X10\Common\X10nets.exe [20480] [PID.3412]
[MD5.066F2BBE2EEC9A42B065B552BF356B4E] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.1212]
[MD5.42D33042371BFB1A7D40834590CAFD30] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Servi.) -- c:\Program Files\Microsoft Security Client\NisSrv.exe [280288] [PID.2660]
[MD5.626A24ED1228580B9518C01930936DF9] - (.Google Inc. - Google Installer.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [133104] [PID.4392]
[MD5.DB3D19F850C6EB32BDCB9BC0836ACDDB] - (.Microsoft Corporation - Microsoft® Volume Shadow Copy-service.) -- C:\Windows\system32\vssvc.exe [1055232] [PID.5328]
[MD5.C559672F31ABE6BA7277DD73C4502238] - (.Microsoft Corporation - Windows® Installer.) -- C:\Windows\system32\msiexec.exe [73216] [PID.1528]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Startseite,Seiten of search,Ausdehnung, (G0,G1,G2)
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Winkel v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [doeadmoehbcoljpcpmgpbdhfcbgjmodm] Media Player v.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Startseite,Seiten of search,Ausdehnung (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@google.com/npPicasa2,version=2.0.0] - (...) -- C:\Program Files\Picasa2\npPicasa2.dll (.not file.)
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (...) -- C:\Users\Patrick\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll (.not file.)
P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (.No owner - Flash.) -- C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Startseite,Seiten of search,Ausdehnung (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.No owner - Flash.) (No version) -- (.not file.)
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto Laden von Programmen
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts Datei-Umleitung (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Internet Explorer Symbolleisten (O3)
O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Verwaiste Schlüssel
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Verwaiste Schlüssel
~ Toolbar: Scanned in 00mn 00s



---\\ Andere Benutzer-Links (O4)
O4 - GS\Desktop [Public]: Adibou Joue avec les lettres et les chiffres 4-5 ans.lnk . (.Macromedia, Inc. - Macromedia Projector.) -- C:\Program Files\Mindscape\Adibou Joue avec les lettres et les chiffres 4-5 ans\ADBR_EX45.exe
O4 - GS\Desktop [Public]: Brother Creative Center.lnk . (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Program Files\Brother\CreativeCenter\Brother Creative Center.url
O4 - GS\Desktop [Public]: Call of Duty(R) 4 - Modern Warfare(TM) Demo.lnk . (...) -- C:\Program Files\Activision\Call of Duty 4 - Modern Warfare Demo\iw3sp.exe
O4 - GS\Desktop [Public]: Easy-PhotoPrint EX.lnk . (.CANON INC. - Easy-PhotoPrint EX.) -- C:\Program Files\Canon\Easy-PhotoPrint EX\CNEZMAIN.exe
O4 - GS\Desktop [Public]: eID-Viewer.lnk . (.Belgian Government - beidgui executable.) -- C:\Program Files\Belgium Identity Card\beid35gui.exe
O4 - GS\Desktop [Public]: Gebruikersregistratie voor Canon iP2600 series.LNK . (.CANON INC. - Canon User Registration.) -- C:\Program Files\Canon\IJEREG\iP2600 series\IJEREG.exe
O4 - GS\Desktop [Public]: GOM Player.lnk . (...) -- C:\Program Files\GRETECH\GomPlayer\GOM.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HenzoXL.lnk . (...) -- C:\Program Files\Henzo\HenzoXL\Loader.exe
O4 - GS\Desktop [Public]: iP2600 series On line handleiding.lnk . (...) -- C:\Program Files\Canon\IJ Manual\IP2600 SERIES\Dutch\Windows\Contents97.chm
O4 - GS\Desktop [Public]: My Printer.lnk . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.exe
O4 - GS\Desktop [Public]: PhotoImpact 12.lnk . (.Ulead Systems, Inc. - PhotoImpact Launcher.) -- C:\Program Files\Ulead Systems\Ulead PhotoImpact 12\Iedit.exe
O4 - GS\Desktop [Public]: Wireless Connection Manager.lnk . (.D-Link - D-Link Wireless LAN Monitor.) -- C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O4 - GS\QuickLaunch [UpdatusUser]: GOM Player.lnk . (...) -- C:\Program Files\GRETECH\GomPlayer\GOM.exe
O4 - GS\QuickLaunch [UpdatusUser]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [UpdatusUser]: AD-R.lnk . (...) -- C:\Program Files\Ad-Remover\main.exe (.not file.)
O4 - GS\QuickLaunch [Patrick]: DeepBurner.lnk . (.Astonsoft - CD/DVD recording software.) -- C:\Program Files\Astonsoft\DeepBurner\DeepBurner.exe
O4 - GS\QuickLaunch [Patrick]: GOM Player.lnk . (...) -- C:\Program Files\GRETECH\GomPlayer\GOM.exe
O4 - GS\QuickLaunch [Patrick]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Patrick]: iLivid.lnk . (...) -- C:\Users\Patrick\AppData\Local\iLivid\iLivid.exe (.not file.) =>Adware.Bandoo
O4 - GS\QuickLaunch [Patrick]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Patrick]: My Printer.lnk . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.exe
O4 - GS\QuickLaunch [Patrick]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Patrick]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Patrick]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Patrick]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\SystemTools [Patrick]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Patrick]: Albelli.be Fotoboeken.lnk . (...) -- C:\Users\Patrick\AppData\Local\Albelli.be Fotoboeken\apc.exe
O4 - GS\Desktop [Patrick]: Computer - Snelkoppeling.lnk - Verwaiste Schlüssel
O4 - GS\Desktop [Patrick]: DeepBurner.lnk . (.Astonsoft - CD/DVD recording software.) -- C:\Program Files\Astonsoft\DeepBurner\DeepBurner.exe
O4 - GS\Desktop [Patrick]: DVD Shrink 3.2.lnk . (.DVD Shrink - DVD Shrink 3.2.) -- C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe
O4 - GS\Desktop [Patrick]: Free Audio CD Burner.lnk . (.DVDVideoSoft Ltd. - FreeAudioCDBurner.) -- C:\Program Files\DVDVideoSoft\Free Audio CD Burner\FreeAudioCDBurner.exe
O4 - GS\Desktop [Patrick]: Free YouTube to MP3 Converter.lnk . (.DVDVideoSoft Ltd. - FreeYouTubeToMP3Converter.) -- C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
O4 - GS\Desktop [Patrick]: HDPlayer.lnk . (...) -- C:\Program Files\HDPlayer\HDPlayer.exe
O4 - GS\Desktop [Patrick]: PhotoFiltre.lnk . (.Antonio Da Cruz - PhotoFiltre.) -- C:\Program Files\PhotoFiltre\PhotoFiltre.exe
O4 - GS\Desktop [Patrick]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Patrick]: TOTALCMD.lnk . (.C. Ghisler & Co. - Total Commander 32 bit version internationa.) -- C:\totalcmd\TOTALCMD.exe
O4 - GS\Desktop [Patrick]: uTorrent - Snelkoppeling.lnk . (...) -- C:\Users\Patrick\AppData\Roaming\uTorrent =>P2P.µTorrent
~ Global Startup: 110 Legitimates Filtered in 00mn 00s



---\\ Auto Laden von Programmen vom Register und Ordner (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] . (.No owner - Order Software.) -- C:\Users\Patrick\ExtraFilm PhotoAssistant\Agent.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] . (.CANON INC. - CNSLMAIN.) -- C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKLM\..\Run: [beid] . (.Belgian Government - beidgui executable.) -- C:\Program Files\Belgium Identity Card\beid35gui.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] . (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] . (.D-Link - D-Link Wireless LAN Monitor.) -- C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [BrMfcWnd] . (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Windows\Skytel.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Toepassing voor configuratie van Windows Me.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe
O4 - HKUS\S-1-5-21-975538051-2259724829-1895452455-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-975538051-2259724829-1895452455-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-975538051-2259724829-1895452455-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-975538051-2259724829-1895452455-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Toepassing voor configuratie van Windows Me.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-975538051-2259724829-1895452455-1000\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe
~ Application: Scanned in 00mn 00s



---\\ Zusätzliche Tasten auf der Hauptsymbolleiste von IE-Schaltfläche oder zusätzliche Elemente im IE "Extras" Menü (O9)
O9 - Extra button: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ ActiveX-Objekte (heruntergeladene Programmdateien) (O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} ((no name)) - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270720495898
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} ((no name)) - http://www.extrafilm.be/ImageUploader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} ((no name)) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} ((no name)) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} ((no name)) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} ((no name)) - http://www.extrafilm.be/ExtraFilmUploader6.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Lop.com/Domain Entführer (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A99B5884-8303-4507-9A3B-0DDDC31D184F}: DhcpNameServer = 62.197.111.140 109.88.203.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB129844-8CA2-41E3-A850-21F52BF303DD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A99B5884-8303-4507-9A3B-0DDDC31D184F}: DhcpNameServer = 62.197.111.140 109.88.203.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{CB129844-8CA2-41E3-A850-21F52BF303DD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A99B5884-8303-4507-9A3B-0DDDC31D184F}: DhcpNameServer = 62.197.111.140 109.88.203.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{CB129844-8CA2-41E3-A850-21F52BF303DD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.197.111.140 109.88.203.3
~ Domain: Scanned in 00mn 00s



---\\ Zusätzliche Protokolle (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML-viewer.) -- C:\Windows\system32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browserbibliotheek met gebruikersinte.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Nicht von Microsoft nicht deaktiviert Windows XP/NT/2000-Dienste (O23)
O23 - Service: ExtraFilm upload service (EFUploadSrv) . (.Textalk AB - ExtraFilm upload service.) - C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe
O23 - Service: X10 Device Network Service (x10nets) . (.X10 - X10 Module.) - C:\Program Files\Common Files\X10\Common\X10nets.exe
~ Services: 12 Legitimates Filtered in 00mn 04s



---\\ Im Automatikbetrieb geplanten Tasks (O39)
[MD5.00000000000000000000000000000000] [APT] [{05C439CF-B04E-40EE-858C-DE6A54ED8E7A}] (...) -- E:\SETUP.exe (.not file.) [0]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 01s



---\\ Installierte Software (O42)
O42 - Logiciel: HenzoXL - (...) [HKLM] -- HenzoXL_is1
O42 - Logiciel: IncrediMail Xe - (.IncrediMail Ltd..) [HKLM] -- IncrediMail
O42 - Logiciel: Kruidvat Fotoservice - (...) [HKLM] -- Kruidvat Fotoservice
O42 - Logiciel: LimeWire 5.1.2 - (.Lime Wire, LLC.) [HKLM] -- LimeWire
~ Logic: 22 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Henzo]
[HKCU\Software\IncrediMail]
[HKLM\Software\Henzo]
[HKLM\Software\Kruidvat]
[HKLM\Software\MediaPlayerV1]
~ Key Software: 374 Legitimates Filtered in 00mn 00s



---\\ Inhalt der Ordner Programme, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 30/01/2014 - 14:42:58 - [0] ----D C:\Program Files\AmiExt =>Adware.FlashEnhancer
O43 - CFD: 18/09/2007 - 17:26:56 - [-1023,712] ----D C:\Program Files\Farcry
O43 - CFD: 18/08/2009 - 11:04:40 - [0,267] ---AD C:\Program Files\GoogleEULA
O43 - CFD: 2/08/2008 - 13:57:18 - [112,653] ----D C:\Program Files\Henzo
O43 - CFD: 11/01/2008 - 14:36:29 - [23,221] ----D C:\Program Files\IncrediMail
O43 - CFD: 21/03/2009 - 9:01:01 - [47,875] ----D C:\Program Files\LimeWire
O43 - CFD: 29/01/2014 - 18:48:33 - [0,514] ----D C:\Program Files\MediaPlayerV1
O43 - CFD: 26/04/2013 - 19:07:59 - [0] ----D C:\Program Files\Solibo Ltd
O43 - CFD: 11/01/2008 - 14:37:22 - [0] ----D C:\ProgramData\IM
O43 - CFD: 11/01/2008 - 14:36:28 - [5,281] ----D C:\ProgramData\IncrediMail
O43 - CFD: 5/01/2014 - 21:15:29 - [27,418] -SH-D C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
O43 - CFD: 2/06/2013 - 12:40:56 - [23,543] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 12/05/2008 - 12:05:25 - [27,044] ----D C:\Users\Patrick\AppData\Roaming\MCB
O43 - CFD: 30/06/2013 - 10:15:11 - [0] ----D C:\Users\Patrick\AppData\Roaming\Radiocom
O43 - CFD: 4/03/2009 - 11:56:38 - [0,001] ----D C:\Users\Patrick\AppData\Roaming\UNOUndercover
O43 - CFD: 2/08/2008 - 13:57:56 - [0] ----D C:\Users\Patrick\AppData\Local\HenzoXL
O43 - CFD: 17/10/2007 - 13:06:03 - [4,978] ----D C:\Users\Patrick\AppData\Local\IM
O43 - CFD: 30/06/2013 - 10:15:06 - [0,034] ----D C:\Users\Patrick\AppData\Local\Radiocom
O43 - CFD: 3/06/2008 - 13:30:59 - [0] ----D C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kruidvat Fotoservice
~ Program Folder: 261 Legitimates Filtered in 00mn 03s



---\\ Neueste Dateien geändert oder erstellt unter Windows und System32 (O44)
O44 - LFC:[MD5.D7A098A2C2883BE13458A5A8D099ADF5] - 29/01/2014 - 18:48:54 ---A- . (...) -- C:\extensions.ini [206]
O44 - LFC:[MD5.357BA71F3628BA7C25E799B44D7FE5ED] - 30/01/2014 - 16:08:03 ---A- . (...) -- C:\Windows\System32\.crusader [5042]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 30/01/2014 - 16:47:08 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.DF0ED784D8F5C963912A3D17EF77B5F5] - 31/01/2014 - 10:17:54 ---A- . (...) -- C:\DelFix.txt [4661]
~ Files: 13 Legitimates Filtered in 00mn 01s



---\\ Operationen und Funktionen beim Start des Windows-Explorers (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Kontrolle der sicheren Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s



---\\ Aufzählung von der Registrierung Schlüssel PoliciesSystem ((MWPS)) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Liste der Treiber des Systems (SDL) (O58)
O58 - SDL:[MD5.920298C7AEF97D8168D219D35975D295] - 11/12/2005 - 10:55:38 ---A- . (.Alpha Networks Inc. - ANIO (NT5) Driver.) -- C:\Windows\System32\ANIO.sys [28195]
O58 - SDL:[MD5.ACF780F3DCE634A0B8ECE6E3CD505C9C] - 14/10/2004 - 9:29:16 ---A- . (.ANI - ANIO (NDIS4) Driver.) -- C:\Windows\System32\anio4.sys [11904]
O58 - SDL:[MD5.5AE0176FCF1EDB5CEE28E4D542085107] - 13/12/2005 - 9:38:20 ---A- . (.Alpha Networks Inc. - ANIO (NT5) Driver.) -- C:\Windows\System32\ANIO64.sys [48128]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2/11/2006 - 8:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 2/11/2006 - 8:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 2/11/2006 - 8:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 2/11/2006 - 8:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 2/11/2006 - 8:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 2/11/2006 - 8:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 2/11/2006 - 8:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 2/11/2006 - 8:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 2/11/2006 - 8:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 2/11/2006 - 8:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 2/11/2006 - 8:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 2/11/2006 - 8:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 2/11/2006 - 8:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 2/11/2006 - 8:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 2/11/2006 - 8:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 18 Legitimates Filtered in 00mn 00s



---\\ Liste der Desinfektion Tools (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste Dienste registrieren Vermächtnis (LALS) (O64)
O64 - Services: CurCS - 11/12/2005 - C:\Windows\system32\ANIO.sys (ANIO) .(.Alpha Networks Inc. - ANIO (NT5) Driver.) - LEGACY_ANIO
~ Legacy: 78 Legitimates Filtered in 00mn 00s



---\\ Verbände Shell Laichen (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Startmenü Internet (SMI) (O68)
O68 - StartMenuInternet: <chrome.exe> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Suche "Ansteckung in Internet-Browsern (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {3BB21DC6-A0EF-463C-9C25-529CDF2FB0E3} [DefaultScope] - (Google) - https://www.google.be/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
~ Keys: Scanned in 00mn 00s



---\\ Suche an der Wurzel des Systems (SPRF) (O84)
[MD5.1FA2B490DF10D28F6D4810A64ED387EF] [SPRF][9/12/2011] (...) -- C:\ProgramData\nvModes.dat [89397]
[MD5.A4A2083FD21A3DA94A6688C37207C2D6] [SPRF][27/10/2013] (...) -- C:\Users\Patrick\AppData\Local\d3d9caps.dat [1356]
[MD5.532E9D42CD4C83369D70C144D3A16457] [SPRF][19/07/2008] (...) -- C:\Users\Patrick\AppData\Local\fusioncache.dat [95]
[MD5.4AD7F60E4A84833CB7D4DCB9E2448FEF] [SPRF][9/12/2008] (...) -- C:\Users\Patrick\AppData\Roaming\mdb.bin [9]
[MD5.C08E741A72296A3F9BA604CF91B7049A] [SPRF][10/04/2011] (...) -- C:\Users\Patrick\Desktop\BootVis-Tool.exe [336752]
[MD5.283CCAEB29C5B49D28EE3B0A2256223A] [SPRF][30/01/2014] (.SurfRight B.V. - HitmanPro 3.7.) -- C:\Users\Patrick\Desktop\HitmanPro.exe [9988304]
[MD5.788BD6FD00AB9634B83243C51D63AD9A] [SPRF][25/02/2010] (.No owner - Provides additional functionality on Facebook. See <a href="https://www.facebook.com/">our web site</a> for details..) -- C:\Windows\Downloaded Program Files\axfbootloader.dll [847040]
~ Files: 11 Legitimates Filtered in 00mn 00s



---\\ Liste der Ausnahmen in der Firewall (FirewallRules) (O87)
O87 - FAEL: "{B6563323-C15B-492A-9E6E-61B2C1907E7D}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
O87 - FAEL: "{E7EC8F18-B8B7-4695-A87B-6C7D9EF0D89D}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
O87 - FAEL: "{92036984-BFDF-4762-83C9-EC7E1BE95E8E}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O87 - FAEL: "{4944D0E6-24D0-47E7-A589-FA26F26A532C}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O87 - FAEL: "{880C7311-E130-4333-9E34-5509B6041472}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe
O87 - FAEL: "{7AE87FCD-D730-4B98-869D-630F6DC22545}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe
O87 - FAEL: "TCP Query User{0504EFE9-865C-4923-B270-793647D785EC}C:\program files\limewire\limewire.exe" | In - Private - P6 - TRUE | .(.Lime Wire, LLC - LimeWire.) -- C:\program files\limewire\limewire.exe
O87 - FAEL: "UDP Query User{F45A98B7-E32E-461E-A088-C0ADB0035D22}C:\program files\limewire\limewire.exe" | In - Private - P17 - TRUE | .(.Lime Wire, LLC - LimeWire.) -- C:\program files\limewire\limewire.exe
O87 - FAEL: "TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe" |In - Public - P6 - TRUE | .(...) -- E:\programmation\qtchat\release\qtchat.exe (.not file.)
O87 - FAEL: "UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe" |In - Public - P17 - TRUE | .(...) -- E:\programmation\qtchat\release\qtchat.exe (.not file.)
~ Firewall: 250 Legitimates Filtered in 00mn 01s



---\\ Allgemeinzustand der Dienste nicht Microsoft (GSR) (SR = Running, SS = Stopped)
SS - | Demand 12/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 27/06/2007 606208 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe
SS - | Auto 22/06/2009 133104 | (gupdate1c9f35e5f7ee078) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/06/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 13/04/2007 101528 | (IJPLMSVC) . (...) - C:\Program Files\Canon\IJPLM\IJPLMSVC.exe
SS - | Auto 25/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 27/07/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 7/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 9/07/2009 1716224 | (EFUploadSrv) . (.Textalk AB.) - C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe
SR - | Demand 2/11/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 19/10/2006 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 23/10/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 18/01/2013 639776 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 19/12/2006 272024 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/11/2001 20480 | (x10nets) . (.X10.) - C:\Program Files\Common Files\X10\Common\X10nets.exe

~ Services: Scanned in 00mn 06s



---\\ Zusätzliche Scan (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 1

[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Disk Cleaner Service] =>Rogue.DiskCleaner
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Program Files\AmiExt =>Adware.FlashEnhancer^
C:\ProgramData\Disk Cleaner =>Rogue.DiskCleaner
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin.com Games =>Adware.iWinArcade
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
~ Additionnel Scan: 352570 Items scanned in 00mn 25s



---\\ Zusammenfassung der Erkennungen gefunden auf Ihrer workstation
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/40653881-adware-flashenhancer =>Adware.FlashEnhancer
~ http://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade =>Adware.iWinArcade
~ MSI: 3 link(s) detected in 00mn 25s



~ 1255 Legitimates filtered by white list
End of the scan (563 lines in 01mn 00s)(0)
A voir également:

18 réponses

Réponse 1 / 18
kebicip Messages postés 27 Date d'inscription mardi 28 janvier 2014 Statut Membre Dernière intervention 31 janvier 2014 5
Modifié par kebicip le 31/01/2014 à 10:40
Absolument rien compris (remarque j'ai pas lu ^^)
Sinon tu télécharge Ccleaner, Avast (par exemple), malwarebyte et spybot
Tu les MAJ
Et tu fais un carnage par Malwarebyte et avast tu chasse se qui reste avec spybot et Ccleaner pour nettoyer les cadavres.... (car suite à cette bataille il y a des fichiers devenus solitaires, clés de registre foutu,...) Bref que du bonheur...
1
Réponse 2 / 18
Pimz08 Messages postés 153 Date d'inscription jeudi 7 août 2008 Statut Membre Dernière intervention 16 mai 2015
Modifié par Pimz08 le 31/01/2014 à 10:40
C'est gentil d'être passé, mais ça j'ai déjà fait... Il peut souvent (trop souvent) rester des infections même après tout ça, malheureusement :(
Merci quand même
0
Réponse 3 / 18
lilidurhone Messages postés 43343 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 18 septembre 2023 3 804
31 janv. 2014 à 10:43
Tu as dû installer des logiciels potentiellement indésirables


Pour éviter ce genre de problème :

- Ne télécharge aucun programme proposé dans des publicités ou sur des sites suspects. A noter que certains sites connus comme O1net, Softronic, Tuto4PC, etc modifient parfois les programmes proposés au téléchargement pour y ajouter des logiciels publicitaires ==> Préfère toujours le téléchargement directement sur le site de l'éditeur.


- Au cours de l'installation d'un programme gratuit, lis bien attentivement et décoche tous les programmes additionnels qui sont proposés, en particulier les barres d'outils.

Pour ton information lis ces dossier sur les Programmes Potentiellement Indésirables et Les Barres d'Outils ce n'est pas obligatoires

* Télécharge cet outil simple d'utilisation

http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner (de Xplode) sur ton bureau.


* Si problème avec le 1er lien prends le ici https://www.commentcamarche.net/telecharger/securite/2759-adwcleaner/

* Lance le (Sous vista/seven/8 clic droit dessus,et sur exécuter en tant qu'administrateur)si tu es sous xp double cliques dessus

* Cliques sur scanner
* Poste le rapport de recherche C:\Adwcleaner[R]

* Note le rapport de recherche est également sauvegardé sous C:\Adwcleaner[R1]
0
Réponse 4 / 18
Pimz08 Messages postés 153 Date d'inscription jeudi 7 août 2008 Statut Membre Dernière intervention 16 mai 2015
31 janv. 2014 à 11:07
Voila

# AdwCleaner v3.018 - Report created 31/01/2014 at 10:50:44
# Updated 28/01/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Patrick - PC_VAN_PATRICK
# Running from : C:\Users\Patrick\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7B0EE1CE-B2EF-49D6-AF4D-EBF8240EF2C2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [862 octets] - [31/01/2014 10:50:44]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [921 octets] ##########
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
lilidurhone Messages postés 43343 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 18 septembre 2023 3 804
31 janv. 2014 à 11:10
Fais nettoyer puis

* Télécharge Junkware Removal Tool à cette adresse (ne clique pas sur télécharger, le téléchargement va débuter automatiquement) : https://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/

* Enregistre-le sur ton bureau.

* Ferme toutes les applications en cours.

* Ouvre JRT.exe et appuie sur Entrée : si tu es sous Windows Vista, 7 ou 8, ouvre-le en faisant : clic droit => Exécuter en tant qu'administrateur.

* Patiente le temps que l'outil travaille : le bureau va disparaître quelques instants, c'est tout à fait normal.

* À la fin de l'analyse, un rapport nommé JRT.txt va s'ouvrir. Héberge-le comme ceci et poste le lien obtenu dans ta prochaine réponse.

Tutoriel : http://www.forum-entraide-informatique.com/support/junkware-removal-tool-tutoriel-t8260.html
0
Réponse 6 / 18
Pimz08 Messages postés 153 Date d'inscription jeudi 7 août 2008 Statut Membre Dernière intervention 16 mai 2015
31 janv. 2014 à 11:28
J'ai passé adwcleaner, les deux clés ont été effacées.
Pour JRT, il c'est lancé, m'a dit qu'il avait trouvé un "bad module" et m'a demandé si je voulais redémarré pour le supprimer. J'ai dit oui, mais j'ai pas eu de rapport
J'ai fais une recherche sur le disque dir via invite de commande mais pas de JRT.txt de trouvé. C'est normal ?
0
Réponse 7 / 18
lilidurhone Messages postés 43343 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 18 septembre 2023 3 804
31 janv. 2014 à 11:31
Sur ton bureau?

Dans C':\
0
Réponse 8 / 18
Pimz08 Messages postés 153 Date d'inscription jeudi 7 août 2008 Statut Membre Dernière intervention 16 mai 2015
31 janv. 2014 à 11:33
aucun des deux
J'ai fait un dir jrt.txt /s/ p avec l'invite de commande pour un scan complet de c: mais rien trouvé
0
Réponse 9 / 18
lilidurhone Messages postés 43343 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 18 septembre 2023 3 804
31 janv. 2014 à 11:35
Refais un zhpdiag
0
Réponse 10 / 18
Pimz08 Messages postés 153 Date d'inscription jeudi 7 août 2008 Statut Membre Dernière intervention 16 mai 2015
31 janv. 2014 à 11:37
~ Bericht des ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Gestartet von Patrick (31/01/2014 11:36:08)
~ Die Website-Adresse : https://nicolascoolman.webs.com/
~ Kostenloses Support-Foren für die Desinfektion : https://nicolascoolman.webs.com/
~ Übersetzt von
~ Zustand der version :
~ Weiss : Durch das Programm aktiviert
~ Erhöhung von Berechtigungen : OK
~ Benutzerkontensteuerung : Activate by user


---\\ Internet-Browser
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
GCIE: Google Chrome v32.0.1700.102

---\\ Windows-Produkt-Informationen
~ Langage: Allemand
Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK

---\\ System-Datenschutz-software
Malwarebytes Anti-Malware versie 1.75.0.1300
Microsoft Security Client v4.4.0304.0

---\\ System-Optimierungs-software
CCleaner v4.04 =>Piriform Ltd

---\\ Sharing-Software PeerToPeer
µTorrent v3.2.0 =>P2P.µTorrent

---\\ Überwachungs-software
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 25

---\\ Informationen über das system
~ Processor: x86 Family 15 Model 107 Stepping 1, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (61% free)
System Restore: Activé (Enable)
System drive C: has 221 GB (72%) free of 305 GB

---\\ Verbindung zu den Systemmodus
~ Computer Name: PC_VAN_PATRICK
~ User Name: Patrick
~ All Users Names: UpdatusUser, Patrick, Gast, ASPNET, Administrator,
~ Unselected Option: O45,O61,O62,O65,OEA,O80,O82,O89
Logged in as Administrator

---\\ Umgebungsvariablen
~ System Unit : C:\
~ %AppZHP% : C:\Users\Patrick\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Patrick\AppData\Roaming\
~ %Desktop% : C:\Users\Patrick\Desktop\
~ %Favorites% : C:\Users\Patrick\Favorites\
~ %LocalAppData% : C:\Users\Patrick\AppData\Local\
~ %StartMenu% : C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Aufzählung von Disk-Einheiten
C: Hard drive, Flash drive, Thumb drive (Free 221 Go of 305 Go)
D: Hard drive, Flash drive, Thumb drive (Free 23 Go of 30 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Free 2 Go of 2 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)



---\\ Status der Windows-Sicherheitscenter
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Suche generische Systemdateien
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Windows Verkenner.) (.11/04/2009 - 7:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.19/01/2008 - 8:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.4CC9DF09C3D915BA0A101A11DB684F26] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.14/11/2013 - 23:42:41.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.11/04/2009 - 7:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 7:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 6:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 5:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 5:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.19/01/2008 - 6:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 6:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 5:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.3/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.8A79FDF04A73428597E2CAF9D0D67850] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.19/01/2008 - 6:49:33.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 6:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 5:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 5:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Versteckte Dateien angeben (Versteckte/Total)
~ Mes images (My Pictures) : 1/5413
~ Mes musiques (My Musics) : 183/437
~ Mes Videos (My Videos) : 1/271
~ Mes Favoris (My Favorites) : 1/2
~ Mes Documents (My Documents) : 1/107
~ Mon Bureau (My Desktop) : 1/35
~ Menu demarrer (Programs) : 0/85
~ Hidden Files: Scanned in 00mn 01s



---\\ Prozess läuft
[MD5.47C9EF1600EDD9EBD8155EB6B5206B6B] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.2224]
[MD5.A659F31AC25418738351E5BDF4C85780] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4669440] [PID.2244]
[MD5.0E7E8490BB5721E0FF51EA5684D5C072] - (.No owner - Order Software.) -- C:\Users\Patrick\ExtraFilm PhotoAssistant\Agent.exe [323584] [PID.2332]
[MD5.2F0F0E6AA6F5874E13E792996077138B] - (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.exe [1603152] [PID.2360]
[MD5.9C526EAF26ADF5346E607A7B82C76A3A] - (.Belgian Government - beidgui executable.) -- C:\Program Files\Belgium Identity Card\beid35gui.exe [2060288] [PID.2376]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.2532]
[MD5.6AFD3970A41F48306874DB23991A4955] - (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152] [PID.2556]
[MD5.AC59FCBBD9173BB84BC28CEA88645B0A] - (.D-Link - D-Link Wireless LAN Monitor.) -- C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe [1388544] [PID.2932]
[MD5.70A5FB08BBE2AE2B6A4D17F6F9F2E479] - (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1150976] [PID.2964]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.2980]
[MD5.BAF535F843A3E790E04A7613811B55BC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.3500]
[MD5.6407D56278190B304212464DFDCD0B8B] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152] [PID.3520]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.3544]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.3552] =>Toolbar.Google
[MD5.DF552350CDC2AA39C01CE40612DF82A8] - (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe [1564528] [PID.3568]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3620]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.3848]
[MD5.1F17D3F0A519844624BEEB8920B3DF2B] - (.Brother Industries, Ltd. - Brother Status Monitor (Local).) -- C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe [221184] [PID.1168]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8339968] [PID.632]
[MD5.E4284FCF99FEA13A7E1836F87AE356F6] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) -- C:\Windows\system32\nvvsvc.exe [639776] [PID.1000]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.1016]
[MD5.B0F49DA36F30922F5DDC3B623B778FCE] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.1104]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Microsoft Software Licensing Service.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1452]
[MD5.8619BE54EC51A74A2C3F82B313AB445E] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [873248] [PID.1640]
[MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [63960] [PID.2588]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.2624]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.2644]
[MD5.BCEEF2999CB7DE5BEB17C17D73784058] - (.Textalk AB - ExtraFilm upload service.) -- C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe [1716224] [PID.2684]
[MD5.6E5DAC168D1FF9843E84A59D51D31107] - (.Hewlett-Packard Company - No Comment.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.2940]
[MD5.4D05898896EC49CF663DDA61041AB096] - (.No owner - RichVideo Module.) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024] [PID.3192]
[MD5.5A0C788C5BC5F2C993CB60940ADCF95E] - (.X10 - X10 Module.) -- C:\Program Files\Common Files\X10\Common\X10nets.exe [20480] [PID.3372]
[MD5.066F2BBE2EEC9A42B065B552BF356B4E] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.3420]
[MD5.626A24ED1228580B9518C01930936DF9] - (.Google Inc. - Google Installer.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [133104] [PID.3532]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Startseite,Seiten of search,Ausdehnung, (G0,G1,G2)
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Winkel v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [doeadmoehbcoljpcpmgpbdhfcbgjmodm] Media Player v.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Startseite,Seiten of search,Ausdehnung (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@google.com/npPicasa2,version=2.0.0] - (...) -- C:\Program Files\Picasa2\npPicasa2.dll (.not file.)
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (...) -- C:\Users\Patrick\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll (.not file.)
P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (.No owner - Flash.) -- C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Startseite,Seiten of search,Ausdehnung (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.No owner - Flash.) (No version) -- (.not file.)
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto Laden von Programmen
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts Datei-Umleitung (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Internet Explorer Symbolleisten (O3)
O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Verwaiste Schlüssel
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Verwaiste Schlüssel
~ Toolbar: Scanned in 00mn 00s



---\\ Andere Benutzer-Links (O4)
O4 - GS\Desktop [Public]: Adibou Joue avec les lettres et les chiffres 4-5 ans.lnk . (.Macromedia, Inc. - Macromedia Projector.) -- C:\Program Files\Mindscape\Adibou Joue avec les lettres et les chiffres 4-5 ans\ADBR_EX45.exe
O4 - GS\Desktop [Public]: Brother Creative Center.lnk . (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Program Files\Brother\CreativeCenter\Brother Creative Center.url
O4 - GS\Desktop [Public]: Call of Duty(R) 4 - Modern Warfare(TM) Demo.lnk . (...) -- C:\Program Files\Activision\Call of Duty 4 - Modern Warfare Demo\iw3sp.exe
O4 - GS\Desktop [Public]: Easy-PhotoPrint EX.lnk . (.CANON INC. - Easy-PhotoPrint EX.) -- C:\Program Files\Canon\Easy-PhotoPrint EX\CNEZMAIN.exe
O4 - GS\Desktop [Public]: eID-Viewer.lnk . (.Belgian Government - beidgui executable.) -- C:\Program Files\Belgium Identity Card\beid35gui.exe
O4 - GS\Desktop [Public]: Gebruikersregistratie voor Canon iP2600 series.LNK . (.CANON INC. - Canon User Registration.) -- C:\Program Files\Canon\IJEREG\iP2600 series\IJEREG.exe
O4 - GS\Desktop [Public]: GOM Player.lnk . (...) -- C:\Program Files\GRETECH\GomPlayer\GOM.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HenzoXL.lnk . (...) -- C:\Program Files\Henzo\HenzoXL\Loader.exe
O4 - GS\Desktop [Public]: iP2600 series On line handleiding.lnk . (...) -- C:\Program Files\Canon\IJ Manual\IP2600 SERIES\Dutch\Windows\Contents97.chm
O4 - GS\Desktop [Public]: My Printer.lnk . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.exe
O4 - GS\Desktop [Public]: PhotoImpact 12.lnk . (.Ulead Systems, Inc. - PhotoImpact Launcher.) -- C:\Program Files\Ulead Systems\Ulead PhotoImpact 12\Iedit.exe
O4 - GS\Desktop [Public]: Wireless Connection Manager.lnk . (.D-Link - D-Link Wireless LAN Monitor.) -- C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O4 - GS\QuickLaunch [UpdatusUser]: GOM Player.lnk . (...) -- C:\Program Files\GRETECH\GomPlayer\GOM.exe
O4 - GS\QuickLaunch [UpdatusUser]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [UpdatusUser]: AD-R.lnk . (...) -- C:\Program Files\Ad-Remover\main.exe (.not file.)
O4 - GS\QuickLaunch [Patrick]: DeepBurner.lnk . (.Astonsoft - CD/DVD recording software.) -- C:\Program Files\Astonsoft\DeepBurner\DeepBurner.exe
O4 - GS\QuickLaunch [Patrick]: GOM Player.lnk . (...) -- C:\Program Files\GRETECH\GomPlayer\GOM.exe
O4 - GS\QuickLaunch [Patrick]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Patrick]: iLivid.lnk . (...) -- C:\Users\Patrick\AppData\Local\iLivid\iLivid.exe (.not file.) =>Adware.Bandoo
O4 - GS\QuickLaunch [Patrick]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Patrick]: My Printer.lnk . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.exe
O4 - GS\QuickLaunch [Patrick]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Patrick]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Patrick]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Patrick]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\SystemTools [Patrick]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Patrick]: Albelli.be Fotoboeken.lnk . (...) -- C:\Users\Patrick\AppData\Local\Albelli.be Fotoboeken\apc.exe
O4 - GS\Desktop [Patrick]: Computer - Snelkoppeling.lnk - Verwaiste Schlüssel
O4 - GS\Desktop [Patrick]: DeepBurner.lnk . (.Astonsoft - CD/DVD recording software.) -- C:\Program Files\Astonsoft\DeepBurner\DeepBurner.exe
O4 - GS\Desktop [Patrick]: DVD Shrink 3.2.lnk . (.DVD Shrink - DVD Shrink 3.2.) -- C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe
O4 - GS\Desktop [Patrick]: Free Audio CD Burner.lnk . (.DVDVideoSoft Ltd. - FreeAudioCDBurner.) -- C:\Program Files\DVDVideoSoft\Free Audio CD Burner\FreeAudioCDBurner.exe
O4 - GS\Desktop [Patrick]: Free YouTube to MP3 Converter.lnk . (.DVDVideoSoft Ltd. - FreeYouTubeToMP3Converter.) -- C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
O4 - GS\Desktop [Patrick]: HDPlayer.lnk . (...) -- C:\Program Files\HDPlayer\HDPlayer.exe
O4 - GS\Desktop [Patrick]: PhotoFiltre.lnk . (.Antonio Da Cruz - PhotoFiltre.) -- C:\Program Files\PhotoFiltre\PhotoFiltre.exe
O4 - GS\Desktop [Patrick]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Patrick]: TOTALCMD.lnk . (.C. Ghisler & Co. - Total Commander 32 bit version internationa.) -- C:\totalcmd\TOTALCMD.exe
O4 - GS\Desktop [Patrick]: uTorrent - Snelkoppeling.lnk . (...) -- C:\Users\Patrick\AppData\Roaming\uTorrent =>P2P.µTorrent
~ Global Startup: 110 Legitimates Filtered in 00mn 08s



---\\ Auto Laden von Programmen vom Register und Ordner (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] . (.No owner - Order Software.) -- C:\Users\Patrick\ExtraFilm PhotoAssistant\Agent.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] . (.CANON INC. - CNSLMAIN.) -- C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKLM\..\Run: [beid] . (.Belgian Government - beidgui executable.) -- C:\Program Files\Belgium Identity Card\beid35gui.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] . (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] . (.D-Link - D-Link Wireless LAN Monitor.) -- C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [BrMfcWnd] . (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Windows\Skytel.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Toepassing voor configuratie van Windows Me.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe
O4 - HKUS\S-1-5-21-975538051-2259724829-1895452455-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-975538051-2259724829-1895452455-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-975538051-2259724829-1895452455-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-975538051-2259724829-1895452455-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Toepassing voor configuratie van Windows Me.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-975538051-2259724829-1895452455-1000\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe
~ Application: Scanned in 00mn 00s



---\\ Zusätzliche Tasten auf der Hauptsymbolleiste von IE-Schaltfläche oder zusätzliche Elemente im IE "Extras" Menü (O9)
O9 - Extra button: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ ActiveX-Objekte (heruntergeladene Programmdateien) (O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} ((no name)) - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270720495898
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} ((no name)) - http://www.extrafilm.be/ImageUploader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} ((no name)) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} ((no name)) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} ((no name)) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} ((no name)) - http://www.extrafilm.be/ExtraFilmUploader6.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Lop.com/Domain Entführer (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A99B5884-8303-4507-9A3B-0DDDC31D184F}: DhcpNameServer = 62.197.111.140 109.88.203.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB129844-8CA2-41E3-A850-21F52BF303DD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A99B5884-8303-4507-9A3B-0DDDC31D184F}: DhcpNameServer = 62.197.111.140 109.88.203.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{CB129844-8CA2-41E3-A850-21F52BF303DD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A99B5884-8303-4507-9A3B-0DDDC31D184F}: DhcpNameServer = 62.197.111.140 109.88.203.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{CB129844-8CA2-41E3-A850-21F52BF303DD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.197.111.140 109.88.203.3
~ Domain: Scanned in 00mn 00s



---\\ Zusätzliche Protokolle (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML-viewer.) -- C:\Windows\system32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browserbibliotheek met gebruikersinte.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Nicht von Microsoft nicht deaktiviert Windows XP/NT/2000-Dienste (O23)
O23 - Service: ExtraFilm upload service (EFUploadSrv) . (.Textalk AB - ExtraFilm upload service.) - C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe
O23 - Service: X10 Device Network Service (x10nets) . (.X10 - X10 Module.) - C:\Program Files\Common Files\X10\Common\X10nets.exe
~ Services: 12 Legitimates Filtered in 00mn 04s



---\\ Im Automatikbetrieb geplanten Tasks (O39)
[MD5.00000000000000000000000000000000] [APT] [{05C439CF-B04E-40EE-858C-DE6A54ED8E7A}] (...) -- E:\SETUP.exe (.not file.) [0]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 02s



---\\ Installierte Software (O42)
O42 - Logiciel: HenzoXL - (...) [HKLM] -- HenzoXL_is1
O42 - Logiciel: IncrediMail Xe - (.IncrediMail Ltd..) [HKLM] -- IncrediMail
O42 - Logiciel: Kruidvat Fotoservice - (...) [HKLM] -- Kruidvat Fotoservice
O42 - Logiciel: LimeWire 5.1.2 - (.Lime Wire, LLC.) [HKLM] -- LimeWire
~ Logic: 22 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Henzo]
[HKCU\Software\IncrediMail]
[HKLM\Software\Henzo]
[HKLM\Software\Kruidvat]
[HKLM\Software\MediaPlayerV1]
~ Key Software: 375 Legitimates Filtered in 00mn 00s



---\\ Inhalt der Ordner Programme, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 30/01/2014 - 14:42:58 - [0] ----D C:\Program Files\AmiExt =>Adware.FlashEnhancer
O43 - CFD: 18/09/2007 - 17:26:56 - [-1023,712] ----D C:\Program Files\Farcry
O43 - CFD: 18/08/2009 - 11:04:40 - [0,267] ---AD C:\Program Files\GoogleEULA
O43 - CFD: 2/08/2008 - 13:57:18 - [112,653] ----D C:\Program Files\Henzo
O43 - CFD: 11/01/2008 - 14:36:29 - [23,221] ----D C:\Program Files\IncrediMail
O43 - CFD: 21/03/2009 - 9:01:01 - [47,875] ----D C:\Program Files\LimeWire
O43 - CFD: 29/01/2014 - 18:48:33 - [0,514] ----D C:\Program Files\MediaPlayerV1
O43 - CFD: 26/04/2013 - 19:07:59 - [0] ----D C:\Program Files\Solibo Ltd
O43 - CFD: 11/01/2008 - 14:37:22 - [0] ----D C:\ProgramData\IM
O43 - CFD: 11/01/2008 - 14:36:28 - [5,281] ----D C:\ProgramData\IncrediMail
O43 - CFD: 5/01/2014 - 21:15:29 - [27,418] -SH-D C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
O43 - CFD: 2/06/2013 - 12:40:56 - [23,543] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 12/05/2008 - 12:05:25 - [27,044] ----D C:\Users\Patrick\AppData\Roaming\MCB
O43 - CFD: 30/06/2013 - 10:15:11 - [0] ----D C:\Users\Patrick\AppData\Roaming\Radiocom
O43 - CFD: 4/03/2009 - 11:56:38 - [0,001] ----D C:\Users\Patrick\AppData\Roaming\UNOUndercover
O43 - CFD: 2/08/2008 - 13:57:56 - [0] ----D C:\Users\Patrick\AppData\Local\HenzoXL
O43 - CFD: 17/10/2007 - 13:06:03 - [4,978] ----D C:\Users\Patrick\AppData\Local\IM
O43 - CFD: 30/06/2013 - 10:15:06 - [0,034] ----D C:\Users\Patrick\AppData\Local\Radiocom
O43 - CFD: 3/06/2008 - 13:30:59 - [0] ----D C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kruidvat Fotoservice
~ Program Folder: 261 Legitimates Filtered in 00mn 03s



---\\ Neueste Dateien geändert oder erstellt unter Windows und System32 (O44)
O44 - LFC:[MD5.D7A098A2C2883BE13458A5A8D099ADF5] - 29/01/2014 - 18:48:54 ---A- . (...) -- C:\extensions.ini [206]
O44 - LFC:[MD5.357BA71F3628BA7C25E799B44D7FE5ED] - 30/01/2014 - 16:08:03 ---A- . (...) -- C:\Windows\System32\.crusader [5042]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 30/01/2014 - 16:47:08 ---A- . (...) -- C:\Windows\system.ini [215]
~ Files: 12 Legitimates Filtered in 00mn 09s



---\\ Operationen und Funktionen beim Start des Windows-Explorers (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Kontrolle der sicheren Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s



---\\ Aufzählung von der Registrierung Schlüssel PoliciesSystem ((MWPS)) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Liste der Treiber des Systems (SDL) (O58)
O58 - SDL:[MD5.920298C7AEF97D8168D219D35975D295] - 11/12/2005 - 10:55:38 ---A- . (.Alpha Networks Inc. - ANIO (NT5) Driver.) -- C:\Windows\System32\ANIO.sys [28195]
O58 - SDL:[MD5.ACF780F3DCE634A0B8ECE6E3CD505C9C] - 14/10/2004 - 9:29:16 ---A- . (.ANI - ANIO (NDIS4) Driver.) -- C:\Windows\System32\anio4.sys [11904]
O58 - SDL:[MD5.5AE0176FCF1EDB5CEE28E4D542085107] - 13/12/2005 - 9:38:20 ---A- . (.Alpha Networks Inc. - ANIO (NT5) Driver.) -- C:\Windows\System32\ANIO64.sys [48128]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2/11/2006 - 8:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 2/11/2006 - 8:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 2/11/2006 - 8:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 2/11/2006 - 8:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 2/11/2006 - 8:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 2/11/2006 - 8:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 2/11/2006 - 8:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 2/11/2006 - 8:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 2/11/2006 - 8:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 2/11/2006 - 8:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 2/11/2006 - 8:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 2/11/2006 - 8:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 2/11/2006 - 8:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 2/11/2006 - 8:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 2/11/2006 - 8:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 20 Legitimates Filtered in 00mn 00s



---\\ Liste der Desinfektion Tools (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste Dienste registrieren Vermächtnis (LALS) (O64)
O64 - Services: CurCS - 11/12/2005 - C:\Windows\system32\ANIO.sys (ANIO) .(.Alpha Networks Inc. - ANIO (NT5) Driver.) - LEGACY_ANIO
~ Legacy: 78 Legitimates Filtered in 00mn 00s



---\\ Verbände Shell Laichen (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Startmenü Internet (SMI) (O68)
O68 - StartMenuInternet: <chrome.exe> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Suche "Ansteckung in Internet-Browsern (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {3BB21DC6-A0EF-463C-9C25-529CDF2FB0E3} [DefaultScope] - (Google) - https://www.google.be/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
~ Keys: Scanned in 00mn 00s



---\\ Suche an der Wurzel des Systems (SPRF) (O84)
[MD5.1FA2B490DF10D28F6D4810A64ED387EF] [SPRF][9/12/2011] (...) -- C:\ProgramData\nvModes.dat [89397]
[MD5.A4A2083FD21A3DA94A6688C37207C2D6] [SPRF][27/10/2013] (...) -- C:\Users\Patrick\AppData\Local\d3d9caps.dat [1356]
[MD5.532E9D42CD4C83369D70C144D3A16457] [SPRF][19/07/2008] (...) -- C:\Users\Patrick\AppData\Local\fusioncache.dat [95]
[MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][23/10/2013] (...) -- C:\Users\Patrick\AppData\Local\Temp\Quarantine.exe [344355]
[MD5.4AD7F60E4A84833CB7D4DCB9E2448FEF] [SPRF][9/12/2008] (...) -- C:\Users\Patrick\AppData\Roaming\mdb.bin [9]
[MD5.54DB2B8C60F04C5ADE6D711D47EABA75] [SPRF][31/01/2014] (...) -- C:\Users\Patrick\Desktop\adwcleaner.exe [1166132]
[MD5.C08E741A72296A3F9BA604CF91B7049A] [SPRF][10/04/2011] (...) -- C:\Users\Patrick\Desktop\BootVis-Tool.exe [336752]
[MD5.283CCAEB29C5B49D28EE3B0A2256223A] [SPRF][30/01/2014] (.SurfRight B.V. - HitmanPro 3.7.) -- C:\Users\Patrick\Desktop\HitmanPro.exe [9988304]
[MD5.788BD6FD00AB9634B83243C51D63AD9A] [SPRF][25/02/2010] (.No owner - Provides additional functionality on Facebook. See <a href="https://www.facebook.com/">our web site</a> for details..) -- C:\Windows\Downloaded Program Files\axfbootloader.dll [847040]
~ Files: 14 Legitimates Filtered in 00mn 02s



---\\ Liste der Ausnahmen in der Firewall (FirewallRules) (O87)
O87 - FAEL: "{B6563323-C15B-492A-9E6E-61B2C1907E7D}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
O87 - FAEL: "{E7EC8F18-B8B7-4695-A87B-6C7D9EF0D89D}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
O87 - FAEL: "{92036984-BFDF-4762-83C9-EC7E1BE95E8E}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O87 - FAEL: "{4944D0E6-24D0-47E7-A589-FA26F26A532C}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O87 - FAEL: "{880C7311-E130-4333-9E34-5509B6041472}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe
O87 - FAEL: "{7AE87FCD-D730-4B98-869D-630F6DC22545}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe
O87 - FAEL: "TCP Query User{0504EFE9-865C-4923-B270-793647D785EC}C:\program files\limewire\limewire.exe" | In - Private - P6 - TRUE | .(.Lime Wire, LLC - LimeWire.) -- C:\program files\limewire\limewire.exe
O87 - FAEL: "UDP Query User{F45A98B7-E32E-461E-A088-C0ADB0035D22}C:\program files\limewire\limewire.exe" | In - Private - P17 - TRUE | .(.Lime Wire, LLC - LimeWire.) -- C:\program files\limewire\limewire.exe
O87 - FAEL: "TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe" |In - Public - P6 - TRUE | .(...) -- E:\programmation\qtchat\release\qtchat.exe (.not file.)
O87 - FAEL: "UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe" |In - Public - P17 - TRUE | .(...) -- E:\programmation\qtchat\release\qtchat.exe (.not file.)
~ Firewall: 250 Legitimates Filtered in 00mn 01s



---\\ Allgemeinzustand der Dienste nicht Microsoft (GSR) (SR = Running, SS = Stopped)
SS - | Demand 12/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 27/06/2007 606208 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe
SS - | Auto 22/06/2009 133104 | (gupdate1c9f35e5f7ee078) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/06/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 13/04/2007 101528 | (IJPLMSVC) . (...) - C:\Program Files\Canon\IJPLM\IJPLMSVC.exe
SS - | Auto 25/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 27/07/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 7/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 9/07/2009 1716224 | (EFUploadSrv) . (.Textalk AB.) - C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe
SR - | Demand 2/11/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 19/10/2006 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 23/10/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 18/01/2013 639776 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 19/12/2006 272024 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/11/2001 20480 | (x10nets) . (.X10.) - C:\Program Files\Common Files\X10\Common\X10nets.exe

~ Services: Scanned in 00mn 09s



---\\ Zusätzliche Scan (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 1

[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Disk Cleaner Service] =>Rogue.DiskCleaner
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Program Files\AmiExt =>Adware.FlashEnhancer^
C:\ProgramData\Disk Cleaner =>Rogue.DiskCleaner
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin.com Games =>Adware.iWinArcade
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
~ Additionnel Scan: 353057 Items scanned in 00mn 25s



---\\ Zusammenfassung der Erkennungen gefunden auf Ihrer workstation
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/40653881-adware-flashenhancer =>Adware.FlashEnhancer
~ http://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade =>Adware.iWinArcade
~ MSI: 3 link(s) detected in 00mn 25s



~ 1257 Legitimates filtered by white list
End of the scan (559 lines in 01mn 21s)(0)
0
Réponse 11 / 18
Pimz08 Messages postés 153 Date d'inscription jeudi 7 août 2008 Statut Membre Dernière intervention 16 mai 2015
31 janv. 2014 à 18:11
Pas d'idée ?
0
Réponse 12 / 18
lilidurhone Messages postés 43343 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 18 septembre 2023 3 804
31 janv. 2014 à 18:18
Si si :)

Mets java à jour ainsi que flashplayer

Refais ensuite un zhpdiag en cliquant sur configurer puis loupe +
0
Réponse 13 / 18
Pimz08 Messages postés 153 Date d'inscription jeudi 7 août 2008 Statut Membre Dernière intervention 16 mai 2015
31 janv. 2014 à 19:06
Voila le rapport : https://www.cjoint.com/c/DAFtflNCkJw
0
Réponse 14 / 18
lilidurhone Messages postés 43343 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 18 septembre 2023 3 804
31 janv. 2014 à 20:54
* Télécharge http://www.archive-host.com SFTGC.exe
(de Pierre13) sur ton Bureau.

* Lance SFTGC, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista

* Clique sur GO
image http://img11.hostingpics.net/pics/122370401.png

* Note : A la fin un rapport va s'ouvrir

* Une fois le scan terminé rends toi sur le bureau, le fichier SFT.txt à été créé.

* Héberge le rapport sur https://www.cjoint.com/ ==> Copie/colle la totalité du rapport SFT.txt dans ta prochaine réponse.
0
Réponse 15 / 18
Pimz08 Messages postés 153 Date d'inscription jeudi 7 août 2008 Statut Membre Dernière intervention 16 mai 2015
31 janv. 2014 à 23:30
Voila le rapport

https://www.cjoint.com/c/DAFxDxYiU65
0
Réponse 16 / 18
Pimz08 Messages postés 153 Date d'inscription jeudi 7 août 2008 Statut Membre Dernière intervention 16 mai 2015
1 févr. 2014 à 10:22
Qu'est-ce que ça donne ?
0
Réponse 17 / 18
lilidurhone Messages postés 43343 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 18 septembre 2023 3 804
1 févr. 2014 à 15:35
Refais un zhpdiag
0
Réponse 18 / 18
Pimz08 Messages postés 153 Date d'inscription jeudi 7 août 2008 Statut Membre Dernière intervention 16 mai 2015
1 févr. 2014 à 16:48
Voila :)
https://www.cjoint.com/c/DBbqWmIsnyW
0

Discussions similaires

Erreur installation Valorant
Ximmortel -
Kylian -

4 réponses
Autorisation Insuffisante Télechargement.
neromy -
kjbzkjrvhuzq -

11 réponses