~ Bericht des ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Gestartet von Patrick (31/01/2014 18:57:07)
~ Die Website-Adresse : http://nicolascoolman.webs.com
~ Kostenloses Support-Foren für die Desinfektion : http://nicolascoolman.webs.com/apps/links/
~ Übersetzt von
~ Zustand der version :
~ Weiss : Durch das Programm aktiviert
~ Erhöhung von Berechtigungen : OK
~ Benutzerkontensteuerung : Deactivate by program
---\\ Internet-Browser
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
GCIE: Google Chrome v32.0.1700.102
---\\ Windows-Produkt-Informationen
~ Langage: Allemand
Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK
---\\ System-Datenschutz-software
Malwarebytes Anti-Malware versie 1.75.0.1300
Microsoft Security Client v4.4.0304.0
---\\ System-Optimierungs-software
CCleaner v4.04 =>Piriform Ltd
---\\ Sharing-Software PeerToPeer
µTorrent v3.2.0 =>P2P.µTorrent
---\\ Überwachungs-software
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 51
---\\ Informationen über das system
~ Processor: x86 Family 15 Model 107 Stepping 1, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 221 GB (72%) free of 305 GB
---\\ Verbindung zu den Systemmodus
~ Computer Name: PC_VAN_PATRICK
~ User Name: Patrick
~ All Users Names: UpdatusUser, Patrick, Gast, ASPNET, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ Umgebungsvariablen
~ System Unit : C:\
~ %AppZHP% : C:\Users\Patrick\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Patrick\AppData\Roaming\
~ %Desktop% : C:\Users\Patrick\Desktop\
~ %Favorites% : C:\Users\Patrick\Favorites\
~ %LocalAppData% : C:\Users\Patrick\AppData\Local\
~ %StartMenu% : C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Aufzählung von Disk-Einheiten
C: Hard drive, Flash drive, Thumb drive (Free 221 Go of 305 Go)
D: Hard drive, Flash drive, Thumb drive (Free 23 Go of 30 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)
---\\ Status der Windows-Sicherheitscenter
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Suche generische Systemdateien
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Windows Verkenner.) (.11/04/2009 - 7:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.19/01/2008 - 8:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.4CC9DF09C3D915BA0A101A11DB684F26] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.14/11/2013 - 23:42:41.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.11/04/2009 - 7:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 7:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 6:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 5:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 5:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.19/01/2008 - 6:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 6:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 5:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.3/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.8A79FDF04A73428597E2CAF9D0D67850] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.19/01/2008 - 6:49:33.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 6:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 5:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 5:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s
---\\ Versteckte Dateien angeben (Versteckte/Total)
~ Mes images (My Pictures) : 1/5413
~ Mes musiques (My Musics) : 183/437
~ Mes Videos (My Videos) : 1/271
~ Mes Favoris (My Favorites) : 1/2
~ Mes Documents (My Documents) : 1/108
~ Mon Bureau (My Desktop) : 1/35
~ Menu demarrer (Programs) : 0/85
~ Hidden Files: Scanned in 00mn 03s
---\\ Prozess läuft
[MD5.A659F31AC25418738351E5BDF4C85780] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4669440] [PID.2228]
[MD5.47C9EF1600EDD9EBD8155EB6B5206B6B] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.2272]
[MD5.0E7E8490BB5721E0FF51EA5684D5C072] - (.No owner - Order Software.) -- C:\Users\Patrick\ExtraFilm PhotoAssistant\Agent.exe [323584] [PID.2372]
[MD5.2F0F0E6AA6F5874E13E792996077138B] - (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.exe [1603152] [PID.2392]
[MD5.9C526EAF26ADF5346E607A7B82C76A3A] - (.Belgian Government - beidgui executable.) -- C:\Program Files\Belgium Identity Card\beid35gui.exe [2060288] [PID.2412]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.2420]
[MD5.6AFD3970A41F48306874DB23991A4955] - (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152] [PID.2428]
[MD5.AC59FCBBD9173BB84BC28CEA88645B0A] - (.D-Link - D-Link Wireless LAN Monitor.) -- C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe [1388544] [PID.2448]
[MD5.70A5FB08BBE2AE2B6A4D17F6F9F2E479] - (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1150976] [PID.2480]
[MD5.BAF535F843A3E790E04A7613811B55BC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.2512]
[MD5.6407D56278190B304212464DFDCD0B8B] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152] [PID.2528]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.2548]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.2564]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.2572] =>Toolbar.Google
[MD5.DF552350CDC2AA39C01CE40612DF82A8] - (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe [1564528] [PID.2588]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.2668]
[MD5.1F17D3F0A519844624BEEB8920B3DF2B] - (.Brother Industries, Ltd. - Brother Status Monitor (Local).) -- C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe [221184] [PID.3100]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8339968] [PID.5360]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5468]
[MD5.E4284FCF99FEA13A7E1836F87AE356F6] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) -- C:\Windows\system32\nvvsvc.exe [639776] [PID.992]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.1008]
[MD5.B0F49DA36F30922F5DDC3B623B778FCE] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.1084]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Microsoft Software Licensing Service.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1580]
[MD5.8619BE54EC51A74A2C3F82B313AB445E] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [873248] [PID.1688]
[MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [63960] [PID.3008]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.3048]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.3116]
[MD5.BCEEF2999CB7DE5BEB17C17D73784058] - (.Textalk AB - ExtraFilm upload service.) -- C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe [1716224] [PID.3228]
[MD5.6E5DAC168D1FF9843E84A59D51D31107] - (.Hewlett-Packard Company - No Comment.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.3272]
[MD5.4D05898896EC49CF663DDA61041AB096] - (.No owner - RichVideo Module.) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024] [PID.3364]
[MD5.5A0C788C5BC5F2C993CB60940ADCF95E] - (.X10 - X10 Module.) -- C:\Program Files\Common Files\X10\Common\X10nets.exe [20480] [PID.3608]
[MD5.42D33042371BFB1A7D40834590CAFD30] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Servi.) -- c:\Program Files\Microsoft Security Client\NisSrv.exe [280288] [PID.3864]
[MD5.066F2BBE2EEC9A42B065B552BF356B4E] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.2108]
[MD5.626A24ED1228580B9518C01930936DF9] - (.Google Inc. - Google Installer.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [133104] [PID.356]
[MD5.97D9D6A04E3AD9B6C626B9931DB78DBA] - (.Microsoft Corporation - Installatieprogramma voor Windows-modules.) -- C:\Windows\servicing\TrustedInstaller.exe [39424] [PID.1448]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Startseite,Seiten of search,Ausdehnung, (G0,G1,G2)
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Winkel v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [doeadmoehbcoljpcpmgpbdhfcbgjmodm] Media Player v.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Startseite,Seiten of search,Ausdehnung (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@google.com/npPicasa2,version=2.0.0] - (...) -- C:\Program Files\Picasa2\npPicasa2.dll (.not file.)
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (...) -- C:\Users\Patrick\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll (.not file.)
P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (.No owner - Flash.) -- C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Startseite,Seiten of search,Ausdehnung (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.No owner - Flash.) (No version) -- (.not file.)
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto Laden von Programmen
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts Datei-Umleitung (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1
---\\ Internet Explorer Symbolleisten (O3)
O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Verwaiste Schlüssel
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Verwaiste Schlüssel
~ Toolbar: Scanned in 00mn 00s
---\\ Andere Benutzer-Links (O4)
O4 - GS\Desktop [Public]: Adibou Joue avec les lettres et les chiffres 4-5 ans.lnk . (.Macromedia, Inc. - Macromedia Projector.) -- C:\Program Files\Mindscape\Adibou Joue avec les lettres et les chiffres 4-5 ans\ADBR_EX45.exe
O4 - GS\Desktop [Public]: Brother Creative Center.lnk . (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Program Files\Brother\CreativeCenter\Brother Creative Center.url
O4 - GS\Desktop [Public]: Call of Duty(R) 4 - Modern Warfare(TM) Demo.lnk . (...) -- C:\Program Files\Activision\Call of Duty 4 - Modern Warfare Demo\iw3sp.exe
O4 - GS\Desktop [Public]: Easy-PhotoPrint EX.lnk . (.CANON INC. - Easy-PhotoPrint EX.) -- C:\Program Files\Canon\Easy-PhotoPrint EX\CNEZMAIN.exe
O4 - GS\Desktop [Public]: eID-Viewer.lnk . (.Belgian Government - beidgui executable.) -- C:\Program Files\Belgium Identity Card\beid35gui.exe
O4 - GS\Desktop [Public]: Gebruikersregistratie voor Canon iP2600 series.LNK . (.CANON INC. - Canon User Registration.) -- C:\Program Files\Canon\IJEREG\iP2600 series\IJEREG.exe
O4 - GS\Desktop [Public]: GOM Player.lnk . (...) -- C:\Program Files\GRETECH\GomPlayer\GOM.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HenzoXL.lnk . (...) -- C:\Program Files\Henzo\HenzoXL\Loader.exe
O4 - GS\Desktop [Public]: iP2600 series On line handleiding.lnk . (...) -- C:\Program Files\Canon\IJ Manual\IP2600 SERIES\Dutch\Windows\Contents97.chm
O4 - GS\Desktop [Public]: My Printer.lnk . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.exe
O4 - GS\Desktop [Public]: PhotoImpact 12.lnk . (.Ulead Systems, Inc. - PhotoImpact Launcher.) -- C:\Program Files\Ulead Systems\Ulead PhotoImpact 12\Iedit.exe
O4 - GS\Desktop [Public]: Wireless Connection Manager.lnk . (.D-Link - D-Link Wireless LAN Monitor.) -- C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O4 - GS\QuickLaunch [UpdatusUser]: GOM Player.lnk . (...) -- C:\Program Files\GRETECH\GomPlayer\GOM.exe
O4 - GS\QuickLaunch [UpdatusUser]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [UpdatusUser]: AD-R.lnk . (...) -- C:\Program Files\Ad-Remover\main.exe (.not file.)
O4 - GS\QuickLaunch [Patrick]: DeepBurner.lnk . (.Astonsoft - CD/DVD recording software.) -- C:\Program Files\Astonsoft\DeepBurner\DeepBurner.exe
O4 - GS\QuickLaunch [Patrick]: GOM Player.lnk . (...) -- C:\Program Files\GRETECH\GomPlayer\GOM.exe
O4 - GS\QuickLaunch [Patrick]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Patrick]: iLivid.lnk . (...) -- C:\Users\Patrick\AppData\Local\iLivid\iLivid.exe (.not file.) =>Adware.Bandoo
O4 - GS\QuickLaunch [Patrick]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Patrick]: My Printer.lnk . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.exe
O4 - GS\QuickLaunch [Patrick]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Patrick]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Patrick]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Patrick]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\SystemTools [Patrick]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Patrick]: Albelli.be Fotoboeken.lnk . (...) -- C:\Users\Patrick\AppData\Local\Albelli.be Fotoboeken\apc.exe
O4 - GS\Desktop [Patrick]: Computer - Snelkoppeling.lnk - Verwaiste Schlüssel
O4 - GS\Desktop [Patrick]: DeepBurner.lnk . (.Astonsoft - CD/DVD recording software.) -- C:\Program Files\Astonsoft\DeepBurner\DeepBurner.exe
O4 - GS\Desktop [Patrick]: DVD Shrink 3.2.lnk . (.DVD Shrink - DVD Shrink 3.2.) -- C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe
O4 - GS\Desktop [Patrick]: Free Audio CD Burner.lnk . (.DVDVideoSoft Ltd. - FreeAudioCDBurner.) -- C:\Program Files\DVDVideoSoft\Free Audio CD Burner\FreeAudioCDBurner.exe
O4 - GS\Desktop [Patrick]: Free YouTube to MP3 Converter.lnk . (.DVDVideoSoft Ltd. - FreeYouTubeToMP3Converter.) -- C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
O4 - GS\Desktop [Patrick]: HDPlayer.lnk . (...) -- C:\Program Files\HDPlayer\HDPlayer.exe
O4 - GS\Desktop [Patrick]: PhotoFiltre.lnk . (.Antonio Da Cruz - PhotoFiltre.) -- C:\Program Files\PhotoFiltre\PhotoFiltre.exe
O4 - GS\Desktop [Patrick]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Patrick]: TOTALCMD.lnk . (.C. Ghisler & Co. - Total Commander 32 bit version internationa.) -- C:\totalcmd\TOTALCMD.exe
O4 - GS\Desktop [Patrick]: uTorrent - Snelkoppeling.lnk . (...) -- C:\Users\Patrick\AppData\Roaming\uTorrent =>P2P.µTorrent
~ Global Startup: 110 Legitimates Filtered in 00mn 16s
---\\ Auto Laden von Programmen vom Register und Ordner (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] . (.No owner - Order Software.) -- C:\Users\Patrick\ExtraFilm PhotoAssistant\Agent.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] . (.CANON INC. - CNSLMAIN.) -- C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKLM\..\Run: [beid] . (.Belgian Government - beidgui executable.) -- C:\Program Files\Belgium Identity Card\beid35gui.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] . (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] . (.D-Link - D-Link Wireless LAN Monitor.) -- C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [BrMfcWnd] . (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Windows\Skytel.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Toepassing voor configuratie van Windows Me.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe
O4 - HKUS\S-1-5-21-975538051-2259724829-1895452455-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-975538051-2259724829-1895452455-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-975538051-2259724829-1895452455-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-975538051-2259724829-1895452455-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Toepassing voor configuratie van Windows Me.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-975538051-2259724829-1895452455-1000\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe
~ Application: Scanned in 00mn 00s
---\\ Zusätzliche Tasten auf der Hauptsymbolleiste von IE-Schaltfläche oder zusätzliche Elemente im IE "Extras" Menü (O9)
O9 - Extra button: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ ActiveX-Objekte (heruntergeladene Programmdateien) (O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} ((no name)) - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270720495898
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} ((no name)) - http://www.extrafilm.be/ImageUploader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} ((no name)) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} ((no name)) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} ((no name)) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} ((no name)) - http://www.extrafilm.be/ExtraFilmUploader6.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Lop.com/Domain Entführer (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A99B5884-8303-4507-9A3B-0DDDC31D184F}: DhcpNameServer = 62.197.111.140 109.88.203.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB129844-8CA2-41E3-A850-21F52BF303DD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A99B5884-8303-4507-9A3B-0DDDC31D184F}: DhcpNameServer = 62.197.111.140 109.88.203.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{CB129844-8CA2-41E3-A850-21F52BF303DD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A99B5884-8303-4507-9A3B-0DDDC31D184F}: DhcpNameServer = 62.197.111.140 109.88.203.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{CB129844-8CA2-41E3-A850-21F52BF303DD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.197.111.140 109.88.203.3
~ Domain: Scanned in 00mn 00s
---\\ Zusätzliche Protokolle (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML-viewer.) -- C:\Windows\system32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browserbibliotheek met gebruikersinte.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Nicht von Microsoft nicht deaktiviert Windows XP/NT/2000-Dienste (O23)
O23 - Service: ExtraFilm upload service (EFUploadSrv) . (.Textalk AB - ExtraFilm upload service.) - C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe
O23 - Service: X10 Device Network Service (x10nets) . (.X10 - X10 Module.) - C:\Program Files\Common Files\X10\Common\X10nets.exe
~ Services: 12 Legitimates Filtered in 00mn 04s
---\\ Im Automatikbetrieb geplanten Tasks (O39)
[MD5.00000000000000000000000000000000] [APT] [{05C439CF-B04E-40EE-858C-DE6A54ED8E7A}] (...) -- E:\SETUP.exe (.not file.) [0]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 02s
---\\ Installierte Software (O42)
O42 - Logiciel: HenzoXL - (...) [HKLM] -- HenzoXL_is1
O42 - Logiciel: IncrediMail Xe - (.IncrediMail Ltd..) [HKLM] -- IncrediMail
O42 - Logiciel: Kruidvat Fotoservice - (...) [HKLM] -- Kruidvat Fotoservice
O42 - Logiciel: LimeWire 5.1.2 - (.Lime Wire, LLC.) [HKLM] -- LimeWire
~ Logic: 22 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Henzo]
[HKCU\Software\IncrediMail]
[HKLM\Software\Henzo]
[HKLM\Software\Kruidvat]
[HKLM\Software\MediaPlayerV1]
~ Key Software: 375 Legitimates Filtered in 00mn 00s
---\\ Inhalt der Ordner Programme, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 30/01/2014 - 14:42:58 - [0] ----D C:\Program Files\AmiExt =>Adware.FlashEnhancer
O43 - CFD: 18/09/2007 - 17:26:56 - [-1023,712] ----D C:\Program Files\Farcry
O43 - CFD: 18/08/2009 - 11:04:40 - [0,267] ---AD C:\Program Files\GoogleEULA
O43 - CFD: 2/08/2008 - 13:57:18 - [112,653] ----D C:\Program Files\Henzo
O43 - CFD: 11/01/2008 - 14:36:29 - [23,221] ----D C:\Program Files\IncrediMail
O43 - CFD: 21/03/2009 - 9:01:01 - [47,875] ----D C:\Program Files\LimeWire
O43 - CFD: 29/01/2014 - 18:48:33 - [0,514] ----D C:\Program Files\MediaPlayerV1
O43 - CFD: 26/04/2013 - 19:07:59 - [0] ----D C:\Program Files\Solibo Ltd
O43 - CFD: 11/01/2008 - 14:37:22 - [0] ----D C:\ProgramData\IM
O43 - CFD: 11/01/2008 - 14:36:28 - [5,281] ----D C:\ProgramData\IncrediMail
O43 - CFD: 5/01/2014 - 21:15:29 - [27,418] -SH-D C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
O43 - CFD: 2/06/2013 - 12:40:56 - [23,543] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 12/05/2008 - 12:05:25 - [27,044] ----D C:\Users\Patrick\AppData\Roaming\MCB
O43 - CFD: 30/06/2013 - 10:15:11 - [0] ----D C:\Users\Patrick\AppData\Roaming\Radiocom
O43 - CFD: 4/03/2009 - 11:56:38 - [0,001] ----D C:\Users\Patrick\AppData\Roaming\UNOUndercover
O43 - CFD: 2/08/2008 - 13:57:56 - [0] ----D C:\Users\Patrick\AppData\Local\HenzoXL
O43 - CFD: 17/10/2007 - 13:06:03 - [4,978] ----D C:\Users\Patrick\AppData\Local\IM
O43 - CFD: 30/06/2013 - 10:15:06 - [0,034] ----D C:\Users\Patrick\AppData\Local\Radiocom
O43 - CFD: 3/06/2008 - 13:30:59 - [0] ----D C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kruidvat Fotoservice
~ Program Folder: 262 Legitimates Filtered in 00mn 17s
---\\ Neueste Dateien geändert oder erstellt unter Windows und System32 (O44)
O44 - LFC:[MD5.D7A098A2C2883BE13458A5A8D099ADF5] - 29/01/2014 - 18:48:54 ---A- . (...) -- C:\extensions.ini [206]
O44 - LFC:[MD5.357BA71F3628BA7C25E799B44D7FE5ED] - 30/01/2014 - 16:08:03 ---A- . (...) -- C:\Windows\System32\.crusader [5042]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 30/01/2014 - 16:47:08 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.99CF890E8D928FB4BF6D798A17F752E0] - 31/01/2014 - 18:44:28 ---A- . (...) -- C:\Windows\System32\jupdate-1.7.0_51-b13.log [5753]
~ Files: 19 Legitimates Filtered in 00mn 10s
---\\ Letzte Dateien erstellt in Windows Prefetcher (O45)
O45 - LFCP:[MD5.8DF7A5D81CACD837983C522205D7BEE2] - 21/01/2014 - 17:41:20 ---A- - C:\Windows\Prefetch\SETUP1.EXE-CFD8E5FC.pf
O45 - LFCP:[MD5.29DB1BA587190F2EDD6583F7DBEA05FA] - 22/01/2014 - 17:36:56 ---A- - C:\Windows\Prefetch\POWERMODEMANAGER.EXE-7D27F23F.pf
O45 - LFCP:[MD5.058B02E79DB4DE0B0CC6A73CF0D354CB] - 22/01/2014 - 20:59:00 ---A- - C:\Windows\Prefetch\CRASHREPORT.EXE-99C8E803.pf
O45 - LFCP:[MD5.A1FDFC305C4DA6AC9BA5646965304DA2] - 25/01/2014 - 19:32:12 ---A- - C:\Windows\Prefetch\MOBOGENIE.EXE-3CA0DA23.pf =>PUP.Mobogenie
O45 - LFCP:[MD5.CE4E0CA770037085CB8719A015ECAB9B] - 25/01/2014 - 19:32:22 ---A- - C:\Windows\Prefetch\UPDATEMOBOGENIE.EXE-307E8962.pf =>PUP.Mobogenie
O45 - LFCP:[MD5.CFB08B912BC7FA001B6A7FD3544A7CA6] - 25/01/2014 - 21:10:38 ---A- - C:\Windows\Prefetch\MGADB.EXE-FE056F49.pf
O45 - LFCP:[MD5.1D55E0A3CB1C211906970462F65D3A68] - 26/01/2014 - 17:37:47 ---A- - C:\Windows\Prefetch\WINDOWSPHOTOGALLERY.EXE-11A60553.pf
O45 - LFCP:[MD5.B9B2C9AFC95100FFD3B20CAFB7DA74D8] - 27/01/2014 - 19:36:36 ---A- - C:\Windows\Prefetch\XPSVIEWER.EXE-220389F9.pf
O45 - LFCP:[MD5.FC0B6158DFD8C372177D188A936C21FF] - 29/01/2014 - 18:48:42 ---A- - C:\Windows\Prefetch\SETUP2.EXE-E32EA081.pf
O45 - LFCP:[MD5.0BCCC9E55BB609C391258B4939D9AEC8] - 29/01/2014 - 18:51:00 ---A- - C:\Windows\Prefetch\32.0.1700.102_32.0.1700.76_CH-F1A8097F.pf
O45 - LFCP:[MD5.E7F50CDC72C90F03EFA97C550B37EEBA] - 29/01/2014 - 23:18:00 ---A- - C:\Windows\Prefetch\UPDATE~1.EXE-37D9656C.pf
O45 - LFCP:[MD5.E6D6202AF6647E4C3A5E75C86C41EF15] - 29/01/2014 - 23:22:33 ---A- - C:\Windows\Prefetch\AMISTORAGE.EXE-6EADBBAD.pf
O45 - LFCP:[MD5.2156CA2739151F87996484EA911F4B0B] - 30/01/2014 - 14:31:24 ---A- - C:\Windows\Prefetch\ADVISORLETTERS.EXE-F20A562D.pf
O45 - LFCP:[MD5.042D7C4A7644621BC1AB002FE5464EC7] - 30/01/2014 - 14:55:14 ---A- - C:\Windows\Prefetch\SAVESENSELIVE.EXE-8CF64CD6.pf =>PUP.SaveSense
O45 - LFCP:[MD5.CD26DBEA6FE3542D28F59A07ED2C18A9] - 30/01/2014 - 14:55:14 ---A- - C:\Windows\Prefetch\SAVESENSELIVEHANDLER.EXE-C1847C87.pf =>PUP.SaveSense
O45 - LFCP:[MD5.CCA9DE4AA72127F01E78F2BF06A23223] - 30/01/2014 - 15:04:07 ---A- - C:\Windows\Prefetch\MGASSIST.EXE-0AE8EE01.pf
O45 - LFCP:[MD5.8F989D45B3FFB5DD8CE3279076A78124] - 31/01/2014 - 11:15:56 ---A- - C:\Windows\Prefetch\BRMFCMON.EXE-AABE8E4B.pf
~ Prefetcher: 140 Legitimates Filtered in 00mn 01s
---\\ Operationen und Funktionen beim Start des Windows-Explorers (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Kontrolle der sicheren Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s
---\\ Aufzählung von der Registrierung Schlüssel PoliciesSystem ((MWPS)) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s
---\\ Liste der Treiber des Systems (SDL) (O58)
O58 - SDL:[MD5.920298C7AEF97D8168D219D35975D295] - 11/12/2005 - 10:55:38 ---A- . (.Alpha Networks Inc. - ANIO (NT5) Driver.) -- C:\Windows\System32\ANIO.sys [28195]
O58 - SDL:[MD5.ACF780F3DCE634A0B8ECE6E3CD505C9C] - 14/10/2004 - 9:29:16 ---A- . (.ANI - ANIO (NDIS4) Driver.) -- C:\Windows\System32\anio4.sys [11904]
O58 - SDL:[MD5.5AE0176FCF1EDB5CEE28E4D542085107] - 13/12/2005 - 9:38:20 ---A- . (.Alpha Networks Inc. - ANIO (NT5) Driver.) -- C:\Windows\System32\ANIO64.sys [48128]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2/11/2006 - 8:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 2/11/2006 - 8:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 2/11/2006 - 8:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 2/11/2006 - 8:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 2/11/2006 - 8:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 2/11/2006 - 8:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 2/11/2006 - 8:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 2/11/2006 - 8:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 2/11/2006 - 8:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 2/11/2006 - 8:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 2/11/2006 - 8:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 2/11/2006 - 8:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 2/11/2006 - 8:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 2/11/2006 - 8:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 2/11/2006 - 8:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 20 Legitimates Filtered in 00mn 00s
---\\ Neueste Dateien geändert oder erstellt (Benutzer) (O61)
O61 - LFC: 28/01/2014 - 19:00:44 ---A- . (...) -- C:\Users\Patrick\Documents\Downloads\Bevestiging Adres Press & Plat Reunie. (1).xlsx [26632]
O61 - LFC: 28/01/2014 - 19:00:44 ---A- . (...) -- C:\Users\Patrick\Documents\Downloads\Bevestiging adres Press & Plat Reunie..xlsx [26555]
O61 - LFC: 29/01/2014 - 19:00:44 ---A- . (...) -- C:\Users\Patrick\Documents\Downloads\Bevestiging adres Press & Plat..xlsx [11990]
O61 - LFC: 30/01/2014 - 19:00:43 ---A- . (...) -- C:\Users\Patrick\AppData\Roaming\ZHP\HOSTS.txt [27] =>.Nicolas Coolman
O61 - LFC: 30/01/2014 - 19:00:44 ---A- . (...) -- C:\Users\Patrick\Documents\cc_20140130_144004.reg [31792]
O61 - LFC: 30/01/2014 - 19:00:44 ---A- . (...) -- C:\Users\Patrick\Documents\cc_20140130_151807.reg [54166]
O61 - LFC: 30/01/2014 - 19:00:44 ---A- . (...) -- C:\Users\Patrick\Documents\cc_20140130_165138.reg [4412]
O61 - LFC: 30/01/2014 - 19:00:47 ---A- . (.SurfRight B.V..) -- C:\Users\Patrick\Documents\Downloads\HitmanPro.exe [9096848]
O61 - LFC: 31/01/2014 - 18:58:29 ---A- . (...) -- C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [5]
O61 - LFC: 31/01/2014 - 18:58:55 ---A- . (...) -- C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Local State [57827]
O61 - LFC: 31/01/2014 - 18:59:00 ---A- . (...) -- C:\Users\Patrick\AppData\Local\Google\Toolbar Cache\7.5.4805.320\nl\translate_languages.json.content [2033]
O61 - LFC: 31/01/2014 - 18:59:00 ---A- . (...) -- C:\Users\Patrick\AppData\Local\Google\Toolbar\broker_metrics.xml [16213]
O61 - LFC: 31/01/2014 - 19:00:39 ---A- . (...) -- C:\Users\Patrick\AppData\Roaming\Google\Local Search History\google%2Eweb.w [12]
O61 - LFC: 31/01/2014 - 19:00:43 ---A- . (...) -- C:\Users\Patrick\AppData\Roaming\ZHP\Log.txt [65365] =>.Nicolas Coolman
O61 - LFC: 31/01/2014 - 19:00:43 ---A- . (...) -- C:\Users\Patrick\AppData\Roaming\ZHP\TestsZHPDiag.txt [2827] =>.Nicolas Coolman
O61 - LFC: 31/01/2014 - 19:00:43 ---A- . (...) -- C:\Users\Patrick\AppData\Roaming\ZHP\ZHPDiag.txt [44596] =>.Nicolas Coolman
O61 - LFC: 31/01/2014 - 19:00:44 ---A- . (...) -- C:\Users\Patrick\Documents\cc_20140131_101916.reg [4808]
O61 - LFC: 31/01/2014 - 19:00:54 ---A- . (.Tigzy.) -- C:\Users\Patrick\Documents\Downloads\loganalyseur.exe [105472]
O61 - LFC: 31/01/2014 - 19:00:58 ---A- . (...) -- C:\Users\Patrick\Documents\Downloads\setup_mybox.exe [8389702]
~ 13 Fichiers temporaires (Temporary files)
~ Files: 260 Legitimates Filtered in 03mn 08s
---\\ Liste der Desinfektion Tools (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste Dienste registrieren Vermächtnis (LALS) (O64)
O64 - Services: CurCS - 11/12/2005 - C:\Windows\system32\ANIO.sys (ANIO) .(.Alpha Networks Inc. - ANIO (NT5) Driver.) - LEGACY_ANIO
~ Legacy: 78 Legitimates Filtered in 00mn 00s
---\\ Verbände Shell Laichen (O67)
O67 - Shell Spawning: <.html>
[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Startmenü Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Suche "Ansteckung in Internet-Browsern (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {3BB21DC6-A0EF-463C-9C25-529CDF2FB0E3} [DefaultScope] - (Google) - http://www.google.be
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Suche an der Wurzel des Systems (SPRF) (O84)
[MD5.1FA2B490DF10D28F6D4810A64ED387EF] [SPRF][9/12/2011] (...) -- C:\ProgramData\nvModes.dat [89397]
[MD5.A4A2083FD21A3DA94A6688C37207C2D6] [SPRF][27/10/2013] (...) -- C:\Users\Patrick\AppData\Local\d3d9caps.dat [1356]
[MD5.532E9D42CD4C83369D70C144D3A16457] [SPRF][19/07/2008] (...) -- C:\Users\Patrick\AppData\Local\fusioncache.dat [95]
[MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][23/10/2013] (...) -- C:\Users\Patrick\AppData\Local\Temp\Quarantine.exe [344355]
[MD5.4AD7F60E4A84833CB7D4DCB9E2448FEF] [SPRF][9/12/2008] (...) -- C:\Users\Patrick\AppData\Roaming\mdb.bin [9]
[MD5.54DB2B8C60F04C5ADE6D711D47EABA75] [SPRF][31/01/2014] (...) -- C:\Users\Patrick\Desktop\adwcleaner.exe [1166132]
[MD5.C08E741A72296A3F9BA604CF91B7049A] [SPRF][10/04/2011] (...) -- C:\Users\Patrick\Desktop\BootVis-Tool.exe [336752]
[MD5.283CCAEB29C5B49D28EE3B0A2256223A] [SPRF][30/01/2014] (.SurfRight B.V. - HitmanPro 3.7.) -- C:\Users\Patrick\Desktop\HitmanPro.exe [9988304]
[MD5.788BD6FD00AB9634B83243C51D63AD9A] [SPRF][25/02/2010] (.No owner - Provides additional functionality on Facebook. See our web site for details..) -- C:\Windows\Downloaded Program Files\axfbootloader.dll [847040]
~ Files: 14 Legitimates Filtered in 00mn 00s
---\\ Liste der Ausnahmen in der Firewall (FirewallRules) (O87)
O87 - FAEL: "{B6563323-C15B-492A-9E6E-61B2C1907E7D}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
O87 - FAEL: "{E7EC8F18-B8B7-4695-A87B-6C7D9EF0D89D}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
O87 - FAEL: "{92036984-BFDF-4762-83C9-EC7E1BE95E8E}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O87 - FAEL: "{4944D0E6-24D0-47E7-A589-FA26F26A532C}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O87 - FAEL: "{880C7311-E130-4333-9E34-5509B6041472}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe
O87 - FAEL: "{7AE87FCD-D730-4B98-869D-630F6DC22545}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe
O87 - FAEL: "TCP Query User{0504EFE9-865C-4923-B270-793647D785EC}C:\program files\limewire\limewire.exe" | In - Private - P6 - TRUE | .(.Lime Wire, LLC - LimeWire.) -- C:\program files\limewire\limewire.exe
O87 - FAEL: "UDP Query User{F45A98B7-E32E-461E-A088-C0ADB0035D22}C:\program files\limewire\limewire.exe" | In - Private - P17 - TRUE | .(.Lime Wire, LLC - LimeWire.) -- C:\program files\limewire\limewire.exe
O87 - FAEL: "TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe" |In - Public - P6 - TRUE | .(...) -- E:\programmation\qtchat\release\qtchat.exe (.not file.)
O87 - FAEL: "UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe" |In - Public - P17 - TRUE | .(...) -- E:\programmation\qtchat\release\qtchat.exe (.not file.)
~ Firewall: 250 Legitimates Filtered in 00mn 01s
---\\ Allgemeinzustand der Dienste nicht Microsoft (GSR) (SR = Running, SS = Stopped)
SS - | Demand 31/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 27/06/2007 606208 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe
SS - | Auto 22/06/2009 133104 | (gupdate1c9f35e5f7ee078) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/06/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 13/04/2007 101528 | (IJPLMSVC) . (...) - C:\Program Files\Canon\IJPLM\IJPLMSVC.exe
SS - | Auto 25/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 27/07/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 7/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 9/07/2009 1716224 | (EFUploadSrv) . (.Textalk AB.) - C:\Program Files\ExtraFilm Designer BE NL\EFUploadSrv.exe
SR - | Demand 2/11/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 19/10/2006 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 23/10/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 18/01/2013 639776 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 19/12/2006 272024 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/11/2001 20480 | (x10nets) . (.X10.) - C:\Program Files\Common Files\X10\Common\X10nets.exe
~ Services: Scanned in 00mn 10s
---\\ Forschung auf den Master Boot Record gleichzeitige (MBR) (O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Patrick at 31/01/2014 19:02:18
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys tcpip.sys NETIO.SYS
1 ntkrnlpa!IofCallDriver[0x82C95916] >> \Device\Harddisk0\DR0[0x85FFD7D0]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s
---\\ Forschung auf den Master Boot Record gleichzeitige (MBRCheck) (O80)
Written by ad13, http://ad13.geekstog
Run by Patrick at 31/01/2014 19:02:20
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Zusätzliche Scan (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 1
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Disk Cleaner Service] =>Rogue.DiskCleaner
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Program Files\AmiExt =>Adware.FlashEnhancer^
C:\ProgramData\Disk Cleaner =>Rogue.DiskCleaner
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin.com Games =>Adware.iWinArcade
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
~ Additionnel Scan: 355046 Items scanned in 00mn 27s
---\\ Zusammenfassung der Erkennungen gefunden auf Ihrer workstation
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/40653881-adware-flashenhancer =>Adware.FlashEnhancer
~ http://nicolascoolman.webs.com/apps/blog/show/41034005-pup-mobogenie =>PUP.Mobogenie
~ http://nicolascoolman.webs.com/apps/blog/show/36853930-pup-savesense =>PUP.SaveSense
~ http://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade =>Adware.iWinArcade
~ MSI: 5 link(s) detected in 00mn 27s
~ 1678 Legitimates filtered by white list
End of the scan (638 lines in 05mn 43s)(0)